Fruit metabolite networks in engineered and non-engineered tomato genotypes reveal fluidity in a hormone and agroecosystem specific manner

USDA-ARS?s Scientific Manuscript database

Multiple strategies have been explored throughout the world to meet food security. These include molecular breeding, transgenic genotype development, reduced-tillage crop production, modification of the soil environment with cover crops or polyethylene mulches and tunnels, and organic farming. Unde...

Distributed Computer Networks in Support of Complex Group Practices

PubMed Central

Wess, Bernard P.

1978-01-01

The economics of medical computer networks are presented in context with the patient care and administrative goals of medical networks. Design alternatives and network topologies are discussed with an emphasis on medical network design requirements in distributed data base design, telecommunications, satellite systems, and software engineering. The success of the medical computer networking technology is predicated on the ability of medical and data processing professionals to design comprehensive, efficient, and virtually impenetrable security systems to protect data bases, network access and services, and patient confidentiality.

Hierarchical and Multifunctional Three-dimensional Network of Carbon Nanotubes for Supercapacitor and Strain Sensor Applications

DTIC Science & Technology

2016-05-19

cycles at 100 mV/s scan rate. 15. SUBJECT TERMS Carbon nano tubes, Nanotechnology , supercapacitor 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF...5. Lee, H., Hierarchical and Multifunctional Three-dimensional Network of Carbon Nanotubes of Sensor Applications, College of Engineering Forum on

Integrating Emerging Topics through Online Team Design in a Hybrid Communication Networks Course: Interaction Patterns and Impact of Prior Knowledge

ERIC Educational Resources Information Center

Reisslein, Jana; Seeling, Patrick; Reisslein, Martin

2005-01-01

An important challenge in the introductory communication networks course in electrical and computer engineering curricula is to integrate emerging topics, such as wireless Internet access and network security, into the already content-intensive course. At the same time it is essential to provide students with experiences in online collaboration,…

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

DTIC Science & Technology

2014-09-18

radios in a cognitive radio network using a radio frequency fingerprinting based method. In IEEE International Conference on Communications (ICC...IMPROVEDWIRELESS SECURITY THROUGH PHYSICAL LAYER PROTOCOL MANIPULATION AND RADIO FREQUENCY FINGERPRINTING DISSERTATION Benjamin W. Ramsey, Captain...PHYSICAL LAYER PROTOCOL MANIPULATION AND RADIO FREQUENCY FINGERPRINTING DISSERTATION Presented to the Faculty Graduate School of Engineering and

Wireless Communications in Reverberant Environments

DTIC Science & Technology

2015-01-01

Secure Wireless Agent Testbed (SWAT), the Protocol Engineering Advanced Networking (PROTEAN) Research Group, the Data Fusion Laboratory (DFL), and the...constraints of their application. 81 Bibliography [1] V. Gungor and G. Hancke, “Industrial wireless sensor networks : Challenges, design principles, and...Bhattacharya, “Path loss estimation for a wireless sensor network for application in ship,” Int. J. of Comput. Sci. and Mobile Computing, vol. 2, no. 6, pp

A Network Steganography Lab on Detecting TCP/IP Covert Channels

ERIC Educational Resources Information Center

Zseby, Tanja; Vázquez, Félix Iglesias; Bernhardt, Valentin; Frkat, Davor; Annessi, Robert

2016-01-01

This paper presents a network security laboratory to teach data analysis for detecting TCP/IP covert channels. The laboratory is mainly designed for students of electrical engineering, but is open to students of other technical disciplines with similar background. Covert channels provide a method for leaking data from protected systems, which is a…

The Design and Realization of Net Testing System on Campus Network

ERIC Educational Resources Information Center

Ren, Zhanying; Liu, Shijie

2005-01-01

According to the requirement of modern teaching theory and technology, based on software engineering, database theory, the technique of net information security and system integration, a net testing system on local network was designed and realized. The system benefits for dividing of testing & teaching and settles the problems of random…

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Security Engineering and Educational Initiatives for Critical Information Infrastructures

DTIC Science & Technology

2013-06-01

standard for cryptographic protection of SCADA communications. The United Kingdom’s National Infrastructure Security Co-ordination Centre (NISCC...has released a good practice guide on firewall deployment for SCADA systems and process control networks [17]. Meanwhile, National Institute for ...report. APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED 18 The SCADA gateway collects the data gathered by sensors, translates them from

Analysis and Design of Complex Network Environments

DTIC Science & Technology

2012-03-01

and J. Lowe, “The myths and facts behind cyber security risks for industrial control systems ,” in the Proceedings of the VDE Kongress, VDE Congress...questions about 1) how to model them, 2) the design of experiments necessary to discover their structure (and thus adapt system inputs to optimize the...theoretical work that clarifies fundamental limitations of complex networks with network engineering and systems biology to implement specific designs and

Routing UAVs to Co-Optimize Mission Effectiveness and Network Performance with Dynamic Programming

DTIC Science & Technology

2011-03-01

Heuristics on Hexagonal Connected Dominating Sets to Model Routing Dissemination," in Communication Theory, Reliability, and Quality of Service (CTRQ...24] Matthew Capt. USAF Compton, Improving the Quality of Service and Security of Military Networks with a Network Tasking Order Process, 2010. [25...Wesley, 2006. [32] James Haught, "Adaptive Quality of Service Engine with Dynamic Queue Control," Air Force Institute of Technology, Wright

Cyber Exercise Playbook

DTIC Science & Technology

2014-11-01

unclassified tools and techniques that can be shared with PNs, to include social engineering, spear phishing , fake web sites, physical access attempts, and...and instead rely on commercial services such as Yahoo or Google . Some nations have quite advanced cyber security practices, but may take vastly...unauthorized access to data/systems Inject external network scanning, email phishing , malicious website access, social engineering Sample

Achieving Consistent Near-Optimal Pattern Recognition Accuracy Using Particle Swarm Optimization to Pre-Train Artificial Neural Networks

ERIC Educational Resources Information Center

Nikelshpur, Dmitry O.

2014-01-01

Similar to mammalian brains, Artificial Neural Networks (ANN) are universal approximators, capable of yielding near-optimal solutions to a wide assortment of problems. ANNs are used in many fields including medicine, internet security, engineering, retail, robotics, warfare, intelligence control, and finance. "ANNs have a tendency to get…

Processing multilevel secure test and evaluation information

NASA Astrophysics Data System (ADS)

Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

1994-07-01

The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

VoIP attacks detection engine based on neural network

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Slachta, Jiri

2015-05-01

The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

Using an Instructional LAN to Teach a Statistics Course.

ERIC Educational Resources Information Center

Barnes, J. Wesley; And Others

1988-01-01

Discusses a computer assisted learning system for engineering statistics based on personalized system of instruction methods. Describes the system's network, development, course structure, programing, and security. Lists the benefits of the system. (MVL)

A Fresh Look at Internet Protocol Version 6 (IPv6) for Department of Defense (DoD) Networks

DTIC Science & Technology

2010-08-01

since system administration practices (such as the use of security appliances) depend heavily on tools for network management, diagnosis and protection...are mobile ad hoc networks (MANETs) and yet there is limited practical experience with MANETs and their performance. Further, the interaction between...Systems FCS Future Combat System IETF Internet Engineering Task Force ISAT Information Science and Technology BAST Board on Army Science and

Experience of wireless local area network in a radiation oncology department.

PubMed

Mandal, Abhijit; Asthana, Anupam Kumar; Aggarwal, Lalit Mohan

2010-01-01

The aim of this work is to develop a wireless local area network (LAN) between different types of users (Radiation Oncologists, Radiological Physicists, Radiation Technologists, etc) for efficient patient data management and to made easy the availability of information (chair side) to improve the quality of patient care in Radiation Oncology department. We have used mobile workstations (Laptops) and stationary workstations, all equipped with wireless-fidelity (Wi-Fi) access. Wireless standard 802.11g (as recommended by Institute of Electrical and Electronic Engineers (IEEE, Piscataway, NJ) has been used. The wireless networking was configured with the Service Set Identifier (SSID), Media Access Control (MAC) address filtering, and Wired Equivalent Privacy (WEP) network securities. We are successfully using this wireless network in sharing the indigenously developed patient information management software. The proper selection of the hardware and the software combined with a secure wireless LAN setup will lead to a more efficient and productive radiation oncology department.

Software To Secure Distributed Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

Dataset for Testing Contamination Source Identification Methods for Water Distribution Networks

EPA Pesticide Factsheets

This dataset includes the results of a simulation study using the source inversion techniques available in the Water Security Toolkit. The data was created to test the different techniques for accuracy, specificity, false positive rate, and false negative rate. The tests examined different parameters including measurement error, modeling error, injection characteristics, time horizon, network size, and sensor placement. The water distribution system network models that were used in the study are also included in the dataset. This dataset is associated with the following publication:Seth, A., K. Klise, J. Siirola, T. Haxton , and C. Laird. Testing Contamination Source Identification Methods for Water Distribution Networks. Journal of Environmental Division, Proceedings of American Society of Civil Engineers. American Society of Civil Engineers (ASCE), Reston, VA, USA, ., (2016).

Cryptography and the Internet: lessons and challenges

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCurley, K.S.

1996-12-31

The popularization of the Internet has brought fundamental changes to the world, because it allows a universal method of communication between computers. This carries enormous benefits with it, but also raises many security considerations. Cryptography is a fundamental technology used to provide security of computer networks, and there is currently a widespread engineering effort to incorporate cryptography into various aspects of the Internet. The system-level engineering required to provide security services for the Internet carries some important lessons for researchers whose study is focused on narrowly defined problems. It also offers challenges to the cryptographic research community by raising newmore » questions not adequately addressed by the existing body of knowledge. This paper attempts to summarize some of these lessons and challenges for the cryptographic research community.« less

Remote secure observing for the Faulkes Telescopes

NASA Astrophysics Data System (ADS)

Smith, Robert J.; Steele, Iain A.; Marchant, Jonathan M.; Fraser, Stephen N.; Mucke-Herzberg, Dorothea

2004-09-01

Since the Faulkes Telescopes are to be used by a wide variety of audiences, both powerful engineering level and simple graphical interfaces exist giving complete remote and robotic control of the telescope over the internet. Security is extremely important to protect the health of both humans and equipment. Data integrity must also be carefully guarded for images being delivered directly into the classroom. The adopted network architecture is described along with the variety of security and intrusion detection software. We use a combination of SSL, proxies, IPSec, and both Linux iptables and Cisco IOS firewalls to ensure only authenticated and safe commands are sent to the telescopes. With an eye to a possible future global network of robotic telescopes, the system implemented is capable of scaling linearly to any moderate (of order ten) number of telescopes.

Bioinspired principles for large-scale networked sensor systems: an overview.

PubMed

Jacobsen, Rune Hylsberg; Zhang, Qi; Toftegaard, Thomas Skjødeberg

2011-01-01

Biology has often been used as a source of inspiration in computer science and engineering. Bioinspired principles have found their way into network node design and research due to the appealing analogies between biological systems and large networks of small sensors. This paper provides an overview of bioinspired principles and methods such as swarm intelligence, natural time synchronization, artificial immune system and intercellular information exchange applicable for sensor network design. Bioinspired principles and methods are discussed in the context of routing, clustering, time synchronization, optimal node deployment, localization and security and privacy.

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

Navy Irregular Warfare and Counterterrorism Operations: Background and Issues for Congress

DTIC Science & Technology

2016-05-27

ordnance disposal (counter- IED), combat construction engineering , cargo handling, combat logistics, maritime security, detainee operations, customs...Rutherford, “Navy’s Maritime Domain Awareness System ‘Up And Running’,” Defense Daily, September 4, 2008; and Dan Taylor , “New Network Allows Navy To...with twin diesel engines and water jets. It has a range of 600 nautical miles. 34 Other Organizational Initiatives Other Navy initiatives in recent

Simplified Daylight Spectrum Approximation by Blending Two Light Emitting Diode Sources

DTIC Science & Technology

2012-03-01

Iota Epsilon (SIE). Michael E. Miller, PhD is an Assistant Professor of Human Systems Integration at the Air Force Institute of Technology. His...USA. Dr Grimaila’s research interests include mission assurance, network management 49 and security , quantum information warfare, and systems...Engineers (SAME) and Sigma Iota Epsilon (SIE). John Colombi, Ph.D. is an Assistant Professor of Systems Engineering at the Air Force Institute of

The engineering of a scalable multi-site communications system utilizing quantum key distribution (QKD)

NASA Astrophysics Data System (ADS)

Tysowski, Piotr K.; Ling, Xinhua; Lütkenhaus, Norbert; Mosca, Michele

2018-04-01

Quantum key distribution (QKD) is a means of generating keys between a pair of computing hosts that is theoretically secure against cryptanalysis, even by a quantum computer. Although there is much active research into improving the QKD technology itself, there is still significant work to be done to apply engineering methodology and determine how it can be practically built to scale within an enterprise IT environment. Significant challenges exist in building a practical key management service (KMS) for use in a metropolitan network. QKD is generally a point-to-point technique only and is subject to steep performance constraints. The integration of QKD into enterprise-level computing has been researched, to enable quantum-safe communication. A novel method for constructing a KMS is presented that allows arbitrary computing hosts on one site to establish multiple secure communication sessions with the hosts of another site. A key exchange protocol is proposed where symmetric private keys are granted to hosts while satisfying the scalability needs of an enterprise population of users. The KMS operates within a layered architectural style that is able to interoperate with various underlying QKD implementations. Variable levels of security for the host population are enforced through a policy engine. A network layer provides key generation across a network of nodes connected by quantum links. Scheduling and routing functionality allows quantum key material to be relayed across trusted nodes. Optimizations are performed to match the real-time host demand for key material with the capacity afforded by the infrastructure. The result is a flexible and scalable architecture that is suitable for enterprise use and independent of any specific QKD technology.

Comparisons of Attacks on Honeypots With Those on Real Networks

DTIC Science & Technology

2006-03-01

Oracle , MySQL , or PostgreSQL. Figure 2 shows an incoming packet and the process involved before and after the Snort engine detects the suspicious...stored on a separate, secured system.”[2]. Honeypots have several other uses besides monitoring attackers. They serve to protect real networks and...interaction vs . high-interaction. Although, both low-interaction and high-interaction honeypots are effective in soliciting attacks, high-interaction

Problems With Deployment of Multi-Domained, Multi-Homed Mobile Networks

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2008-01-01

This document describes numerous problems associated with deployment of multi-homed mobile platforms consisting of multiple networks and traversing large geographical areas. The purpose of this document is to provide insight to real-world deployment issues and provide information to groups that are addressing many issues related to multi-homing, policy-base routing, route optimization and mobile security - particularly those groups within the Internet Engineering Task Force.

Bioinspired Principles for Large-Scale Networked Sensor Systems: An Overview

PubMed Central

Jacobsen, Rune Hylsberg; Zhang, Qi; Toftegaard, Thomas Skjødeberg

2011-01-01

Biology has often been used as a source of inspiration in computer science and engineering. Bioinspired principles have found their way into network node design and research due to the appealing analogies between biological systems and large networks of small sensors. This paper provides an overview of bioinspired principles and methods such as swarm intelligence, natural time synchronization, artificial immune system and intercellular information exchange applicable for sensor network design. Bioinspired principles and methods are discussed in the context of routing, clustering, time synchronization, optimal node deployment, localization and security and privacy. PMID:22163841

Cloud Computing for Pharmacometrics: Using AWS, NONMEM, PsN, Grid Engine, and Sonic

PubMed Central

Sanduja, S; Jewell, P; Aron, E; Pharai, N

2015-01-01

Cloud computing allows pharmacometricians to access advanced hardware, network, and security resources available to expedite analysis and reporting. Cloud-based computing environments are available at a fraction of the time and effort when compared to traditional local datacenter-based solutions. This tutorial explains how to get started with building your own personal cloud computer cluster using Amazon Web Services (AWS), NONMEM, PsN, Grid Engine, and Sonic. PMID:26451333

Cloud Computing for Pharmacometrics: Using AWS, NONMEM, PsN, Grid Engine, and Sonic.

PubMed

Sanduja, S; Jewell, P; Aron, E; Pharai, N

2015-09-01

Cloud computing allows pharmacometricians to access advanced hardware, network, and security resources available to expedite analysis and reporting. Cloud-based computing environments are available at a fraction of the time and effort when compared to traditional local datacenter-based solutions. This tutorial explains how to get started with building your own personal cloud computer cluster using Amazon Web Services (AWS), NONMEM, PsN, Grid Engine, and Sonic.

The Road to Covergence

ERIC Educational Resources Information Center

Villano, Matt

2008-01-01

In this article, the author offers six best practices for physical and data security convergence. These are: (1) assess the cable plant; (2) choose wisely; (3) be patient; (4) engineer for high availability; (5) test the converged network to make sure it works; and (6) don't forget the humans.

An Offload NIC for NASA, NLR, and Grid Computing

NASA Technical Reports Server (NTRS)

Awrach, James

2013-01-01

This work addresses distributed data management and access dynamically configurable high-speed access to data distributed and shared over wide-area high-speed network environments. An offload engine NIC (network interface card) is proposed that scales at nX10-Gbps increments through 100-Gbps full duplex. The Globus de facto standard was used in projects requiring secure, robust, high-speed bulk data transport. Novel extension mechanisms were derived that will combine these technologies for use by GridFTP, bandwidth management resources, and host CPU (central processing unit) acceleration. The result will be wire-rate encrypted Globus grid data transactions through offload for splintering, encryption, and compression. As the need for greater network bandwidth increases, there is an inherent need for faster CPUs. The best way to accelerate CPUs is through a network acceleration engine. Grid computing data transfers for the Globus tool set did not have wire-rate encryption or compression. Existing technology cannot keep pace with the greater bandwidths of backplane and network connections. Present offload engines with ports to Ethernet are 32 to 40 Gbps f-d at best. The best of ultra-high-speed offload engines use expensive ASICs (application specific integrated circuits) or NPUs (network processing units). The present state of the art also includes bonding and the use of multiple NICs that are also in the planning stages for future portability to ASICs and software to accommodate data rates at 100 Gbps. The remaining industry solutions are for carrier-grade equipment manufacturers, with costly line cards having multiples of 10-Gbps ports, or 100-Gbps ports such as CFP modules that interface to costly ASICs and related circuitry. All of the existing solutions vary in configuration based on requirements of the host, motherboard, or carriergrade equipment. The purpose of the innovation is to eliminate data bottlenecks within cluster, grid, and cloud computing systems, and to add several more capabilities while reducing space consumption and cost. Provisions were designed for interoperability with systems used in the NASA HEC (High-End Computing) program. The new acceleration engine consists of state-ofthe- art FPGA (field-programmable gate array) core IP, C, and Verilog code; novel communication protocol; and extensions to the Globus structure. The engine provides the functions of network acceleration, encryption, compression, packet-ordering, and security added to Globus grid or for cloud data transfer. This system is scalable in nX10-Gbps increments through 100-Gbps f-d. It can be interfaced to industry-standard system-side or network-side devices or core IP in increments of 10 GigE, scaling to provide IEEE 40/100 GigE compliance.

First to Fight in the Next Fight?: The Marine Expeditionary Brigade and a Return to an Expeditionary Marine Corps Strategy

DTIC Science & Technology

2010-01-01

masses of small communications devices. The close-in covert autonomous disposable aircraft ( CICADA ) could provide an expansive network of secure short... CICADAs , the loss of a few nodes could still be compensated for by electronics seeking usable signals from other nearby nodes with network encryption...engine for basic first responder medical information, using a wireless connection, possibly from CICADA , to seek advice from medical personnel, and

Generating Southern Africa Precipitation Forecast Using the FEWS Engine, a New Application for the Google Earth Engine

NASA Astrophysics Data System (ADS)

Landsfeld, M. F.; Hegewisch, K.; Daudert, B.; Morton, C.; Husak, G. J.; Friedrichs, M.; Funk, C. C.; Huntington, J. L.; Abatzoglou, J. T.; Verdin, J. P.

2016-12-01

The Famine Early Warning Systems Network (FEWS NET) focuses on food insecurity in developing nations and provides objective, evidence-based analysis to help government decision-makers and relief agencies plan for and respond to humanitarian emergencies. The network of FEWS NET analysts and scientists require flexible, interactive tools to aid in their monitoring and research efforts. Because they often work in bandwidth-limited regions, lightweight Internet tools and services that bypass the need for downloading massive datasets are preferred for their work. To support food security analysis FEWS NET developed a custom interface for the Google Earth Engine (GEE). GEE is a platform developed by Google to support scientific analysis of environmental data in their cloud computing environment. This platform allows scientists and independent researchers to mine massive collections of environmental data, leveraging Google's vast computational resources for purposes of detecting changes and monitoring the Earth's surface and climate. GEE hosts an enormous amount of satellite imagery and climate archives, one of which is the Climate Hazards Group Infrared Precipitation with Stations dataset (CHIRPS). CHIRPS precipitation dataset is a key input for FEWS NET monitoring and forecasting efforts. In this talk we introduce the FEWS Engine interface. We present an application that highlights the utility of FEWS Engine for forecasting the upcoming seasonal precipitation of southern Africa. Specifically, the current state of ENSO is assessed and used to identify similar historical seasons. The FEWS Engine compositing tool is used to examine rainfall and other environmental data for these analog seasons. The application illustrates the unique benefits of using FEWS Engine for on-the-fly food security scenario development.

Watchdog Project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

The Watchdog Project completed 100% of the project Statement of Project Objective (SOPO). The Watchdog project was a very aggressive project looking to accomplish commercialization of technology that had never been commercialized, as a result it took six years to complete not the original three that were planned. No additional federal funds were requested from the original proposal and SEL contributed the additional cost share required to complete the project. The result of the Watchdog Project is the world’s first industrial rated Software Defined Network (SDN) switch commercially available. This technology achieved the SOPOO and DOE Roadmap goals to havemore » strong network access control, improve reliability and network performance, and give the asset owner the ability to minimize attack surface before and during an attack. The Watchdog project is an alliance between CenterPoint Energy Houston Electric, Pacific Northwest National Laboratories (PNNL), and Schweitzer Engineering Laboratories, Inc. (SEL). SEL is the world’s leader in microprocessor-based electronic equipment for protecting electric power systems. PNNL performs basic and applied research to deliver energy, environmental, and national security for our nation. CenterPoint Energy is the third largest publicly traded natural gas delivery company in the U.S and third largest combined electricity and natural gas delivery company. The Watchdog Project efforts were combined with the SDN Project efforts to produce the entire SDN system solution for the critical infrastructure. The Watchdog project addresses Topic Area of Interest 5: Secure Communications, for the DEFOA- 0000359 by protecting the control system local area network itself and the communications coming from and going to the electronic devices on the local network. Local area networks usually are not routed and have little or no filtering capabilities. Combine this with the fact control system protocols are designed with inherent trust the control system owners have very little choice on how to protect communications on the local network. The Watchdog project reduces security risks in electric sector control system local area networks (LANs) by providing: Network access control (NAC) Multi-Layer firewall (physical through transport layer) Containment of malware or unauthorized traffic spreading across the network White list protocols and application message types filtering Configurable, proactive traffic engineering The Watchdog project achieved all of the above by developing an SDN switch.« less

A malicious pattern detection engine for embedded security systems in the Internet of Things.

PubMed

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-12-16

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

FLOWER IPv4/IPv6 Network Flow Summarization software

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nickless, Bill; Curtis, Darren; Christy, Jason

FLOWER was written as a refactoring/reimplementation of the existing Flo software used by the Cooperative Protection Program (CPP) to provide network flow summaries for analysis by the Operational Analysis Center (OAC) and other US Department of Energy cyber security elements. FLOWER is designed and tested to operate at 10 gigabits/second, nearly 10 times faster than competing solutions. FLOWER output is optimized for importation into SQL databases for categorization and analysis. FLOWER is written in C++ using current best software engineering practices.

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pollet, J.

2006-07-01

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-criticalmore » networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)« less

Simulation Data Management - Requirements and Design Specification

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clay, Robert L.; Friedman-Hill, Ernest J.; Gibson, Marcus J.

Simulation Data Management (SDM), the ability to securely organize, archive, and share analysis models and the artifacts used to create them, is a fundamental requirement for modern engineering analysis based on computational simulation. We have worked separately to provide secure, network SDM services to engineers and scientists at our respective laboratories for over a decade. We propose to leverage our experience and lessons learned to help develop and deploy a next-generation SDM service as part of a multi-laboratory team. This service will be portable across multiple sites and platforms, and will be accessible via a range of command-line tools andmore » well-documented APIs. In this document, we’ll review our high-level and low-level requirements for such a system, review one existing system, and briefly discuss our proposed implementation.« less

Pervasive Sensing: Addressing the Heterogeneity Problem

NASA Astrophysics Data System (ADS)

O'Grady, Michael J.; Murdoch, Olga; Kroon, Barnard; Lillis, David; Carr, Dominic; Collier, Rem W.; O'Hare, Gregory M. P.

2013-06-01

Pervasive sensing is characterized by heterogeneity across a number of dimensions. This raises significant problems for those designing, implementing and deploying sensor networks, irrespective of application domain. Such problems include for example, issues of data provenance and integrity, security, and privacy amongst others. Thus engineering a network that is fit-for-purpose represents a significant challenge. In this paper, the issue of heterogeneity is explored from the perspective of those who seek to harness a pervasive sensing element in their applications. A initial solution is proposed based on the middleware construct.

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

PubMed Central

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-01-01

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns. PMID:25521382

R&D100 Finalist: Neuromorphic Cyber Microscope

DOE Office of Scientific and Technical Information (OSTI.GOV)

Follett, David; Naegle, John; Suppona, Roger

The Neuromorphic Cyber Microscope provides security analysts with unprecedented visibility of their network, computer and storage assets. This processor is the world's first practical implementation of neuromorphic technology to a major computer science mission. Working with Lewis Rhodes Labs, engineers at Sandia National Laboratories have created a device that is orders of magnitude faster at analyzing data to identify cyber-attacks.

Understanding and Managing Causality of Change in Socio-Technical Systems II

DTIC Science & Technology

2011-01-25

SUBJECT TERMS Cognition , Human Effectiveness, Information Science 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as Report (SAR) 18...at large taking into account the cognitive interaction between humans and technology. 8 Hussein Abbass Professor Abbass leads the...Network Centric Operations Future Air Traffic Management Systems Cognitive Engineering including Human-Computer Integration In all of the

ICS logging solution for network-based attacks using Gumistix technology

NASA Astrophysics Data System (ADS)

Otis, Jeremy R.; Berman, Dustin; Butts, Jonathan; Lopez, Juan

2013-05-01

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

Protecting computer-based medical devices: defending against viruses and other threats.

PubMed

2005-07-01

The increasing integration of computer hardware has exposed medical devices to greater risks than ever before. More and more devices rely on commercial off-the-shelf software and operating systems, which are vulnerable to the increasing proliferation of viruses and other malicious programs that target computers. Therefore, it is necessary for hospitals to take steps such as those outlined in this article to ensure that their computer-based devices are made safe and continue to remain safe in the future. Maintaining the security of medical devices requires planning, careful execution, and a commitment of resources. A team should be created to develop a process for surveying the security status of all computerized devices in the hospital and making sure that patches and other updates are applied as needed. These patches and updates should be approved by the medical system supplier before being implemented. The team should consider using virtual local area networks to isolate susceptible devices on the hospital's network. All security measures should be carefully documented, and the documentation should be kept up-to-date. Above all, care must be taken to ensure that medical device security involves a collaborative, supportive partnership between the hospital's information technology staff and biomedical engineering personnel.

Energy Logic (EL): a novel fusion engine of multi-modality multi-agent data/information fusion for intelligent surveillance systems

NASA Astrophysics Data System (ADS)

Rababaah, Haroun; Shirkhodaie, Amir

2009-04-01

The rapidly advancing hardware technology, smart sensors and sensor networks are advancing environment sensing. One major potential of this technology is Large-Scale Surveillance Systems (LS3) especially for, homeland security, battlefield intelligence, facility guarding and other civilian applications. The efficient and effective deployment of LS3 requires addressing number of aspects impacting the scalability of such systems. The scalability factors are related to: computation and memory utilization efficiency, communication bandwidth utilization, network topology (e.g., centralized, ad-hoc, hierarchical or hybrid), network communication protocol and data routing schemes; and local and global data/information fusion scheme for situational awareness. Although, many models have been proposed to address one aspect or another of these issues but, few have addressed the need for a multi-modality multi-agent data/information fusion that has characteristics satisfying the requirements of current and future intelligent sensors and sensor networks. In this paper, we have presented a novel scalable fusion engine for multi-modality multi-agent information fusion for LS3. The new fusion engine is based on a concept we call: Energy Logic. Experimental results of this work as compared to a Fuzzy logic model strongly supported the validity of the new model and inspired future directions for different levels of fusion and different applications.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

Network Penetration Testing and Research

NASA Technical Reports Server (NTRS)

Murphy, Brandon F.

2013-01-01

This paper will focus the on research and testing done on penetrating a network for security purposes. This research will provide the IT security office new methods of attacks across and against a company's network as well as introduce them to new platforms and software that can be used to better assist with protecting against such attacks. Throughout this paper testing and research has been done on two different Linux based operating systems, for attacking and compromising a Windows based host computer. Backtrack 5 and BlackBuntu (Linux based penetration testing operating systems) are two different "attacker'' computers that will attempt to plant viruses and or NASA USRP - Internship Final Report exploits on a host Windows 7 operating system, as well as try to retrieve information from the host. On each Linux OS (Backtrack 5 and BlackBuntu) there is penetration testing software which provides the necessary tools to create exploits that can compromise a windows system as well as other operating systems. This paper will focus on two main methods of deploying exploits 1 onto a host computer in order to retrieve information from a compromised system. One method of deployment for an exploit that was tested is known as a "social engineering" exploit. This type of method requires interaction from unsuspecting user. With this user interaction, a deployed exploit may allow a malicious user to gain access to the unsuspecting user's computer as well as the network that such computer is connected to. Due to more advance security setting and antivirus protection and detection, this method is easily identified and defended against. The second method of exploit deployment is the method mainly focused upon within this paper. This method required extensive research on the best way to compromise a security enabled protected network. Once a network has been compromised, then any and all devices connected to such network has the potential to be compromised as well. With a compromised network, computers and devices can be penetrated through deployed exploits. This paper will illustrate the research done to test ability to penetrate a network without user interaction, in order to retrieve personal information from a targeted host.

A study of the security technology and a new security model for WiFi network

NASA Astrophysics Data System (ADS)

Huang, Jing

2013-07-01

The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

A Grid Infrastructure for Supporting Space-based Science Operations

NASA Technical Reports Server (NTRS)

Bradford, Robert N.; Redman, Sandra H.; McNair, Ann R. (Technical Monitor)

2002-01-01

Emerging technologies for computational grid infrastructures have the potential for revolutionizing the way computers are used in all aspects of our lives. Computational grids are currently being implemented to provide a large-scale, dynamic, and secure research and engineering environments based on standards and next-generation reusable software, enabling greater science and engineering productivity through shared resources and distributed computing for less cost than traditional architectures. Combined with the emerging technologies of high-performance networks, grids provide researchers, scientists and engineers the first real opportunity for an effective distributed collaborative environment with access to resources such as computational and storage systems, instruments, and software tools and services for the most computationally challenging applications.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Interactive, Secure Web-enabled Aircraft Engine Simulation Using XML Databinding Integration

NASA Technical Reports Server (NTRS)

Lin, Risheng; Afjeh, Abdollah A.

2003-01-01

This paper discusses the detailed design of an XML databinding framework for aircraft engine simulation. The framework provides an object interface to access and use engine data. while at the same time preserving the meaning of the original data. The Language independent representation of engine component data enables users to move around XML data using HTTP through disparate networks. The application of this framework is demonstrated via a web-based turbofan propulsion system simulation using the World Wide Web (WWW). A Java Servlet based web component architecture is used for rendering XML engine data into HTML format and dealing with input events from the user, which allows users to interact with simulation data from a web browser. The simulation data can also be saved to a local disk for archiving or to restart the simulation at a later time.

Cyber-Defense Return on Investment for NAVFAC Energy Technologies

DTIC Science & Technology

2017-12-01

Stakeholder input is important to properly develop a tool that reflects the legitimate concerns of those who routinely design , operate, and use control ...cybersecurity results with no control system network connectivity at all. Both are extreme scenarios, unless electrical engineers can design a...support of a Department of Defense (DOD) effort to improve cyber- security in relation to DOD installation control systems. Space and Naval Warfare

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

Enabling Innovation and Collaboration Across Geography and Culture: A Case Study of NASA's Systems Engineering Community of Practice

NASA Technical Reports Server (NTRS)

Topousis, Daria E.; Murphy, Keri; Robinson, Greg

2008-01-01

In 2004, NASA faced major knowledge sharing challenges due to geographically isolated field centers that inhibited personnel from sharing experiences and ideas. Mission failures and new directions for the agency demanded better collaborative tools. In addition, with the push to send astronauts back to the moon and to Mars, NASA recognized that systems engineering would have to improve across the agency. Of the ten field centers, seven had not built a spacecraft in over 30 years, and had lost systems engineering expertise. The Systems Engineering Community of Practice came together to capture the knowledge of its members using the suite of collaborative tools provided by the NASA Engineering Network (NEN.) The NEN provided a secure collaboration space for over 60 practitioners across the agency to assemble and review a NASA systems engineering handbook. Once the handbook was complete, they used the open community area to disseminate it. This case study explores both the technology and the social networking that made the community possible, describes technological approaches that facilitated rapid setup and low maintenance, provides best practices that other organizations could adopt, and discusses the vision for how this community will continue to collaborate across the field centers to benefit the agency as it continues exploring the solar system.

Resource Sharing via Planed Relay for [InlineEquation not available: see fulltext.

NASA Astrophysics Data System (ADS)

Shen, Chong; Rea, Susan; Pesch, Dirk

2008-12-01

We present an improved version of adaptive distributed cross-layer routing algorithm (ADCR) for hybrid wireless network with dedicated relay stations ([InlineEquation not available: see fulltext.]) in this paper. A mobile terminal (MT) may borrow radio resources that are available thousands mile away via secure multihop RNs, where RNs are placed at pre-engineered locations in the network. In rural places such as mountain areas, an MT may also communicate with the core network, when intermediate MTs act as relay node with mobility. To address cross-layer network layers routing issues, the cascaded ADCR establishes routing paths across MTs, RNs, and cellular base stations (BSs) and provides appropriate quality of service (QoS). We verify the routing performance benefits of [InlineEquation not available: see fulltext.] over other networks by intensive simulation.

Final Report: Sensorpedia Phases 1 and 2

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gorman, Bryan L; Resseguie, David R

2010-08-01

Over the past several years, ORNL has been actively involved in research to formalize the engineering principles and best practices behind emerging social media and social networking concepts to solve real-time data sharing problems for national security and defense, public health and safety, environmental and infrastructure awareness, and disaster preparedness and response. Sensorpedia, an ORNL web site, is a practical application of several key social media principles. Dubbed the Wikipedia for sensors, Sensorpedia is currently in limited BETA testing and was selected in 2009 by Federal Computer Week as one of the government s top 10 social networking sites.

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Secure Control Systems for the Energy Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

DTIC Science & Technology

2010-09-01

secure ad-hoc networks of mobile sensors deployed in a hostile environment . These sensors are normally small 86 and resource...Communications Magazine, 51, 2008. 45. Kumar, S.A. “Classification and Review of Security Schemes in Mobile Comput- ing”. Wireless Sensor Network , 2010... Networks ”. Wireless /Mobile Network Security , 2008. 85. Xiao, Y. “Accountability for Wireless LANs, Ad Hoc Networks , and Wireless

Information technology security system engineering methodology

NASA Technical Reports Server (NTRS)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Security Requirements Management in Software Product Line Engineering

NASA Astrophysics Data System (ADS)

Mellado, Daniel; Fernández-Medina, Eduardo; Piattini, Mario

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Routing architecture and security for airborne networks

NASA Astrophysics Data System (ADS)

Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

2009-05-01

Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

Design and Analysis of a Model Reconfigurable Cyber-Exercise Laboratory (RCEL) for Information Assurance Education

DTIC Science & Technology

2004-03-01

with MySQL . This choice was made because MySQL is open source. Any significant database engine such as Oracle or MS- SQL or even MS Access can be used...10 Figure 6. The DoD vs . Commercial Life Cycle...necessarily be interested in SCADA network security 13. MySQL (Database server) – This station represents a typical data server for a web page

Data Management Working Group report

NASA Technical Reports Server (NTRS)

Filardo, Edward J.; Smith, David B.

1986-01-01

The current flight qualification program lags technology insertion by 6 to 10 years. The objective is to develop an integrated software engineering and development environment assisted by an expert system technology. An operating system needs to be developed which is portable to the on-board computers of the year 2000. The use of ADA verses a High-Order Language; fault tolerance; fiber optics networks; communication protocols; and security are also examined and outlined.

The Vulnerability of Social Networking Media and the Insider Threat: New Eyes for Bad Guys

DTIC Science & Technology

2011-09-01

purchased the best security technologies that money can buy...(and still be) totally vulnerable” (Mitnick, 2002). According to the 2011 Data Breach Investigations...Report, for data breach avenues that used social engineering methods, criminals are increasingly relying on direct contact with a...Spitler, M. (2011). 2011 Data breach investigations report. New York: Verizon Business. Bishop, M., Engle, S., Peisert, S., Whalen, S., & Gates, C

Smashing the Stovepipe: Leveraging the GMSEC Open Architecture and Advanced IT Automation to Rapidly Prototype, Develop and Deploy Next-Generation Multi-Mission Ground Systems

NASA Technical Reports Server (NTRS)

Swenson, Paul

2017-01-01

Satellite/Payload Ground Systems - Typically highly-customized to a specific mission's use cases - Utilize hundreds (or thousands!) of specialized point-to-point interfaces for data flows / file transfers Documentation and tracking of these complex interfaces requires extensive time to develop and extremely high staffing costs Implementation and testing of these interfaces are even more cost-prohibitive, and documentation often lags behind implementation resulting in inconsistencies down the road With expanding threat vectors, IT Security, Information Assurance and Operational Security have become key Ground System architecture drivers New Federal security-related directives are generated on a daily basis, imposing new requirements on current / existing ground systems - These mandated activities and data calls typically carry little or no additional funding for implementation As a result, Ground System Sustaining Engineering groups and Information Technology staff continually struggle to keep up with the rolling tide of security Advancing security concerns and shrinking budgets are pushing these large stove-piped ground systems to begin sharing resources - I.e. Operational / SysAdmin staff, IT security baselines, architecture decisions or even networks / hosting infrastructure Refactoring these existing ground systems into multi-mission assets proves extremely challenging due to what is typically very tight coupling between legacy components As a result, many "Multi-Mission" ops. environments end up simply sharing compute resources and networks due to the difficulty of refactoring into true multi-mission systems Utilizing continuous integration / rapid system deployment technologies in conjunction with an open architecture messaging approach allows System Engineers and Architects to worry less about the low-level details of interfaces between components and configuration of systems GMSEC messaging is inherently designed to support multi-mission requirements, and allows components to aggregate data across multiple homogeneous or heterogeneous satellites or payloads - The highly-successful Goddard Science and Planetary Operations Control Center (SPOCC) utilizes GMSEC as the hub for it's automation and situational awareness capability Shifts focus towards getting GS to a final configuration-managed baseline, as well as multi-mission / big-picture capabilities that help increase situational awareness, promote cross-mission sharing and establish enhanced fleet management capabilities across all levels of the enterprise.

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Network Security Validation Using Game Theory

NASA Astrophysics Data System (ADS)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

A Network Access Control Framework for 6LoWPAN Networks

PubMed Central

Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

2013-01-01

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Vehicle Engine Classification Using Spectral Tone-Pitch Vibration Indexing and Neural Network*

PubMed Central

Wei, Jie; Vongsy, Karmon; Mendoza-Schrock, Olga; Liu, Chi-Him

2015-01-01

As a non-invasive and remote sensor, the Laser Doppler Vibrometer (LDV) has found a broad spectrum of applications in various areas such as civil engineering, biomedical engineering, and even security and restoration within art museums. LDV is an ideal sensor to detect threats earlier and provide better protection to society, which is of utmost importance to military and law enforcement institutions. However, the use of LDV in situational surveillance, in particular vehicle classification, is still in its infancy due to the lack of systematic investigations on its behavioral properties. In this work, as a result of the pilot project initiated by Air Force Research Laboratory, the innate features of LDV data from many vehicles are examined, beginning with an investigation of feature differences compared to human speech signals. A spectral tone-pitch vibration indexing scheme is developed to capture the engine’s periodic vibrations and the associated fundamental frequencies over the vehicles’ surface. A two-layer feed-forward neural network with 20 intermediate neurons is employed to classify vehicles’ engines based on their spectral tone-pitch indices. The classification results using the proposed approach over the complete LDV dataset collected by the project are exceedingly encouraging; consistently higher than 96% accuracies are attained for all four types of engines collected from this project. PMID:26788417

Immune Inspired Security Approach for Manets: a Case Study

NASA Astrophysics Data System (ADS)

Mohamed, Yasir Abdelgadir

2011-06-01

This paper extends the work that has earlier been established. Immune inspired approach for securing mobile ad hoc networks is specified there. Although it is clearly indicated there that the research scope is the wireless networks in general and hybrid mobile ad hoc networks in particular, we have seen that specifying the security system in one of the communications applications that need further security approach may help to understand how effectively the system can contribute to this vital and important networks sector. Security in this type of networks is important and controversial as it plays a key role in users' eagerness or reluctance for the services provided by these networks. In this paper, the immune inspired security system is specified to secure web services in converged networks.

Competitive Cyber-Insurance and Internet Security

NASA Astrophysics Data System (ADS)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Safe Grid

NASA Technical Reports Server (NTRS)

Chow, Edward T.; Stewart, Helen; Korsmeyer, David (Technical Monitor)

2003-01-01

The biggest users of GRID technologies came from the science and technology communities. These consist of government, industry and academia (national and international). The NASA GRID is moving into a higher technology readiness level (TRL) today; and as a joint effort among these leaders within government, academia, and industry, the NASA GRID plans to extend availability to enable scientists and engineers across these geographical boundaries collaborate to solve important problems facing the world in the 21 st century. In order to enable NASA programs and missions to use IPG resources for program and mission design, the IPG capabilities needs to be accessible from inside the NASA center networks. However, because different NASA centers maintain different security domains, the GRID penetration across different firewalls is a concern for center security people. This is the reason why some IPG resources are been separated from the NASA center network. Also, because of the center network security and ITAR concerns, the NASA IPG resource owner may not have full control over who can access remotely from outside the NASA center. In order to obtain organizational approval for secured remote access, the IPG infrastructure needs to be adapted to work with the NASA business process. Improvements need to be made before the IPG can be used for NASA program and mission development. The Secured Advanced Federated Environment (SAFE) technology is designed to provide federated security across NASA center and NASA partner's security domains. Instead of one giant center firewall which can be difficult to modify for different GRID applications, the SAFE "micro security domain" provide large number of professionally managed "micro firewalls" that can allow NASA centers to accept remote IPG access without the worry of damaging other center resources. The SAFE policy-driven capability-based federated security mechanism can enable joint organizational and resource owner approved remote access from outside of NASA centers. A SAFE enabled IPG can enable IPG capabilities to be available to NASA mission design teams across different NASA center and partner company firewalls. This paper will first discuss some of the potential security issues for IPG to work across NASA center firewalls. We will then present the SAFE federated security model. Finally we will present the concept of the architecture of a SAFE enabled IPG and how it can benefit NASA mission development.

40 CFR 1068.225 - What are the provisions for exempting engines/equipment for national security?

Code of Federal Regulations, 2010 CFR

2010-07-01

... engines/equipment for national security? 1068.225 Section 1068.225 Protection of Environment ENVIRONMENTAL... security? (a) An engine/equipment is exempt without a request if it will be used or owned by an agency of...) Manufacturers may request a national security exemption for engines/equipment not meeting the conditions of...

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

SEADE: Countering the Futility of Network Security

DTIC Science & Technology

2015-10-01

guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

Anticipatory ethics for a future Internet: analyzing values during the design of an Internet infrastructure.

PubMed

Shilton, Katie

2015-02-01

The technical details of Internet architecture affect social debates about privacy and autonomy, intellectual property, cybersecurity, and the basic performance and reliability of Internet services. This paper explores one method for practicing anticipatory ethics in order to understand how a new infrastructure for the Internet might impact these social debates. This paper systematically examines values expressed by an Internet architecture engineering team-the Named Data Networking project-based on data gathered from publications and internal documents. Networking engineers making technical choices also weigh non-technical values when working on Internet infrastructure. Analysis of the team's documents reveals both values invoked in response to technical constraints and possibilities, such as efficiency and dynamism, as well as values, including privacy, security and anonymity, which stem from a concern for personal liberties. More peripheral communitarian values espoused by the engineers include democratization and trust. The paper considers the contextual and social origins of these values, and then uses them as a method of practicing anticipatory ethics: considering the impact such priorities may have on a future Internet.

Toward Synthesis, Analysis, and Certification of Security Protocols

NASA Technical Reports Server (NTRS)

Schumann, Johann

2004-01-01

Implemented security protocols are basically pieces of software which are used to (a) authenticate the other communication partners, (b) establish a secure communication channel between them (using insecure communication media), and (c) transfer data between the communication partners in such a way that these data only available to the desired receiver, but not to anyone else. Such an implementation usually consists of the following components: the protocol-engine, which controls in which sequence the messages of the protocol are sent over the network, and which controls the assembly/disassembly and processing (e.g., decryption) of the data. the cryptographic routines to actually encrypt or decrypt the data (using given keys), and t,he interface to the operating system and to the application. For a correct working of such a security protocol, all of these components must work flawlessly. Many formal-methods based techniques for the analysis of a security protocols have been developed. They range from using specific logics (e.g.: BAN-logic [4], or higher order logics [12] to model checking [2] approaches. In each approach, the analysis tries to prove that no (or at least not a modeled intruder) can get access to secret data. Otherwise, a scenario illustrating the &tack may be produced. Despite the seeming simplicity of security protocols ("only" a few messages are sent between the protocol partners in order to ensure a secure communication), many flaws have been detected. Unfortunately, even a perfect protocol engine does not guarantee flawless working of a security protocol, as incidents show. Many break-ins and security vulnerabilities are caused by exploiting errors in the implementation of the protocol engine or the underlying operating system. Attacks using buffer-overflows are a very common class of such attacks. Errors in the implementation of exception or error handling can open up additional vulnerabilities. For example, on a website with a log-in screen: multiple tries with invalid passwords caused the expected error message (too many retries). but let the user nevertheless pass. Finally, security can be compromised by silly implementation bugs or design decisions. In a commercial VPN software, all calls to the encryption routines were incidentally replaced by stubs, probably during factory testing. The product worked nicely. and the error (an open VPN) would have gone undetected, if a team member had not inspected the low-level traffic out of curiosity. Also, the use secret proprietary encryption routines can backfire, because such algorithms often exhibit weaknesses which can be exploited easily (see e.g., DVD encoding). Summarizing, there is large number of possibilities to make errors which can compromise the security of a protocol. In today s world with short time-to-market and the use of security protocols in open and hostile networks for safety-critical applications (e.g., power or air-traffic control), such slips could lead to catastrophic situations. Thus, formal methods and automatic reasoning techniques should not be used just for the formal proof of absence of an attack, but they ought to be used to provide an end-to-end tool-supported framework for security software. With such an approach all required artifacts (code, documentation, test cases) , formal analyses, and reliable certification will be generated automatically, given a single, high level specification. By a combination of program synthesis, formal protocol analysis, certification; and proof-carrying code, this goal is within practical reach, since all the important technologies for such an approach actually exist and only need to be assembled in the right way.

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks.

PubMed

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-04-12

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes' resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach.

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

Planning Considerations for Secure Network Protocols

DTIC Science & Technology

1999-03-01

distribution / management ) requirements needed to support network security services are examined. The thesis concludes by identifying tactical user network requirements and suggests security issues to be considered in concert with network

The medical science DMZ: a network design pattern for data-intensive medical science.

PubMed

Peisert, Sean; Dart, Eli; Barnett, William; Balas, Edward; Cuff, James; Grossman, Robert L; Berman, Ari; Shankar, Anurag; Tierney, Brian

2017-10-06

We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations. High-end networking, packet-filter firewalls, network intrusion-detection systems. We describe a "Medical Science DMZ" concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs. The exponentially increasing amounts of "omics" data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research "Big Data." The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with the Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows. By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements. © The Author 2017. Published by Oxford University Press on behalf of the American Medical Informatics Association.

Security Aspects of an Enterprise-Wide Network Architecture.

ERIC Educational Resources Information Center

Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

1999-01-01

Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

Security and Privacy Preservation in Human-Involved Networks

NASA Astrophysics Data System (ADS)

Asher, Craig; Aumasson, Jean-Philippe; Phan, Raphael C.-W.

This paper discusses security within human-involved networks, with a focus on social networking services (SNS). We argue that more secure networks could be designed using semi-formal security models inspired from cryptography, as well as notions like that of ceremony, which exploits human-specific abilities and psychology to assist creating more secure protocols. We illustrate some of our ideas with the example of the SNS Facebook.

Security and SCADA protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Igure, V. M.; Williams, R. D.

2006-07-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

Computer and Network Security in Small Libraries: A Guide for Planning.

ERIC Educational Resources Information Center

Williams, Robert L.

This manual is intended to provide a free resource on essential network security concepts for non-technical managers of small libraries. Managers of other small nonprofit or community organizations will also benefit from it. An introduction defines network security; outlines three goals of network security; discusses why a library should be…

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

Development of a HIPAA-compliant environment for translational research data and analytics.

PubMed

Bradford, Wayne; Hurdle, John F; LaSalle, Bernie; Facelli, Julio C

2014-01-01

High-performance computing centers (HPC) traditionally have far less restrictive privacy management policies than those encountered in healthcare. We show how an HPC can be re-engineered to accommodate clinical data while retaining its utility in computationally intensive tasks such as data mining, machine learning, and statistics. We also discuss deploying protected virtual machines. A critical planning step was to engage the university's information security operations and the information security and privacy office. Access to the environment requires a double authentication mechanism. The first level of authentication requires access to the university's virtual private network and the second requires that the users be listed in the HPC network information service directory. The physical hardware resides in a data center with controlled room access. All employees of the HPC and its users take the university's local Health Insurance Portability and Accountability Act training series. In the first 3 years, researcher count has increased from 6 to 58.

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Hybrid architecture for building secure sensor networks

NASA Astrophysics Data System (ADS)

Owens, Ken R., Jr.; Watkins, Steve E.

2012-04-01

Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks

PubMed Central

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-01-01

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes’ resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach. PMID:27077866

Applying Web-Based Tools for Research, Engineering, and Operations

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2011-01-01

Personnel in the NASA Glenn Research Center Network and Architectures branch have performed a variety of research related to space-based sensor webs, network centric operations, security and delay tolerant networking (DTN). Quality documentation and communications, real-time monitoring and information dissemination are critical in order to perform quality research while maintaining low cost and utilizing multiple remote systems. This has been accomplished using a variety of Internet technologies often operating simultaneously. This paper describes important features of various technologies and provides a number of real-world examples of how combining Internet technologies can enable a virtual team to act efficiently as one unit to perform advanced research in operational systems. Finally, real and potential abuses of power and manipulation of information and information access is addressed.

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

Security clustering algorithm based on reputation in hierarchical peer-to-peer network

NASA Astrophysics Data System (ADS)

Chen, Mei; Luo, Xin; Wu, Guowen; Tan, Yang; Kita, Kenji

2013-03-01

For the security problems of the hierarchical P2P network (HPN), the paper presents a security clustering algorithm based on reputation (CABR). In the algorithm, we take the reputation mechanism for ensuring the security of transaction and use cluster for managing the reputation mechanism. In order to improve security, reduce cost of network brought by management of reputation and enhance stability of cluster, we select reputation, the historical average online time, and the network bandwidth as the basic factors of the comprehensive performance of node. Simulation results showed that the proposed algorithm improved the security, reduced the network overhead, and enhanced stability of cluster.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

40 CFR 91.1008 - National security exemption.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE SPARK-IGNITION ENGINES Exclusion and Exemption of Marine SI Engines § 91.1008 National security exemption. (a)(1) Any marine SI engine, otherwise subject to this part... request a national security exemption for any marine SI engine, otherwise subject to this part, which does...

Wireless Security Within Hastily Formed Networks

DTIC Science & Technology

2006-09-01

WLAN DEVICES (STEP ONE) ............34 1. Personal Firewalls..............................................................................34 2. Anti ...includes client devices , access points, network infrastructure, network management, and delivery of mobility services to maintain network security and...Technology Special Publication 800-48, Wireless Network Security, 802.11, Bluetooth , and Handheld Devices . Available at http://csrc.nist.gov

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

DOEpatents

Chen, Yu-Gene T.

2013-04-16

A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

IsoWAN: A NASA Science and Engineering Information and Services Framework

NASA Technical Reports Server (NTRS)

Korsmeyer, David J.; Chow, Edward T.; Conroy, Michael P.; Swanson, Keith (Technical Monitor)

2000-01-01

We believe that the next evolutionary step in supporting wide-area application and services delivery to customers is a network framework that provides for collocation of applications and services at distinct sites in the network, an interconnection between these sites that is performance optimized for these applications, and value-added services for applications. We use the term IsoWAN to describe an advanced, isolated network interconnect services framework that will enable applications to be more secure, and able to access and be in use in both local and remote environments. The main functions of an IsoWAN are virtual localization of application services, an application service interface, coordinated delivery of applications and associated data to the customer, and supporting collaborative application development for customers. An initial pilot network between three NASA Centers: Ames Research Center, the Jet Propulsion Laboratory, and Marshall Space Flight Center, has been built and its properties will be discussed.

Space-based Science Operations Grid Prototype

NASA Technical Reports Server (NTRS)

Bradford, Robert N.; Welch, Clara L.; Redman, Sandra

2004-01-01

Grid technology is the up and coming technology that is enabling widely disparate services to be offered to users that is very economical, easy to use and not available on a wide basis. Under the Grid concept disparate organizations generally defined as "virtual organizations" can share services i.e. sharing discipline specific computer applications, required to accomplish the specific scientific and engineering organizational goals and objectives. Grids are emerging as the new technology of the future. Grid technology has been enabled by the evolution of increasingly high speed networking. Without the evolution of high speed networking Grid technology would not have emerged. NASA/Marshall Space Flight Center's (MSFC) Flight Projects Directorate, Ground Systems Department is developing a Space-based Science Operations Grid prototype to provide to scientists and engineers the tools necessary to operate space-based science payloads/experiments and for scientists to conduct public and educational outreach. In addition Grid technology can provide new services not currently available to users. These services include mission voice and video, application sharing, telemetry management and display, payload and experiment commanding, data mining, high order data processing, discipline specific application sharing and data storage, all from a single grid portal. The Prototype will provide most of these services in a first step demonstration of integrated Grid and space-based science operations technologies. It will initially be based on the International Space Station science operational services located at the Payload Operations Integration Center at MSFC, but can be applied to many NASA projects including free flying satellites and future projects. The Prototype will use the Internet2 Abilene Research and Education Network that is currently a 10 Gb backbone network to reach the University of Alabama at Huntsville and several other, as yet unidentified, Space Station based science experimenters. There is an international aspect to the Grid involving the America's Pathway (AMPath) network, the Chilean REUNA Research and Education Network and the University of Chile in Santiago that will further demonstrate how extensive these services can be used. From the user's perspective, the Prototype will provide a single interface and logon to these varied services without the complexity of knowing the where's and how's of each service. There is a separate and deliberate emphasis on security. Security will be addressed by specifically outlining the different approaches and tools used. Grid technology, unlike the Internet, is being designed with security in mind. In addition we will show the locations, configurations and network paths associated with each service and virtual organization. We will discuss the separate virtual organizations that we define for the varied user communities. These will include certain, as yet undetermined, space-based science functions and/or processes and will include specific virtual organizations required for public and educational outreach and science and engineering collaboration. We will also discuss the Grid Prototype performance and the potential for further Grid applications both space-based and ground based projects and processes. In this paper and presentation we will detail each service and how they are integrated using Grid

78 FR 775 - Goodman Networks, Inc. Core Network Engineering (Deployment Engineering) Division Alpharetta, GA...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-04

...,846B; TA-W-81,846C; TA-W-81,846D] Goodman Networks, Inc. Core Network Engineering (Deployment Engineering) Division Alpharetta, GA; Goodman Networks, Inc. Core Network Engineering (Deployment Engineering) Division Hunt Valley, MD; Goodman Networks, Inc. Core Network Engineering (Deployment Engineering) Division...

Correlation Research of Medical Security Management System Network Platform in Medical Practice

NASA Astrophysics Data System (ADS)

Jie, Wang; Fan, Zhang; Jian, Hao; Li-nong, Yu; Jun, Fei; Ping, Hao; Ya-wei, Shen; Yue-jin, Chang

Objective-The related research of medical security management system network in medical practice. Methods-Establishing network platform of medical safety management system, medical security network host station, medical security management system(C/S), medical security management system of departments and sections, comprehensive query, medical security disposal and examination system. Results-In medical safety management, medical security management system can reflect the hospital medical security problem, and can achieve real-time detection and improve the medical security incident detection rate. Conclusion-The application of the research in the hospital management implementation, can find hospital medical security hidden danger and the problems of medical disputes, and can help in resolving medical disputes in time and achieve good work efficiency, which is worth applying in the hospital practice.

Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

NASA Astrophysics Data System (ADS)

Ahmad, Mushtaq

Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

Ethical Guidelines for Computer Security Researchers: "Be Reasonable"

NASA Astrophysics Data System (ADS)

Sassaman, Len

For most of its existence, the field of computer science has been lucky enough to avoid ethical dilemmas by virtue of its relatively benign nature. The subdisciplines of programming methodology research, microprocessor design, and so forth have little room for the greater questions of human harm. Other, more recently developed sub-disciplines, such as data mining, social network analysis, behavioral profiling, and general computer security, however, open the door to abuse of users by practitioners and researchers. It is therefore the duty of the men and women who chart the course of these fields to set rules for themselves regarding what sorts of actions on their part are to be considered acceptable and what should be avoided or handled with caution out of ethical concerns. This paper deals solely with the issues faced by computer security researchers, be they vulnerability analysts, privacy system designers, malware experts, or reverse engineers.

The medical science DMZ: a network design pattern for data-intensive medical science

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peisert, Sean; Dart, Eli; Barnett, William

We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations.High-end networking, packet-filter firewalls, network intrusion-detection systems.We describe a "Medical Science DMZ" concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs.The exponentially increasing amounts of "omics" data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research "Big Data." The storage, analysis, and networkmore » resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with the Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows.By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements.« less

The Medical Science DMZ.

PubMed

Peisert, Sean; Barnett, William; Dart, Eli; Cuff, James; Grossman, Robert L; Balas, Edward; Berman, Ari; Shankar, Anurag; Tierney, Brian

2016-11-01

We describe use cases and an institutional reference architecture for maintaining high-capacity, data-intensive network flows (e.g., 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations. High-end networking, packet filter firewalls, network intrusion detection systems. We describe a "Medical Science DMZ" concept as an option for secure, high-volume transport of large, sensitive data sets between research institutions over national research networks. The exponentially increasing amounts of "omics" data, the rapid increase of high-quality imaging, and other rapidly growing clinical data sets have resulted in the rise of biomedical research "big data." The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large data sets. Maintaining data-intensive flows that comply with HIPAA and other regulations presents a new challenge for biomedical research. Recognizing this, we describe a strategy that marries performance and security by borrowing from and redefining the concept of a "Science DMZ"-a framework that is used in physical sciences and engineering research to manage high-capacity data flows. By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements. © The Author 2016. Published by Oxford University Press on behalf of the American Medical Informatics Association.

The Medical Science DMZ

PubMed Central

Barnett, William; Dart, Eli; Cuff, James; Grossman, Robert L; Balas, Edward; Berman, Ari; Shankar, Anurag; Tierney, Brian

2016-01-01

Objective We describe use cases and an institutional reference architecture for maintaining high-capacity, data-intensive network flows (e.g., 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations. Materials and Methods High-end networking, packet filter firewalls, network intrusion detection systems. Results We describe a “Medical Science DMZ” concept as an option for secure, high-volume transport of large, sensitive data sets between research institutions over national research networks. Discussion The exponentially increasing amounts of “omics” data, the rapid increase of high-quality imaging, and other rapidly growing clinical data sets have resulted in the rise of biomedical research “big data.” The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large data sets. Maintaining data-intensive flows that comply with HIPAA and other regulations presents a new challenge for biomedical research. Recognizing this, we describe a strategy that marries performance and security by borrowing from and redefining the concept of a “Science DMZ”—a framework that is used in physical sciences and engineering research to manage high-capacity data flows. Conclusion By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements. PMID:27136944

Key Exchange Trust Evaluation in Peer-to-Peer Sensor Networks With Unconditionally Secure Key Exchange

NASA Astrophysics Data System (ADS)

Gonzalez, Elias; Kish, Laszlo B.

2016-03-01

As the utilization of sensor networks continue to increase, the importance of security becomes more profound. Many industries depend on sensor networks for critical tasks, and a malicious entity can potentially cause catastrophic damage. We propose a new key exchange trust evaluation for peer-to-peer sensor networks, where part of the network has unconditionally secure key exchange. For a given sensor, the higher the portion of channels with unconditionally secure key exchange the higher the trust value. We give a brief introduction to unconditionally secured key exchange concepts and mention current trust measures in sensor networks. We demonstrate the new key exchange trust measure on a hypothetical sensor network using both wired and wireless communication channels.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-29

... Network Advisory Committee (HSINAC) AGENCY: Operation Coordination and Planning/Office of Chief.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...

Security of Quantum Repeater Network Operation

DTIC Science & Technology

2016-10-03

AFRL-AFOSR-JP-TR-2016-0079 Security of Quantum Repeater Network Operation Rodney Van Meter KEIO UNIVERSITY Final Report 10/03/2016 DISTRIBUTION A...To)  29 May 2014 to 28 May 2016 4. TITLE AND SUBTITLE Security of Quantum Repeater Network Operation 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386...ABSTRACT Much of the work on quantum networks , both entangled and unentangled, has been about the uses of quantum networks to enhance end- host security

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Wearable Sensors; Applications, design and implementation

NASA Astrophysics Data System (ADS)

Mukhopadhyay, Subhas Chandra; Islam, Tarikul

2017-12-01

With the ability to monitor a vast range of physiological parameters, combined with wireless technology, wireless sensor networks and the Internet of Things, wearable sensors are revolutionising the field of digital health monitoring. In addition to applications in health monitoring, such technology is being used to monitor the state of our living environment and even the quality of our foods and the wellbeing of livestock. Written for scientists, engineers and practitioners by an international collection of authors, this book reviews the fundamentals of wearable sensors, their function, design, fabrication and implementation. Their application and advanced aspects including interface electronics and signal processing for easy interpretation of data, data transmission, data networking, data security, and privacy are also included.

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications.

PubMed

Fernández-Caramés, Tiago M; Fraga-Lamas, Paula; Suárez-Albela, Manuel; Castedo, Luis

2016-12-24

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol.

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications

PubMed Central

Fernández-Caramés, Tiago M.; Fraga-Lamas, Paula; Suárez-Albela, Manuel; Castedo, Luis

2016-01-01

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol. PMID:28029119

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 3 2011-10-01 2011-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 3 2010-10-01 2010-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2012-10-01 2012-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

A feedback-based secure path approach for wireless sensor network data collection.

PubMed

Mao, Yuxin; Wei, Guiyi

2010-01-01

The unattended nature of wireless sensor networks makes them very vulnerable to malicious attacks. Therefore, how to preserve secure data collection is an important issue to wireless sensor networks. In this paper, we propose a novel approach of secure data collection for wireless sensor networks. We explore secret sharing and multipath routing to achieve secure data collection in wireless sensor network with compromised nodes. We present a novel tracing-feedback mechanism, which makes full use of the routing functionality of wireless sensor networks, to improve the quality of data collection. The major advantage of the approach is that the secure paths are constructed as a by-product of data collection. The process of secure routing causes little overhead to the sensor nodes in the network. Compared with existing works, the algorithms of the proposed approach are easy to implement and execute in resource-constrained wireless sensor networks. According to the result of a simulation experiment, the performance of the approach is better than the recent approaches with a similar purpose.

Insecure Behaviors on Mobile Devices Under Stress

DTIC Science & Technology

2014-04-08

a text or in an email . The most secure network is only as secure as its most careless user. Thus, in the current project we sought to discover the...challenges in mobile security is human behavior. The most secure password may be useless if it is sent as a text or in an email . The most secure network...The most secure password may be useless if it is sent as a text or in an email . The most secure network is only as secure as its most careless user

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Improving the Quality of Service and Security of Military Networks with a Network Tasking Order Process

DTIC Science & Technology

2010-09-01

IMPROVING THE QUALITY OF SERVICE AND SECURITY OF MILITARY NETWORKS WITH A NETWORK TASKING ORDER...United States. AFIT/DCS/ENG/10-09 IMPROVING THE QUALITY OF SERVICE AND SECURITY OF MILITARY NETWORKS WITH A NETWORK TASKING ORDER PROCESS...USAF September 2010 APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED AFIT/DCS/ENG/10-09 IMPROVING THE QUALITY OF SERVICE AND

Field test of quantum key distribution in the Tokyo QKD Network.

PubMed

Sasaki, M; Fujiwara, M; Ishizuka, H; Klaus, W; Wakui, K; Takeoka, M; Miki, S; Yamashita, T; Wang, Z; Tanaka, A; Yoshino, K; Nambu, Y; Takahashi, S; Tajima, A; Tomita, A; Domeki, T; Hasegawa, T; Sakai, Y; Kobayashi, H; Asai, T; Shimizu, K; Tokura, T; Tsurumaru, T; Matsui, M; Honjo, T; Tamaki, K; Takesue, H; Tokura, Y; Dynes, J F; Dixon, A R; Sharpe, A W; Yuan, Z L; Shields, A J; Uchikoga, S; Legré, M; Robyr, S; Trinkler, P; Monat, L; Page, J-B; Ribordy, G; Poppe, A; Allacher, A; Maurhart, O; Länger, T; Peev, M; Zeilinger, A

2011-05-23

A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us to demonstrate the world-first secure TV conferencing over a distance of 45km. The network includes a commercial QKD product for long-term stable operation, and application interface to secure mobile phones. Detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network.

Mobile Virtual Private Networking

NASA Astrophysics Data System (ADS)

Pulkkis, Göran; Grahn, Kaj; Mårtens, Mathias; Mattsson, Jonny

Mobile Virtual Private Networking (VPN) solutions based on the Internet Security Protocol (IPSec), Transport Layer Security/Secure Socket Layer (SSL/TLS), Secure Shell (SSH), 3G/GPRS cellular networks, Mobile IP, and the presently experimental Host Identity Protocol (HIP) are described, compared and evaluated. Mobile VPN solutions based on HIP are recommended for future networking because of superior processing efficiency and network capacity demand features. Mobile VPN implementation issues associated with the IP protocol versions IPv4 and IPv6 are also evaluated. Mobile VPN implementation experiences are presented and discussed.

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

GLOBECOM '87 - Global Telecommunications Conference, Tokyo, Japan, Nov. 15-18, 1987, Conference Record. Volumes 1, 2, & 3

NASA Astrophysics Data System (ADS)

The present conference on global telecommunications discusses topics in the fields of Integrated Services Digital Network (ISDN) technology field trial planning and results to date, motion video coding, ISDN networking, future network communications security, flexible and intelligent voice/data networks, Asian and Pacific lightwave and radio systems, subscriber radio systems, the performance of distributed systems, signal processing theory, satellite communications modulation and coding, and terminals for the handicapped. Also discussed are knowledge-based technologies for communications systems, future satellite transmissions, high quality image services, novel digital signal processors, broadband network access interface, traffic engineering for ISDN design and planning, telecommunications software, coherent optical communications, multimedia terminal systems, advanced speed coding, portable and mobile radio communications, multi-Gbit/second lightwave transmission systems, enhanced capability digital terminals, communications network reliability, advanced antimultipath fading techniques, undersea lightwave transmission, image coding, modulation and synchronization, adaptive signal processing, integrated optical devices, VLSI technologies for ISDN, field performance of packet switching, CSMA protocols, optical transport system architectures for broadband ISDN, mobile satellite communications, indoor wireless communication, echo cancellation in communications, and distributed network algorithms.

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

PubMed Central

Paramasivan, B.; Kaliappan, M.

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

PubMed

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Open source system OpenVPN in a function of Virtual Private Network

NASA Astrophysics Data System (ADS)

Skendzic, A.; Kovacic, B.

2017-05-01

Using of Virtual Private Networks (VPN) can establish high security level in network communication. VPN technology enables high security networking using distributed or public network infrastructure. VPN uses different security and managing rules inside networks. It can be set up using different communication channels like Internet or separate ISP communication infrastructure. VPN private network makes security communication channel over public network between two endpoints (computers). OpenVPN is an open source software product under GNU General Public License (GPL) that can be used to establish VPN communication between two computers inside business local network over public communication infrastructure. It uses special security protocols and 256-bit Encryption and it is capable of traversing network address translators (NATs) and firewalls. It allows computers to authenticate each other using a pre-shared secret key, certificates or username and password. This work gives review of VPN technology with a special accent on OpenVPN. This paper will also give comparison and financial benefits of using open source VPN software in business environment.

Workshop on Scientific Analysis and Policy in Network Security

DTIC Science & Technology

2010-09-10

IBBT Dcpt. Electrical Engineering-ESAT/COSlC. Kasteelpark Arenberg 10 Bus 2446, B-3001 Leuven. Belgium bart.preneelflesat.kuleuven.be Abstract. This...Bouissou1,3 1 Electricity de France R&D, 1 avenue du General de Gaulle, 92141 Clamart, France 2 Institut Telecom, Telecom ParisTech, 46 rue Barrault...for any x G Aj1; /, !,_0(x) is a probability distribution on AQ, such that if x G S{i then £jeS, (/’.^(.OXj) = L illul if x e Dii > then £j

Evaluation of a Cyber Security System for Hospital Network.

PubMed

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

3 CFR 13587 - Executive Order 13587 of October 7, 2011. Structural Reforms To Improve the Security of...

Code of Federal Regulations, 2012 CFR

2012-01-01

... Reforms To Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of... October 7, 2011 EO 13587 Structural Reforms To Improve the Security of Classified Networks and the... networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified...

Understand the Big Picture So You Can Plan for Network Security

ERIC Educational Resources Information Center

Cervone, Frank

2005-01-01

This article discusses network security for libraries. It indicates that there were only six exploit (security exposure) problems, worldwide, reported to the CERT Coordination Center back in 1988. In that year, the CERT had just been established to provide a clearinghouse for exchanging information about network security problems. By 2003, the…

Using Public Network Infrastructures for UAV Remote Sensing in Civilian Security Operations

DTIC Science & Technology

2011-03-01

leveraging public wireless communication networks for UAV-based sensor networks with respect to existing constraints and user requirements...Detection with an Autonomous Micro UAV Mesh Network . In the near future police departments, fire brigades and other homeland security ...UAV-based sensor networks with respect to existing constraints and user requirements. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION

78 FR 12359 - Goodman Networks, Inc., Core Network Engineering (Deployment Engineering) Division Including...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-22

...., Core Network Engineering (Deployment Engineering) Division Including Workers in the Core Network Engineering (Deployment Engineering) Division in Alpharetta, GA, Hunt Valley, MD, Naperville, IL, and St... Reconsideration applicable to workers and former workers of Goodman Networks, Inc., Core Network Engineering...

Final report for the Multiprotocol Label Switching (MPLS) control plane security LDRD project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Torgerson, Mark Dolan; Michalski, John T.; Tarman, Thomas David

2003-09-01

As rapid Internet growth continues, global communications becomes more dependent on Internet availability for information transfer. Recently, the Internet Engineering Task Force (IETF) introduced a new protocol, Multiple Protocol Label Switching (MPLS), to provide high-performance data flows within the Internet. MPLS emulates two major aspects of the Asynchronous Transfer Mode (ATM) technology. First, each initial IP packet is 'routed' to its destination based on previously known delay and congestion avoidance mechanisms. This allows for effective distribution of network resources and reduces the probability of congestion. Second, after route selection each subsequent packet is assigned a label at each hop, whichmore » determines the output port for the packet to reach its final destination. These labels guide the forwarding of each packet at routing nodes more efficiently and with more control than traditional IP forwarding (based on complete address information in each packet) for high-performance data flows. Label assignment is critical in the prompt and accurate delivery of user data. However, the protocols for label distribution were not adequately secured. Thus, if an adversary compromises a node by intercepting and modifying, or more simply injecting false labels into the packet-forwarding engine, the propagation of improperly labeled data flows could create instability in the entire network. In addition, some Virtual Private Network (VPN) solutions take advantage of this 'virtual channel' configuration to eliminate the need for user data encryption to provide privacy. VPN's relying on MPLS require accurate label assignment to maintain user data protection. This research developed a working distributive trust model that demonstrated how to deploy confidentiality, authentication, and non-repudiation in the global network label switching control plane. Simulation models and laboratory testbed implementations that demonstrated this concept were developed, and results from this research were transferred to industry via standards in the Optical Internetworking Forum (OIF).« less

Potential uses of a wireless network in physical security systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Witzke, Edward L.

2010-07-01

Many possible applications requiring or benefiting from a wireless network are available for bolstering physical security and awareness at high security installations or facilities. These enhancements are not always straightforward and may require careful analysis, selection, tuning, and implementation of wireless technologies. In this paper, an introduction to wireless networks and the task of enhancing physical security is first given. Next, numerous applications of a wireless network are brought forth. The technical issues that arise when using a wireless network to support these applications are then discussed. Finally, a summary is presented.

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Security of Quantum Repeater Network Operation

DTIC Science & Technology

2016-10-03

readily in quantum networks than in classical networks. Our presentation at the SENT workshop attracted the attention of computer and network researchers...AFRL-AFOSR-JP-TR-2016-0079 Security of Quantum Repeater Network Operation Rodney Van Meter KEIO UNIVERSITY Final Report 10/03/2016 DISTRIBUTION A...To)  29 May 2014 to 28 May 2016 4. TITLE AND SUBTITLE Security of Quantum Repeater Network Operation 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386

A Feedback-Based Secure Path Approach for Wireless Sensor Network Data Collection

PubMed Central

Mao, Yuxin; Wei, Guiyi

2010-01-01

The unattended nature of wireless sensor networks makes them very vulnerable to malicious attacks. Therefore, how to preserve secure data collection is an important issue to wireless sensor networks. In this paper, we propose a novel approach of secure data collection for wireless sensor networks. We explore secret sharing and multipath routing to achieve secure data collection in wireless sensor network with compromised nodes. We present a novel tracing-feedback mechanism, which makes full use of the routing functionality of wireless sensor networks, to improve the quality of data collection. The major advantage of the approach is that the secure paths are constructed as a by-product of data collection. The process of secure routing causes little overhead to the sensor nodes in the network. Compared with existing works, the algorithms of the proposed approach are easy to implement and execute in resource-constrained wireless sensor networks. According to the result of a simulation experiment, the performance of the approach is better than the recent approaches with a similar purpose. PMID:22163424

SCODE: A Secure Coordination-Based Data Dissemination to Mobile Sinks in Sensor Networks

NASA Astrophysics Data System (ADS)

Hung, Lexuan; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

For many sensor network applications such as military, homeland security, it is necessary for users (sinks) to access sensor networks while they are moving. However, sink mobility brings new challenges to secure routing in large-scale sensor networks. Mobile sinks have to constantly propagate their current location to all nodes, and these nodes need to exchange messages with each other so that the sensor network can establish and maintain a secure multi-hop path between a source node and a mobile sink. This causes significant computation and communication overhead for sensor nodes. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. In this paper, we propose a secure and energy-efficient data dissemination protocol — Secure COodination-based Data dissEmination (SCODE) — for mobile sinks in sensor networks. We take advantages of coordination networks (grid structure) based on Geographical Adaptive Fidelity (GAF) protocol to construct a secure and efficient routing path between sources and sinks. Our security analysis demonstrates that the proposed protocol can defend against common attacks in sensor network routing such as replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Our performance evaluation both in mathematical analysis and simulation shows that the SCODE significantly reduces communication overhead and energy consumption while the latency is similar compared with the existing routing protocols, and it always delivers more than 90 percentage of packets successfully.

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

PubMed

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

PubMed Central

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-01-01

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

Towards secure quantum key distribution protocol for wireless LANs: a hybrid approach

NASA Astrophysics Data System (ADS)

Naik, R. Lalu; Reddy, P. Chenna

2015-12-01

The primary goals of security such as authentication, confidentiality, integrity and non-repudiation in communication networks can be achieved with secure key distribution. Quantum mechanisms are highly secure means of distributing secret keys as they are unconditionally secure. Quantum key distribution protocols can effectively prevent various attacks in the quantum channel, while classical cryptography is efficient in authentication and verification of secret keys. By combining both quantum cryptography and classical cryptography, security of communications over networks can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic paradigms for provably secure communications to prevent replay, man-in-the-middle, and passive attacks. In this paper, we propose a new scheme with the combination of quantum cryptography and classical cryptography for 802.11i wireless LANs. Since quantum cryptography is premature in wireless networks, our work is a significant step forward toward securing communications in wireless networks. Our scheme is known as hybrid quantum key distribution protocol. Our analytical results revealed that the proposed scheme is provably secure for wireless networks.

Lack of security of networked medical equipment in radiology.

PubMed

Moses, Vinu; Korah, Ipeson

2015-02-01

OBJECTIVE. There are few articles in the literature describing the security and safety aspects of networked medical equipment in radiology departments. Most radiologists are unaware of the security issues. We review the security of the networked medical equipment of a typical radiology department. MATERIALS AND METHODS. All networked medical equipment in a radiology department was scanned for vulnerabilities with a port scanner and a network vulnerability scanner, and the vulnerabilities were classified using the Common Vulnerability Scoring System. A network sniffer was used to capture and analyze traffic on the radiology network for exposure of confidential patient data. We reviewed the use of antivirus software and firewalls on the networked medical equipment. USB ports and CD and DVD drives in the networked medical equipment were tested to see whether they allowed unauthorized access. Implementation of the virtual private network (VPN) that vendors use to access the radiology network was reviewed. RESULTS. Most of the networked medical equipment in our radiology department used vulnerable software with open ports and services. Of the 144 items scanned, 64 (44%) had at least one critical vulnerability, and 119 (83%) had at least one high-risk vulnerability. Most equipment did not encrypt traffic and allowed capture of confidential patient data. Of the 144 items scanned, two (1%) used antivirus software and three (2%) had a firewall enabled. The USB ports were not secure on 49 of the 58 (84%) items with USB ports, and the CD or DVD drive was not secure on 17 of the 31 (55%) items with a CD or DVD drive. One of three vendors had an insecure implementation of VPN access. CONCLUSION. Radiologists and the medical industry need to urgently review and rectify the security issues in existing networked medical equipment. We hope that the results of our study and this article also raise awareness among radiologists about the security issues of networked medical equipment.

Enabling the MLSpOC (Multi-Level Space Operations Center) of the Future

NASA Astrophysics Data System (ADS)

Missal, D.

2012-09-01

The Intelligence Reform and Terrorism Prevention Act, passed by Congress in 2004, established the expectation that the "vast intelligence enterprise" of the United States would become more unified, coordinated, and effective. This law charged the intelligence community and government agencies to integrate foreign intelligence and domestic US intelligence components to reduce gaps in understanding threats to our national security and to improve our reaction. This intelligence strategy — designed to provide more comprehensive and accurate intelligence analysis—substantially increases requirements for secure data sharing capabilities. An information system must be Certified & Accredited (C&A) by the appropriate Accreditation Authority in accordance with each Authority's prescribed compliance requirements and governance. Cross-Domain Solutions (CDSs) can provide the ability to share data between multiple operating domains (e.g. among users on Top Secret and Secret networks). However, sharing sensitive data across security domains and networks has been impeded by both technical and cultural challenges. A viable CDS requires a tremendous investment for initial C&A and many solutions are limited with respect to the integration of an organization's applications. As a result, most of today's highly secured systems have been designed to restrict access to entire user populations rather than implement data sharing on the basis of mandatory access controls and an individual's need-to-know. Most CDSs today are based on one-way replication through data transfer guards that copy data from one network to another. This model inherently builds in additional and extensive Operations and Maintenance (O&M) costs. Oracle's National Security Group challenged its top engineers and security architects to engineer the first Cross-Domain database providing a practical and robust solution to the Cross-Domain security problem. The result is the MLSpOC, which is deployed, fielded, and accredited today at multiple sites both CONUS and OCONUS. It is designed to assist information systems developers achieve DCID 6/3 Protection Level 4 or 5 (PL4 or PL5) or DoD SABI C&A for SECRET-to-UNCLASSIFIED systems (PL3). The product is on the DoD/DNI Unified Cross-domain Management Office's (UCDMO) Baseline of accredited solutions, and is the only solution on the Baseline which the Government considers to be an "All-in-One" approach to the Cross-domain Security challenge. Our solution is also the only PL-4 Cloud in existence and that is deployed and operational in the entire world today (at DIA). The Space marketplace is a very unique cross-domain challenge, as a need exists for Unclassified SSA Data Sharing at a deeper and more fundamental level than anywhere else in the IC or DoD. For instance, certain Agencies and/or Programs have a requirement to share information with Partner Nations that are not considered to be "friendly" (e.g. China). Our Solution is the ONLY solution in the world today that's achieved C&A, and that is uniquely positioned to enable the Multi-level Space Operations Center (MLSpOC) of the Future.

Applying a Space-Based Security Recovery Scheme for Critical Homeland Security Cyberinfrastructure Utilizing the NASA Tracking and Data Relay (TDRS) Based Space Network

NASA Technical Reports Server (NTRS)

Shaw, Harry C.; McLaughlin, Brian; Stocklin, Frank; Fortin, Andre; Israel, David; Dissanayake, Asoka; Gilliand, Denise; LaFontaine, Richard; Broomandan, Richard; Hyunh, Nancy

2015-01-01

Protection of the national infrastructure is a high priority for cybersecurity of the homeland. Critical infrastructure such as the national power grid, commercial financial networks, and communications networks have been successfully invaded and re-invaded from foreign and domestic attackers. The ability to re-establish authentication and confidentiality of the network participants via secure channels that have not been compromised would be an important countermeasure to compromise of our critical network infrastructure. This paper describes a concept of operations by which the NASA Tracking and Data Relay (TDRS) constellation of spacecraft in conjunction with the White Sands Complex (WSC) Ground Station host a security recovery system for re-establishing secure network communications in the event of a national or regional cyberattack. Users would perform security and network restoral functions via a Broadcast Satellite Service (BSS) from the TDRS constellation. The BSS enrollment only requires that each network location have a receive antenna and satellite receiver. This would be no more complex than setting up a DIRECTTV-like receiver at each network location with separate network connectivity. A GEO BSS would allow a mass re-enrollment of network nodes (up to nationwide) simultaneously depending upon downlink characteristics. This paper details the spectrum requirements, link budget, notional assets and communications requirements for the scheme. It describes the architecture of such a system and the manner in which it leverages off of the existing secure infrastructure which is already in place and managed by the NASAGSFC Space Network Project.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

Research and realization implementation of monitor technology on illegal external link of classified computer

NASA Astrophysics Data System (ADS)

Zhang, Hong

2017-06-01

In recent years, with the continuous development and application of network technology, network security has gradually entered people's field of vision. The host computer network external network of violations is an important reason for the threat of network security. At present, most of the work units have a certain degree of attention to network security, has taken a lot of means and methods to prevent network security problems such as the physical isolation of the internal network, install the firewall at the exit. However, these measures and methods to improve network security are often not comply with the safety rules of human behavior damage. For example, the host to wireless Internet access and dual-network card to access the Internet, inadvertently formed a two-way network of external networks and computer connections [1]. As a result, it is possible to cause some important documents and confidentiality leak even in the the circumstances of user unaware completely. Secrecy Computer Violation Out-of-band monitoring technology can largely prevent the violation by monitoring the behavior of the offending connection. In this paper, we mainly research and discuss the technology of secret computer monitoring.

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

eNewborn: The Information Technology Revolution and Challenges for Neonatal Networks.

PubMed

Haumont, Dominique; NguyenBa, Cuong; Modi, Neena

2017-01-01

Among preterm infants, 1-2% are born before 32 weeks of gestation or have a birth weight below 1,500 g. They contribute disproportionately to the burden of mortality and morbidity related to preterm birth, whether in the neonatal period or later in life. They are the target population studied in neonatal networks. Improving neonatal care and later outcome is a major issue in public health. Neonatologists, health care providers, public authorities, parents and families, industry, and all organizations dedicated to infant health must bring their efforts together and dedicate their actions in order to do so. Neonatal networks are the strongest platforms through which to achieve this goal. The progressive information technology (IT) revolution is leading to a new approach. The power of search engines and new technological devices opens extraordinary new perspectives in terms of speed, storing, sharing, and innovative approaches in providing health care. However, difficulties are expected with old applications that cannot evolve in the new IT environment. Security and privacy in data collection are future challenges to be addressed. Here, we describe the eNewborn project and its original software. The main functionalities are interactive navigation, harmonization with other formats, linkage with other databases, and strict security and privacy procedures. © 2017 S. Karger AG, Basel.

Internet firewalls: questions and answers

NASA Astrophysics Data System (ADS)

Ker, Keith

1996-03-01

As organizations consider connecting to the Internet, the issue of internetwork security becomes more important. There are many tools and components that can be used to secure a network, one of which is a firewall. Modern firewalls offer highly flexible private network security by controlling and monitoring all communications passing into or out of the private network. Specifically designed for security, firewalls become the private network's single point of attack from Internet intruders. Application gateways (or proxies) that have been written to be secure against even the most persistent attacks ensure that only authorized users and services access the private network. One-time passwords prevent intruders from `sniffing' and replaying the usernames and passwords of authorized users to gain access to the private network. Comprehensive logging permits constant and uniform system monitoring. `Address spoofing' attacks are prevented. The private network may use registered or unregistered IP addresses behind the firewall. Firewall-to-firewall encryption establishes a `virtual private network' across the Internet, preventing intruders from eavesdropping on private communications, eliminating the need for costly dedicated lines.

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-07-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, Xiuying; Deng, Donglin; Yuan, Xinxing; Hou, Panyu; Huang, Yuanyuan; Duan, Luming; Department of Physics, University of Michigan Collaboration; CenterQuantum Information in Tsinghua University Team

2017-04-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Assessment of Performance Measures for Security of the Maritime Transportation Network, Port Security Metrics : Proposed Measurement of Deterrence Capability

DOT National Transportation Integrated Search

2007-01-03

This report is the thirs in a series describing the development of performance measures pertaining to the security of the maritime transportation network (port security metrics). THe development of measures to guide improvements in maritime security ...

Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2009-01-01

A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

Guidelines for Network Security in the Learning Environment.

ERIC Educational Resources Information Center

Littman, Marlyn Kemper

1996-01-01

Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically accessed...

High Assurance Models for Secure Systems

ERIC Educational Resources Information Center

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

Secure remote synchronization and secure key distribution in electro-optic networks revealed by symmetries

NASA Astrophysics Data System (ADS)

Xu, Mingfeng; Pan, Wei; Zhang, Liyue

2018-07-01

Despite the intuition that synchronization of different nodes in coupled oscillator networks results from information exchange between them, it has recently been shown that remote nodes could be partially synchronous even when they are separated by intermediately unsynchronized nodes. Here based on electro-optic system, we report on a more stronger form of such synchronization pattern that is termed as secure remote synchronization, in which two remotely separated nodes could have identically synchronized dynamical behaviors while the rest of the network are both statistically and information-theoretically incoherent relative to the two synchronized nodes. The generalized form of mirror symmetry in the network structure is identified to be a key mechanism allowing for secure remote synchronization. Moreover, this synchronization mode is robust against a wild range of system parameters and noise perturbing the intermediary dynamics. The lack of information about the synchronized dynamics in the rest of the network suggests that our results could potentially lead to network-based solutions for secure key distribution and secure communication.

Physical security and IT convergence: Managing the cyber-related risks.

PubMed

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

Breaking down the barriers of using strong authentication and encryption in resource constrained embedded systems

NASA Astrophysics Data System (ADS)

Knobler, Ron; Scheffel, Peter; Jackson, Scott; Gaj, Kris; Kaps, Jens Peter

2013-05-01

Various embedded systems, such as unattended ground sensors (UGS), are deployed in dangerous areas, where they are subject to compromise. Since numerous systems contain a network of devices that communicate with each other (often times with commercial off the shelf [COTS] radios), an adversary is able to intercept messages between system devices, which jeopardizes sensitive information transmitted by the system (e.g. location of system devices). Secret key algorithms such as AES are a very common means to encrypt all system messages to a sufficient security level, for which lightweight implementations exist for even very resource constrained devices. However, all system devices must use the appropriate key to encrypt and decrypt messages from each other. While traditional public key algorithms (PKAs), such as RSA and Elliptic Curve Cryptography (ECC), provide a sufficiently secure means to provide authentication and a means to exchange keys, these traditional PKAs are not suitable for very resource constrained embedded systems or systems which contain low reliability communication links (e.g. mesh networks), especially as the size of the network increases. Therefore, most UGS and other embedded systems resort to pre-placed keys (PPKs) or other naïve schemes which greatly reduce the security and effectiveness of the overall cryptographic approach. McQ has teamed with the Cryptographic Engineering Research Group (CERG) at George Mason University (GMU) to develop an approach using revolutionary cryptographic techniques that provides both authentication and encryption, but on resource constrained embedded devices, without the burden of large amounts of key distribution or storage.

Verifying the secure setup of Unix client/servers and detection of network intrusion

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feingold, R.; Bruestle, H.R.; Bartoletti, T.

1995-07-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to checkmore » on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.« less

The science, technology and research network (STARNET) a searchable thematic compilation of web resources

USGS Publications Warehouse

Blados, W.R.; Cotter, G.A.; Hermann, T.

2007-01-01

International alliances in space efforts have resulted in a more rapid diffusion of space technology. This, in turn, increases pressure on organizations to push forward with technological developments and to take steps to maximize their inclusion into the research and development (R&D) process and the overall advancement and enhancement of space technology. To cope with this vast and rapidly growing amount of data and information that is vital to the success of the innovation, the Information Management Committee (IMC) of the Research Technology Agency (RTA) developed the science, technology and research network (STARNET). The purpose of this network is to facilitate access to worldwide information elements in terms of science, technology and overall research. It provides a virtual library with special emphasis on international security; a "one stop" information resource for policy makers, program managers, scientists, engineers, researchers and others. ?? 2007 IEEE.

Outsourcing Security Services for Low Performance Portable Devices

NASA Astrophysics Data System (ADS)

Szentgyörgyi, Attila; Korn, András

The number of portable devices using wireless network technologies is on the rise. Some of these devices are incapable of, or at a disadvantage at using secure Internet services, because secure communication often requires comparatively high computing capacity. In this paper, we propose a solution which can be used to offer secure network services for low performance portable devices without severely degrading data transmission rates. We also show that using our approach these devices can utilize some secure network services which were so far unavailable to them due to a lack of software support. In order to back up our claims, we present performance measurement results obtained in a test network.

MYSEA: The Monterey Security Architecture

DTIC Science & Technology

2009-01-01

Security and Protection, Organization and Design General Terms: Design; Security Keywords: access controls, authentication, information flow controls...Applicable environments include: mil- itary coalitions, agencies and organizations responding to security emergencies, and mandated sharing in business ...network architecture affords users the abil- ity to securely access information across networks at dif- ferent classifications using standardized

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jason Wright

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrainedmore » computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.« less

Enhanced Security and Pairing-free Handover Authentication Scheme for Mobile Wireless Networks

NASA Astrophysics Data System (ADS)

Chen, Rui; Shu, Guangqiang; Chen, Peng; Zhang, Lijun

2017-10-01

With the widely deployment of mobile wireless networks, we aim to propose a secure and seamless handover authentication scheme that allows users to roam freely in wireless networks without worrying about security and privacy issues. Given the open characteristic of wireless networks, safety and efficiency should be considered seriously. Several previous protocols are designed based on a bilinear pairing mapping, which is time-consuming and inefficient work, as well as unsuitable for practical situations. To address these issues, we designed a new pairing-free handover authentication scheme for mobile wireless networks. This scheme is an effective improvement of the protocol by Xu et al., which is suffer from the mobile node impersonation attack. Security analysis and simulation experiment indicate that the proposed protocol has many excellent security properties when compared with other recent similar handover schemes, such as mutual authentication and resistance to known network threats, as well as requiring lower computation and communication cost.

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Network Security: What Non-Technical Administrators Must Know

ERIC Educational Resources Information Center

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

Campus network security model study

NASA Astrophysics Data System (ADS)

Zhang, Yong-ku; Song, Li-ren

2011-12-01

Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

Maude: A Wide Spectrum Language for Secure Active Networks

DTIC Science & Technology

2002-08-01

AFRL-IF-RS-TR-2002-197 Final Technical Report August 2002 MAUDE: A WIDE SPECTRUM LANGUAGE FOR SECURE ACTIVE NETWORKS SRI...MAUDE: A WIDE SPECTRUM FORMAL LANGUAGE FOR SECURE ACTIVE NETWORKS 6. AUTHOR(S) Jose Meseguer and Carolyn Talcott 5. FUNDING NUMBERS C...specifications to address this challenge. We also show how, using the Maude rewriting logic language and tools, active network systems, languages , and

A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

PubMed Central

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-01-01

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP. PMID:24002231

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

PubMed

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

Designing Secure Library Networks.

ERIC Educational Resources Information Center

Breeding, Michael

1997-01-01

Focuses on designing a library network to maximize security. Discusses UNIX and file servers; connectivity to campus, corporate networks and the Internet; separation of staff from public servers; controlling traffic; the threat of network sniffers; hubs that eliminate eavesdropping; dividing the network into subnets; Switched Ethernet;…

Network Access Control List Situation Awareness

ERIC Educational Resources Information Center

Reifers, Andrew

2010-01-01

Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

Supporting Research and Development of Security Technologies through Network and Security Data Collection

DTIC Science & Technology

Research and development targeted at identifying and mitigating Internet security threats require current network data. To fulfill this need... researchers working for the Center for Applied Internet Data Analysis (CAIDA), a program at the San Diego Supercomputer Center (SDSC) which is based at the...vetted network and security researchers using the PREDICT/IMPACT portal and legal framework. We have also contributed to community building efforts that

Smart photonic networks and computer security for image data

NASA Astrophysics Data System (ADS)

Campello, Jorge; Gill, John T.; Morf, Martin; Flynn, Michael J.

1998-02-01

Work reported here is part of a larger project on 'Smart Photonic Networks and Computer Security for Image Data', studying the interactions of coding and security, switching architecture simulations, and basic technologies. Coding and security: coding methods that are appropriate for data security in data fusion networks were investigated. These networks have several characteristics that distinguish them form other currently employed networks, such as Ethernet LANs or the Internet. The most significant characteristics are very high maximum data rates; predominance of image data; narrowcasting - transmission of data form one source to a designated set of receivers; data fusion - combining related data from several sources; simple sensor nodes with limited buffering. These characteristics affect both the lower level network design and the higher level coding methods.Data security encompasses privacy, integrity, reliability, and availability. Privacy, integrity, and reliability can be provided through encryption and coding for error detection and correction. Availability is primarily a network issue; network nodes must be protected against failure or routed around in the case of failure. One of the more promising techniques is the use of 'secret sharing'. We consider this method as a special case of our new space-time code diversity based algorithms for secure communication. These algorithms enable us to exploit parallelism and scalable multiplexing schemes to build photonic network architectures. A number of very high-speed switching and routing architectures and their relationships with very high performance processor architectures were studied. Indications are that routers for very high speed photonic networks can be designed using the very robust and distributed TCP/IP protocol, if suitable processor architecture support is available.

40 CFR 1068.315 - What are the permanent exemptions for imported engines/equipment?

Code of Federal Regulations, 2010 CFR

2010-07-01

... security exemption. You may import an engine or piece of equipment under the national security exemption in... engine. (d) Extraordinary circumstances exemption. You may import a nonconforming engine or piece of.... You may import a nonconforming engine or piece of equipment if we grant hardship relief for a small...

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

PubMed Central

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-01-01

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully. PMID:27873956

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge.

PubMed

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-12-03

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODE plus . It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODE plus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Experimental realization of an entanglement access network and secure multi-party computation

PubMed Central

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-01-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

Discussion on the Technology and Method of Computer Network Security Management

NASA Astrophysics Data System (ADS)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

On securing wireless sensor network--novel authentication scheme against DOS attacks.

PubMed

Raja, K Nirmal; Beno, M Marsaline

2014-10-01

Wireless sensor networks are generally deployed for collecting data from various environments. Several applications specific sensor network cryptography algorithms have been proposed in research. However WSN's has many constrictions, including low computation capability, less memory, limited energy resources, vulnerability to physical capture, which enforce unique security challenges needs to make a lot of improvements. This paper presents a novel security mechanism and algorithm for wireless sensor network security and also an application of this algorithm. The proposed scheme is given to strong authentication against Denial of Service Attacks (DOS). The scheme is simulated using network simulator2 (NS2). Then this scheme is analyzed based on the network packet delivery ratio and found that throughput has improved.

UNAVCO-PBO Southwest Region Network Operations

NASA Astrophysics Data System (ADS)

Walls, C. P.; Mann, D.; Basset, A.; Sklar, J.; Jarvis, C.; Pitcher, T.; Lawrence, S.; Greathouse, M.; Feaux, K.

2012-12-01

The UNAVCO Southwest region of the Plate Boundary Observatory manages 470 continuously operating GPS stations located principally along the transform system of the San Andreas Fault, Eastern California Shear Zone and the northern Baja peninsula. In the past year, network uptime averaged 98% with greater than 99% data acquisition. Communications range from CDMA modem (314), radio (100), Vsat (30), DSL/T1/other (25) to manual download (1). Thirty-four stations have WXT520 metpacks. Sixty-four stations stream 1 Hz data over the VRS3Net typically with <0.5 second latency. Over 650 maintenance activities were performed during 341 onsite visits out of approximately 346 engineer field days. Within the past year there have been 7 incidences of minor (attempted theft) to moderate vandalism (solar panel stolen) with one total loss of receiver and communications gear. Security was enhanced at these sites through fencing and more secure station configurations. UNAVCO is working with NOAA to stream real-time GPS and met data from PBO stations with WXT520 meteorological sensors and high rate data communications. These streams support watershed and flood analyses for regional early-warning systems related to NOAA's work with California Department of Water Resources. Network-wide NOAA receives a total of 54 streams including stations in Cascadia. In 2008 PBO became the steward of 209 existing network stations ("Nucleus stations") of which 140 are in the SW region that included SCIGN, BARD, BARGEN stations. Due to the mix of incompatible equipment used between PBO and existing network stations a project was undertaken to standardize existing network GPS stations to PBO specifications by upgrading antenna cabling, power systems and enclosures. In 2012 the Nucleus upgrade project was completed.

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2014 CFR

2014-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2013 CFR

2013-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2011 CFR

2011-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2010 CFR

2010-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Activities by issuers and...

Dim Networks: The Utility of Social Network Analysis for Illuminating Partner Security Force Networks

DTIC Science & Technology

2015-12-01

use of social network analysis (SNA) has allowed the military to map dark networks of terrorist organizations and selectively target key elements...data to improve SC. 14. SUBJECT TERMS social network analysis, dark networks, light networks, dim networks, security cooperation, Southeast Asia...task may already exist. Recently, the use of social network analysis (SNA) has allowed the military to map dark networks of terrorist organizations

Single-shot secure quantum network coding on butterfly network with free public communication

NASA Astrophysics Data System (ADS)

Owari, Masaki; Kato, Go; Hayashi, Masahito

2018-01-01

Quantum network coding on the butterfly network has been studied as a typical example of quantum multiple cast network. We propose a secure quantum network code for the butterfly network with free public classical communication in the multiple unicast setting under restricted eavesdropper’s power. This protocol certainly transmits quantum states when there is no attack. We also show the secrecy with shared randomness as additional resource when the eavesdropper wiretaps one of the channels in the butterfly network and also derives the information sending through public classical communication. Our protocol does not require verification process, which ensures single-shot security.

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Solving data-at-rest for the storage and retrieval of files in ad hoc networks

NASA Astrophysics Data System (ADS)

Knobler, Ron; Scheffel, Peter; Williams, Jonathan; Gaj, Kris; Kaps, Jens-Peter

2013-05-01

Based on current trends for both military and commercial applications, the use of mobile devices (e.g. smartphones and tablets) is greatly increasing. Several military applications consist of secure peer to peer file sharing without a centralized authority. For these military applications, if one or more of these mobile devices are lost or compromised, sensitive files can be compromised by adversaries, since COTS devices and operating systems are used. Complete system files cannot be stored on a device, since after compromising a device, an adversary can attack the data at rest, and eventually obtain the original file. Also after a device is compromised, the existing peer to peer system devices must still be able to access all system files. McQ has teamed with the Cryptographic Engineering Research Group at George Mason University to develop a custom distributed file sharing system to provide a complete solution to the data at rest problem for resource constrained embedded systems and mobile devices. This innovative approach scales very well to a large number of network devices, without a single point of failure. We have implemented the approach on representative mobile devices as well as developed an extensive system simulator to benchmark expected system performance based on detailed modeling of the network/radio characteristics, CONOPS, and secure distributed file system functionality. The simulator is highly customizable for the purpose of determining expected system performance for other network topologies and CONOPS.

77 FR 4853 - In the Matter of Airbee Wireless, Inc., Axial Vector Engine Corp. (n/k/a Avec Corporation), and...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-31

... Vector Engine Corp. (n/k/a Avec Corporation), and Exploration Drilling International, Inc.; Order of... securities of Axial Vector Engine Corp. (n/k/a Avec Corporation) because it has not filed any periodic...(k) of the Securities Exchange Act of 1934, that trading in the securities of the above-listed...

AST: Activity-Security-Trust driven modeling of time varying networks.

PubMed

Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

2016-02-18

Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents' interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes.

A network security monitor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Heberlein, L.T.; Dias, G.V.; Levitt, K.N.

1989-11-01

The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, ourmore » work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.« less

Securing Information with Complex Optical Encryption Networks

DTIC Science & Technology

2015-08-11

Network Security, Network Vulnerability , Multi-dimentional Processing, optoelectronic devices 16. SECURITY CLASSIFICATION OF: 17. LIMITATION... optoelectronic devices and systems should be analyzed before the retrieval, any hostile hacker will need to possess multi-disciplinary scientific...sophisticated optoelectronic principles and systems where he/she needs to process the information. However, in the military applications, most military

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

78 FR 50480 - In the Matter of Redfin Network, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Redfin Network, Inc.; Order of Suspension of Trading August 15, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Redfin Network, Inc...

76 FR 28117 - Order of Suspension of Trading; City Network, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; City Network, Inc. May 11, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of City Network, Inc. because it has not filed...

75 FR 36456 - Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-25

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision Systems, Inc. (n/k/a Acuity Cimatrix, Inc.), Security... information concerning the securities of Channel America Television Network, Inc. because it has not filed any...

Research and realization of info-net security controlling system

NASA Astrophysics Data System (ADS)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

7 CFR 274.8 - Functional and technical EBT system requirements.

Code of Federal Regulations, 2012 CFR

2012-01-01

... card is deactivated; (C) Communications network security that utilizes the Data Encryption Standard... PIN and/or PIN offset, to ensure data security during electronic transmission. Any of the network... household data and providing benefit and data security; (x) Inventorying and securing accountable documents...

7 CFR 274.8 - Functional and technical EBT system requirements.

Code of Federal Regulations, 2011 CFR

2011-01-01

... card is deactivated; (C) Communications network security that utilizes the Data Encryption Standard... PIN and/or PIN offset, to ensure data security during electronic transmission. Any of the network... household data and providing benefit and data security; (x) Inventorying and securing accountable documents...

Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.

2002-01-01

This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

7 CFR 274.8 - Functional and technical EBT system requirements.

Code of Federal Regulations, 2014 CFR

2014-01-01

... card is deactivated; (C) Communications network security that utilizes the Data Encryption Standard... PIN and/or PIN offset, to ensure data security during electronic transmission. Any of the network... household data and providing benefit and data security; (x) Inventorying and securing accountable documents...

7 CFR 274.8 - Functional and technical EBT system requirements.

Code of Federal Regulations, 2013 CFR

2013-01-01

... card is deactivated; (C) Communications network security that utilizes the Data Encryption Standard... PIN and/or PIN offset, to ensure data security during electronic transmission. Any of the network... household data and providing benefit and data security; (x) Inventorying and securing accountable documents...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robertson, Perry J.; Kottenstette, Richard Joseph; Crouch, Shannon M.

The National Ecological Observatory Network (NEON) is an ambitious National Science Foundation sponsored project intended to accumulate and disseminate ecologically informative sensor data from sites among 20 distinct biomes found within the United States and Puerto Rico over a period of at least 30 years. These data are expected to provide valuable insights into the ecological impacts of climate change, land-use change, and invasive species in these various biomes, and thereby provide a scientific foundation for the decisions of future national, regional, and local policy makers. NEON's objectives are of substantial national and international importance, yet they must be achievedmore » with limited resources. Sandia National Laboratories was therefore contracted to examine four areas of significant systems engineering concern; specifically, alternatives to commercial electrical utility power for remote operations, approaches to data acquisition and local data handling, protocols for secure long-distance data transmission, and processes and procedures for the introduction of new instruments and continuous improvement of the sensor network. The results of these preliminary systems engineering evaluations are presented, with a series of recommendations intended to optimize the efficiency and probability of long-term success for the NEON enterprise.« less

NSI customer service representatives and user support office: NASA Science Internet

NASA Technical Reports Server (NTRS)

1991-01-01

The NASA Science Internet, (NSI) was established in 1987 to provide NASA's Offices of Space Science and Applications (OSSA) missions with transparent wide-area data connectivity to NASA's researchers, computational resources, and databases. The NSI Office at NASA/Ames Research Center has the lead responsibility for implementing a total, open networking program to serve the OSSA community. NSI is a full-service communications provider whose services include science network planning, network engineering, applications development, network operations, and network information center/user support services. NSI's mission is to provide reliable high-speed communications to the NASA science community. To this end, the NSI Office manages and operates the NASA Science Internet, a multiprotocol network currently supporting both DECnet and TCP/IP protocols. NSI utilizes state-of-the-art network technology to meet its customers' requirements. THe NASA Science Internet interconnects with other national networks including the National Science Foundation's NSFNET, the Department of Energy's ESnet, and the Department of Defense's MILNET. NSI also has international connections to Japan, Australia, New Zealand, Chile, and several European countries. NSI cooperates with other government agencies as well as academic and commercial organizations to implement networking technologies which foster interoperability, improve reliability and performance, increase security and control, and expedite migration to the OSI protocols.

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Analysis of security and threat of underwater wireless sensor network topology

NASA Astrophysics Data System (ADS)

Yang, Guang; Wei, Zhiqiang; Cong, Yanping; Jia, Dongning

2012-04-01

Underwater wireless sensor networks (UWSNs) are a subclass of wireless sensor networks. Underwater sensor deployment is a significant challenge due to the characteristics of UWSNs and underwater environment. Recent researches for UWSNs deployment mostly focus on the maintenance of network connectivity and maximum communication coverage. However, the broadcast nature of the transmission medium incurs various types of security attacks. This paper studies the security issues and threats of UWSNs topology. Based on the cluster-based topology, an underwater cluster-based security scheme (U-CBSS) is presented to defend against these attacks. and safety.

Information Security and Privacy in Network Environments.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

The use of information networks for business and government is expanding enormously. Government use of networks features prominently in plans to make government more efficient, effective, and responsive. But the transformation brought about by the networking also raises new concerns for the security and privacy of networked information. This…

76 FR 14794 - Special Conditions: Boeing Model 747-8 Airplanes, Systems and Data Networks Security-Isolation or...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-18

... Networks Security--Isolation or Protection From Unauthorized Passenger Domain Systems Access AGENCY... systems and data networks. The applicable airworthiness regulations do not contain adequate or appropriate... connected networks. The network architecture would be used for a diverse set of functions, including: 1...

Secure Data Aggregation in Wireless Sensor Network-Fujisaki Okamoto(FO) Authentication Scheme against Sybil Attack.

PubMed

Nirmal Raja, K; Maraline Beno, M

2017-07-01

In the wireless sensor network(WSN) security is a major issue. There are several network security schemes proposed in research. In the network, malicious nodes obstruct the performance of the network. The network can be vulnerable by Sybil attack. When a node illicitly assertions multiple identities or claims fake IDs, the WSN grieves from an attack named Sybil attack. This attack threatens wireless sensor network in data aggregation, synchronizing system, routing, fair resource allocation and misbehavior detection. Henceforth, the research is carried out to prevent the Sybil attack and increase the performance of the network. This paper presents the novel security mechanism and Fujisaki Okamoto algorithm and also application of the work. The Fujisaki-Okamoto (FO) algorithm is ID based cryptographic scheme and gives strong authentication against Sybil attack. By using Network simulator2 (NS2) the scheme is simulated. In this proposed scheme broadcasting key, time taken for different key sizes, energy consumption, Packet delivery ratio, Throughput were analyzed.

Communication security in open health care networks.

PubMed

Blobel, B; Pharow, P; Engel, K; Spiegel, V; Krohn, R

1999-01-01

Fulfilling the shared care paradigm, health care networks providing open systems' interoperability in health care are needed. Such communicating and co-operating health information systems, dealing with sensitive personal medical information across organisational, regional, national or even international boundaries, require appropriate security solutions. Based on the generic security model, within the European MEDSEC project an open approach for secure EDI like HL7, EDIFACT, XDT or XML has been developed. The consideration includes both securing the message in an unsecure network and the transport of the unprotected information via secure channels (SSL, TLS etc.). Regarding EDI, an open and widely usable security solution has been specified and practically implemented for the examples of secure mailing and secure file transfer (FTP) via wrapping the sensitive information expressed by the corresponding protocols. The results are currently prepared for standardisation.

Network systems security analysis

NASA Astrophysics Data System (ADS)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

Retro-Future

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferrell, Paul; Hanson, Paige; Ardi, Calvin

2016-11-04

A system for processing network packet capture streams, extracting metadata and generating flow records (via Argus). The system can be used by network security operators and analysts to enable forensic investigations for network security events.

Cloud computing applications for biomedical science: A perspective.

PubMed

Navale, Vivek; Bourne, Philip E

2018-06-01

Biomedical research has become a digital data-intensive endeavor, relying on secure and scalable computing, storage, and network infrastructure, which has traditionally been purchased, supported, and maintained locally. For certain types of biomedical applications, cloud computing has emerged as an alternative to locally maintained traditional computing approaches. Cloud computing offers users pay-as-you-go access to services such as hardware infrastructure, platforms, and software for solving common biomedical computational problems. Cloud computing services offer secure on-demand storage and analysis and are differentiated from traditional high-performance computing by their rapid availability and scalability of services. As such, cloud services are engineered to address big data problems and enhance the likelihood of data and analytics sharing, reproducibility, and reuse. Here, we provide an introductory perspective on cloud computing to help the reader determine its value to their own research.

Cloud computing applications for biomedical science: A perspective

PubMed Central

2018-01-01

Biomedical research has become a digital data–intensive endeavor, relying on secure and scalable computing, storage, and network infrastructure, which has traditionally been purchased, supported, and maintained locally. For certain types of biomedical applications, cloud computing has emerged as an alternative to locally maintained traditional computing approaches. Cloud computing offers users pay-as-you-go access to services such as hardware infrastructure, platforms, and software for solving common biomedical computational problems. Cloud computing services offer secure on-demand storage and analysis and are differentiated from traditional high-performance computing by their rapid availability and scalability of services. As such, cloud services are engineered to address big data problems and enhance the likelihood of data and analytics sharing, reproducibility, and reuse. Here, we provide an introductory perspective on cloud computing to help the reader determine its value to their own research. PMID:29902176

Comparative study of key exchange and authentication methods in application, transport and network level security mechanisms

NASA Astrophysics Data System (ADS)

Fathirad, Iraj; Devlin, John; Jiang, Frank

2012-09-01

The key-exchange and authentication are two crucial elements of any network security mechanism. IPsec, SSL/TLS, PGP and S/MIME are well-known security approaches in providing security service to network, transport and application layers; these protocols use different methods (based on their requirements) to establish keying materials and authenticates key-negotiation and participated parties. This paper studies and compares the authenticated key negotiation methods in mentioned protocols.

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks

PubMed Central

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-01-01

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller. PMID:28430155

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

PubMed

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-04-21

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

Space Communications and Navigation (SCaN) Integrated Network Architecture Definition Document (ADD). Volume 1; Executive Summary; Revision 1

NASA Technical Reports Server (NTRS)

Younes, Badri A.; Schier, James S.

2010-01-01

The SCaN Program has defined an integrated network architecture that fully meets the Administrator s mandate to the Program, and will result in a NASA infrastructure capable of providing the needed and enabling communications services to future space missions. The integrated network architecture will increase SCaN operational efficiency and interoperability through standardization, commonality and technology infusion. It will enable NASA missions requiring advanced communication and tracking capabilities such as: a. Optical communication b. Antenna arraying c. Lunar and Mars Relays d. Integrated network management (service management and network control) and integrated service execution e. Enhanced tracking for navigation f. Space internetworking with DTN and IP g. End-to-end security h. Enhanced security services Moreover, the SCaN Program has created an Integrated Network Roadmap that depicts an orchestrated and coherent evolution path toward the target architecture, encompassing all aspects that concern network assets (i.e., operations and maintenance, sustaining engineering, upgrade efforts, and major development). This roadmap identifies major NASA ADPs, and shows dependencies and drivers among the various planned undertakings and timelines. The roadmap is scalable to accommodate timely adjustments in response to Agency needs, goals, objectives and funding. Future challenges to implementing this architecture include balancing user mission needs, technology development, and the availability of funding within NASA s priorities. Strategies for addressing these challenges are to: define a flexible architecture, update the architecture periodically, use ADPs to evaluate options and determine when to make decisions, and to engage the stakeholders in these evaluations. In addition, the SCaN Program will evaluate and respond to mission need dates for technical and operational capabilities to be provided by the SCaN integrated network. In that regard, the architecture defined in this ADD is scalable to accommodate programmatic and technical changes.

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Security Management Strategies for Protecting Your Library's Network.

ERIC Educational Resources Information Center

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

Metro Optical Networks for Homeland Security

NASA Astrophysics Data System (ADS)

Bechtel, James H.

Metro optical networks provide an enticing opportunity for strengthening homeland security. Many existing and emerging fiber-optic networks can be adapted for enhanced security applications. Applications include airports, theme parks, sports venues, and border surveillance systems. Here real-time high-quality video and captured images can be collected, transported, processed, and stored for security applications. Video and data collection are important also at correctional facilities, courts, infrastructure (e.g., dams, bridges, railroads, reservoirs, power stations), and at military and other government locations. The scaling of DWDM-based networks allows vast amounts of data to be collected and transported including biometric features of individuals at security check points. Here applications will be discussed along with potential solutions and challenges. Examples of solutions to these problems are given. This includes a discussion of metropolitan aggregation platforms for voice, video, and data that are SONET compliant for use in SONET networks and the use of DWDM technology for scaling and transporting a variety of protocols. Element management software allows not only network status monitoring, but also provides optimized allocation of network resources through the use of optical switches or electrical cross connects.

DICOM image secure communications with Internet protocols IPv6 and IPv4.

PubMed

Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

2007-01-01

Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

Towards a Bio-inspired Security Framework for Mission-Critical Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Ren, Wei; Song, Jun; Ma, Zhao; Huang, Shiyong

Mission-critical wireless sensor networks (WSNs) have been found in numerous promising applications in civil and military fields. However, the functionality of WSNs extensively relies on its security capability for detecting and defending sophisticated adversaries, such as Sybil, worm hole and mobile adversaries. In this paper, we propose a bio-inspired security framework to provide intelligence-enabled security mechanisms. This scheme is composed of a middleware, multiple agents and mobile agents. The agents monitor the network packets, host activities, make decisions and launch corresponding responses. Middleware performs an infrastructure for the communication between various agents and corresponding mobility. Certain cognitive models and intelligent algorithms such as Layered Reference Model of Brain and Self-Organizing Neural Network with Competitive Learning are explored in the context of sensor networks that have resource constraints. The security framework and implementation are also described in details.

Resistance and Security Index of Networks: Structural Information Perspective of Network Security

NASA Astrophysics Data System (ADS)

Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

2016-06-01

Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

Industrial application for global quantum communication

NASA Astrophysics Data System (ADS)

Mirza, A.; Petruccione, F.

2012-09-01

In the last decade the quantum communication community has witnessed great advances in photonic quantum cryptography technology with the research, development and commercialization of automated Quantum Key Distribution (QKD) devices. These first generation devices are however bottlenecked by the achievable spatial coverage. This is due to the intrinsic absorption of the quantum particle into the communication medium. As QKD is of paramount importance in the future ICT landscape, various innovative solutions have been developed and tested to expand the spatial coverage of these networks such as the Quantum City initiative in Durban, South Africa. To expand this further into a global QKD-secured network, recent efforts have focussed on high-altitude free-space techniques through the use of satellites. This couples the QKD-secured Metropolitan Area Networks (MANs) with secured ground-tosatellite links as access points to a global network. Such a solution, however, has critical limitations that reduce its commercial feasibility. As parallel step to the development of satellitebased global QKD networks, we investigate the use of the commercial aircrafts' network as secure transport mechanisms in a global QKD network. This QKD-secured global network will provide a robust infrastructure to create, distribute and manage encryption keys between the MANs of the participating cities.

Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

PubMed

Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

2016-06-03

Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

Resistance and Security Index of Networks: Structural Information Perspective of Network Security

PubMed Central

Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

2016-01-01

Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks. PMID:27255783

Secure videoconferencing equipment switching system and method

DOEpatents

Hansen, Michael E [Livermore, CA

2009-01-13

A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

AST: Activity-Security-Trust driven modeling of time varying networks

PubMed Central

Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

2016-01-01

Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents’ interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes. PMID:26888717

Introduction

NASA Astrophysics Data System (ADS)

Thoma, Klaus; Hiller, Daniel

Security research as a practical discipline has a long-standing history. Faced with myriad hazards throughout its past, mankind has developed sophisticated means to counter such threats. The latter include natural disasters such as earthquakes, floods and fires, but also encompass man-made hazards such as military aggression, terrorist attacks or threats resulting from the malicious application of technological developments. Since the end of the Cold War major armed conflicts between nations of the Western hemisphere have become highly unlikely and genuinely different security issues have become the focus of concern. The terrorist attacks of 2001 against the United States, the train bombings of Madrid in 2004 and the bombings of London in 2005 were horrific embodiments of a new security environment that has evolved on a global scale. One could list numerous other examples of both executed attacks and successfully deterred attempts from around the world. Our modern industrial societies are interlinked with infrastructure networks, providing citizens with mobility, energy and information flows, which also open the door to a whole new dimension of vulnerabilities. Security research, once anything but a practical discipline with a capacity for reacting to short-term demands, has in the span of only a few years evolved into an entirely new scientific discipline uniting various fields of research. Today, security research (in Europe) encompasses a broad community of natural/engineering and social sciences.

Review: Security in Wireless Technologies in Business

NASA Astrophysics Data System (ADS)

Sattarova, F. Y.; Kim, Tai-Hoon

Wireless technology seems to be everywhere now - but it is still relatively in its infancy. New standards and protocols continue to emerge and problems and bugs are discovered. Nevertheless, wireless networks make many things much more convenient and it appears that wireless networks are here to stay. The differences and similarities of wireless and wired security, the new threats brought by mobility, the security of networks and devices and effects of security, or lack of it are shortly discussed in this review paper.

Recommended Methodology for Inter-Service/Agency Automated Message Processing Exchange (I-S/A AMPE). Cost and Schedule Analysis of Security Alternatives.

DTIC Science & Technology

1982-02-23

segregate the computer and storage from the outside world 2. Administrative security to control access to secure computer facilities 3. Network security to...Classification Alternative A- 8 NETWORK KG GENSER DSSCS AMPE TERMINALS TP No. 022-4668-A Figure A-2. Dedicated Switching Architecture Alternative A- 9...communications protocol with the network and GENSER message transmission to the - I-S/A AMPE processor. 7. DSSCS TPU - Handles communications protocol with

Design and Analysis of Secure Routing Protocol for Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Wang, Jiong; Zhang, Hua

2017-09-01

In recent years, with the development of science and technology and the progress of the times, China's wireless network technology has become increasingly prosperous and it plays an important role in social production and life. In this context, in order to further to enhance the stability of wireless network data transmission and security enhancements, the staff need to focus on routing security and carry out related work. Based on this, this paper analyzes the design of wireless sensor based on secure routing protocol.

Smartphone-based secure authenticated session sharing in Internet of Personal Things

NASA Astrophysics Data System (ADS)

Krishnan, Ram; Ninglekhu, Jiwan

2015-03-01

In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

MAC layer security issues in wireless mesh networks

NASA Astrophysics Data System (ADS)

Reddy, K. Ganesh; Thilagam, P. Santhi

2016-03-01

Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and self-healing capability, in addition to their low cost and easy maintenance. Securing WMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the WMNs to several types of attacks in MAC layer. The existing MAC layer standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for WMNs. In this paper, we classify the MAC layer attacks and analyze the existing countermeasures. Based on attacks classification and countermeasures analysis, we derive the research directions to enhance the MAC layer security for WMNs.

Protocols for Detection and Removal of Wormholes for Secure Routing and Neighborhood Creation in Wireless Ad Hoc Networks

ERIC Educational Resources Information Center

Hayajneh, Thaier Saleh

2009-01-01

Wireless ad hoc networks are suitable and sometimes the only solution for several applications. Many applications, particularly those in military and critical civilian domains (such as battlefield surveillance and emergency rescue) require that ad hoc networks be secure and stable. In fact, security is one of the main barriers to the extensive use…

Improved security monitoring method for network bordary

NASA Astrophysics Data System (ADS)

Gao, Liting; Wang, Lixia; Wang, Zhenyan; Qi, Aihua

2013-03-01

This paper proposes a network bordary security monitoring system based on PKI. The design uses multiple safe technologies, analysis deeply the association between network data flow and system log, it can detect the intrusion activities and position invasion source accurately in time. The experiment result shows that it can reduce the rate of false alarm or missing alarm of the security incident effectively.

Nuclear Security Education Program at the Pennsylvania State University

DOE Office of Scientific and Technical Information (OSTI.GOV)

Uenlue, Kenan; The Pennsylvania State University, Department of Mechanical and Nuclear Engineering, University Park, PA 16802-2304; Jovanovic, Igor

The availability of trained and qualified nuclear and radiation security experts worldwide has decreased as those with hands-on experience have retired while the demand for these experts and skills have increased. The U.S. Department of Energy's National Nuclear Security Administration's (NNSA) Global Threat Reduction Initiative (GTRI) has responded to the continued loss of technical and policy expertise amongst personnel and students in the security field by initiating the establishment of a Nuclear Security Education Initiative, in partnership with Pennsylvania State University (PSU), Texas A and M (TAMU), and Massachusetts Institute of Technology (MIT). This collaborative, multi-year initiative forms the basismore » of specific education programs designed to educate the next generation of personnel who plan on careers in the nonproliferation and security fields with both domestic and international focus. The three universities worked collaboratively to develop five core courses consistent with the GTRI mission, policies, and practices. These courses are the following: Global Nuclear Security Policies, Detectors and Source Technologies, Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements Nuclear Security Laboratory, Threat Analysis and Assessment, and Design and Analysis of Security Systems for Nuclear and Radiological Facilities. The Pennsylvania State University (PSU) Nuclear Engineering Program is a leader in undergraduate and graduate-level nuclear engineering education in the USA. The PSU offers undergraduate and graduate programs in nuclear engineering. The PSU undergraduate program in nuclear engineering is the largest nuclear engineering programs in the USA. The PSU Radiation Science and Engineering Center (RSEC) facilities are being used for most of the nuclear security education program activities. Laboratory space and equipment was made available for this purpose. The RSEC facilities include the Penn State Breazeale Reactor (PSBR), gamma irradiation facilities (in-pool irradiator, dry irradiator, and hot cells), neutron beam laboratory, radiochemistry laboratories, and various radiation detection and measurement laboratories. A new nuclear security education laboratory was created with DOE NNSA- GTRI funds at RSEC. The nuclear security graduate level curriculum enables the PSU to educate and train future nuclear security experts, both within the United States as well as worldwide. The nuclear security education program at Penn State will grant a Master's degree in nuclear security starting fall 2015. The PSU developed two courses: Nuclear Security- Detector And Source Technologies and Nuclear Security- Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements (Laboratory). Course descriptions and course topics of these courses are described briefly: - Nuclear Security - Detector and Source Technologies; - Nuclear Security - Applications of Detectors/Sensors/Sources for Radiation Detection and Measurements Laboratory.« less

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

Physical and Cross-Layer Security Enhancement and Resource Allocation for Wireless Networks

ERIC Educational Resources Information Center

Bashar, Muhammad Shafi Al

2011-01-01

In this dissertation, we present novel physical (PHY) and cross-layer design guidelines and resource adaptation algorithms to improve the security and user experience in the future wireless networks. Physical and cross-layer wireless security measures can provide stronger overall security with high efficiency and can also provide better…

Security for IP Multimedia Services in the 3GPP Third Generation Mobile System.

ERIC Educational Resources Information Center

Horn, G.; Kroselberg, D.; Muller, K.

2003-01-01

Presents an overview of the security architecture of the IP multimedia core network subsystem (IMS) of the third generation mobile system, known in Europe as UMTS. Discusses IMS security requirements; IMS security architecture; authentication between IMS user and home network; integrity and confidentiality for IMS signalling; and future aspects of…

A lightweight security scheme for wireless body area networks: design, energy evaluation and proposed microprocessor design.

PubMed

Selimis, Georgios; Huang, Li; Massé, Fabien; Tsekoura, Ioanna; Ashouei, Maryam; Catthoor, Francky; Huisken, Jos; Stuyt, Jan; Dolmans, Guido; Penders, Julien; De Groot, Harmke

2011-10-01

In order for wireless body area networks to meet widespread adoption, a number of security implications must be explored to promote and maintain fundamental medical ethical principles and social expectations. As a result, integration of security functionality to sensor nodes is required. Integrating security functionality to a wireless sensor node increases the size of the stored software program in program memory, the required time that the sensor's microprocessor needs to process the data and the wireless network traffic which is exchanged among sensors. This security overhead has dominant impact on the energy dissipation which is strongly related to the lifetime of the sensor, a critical aspect in wireless sensor network (WSN) technology. Strict definition of the security functionality, complete hardware model (microprocessor and radio), WBAN topology and the structure of the medium access control (MAC) frame are required for an accurate estimation of the energy that security introduces into the WBAN. In this work, we define a lightweight security scheme for WBAN, we estimate the additional energy consumption that the security scheme introduces to WBAN based on commercial available off-the-shelf hardware components (microprocessor and radio), the network topology and the MAC frame. Furthermore, we propose a new microcontroller design in order to reduce the energy consumption of the system. Experimental results and comparisons with other works are given.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

PubMed

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-10-07

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks

PubMed Central

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-01-01

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.’s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes. PMID:27739417

Protecting and securing networked medical devices.

PubMed

Riha, Chris

2004-01-01

Designing, building, and maintaining a secure environment for medical devices is a critical component in health care technology management. This article will address several avenues to harden a health care information network to provide a secure enclave for medical devices.

Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks

ERIC Educational Resources Information Center

McNeal, McKenzie, III.

2012-01-01

Current networking architectures and communication protocols used for Wireless Sensor Networks (WSNs) have been designed to be energy efficient, low latency, and long network lifetime. One major issue that must be addressed is the security in data communication. Due to the limited capabilities of low cost and small sized sensor nodes, designing…

The effects of malicious nodes on performance of mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Li, Fanzhi; Shi, Xiyu; Jassim, Sabah; Adams, Christopher

2006-05-01

Wireless ad hoc networking offers convenient infrastructureless communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Unlike their wired counterpart, infrastructureless ad hoc networks do not have a clear line of defense, their topology is dynamically changing, and every mobile node can receive messages from its neighbors and can be contacted by all other nodes in its neighborhood. This poses a great danger to network security if some nodes behave in a malicious manner. The immediate concern about the security in this type of networks is how to protect the network and the individual mobile nodes against malicious act of rogue nodes from within the network. This paper is concerned with security aspects of wireless ad hoc networks. We shall present results of simulation experiments on ad hoc network's performance in the presence of malicious nodes. We shall investigate two types of attacks and the consequences will be simulated and quantified in terms of loss of packets and other factors. The results show that network performance, in terms of successful packet delivery ratios, significantly deteriorates when malicious nodes act according to the defined misbehaving characteristics.

Cyber threat model for tactical radio networks

NASA Astrophysics Data System (ADS)

Kurdziel, Michael T.

2014-05-01

The shift to a full information-centric paradigm in the battlefield has allowed ConOps to be developed that are only possible using modern network communications systems. Securing these Tactical Networks without impacting their capabilities has been a challenge. Tactical networks with fixed infrastructure have similar vulnerabilities to their commercial counterparts (although they need to be secure against adversaries with greater capabilities, resources and motivation). However, networks with mobile infrastructure components and Mobile Ad hoc Networks (MANets) have additional unique vulnerabilities that must be considered. It is useful to examine Tactical Network based ConOps and use them to construct a threat model and baseline cyber security requirements for Tactical Networks with fixed infrastructure, mobile infrastructure and/or ad hoc modes of operation. This paper will present an introduction to threat model assessment. A definition and detailed discussion of a Tactical Network threat model is also presented. Finally, the model is used to derive baseline requirements that can be used to design or evaluate a cyber security solution that can be scaled and adapted to the needs of specific deployments.

Secure Sensor Semantic Web and Information Fusion

DTIC Science & Technology

2014-06-25

data acquired and transmitted by wireless sensor networks (WSNs). In a WSN, due to a need for robustness of monitoring and low cost of the nodes...3 S. Ozdemir and Y. Xiao, “Secure data aggregation in wireless sensor networks : A comprehensive overview...Elisa Bertino, and Somesh Jha: Secure data aggregation technique for wireless sensor networks in the presence of collusion attacks. To appear in

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

NASA Astrophysics Data System (ADS)

Aguado, Alejandro; Hugues-Salas, Emilio; Haigh, Paul Anthony; Marhuenda, Jaume; Price, Alasdair B.; Sibson, Philip; Kennard, Jake E.; Erven, Chris; Rarity, John G.; Thompson, Mark Gerard; Lord, Andrew; Nejabati, Reza; Simeonidou, Dimitra

2017-04-01

We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.

Information Systems at Enterprise. Design of Secure Network of Enterprise

NASA Astrophysics Data System (ADS)

Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

2018-05-01

No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

Security issues in healthcare applications using wireless medical sensor networks: a survey.

PubMed

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

PubMed

Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

2017-10-30

Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

PubMed Central

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs. PMID:22368458

MTR STACK, TRA710, CONTEXTUAL VIEW, CAMERA FACING SOUTH. PERIMETER SECURITY ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

MTR STACK, TRA-710, CONTEXTUAL VIEW, CAMERA FACING SOUTH. PERIMETER SECURITY FENCE AND SECURITY LIGHTING IN VIEW AT LEFT. INL NEGATIVE NO. HD52-1-1. Mike Crane, Photographer, 5/2005 - Idaho National Engineering Laboratory, Test Reactor Area, Materials & Engineering Test Reactors, Scoville, Butte County, ID

Requirements for a network storage service

NASA Technical Reports Server (NTRS)

Kelly, Suzanne M.; Haynes, Rena A.

1991-01-01

Sandia National Laboratories provides a high performance classified computer network as a core capability in support of its mission of nuclear weapons design and engineering, physical sciences research, and energy research and development. The network, locally known as the Internal Secure Network (ISN), comprises multiple distributed local area networks (LAN's) residing in New Mexico and California. The TCP/IP protocol suite is used for inter-node communications. Scientific workstations and mid-range computers, running UNIX-based operating systems, compose most LAN's. One LAN, operated by the Sandia Corporate Computing Computing Directorate, is a general purpose resource providing a supercomputer and a file server to the entire ISN. The current file server on the supercomputer LAN is an implementation of the Common File Server (CFS). Subsequent to the design of the ISN, Sandia reviewed its mass storage requirements and chose to enter into a competitive procurement to replace the existing file server with one more adaptable to a UNIX/TCP/IP environment. The requirements study for the network was the starting point for the requirements study for the new file server. The file server is called the Network Storage Service (NSS) and its requirements are described. An application or functional description of the NSS is given. The final section adds performance, capacity, and access constraints to the requirements.

Wireless Network Security Vulnerabilities and Concerns

NASA Astrophysics Data System (ADS)

Mushtaq, Ahmad

The dilemma of cyber communications insecurity has existed all the times since the beginning of the network communications. The problems and concerns of unauthorized access and hacking has existed form the time of introduction of world wide web communication and Internet's expansion for popular use in 1990s, and has remained till present time as one of the most important issues. The wireless network security is no exception. Serious and continuous efforts of investigation, research and development has been going on for the last several decades to achieve the goal of provision of 100 percent or full proof security for all the protocols of networking architectures including the wireless networking. Some very reliable and robust strategies have been developed and deployed which has made network communications more and more secure. However, the most desired goal of complete security has yet to see the light of the day. The latest Cyber War scenario, reported in the media of intrusion and hacking of each other's defense and secret agencies between the two super powers USA and China has further aggravated the situation. This sort of intrusion by hackers between other countries such as India and Pakistan, Israel and Middle East countries has also been going on and reported in the media frequently. The paper reviews and critically examines the strategies already in place, for wired network. Wireless Network Security and also suggests some directions and strategies for more robust aspects to be researched and deployed.

Securing Mobile Networks in an Operational Setting

NASA Technical Reports Server (NTRS)

Ivancic, William D.; Stewart, David H.; Bell, Terry L.; Paulsen, Phillip E.; Shell, Dan

2004-01-01

This paper describes a network demonstration and three month field trial of mobile networking using mobile-IPv4. The network was implemented as part of the US Coast Guard operational network which is a ".mil" network and requires stringent levels of security. The initial demonstrations took place in November 2002 and a three month field trial took place from July through September of 2003. The mobile network utilized encryptors capable of NSA-approved Type 1 algorithms, mobile router from Cisco Systems and 802.11 and satellite wireless links. This paper also describes a conceptual architecture for wide-scale deployment of secure mobile networking in operational environments where both private and public infrastructure is used. Additional issues presented include link costs, placement of encryptors and running routing protocols over layer-3 encryption devices.

Integrating legacy medical data sensors in a wireless network infrastucture.

PubMed

Dembeyiotis, S; Konnis, G; Koutsouris, D

2005-01-01

In the process of developing a wireless networking solution to provide effective field-deployable communications and telemetry support for rescuers during major natural disasters, we are faced with the task of interfacing the multitude of medical and other legacy data collection sensors to the network grid. In this paper, we detail a number of solutions, with particular attention given to the issue of data security. The chosen implementation allows for sensor control and management from remote network locations, while the sensors can wirelessly transmit their data to nearby network nodes securely, utilizing the latest commercially available cryptography solutions. Initial testing validates the design choices, while the network-enabled sensors are being integrated in the overall wireless network security framework.

Construction of monitoring model and algorithm design on passenger security during shipping based on improved Bayesian network.

PubMed

Wang, Jiali; Zhang, Qingnian; Ji, Wenfeng

2014-01-01

A large number of data is needed by the computation of the objective Bayesian network, but the data is hard to get in actual computation. The calculation method of Bayesian network was improved in this paper, and the fuzzy-precise Bayesian network was obtained. Then, the fuzzy-precise Bayesian network was used to reason Bayesian network model when the data is limited. The security of passengers during shipping is affected by various factors, and it is hard to predict and control. The index system that has the impact on the passenger safety during shipping was established on basis of the multifield coupling theory in this paper. Meanwhile, the fuzzy-precise Bayesian network was applied to monitor the security of passengers in the shipping process. The model was applied to monitor the passenger safety during shipping of a shipping company in Hainan, and the effectiveness of this model was examined. This research work provides guidance for guaranteeing security of passengers during shipping.

Construction of Monitoring Model and Algorithm Design on Passenger Security during Shipping Based on Improved Bayesian Network

PubMed Central

Wang, Jiali; Zhang, Qingnian; Ji, Wenfeng

2014-01-01

A large number of data is needed by the computation of the objective Bayesian network, but the data is hard to get in actual computation. The calculation method of Bayesian network was improved in this paper, and the fuzzy-precise Bayesian network was obtained. Then, the fuzzy-precise Bayesian network was used to reason Bayesian network model when the data is limited. The security of passengers during shipping is affected by various factors, and it is hard to predict and control. The index system that has the impact on the passenger safety during shipping was established on basis of the multifield coupling theory in this paper. Meanwhile, the fuzzy-precise Bayesian network was applied to monitor the security of passengers in the shipping process. The model was applied to monitor the passenger safety during shipping of a shipping company in Hainan, and the effectiveness of this model was examined. This research work provides guidance for guaranteeing security of passengers during shipping. PMID:25254227

Network-based reading system for lung cancer screening CT

NASA Astrophysics Data System (ADS)

Fujino, Yuichi; Fujimura, Kaori; Nomura, Shin-ichiro; Kawashima, Harumi; Tsuchikawa, Megumu; Matsumoto, Toru; Nagao, Kei-ichi; Uruma, Takahiro; Yamamoto, Shinji; Takizawa, Hotaka; Kuroda, Chikazumi; Nakayama, Tomio

2006-03-01

This research aims to support chest computed tomography (CT) medical checkups to decrease the death rate by lung cancer. We have developed a remote cooperative reading system for lung cancer screening over the Internet, a secure transmission function, and a cooperative reading environment. It is called the Network-based Reading System. A telemedicine system involves many issues, such as network costs and data security if we use it over the Internet, which is an open network. In Japan, broadband access is widespread and its cost is the lowest in the world. We developed our system considering human machine interface and security. It consists of data entry terminals, a database server, a computer aided diagnosis (CAD) system, and some reading terminals. It uses a secure Digital Imaging and Communication in Medicine (DICOM) encrypting method and Public Key Infrastructure (PKI) based secure DICOM image data distribution. We carried out an experimental trial over the Japan Gigabit Network (JGN), which is the testbed for the Japanese next-generation network, and conducted verification experiments of secure screening image distribution, some kinds of data addition, and remote cooperative reading. We found that network bandwidth of about 1.5 Mbps enabled distribution of screening images and cooperative reading and that the encryption and image distribution methods we proposed were applicable to the encryption and distribution of general DICOM images via the Internet.

A REST-ful interpretation for embedded modular systems based on open architecture

NASA Astrophysics Data System (ADS)

Lyke, James

2016-05-01

The much-anticipated revolution of the "Internet of things" (IoT) is expected to generate one trillion internet devices within the next 15 years, mostly in the form of simple wireless sensor devices. While this revolution promises to transform silicon markets and drive a number of disruptive changes in society, it is also the case that the protocols, complexity, and security issues of extremely large dynamic, co-mingled networks is still poorly understood. Furthermore, embedded system developers, to include military and aerospace users, have largely ignored the potential (good and bound) of the cloudlike, possibly intermingling networks having variable structure to how future systems might be engineered. In this paper, we consider a new interpretation of IoT inspired modular architecture strategies involving the representational state transfer (REST) model, in which dynamic networks with variable structure employ stateless application programming interface (API) concepts. The power of the method, which extends concepts originally developed for space plug-and-play avionics, is that it allows for the fluid co-mingling of hardware and software in networks whose structure can overlap and evolve. Paradoxically, these systems may have the most stringent determinism and fault-tolerant needs. In this paper we review how RESTful APIs can potentially be used to design, create, test, and deploy systems rapidly while addressing security and referential integrity even when the nodes of many systems might physically co-mingle. We will also explore ways to take advantage of the RESTful paradigm for fault tolerance and what extensions might be necessary to deal with high-performance and determinism.

Analysis of Bioprocesses. Dynamic Modeling is a Must.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ramkrishna, Doraiswami; Song, Hyun-Seob

2016-01-01

The goal of this paper is to report on the performance of a promising dynamic framework based on the cybernetic concepts which have evolved over three decades. We present case studies of successful dynamic simulations of wild-type strains as well as specific KO mutants on bacteria and yeast. An extensive metabolic engineering effort, including genome scale networks, is called for to secure the methodology and realize its full potential. Towards this end, the software AUMIC is under active further development to enable speedy applications. Its wide use will be enabled by a publication that is shortly due.

Non-negative Tensor Factorization for Robust Exploratory Big-Data Analytics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alexandrov, Boian; Vesselinov, Velimir Valentinov; Djidjev, Hristo Nikolov

Currently, large multidimensional datasets are being accumulated in almost every field. Data are: (1) collected by distributed sensor networks in real-time all over the globe, (2) produced by large-scale experimental measurements or engineering activities, (3) generated by high-performance simulations, and (4) gathered by electronic communications and socialnetwork activities, etc. Simultaneous analysis of these ultra-large heterogeneous multidimensional datasets is often critical for scientific discoveries, decision-making, emergency response, and national and global security. The importance of such analyses mandates the development of the next-generation of robust machine learning (ML) methods and tools for bigdata exploratory analysis.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

14 CFR 49.15 - Fees for recording.

Code of Federal Regulations, 2014 CFR

2014-01-01

... therein $5.00 (2) Conveyance, made for security purposes, of a specifically identified aircraft engine or propeller, or any assignment or amendment thereof, or supplement thereto, recorded under Subpart D— For each engine or propeller 5.00 (3) Conveyance, made for security purposes, of aircraft engines, propellers...

14 CFR 49.15 - Fees for recording.

Code of Federal Regulations, 2012 CFR

2012-01-01

... therein $5.00 (2) Conveyance, made for security purposes, of a specifically identified aircraft engine or propeller, or any assignment or amendment thereof, or supplement thereto, recorded under Subpart D— For each engine or propeller 5.00 (3) Conveyance, made for security purposes, of aircraft engines, propellers...

14 CFR 49.15 - Fees for recording.

Code of Federal Regulations, 2013 CFR

2013-01-01

... therein $5.00 (2) Conveyance, made for security purposes, of a specifically identified aircraft engine or propeller, or any assignment or amendment thereof, or supplement thereto, recorded under Subpart D— For each engine or propeller 5.00 (3) Conveyance, made for security purposes, of aircraft engines, propellers...

14 CFR 49.15 - Fees for recording.

Code of Federal Regulations, 2010 CFR

2010-01-01

... therein $5.00 (2) Conveyance, made for security purposes, of a specifically identified aircraft engine or propeller, or any assignment or amendment thereof, or supplement thereto, recorded under Subpart D— For each engine or propeller 5.00 (3) Conveyance, made for security purposes, of aircraft engines, propellers...

14 CFR 49.15 - Fees for recording.

Code of Federal Regulations, 2011 CFR

2011-01-01

... therein $5.00 (2) Conveyance, made for security purposes, of a specifically identified aircraft engine or propeller, or any assignment or amendment thereof, or supplement thereto, recorded under Subpart D— For each engine or propeller 5.00 (3) Conveyance, made for security purposes, of aircraft engines, propellers...

ASCR Cybersecurity for Scientific Computing Integrity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Piesert, Sean

The Department of Energy (DOE) has the responsibility to address the energy, environmental, and nuclear security challenges that face our nation. Much of DOE’s enterprise involves distributed, collaborative teams; a signi¬cant fraction involves “open science,” which depends on multi-institutional, often international collaborations that must access or share signi¬cant amounts of information between institutions and over networks around the world. The mission of the Office of Science is the delivery of scienti¬c discoveries and major scienti¬c tools to transform our understanding of nature and to advance the energy, economic, and national security of the United States. The ability of DOE tomore » execute its responsibilities depends critically on its ability to assure the integrity and availability of scienti¬c facilities and computer systems, and of the scienti¬c, engineering, and operational software and data that support its mission.« less

Real-Time Speaker Detection for User-Device Binding

DTIC Science & Technology

2010-12-01

31 xi THIS PAGE INTENTIONALLY LEFT BLANK xii CHAPTER 1: Introduction The roll-out of commercial wireless networks continues to rise worldwide...in a secured facility. It could also be connected to the call server via a Virtual Private Network (VPN) or public lines if security is not a top...communications network [25]. Yet, James Arden Barnett, Jr., Chief of the Public Safety and Homeland Security Bureau, argues that emergency communications

Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics

DTIC Science & Technology

2012-05-22

cyber at- tack. Recently, high -prole successful attacks have been detected against the International Mon- etary Fund, Citibank, Lockheed Martin, Google...RSA Security, Sony, and Oak Ridge National Laboratory[13]. These and other attacks have heightened securing networks as a high priority for many...of high -severity vulnerabilities found by network vulnerability scanners (e.g., [40]) and the numbers or percentages of hosts that are are not

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

Using OpenSSH to secure mobile LAN network traffic

NASA Astrophysics Data System (ADS)

Luu, Brian B.; Gopaul, Richard D.

2002-08-01

Mobile Internet Protocol (IP) Local Area Network (LAN) is a technique, developed by the U.S. Army Research Laboratory, which allows a LAN to be IP mobile when attaching to a foreign IP-based network and using this network as a means to retain connectivity to its home network. In this paper, we describe a technique that uses Open Secure Shell (OpenSSH) software to ensure secure, encrypted transmission of a mobile LAN's network traffic. Whenever a mobile LAN, implemented with Mobile IP LAN, moves to a foreign network, its gateway (router) obtains an IP address from the new network. IP tunnels, using IP encapsulation, are then established from the gateway through the foreign network to a home agent on its home network. These tunnels provide a virtual two-way connection to the home network for the mobile LAN as if the LAN were connected directly to its home network. Hence, when IP mobile, a mobile LAN's tunneled network traffic must traverse one or more foreign networks that may not be trusted. This traffic could be subject to eavesdropping, interception, modification, or redirection by malicious nodes in these foreign networks. To protect network traffic passing through the tunnels, OpenSSH is used as a means of encryption because it prevents surveillance, modification, and redirection of mobile LAN traffic passing across foreign networks. Since the software is found in the public domain, is available for most current operating systems, and is commonly used to provide secure network communications, OpenSSH is the software of choice.

On Delay and Security in Network Coding

ERIC Educational Resources Information Center

Dikaliotis, Theodoros K.

2013-01-01

In this thesis, delay and security issues in network coding are considered. First, we study the delay incurred in the transmission of a fixed number of packets through acyclic networks comprised of erasure links. The two transmission schemes studied are routing with hop-by-hop retransmissions, where every node in the network simply stores and…

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

Authentication Without Secrets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pierson, Lyndon G.; Robertson, Perry J.

This work examines a new approach to authentication, which is the most fundamental security primitive that underpins all cyber security protections. Current Internet authentication techniques require the protection of one or more secret keys along with the integrity protection of the algorithms/computations designed to prove possession of the secret without actually revealing it. Protecting a secret requires physical barriers or encryption with yet another secret key. The reason to strive for "Authentication without Secret Keys" is that protecting secrets (even small ones only kept in a small corner of a component or device) is much harder than protecting the integritymore » of information that is not secret. Promising methods are examined for authentication of components, data, programs, network transactions, and/or individuals. The successful development of authentication without secret keys will enable far more tractable system security engineering for high exposure, high consequence systems by eliminating the need for brittle protection mechanisms to protect secret keys (such as are now protected in smart cards, etc.). This paper is a re-release of SAND2009-7032 with new figures numerous edits.« less

Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols.

PubMed

Sriram, Vinay K; Montgomery, Doug

2017-07-01

The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.

How to Perform a Security Audit: Is Your School's or District's Network Vulnerable?

ERIC Educational Resources Information Center

Dark, Melissa; Poftak, Amy

2004-01-01

In this article, the authors address the importance of taking a proactive approach to securing a school's network. To do this, it is first required to know the system's specific vulnerabilities and what steps to take to reduce them. The formal process for doing this is known as an information security risk assessment, or a security audit. What…

Local Area Network (LAN) Compatibility Issues

DTIC Science & Technology

1991-09-01

September, 1991 Thesis Advisor: Dr. Norman Schneidewind Approved for public release; distribution is unlimited 92 303s246 Unclassified SECURITY ...CLASSIFICATION OF THIS PAGE REPORT DOCUMENTATION PAGE Ia. REPORT SECURITY CLASSIFICATION 1 b. RESTRICTIVE MARKINGS unclassified 2a. SECURITY CLASSIFICATION...Work UiNt ACCeLUOn Number 11. TITLE (Include Security Classification) LOCAL AREA NETWORK (LAN) COMPATIBILITY ISSUES 12. PERSONAL AUTHOR(S) Rita V

Predicting Time-to-Relapse in Breast Cancer Using Neural Networks

DTIC Science & Technology

1997-12-01

CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 118. SECURITY CLASSIFICATION OF THIS PAGE Unclassified 19. SECURITY CLASSIFICATION OF...Lowell WE, and Davis GL. A neural network that predicts psychiatric length of stay. MD Computing 10:87-92, 1993. Ebell MH. Artificial neural netowrks

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Security in MANETs using reputation-adjusted routing

NASA Astrophysics Data System (ADS)

Ondi, Attila; Hoffman, Katherine; Perez, Carlos; Ford, Richard; Carvalho, Marco; Allen, William

2009-04-01

Mobile Ad-Hoc Networks enable communication in various dynamic environments, including military combat operations. Their open and shared communication medium enables new forms of attack that are not applicable for traditional wired networks. Traditional security mechanisms and defense techniques are not prepared to cope with the new attacks and the lack of central authorities make identity verifications difficult. This work extends our previous work in the Biologically Inspired Tactical Security Infrastructure to provide a reputation-based weighing mechanism for linkstate routing protocols to protect the network from attackers that are corrupting legitimate network traffic. Our results indicate that the approach is successful in routing network traffic around compromised computers.

How much spare capacity is necessary for the security of resource networks?

NASA Astrophysics Data System (ADS)

Zhao, Qian-Chuan; Jia, Qing-Shan; Cao, Yang

2007-01-01

The balance between the supply and demand of some kind of resource is critical for the functionality and security of many complex networks. Local contingencies that break this balance can cause a global collapse. These contingencies are usually dealt with by spare capacity, which is costly especially when the network capacity (the total amount of the resource generated/consumed in the network) grows. This paper studies the relationship between the spare capacity and the collapse probability under separation contingencies when the network capacity grows. Our results are obtained based on the analysis of the existence probability of balanced partitions, which is a measure of network security when network splitting is unavoidable. We find that a network with growing capacity will inevitably collapse after a separation contingency if the spare capacity in each island increases slower than a linear function of the network capacity and there is no suitable global coordinator.

A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop.

PubMed

Zhang, Lifu; Zhang, Heng

2016-03-26

Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas.

ReTrust: attack-resistant and lightweight trust management for medical sensor networks.

PubMed

He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Vasilakos, Athanasios V

2012-07-01

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

PubMed

Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

2017-04-25

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks

PubMed Central

Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

2017-01-01

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.’s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme. PMID:28441331

Expansion of the Center for Network Innovation and Experimentation (CENETIX) Network to a Worldwide Presence

DTIC Science & Technology

2006-09-01

data transform set contains : the security protocol (AH and/or ESP, connection mode (tunnel or transport), encryption information (DES, 3DES, AES...Management Information Base, version 2) objects are variables that contain data about the system. They are defined as part of the Simple Network...Avon Park was configured for access on the concentrator. c. Security Association (SA) • A security association contains all of the information

Wireless local area network security.

PubMed

Bergeron, Bryan P

2004-01-01

Wireless local area networks (WLANs) are increasingly popular in clinical settings because they facilitate the use of wireless PDAs, laptops, and other pervasive computing devices at the point of care. However, because of the relative immaturity of wireless network technology and evolving standards, WLANs, if improperly configured, can present significant security risks. Understanding the security limitations of the technology and available fixes can help minimize the risks of clinical data loss and maintain compliance with HIPAA guidelines.

Feature-based alert correlation in security systems using self organizing maps

NASA Astrophysics Data System (ADS)

Kumar, Munesh; Siddique, Shoaib; Noor, Humera

2009-04-01

The security of the networks has been an important concern for any organization. This is especially important for the defense sector as to get unauthorized access to the sensitive information of an organization has been the prime desire for cyber criminals. Many network security techniques like Firewall, VPN Concentrator etc. are deployed at the perimeter of network to deal with attack(s) that occur(s) from exterior of network. But any vulnerability that causes to penetrate the network's perimeter of defense, can exploit the entire network. To deal with such vulnerabilities a system has been evolved with the purpose of generating an alert for any malicious activity triggered against the network and its resources, termed as Intrusion Detection System (IDS). The traditional IDS have still some deficiencies like generating large number of alerts, containing both true and false one etc. By automatically classifying (correlating) various alerts, the high-level analysis of the security status of network can be identified and the job of network security administrator becomes much easier. In this paper we propose to utilize Self Organizing Maps (SOM); an Artificial Neural Network for correlating large amount of logged intrusion alerts based on generic features such as Source/Destination IP Addresses, Port No, Signature ID etc. The different ways in which alerts can be correlated by Artificial Intelligence techniques are also discussed. . We've shown that the strategy described in the paper improves the efficiency of IDS by better correlating the alerts, leading to reduced false positives and increased competence of network administrator.

Will you accept the government's friend request? Social networks and privacy concerns.

PubMed

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Will You Accept the Government's Friend Request? Social Networks and Privacy Concerns

PubMed Central

Siegel, David A.

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim. PMID:24312236

Using digital watermarking to enhance security in wireless medical image transmission.

PubMed

Giakoumaki, Aggeliki; Perakis, Konstantinos; Banitsas, Konstantinos; Giokas, Konstantinos; Tachakra, Sapal; Koutsouris, Dimitris

2010-04-01

During the last few years, wireless networks have been increasingly used both inside hospitals and in patients' homes to transmit medical information. In general, wireless networks suffer from decreased security. However, digital watermarking can be used to secure medical information. In this study, we focused on combining wireless transmission and digital watermarking technologies to better secure the transmission of medical images within and outside the hospital. We utilized an integrated system comprising the wireless network and the digital watermarking module to conduct a series of tests. The test results were evaluated by medical consultants. They concluded that the images suffered no visible quality degradation and maintained their diagnostic integrity. The proposed integrated system presented reasonable stability, and its performance was comparable to that of a fixed network. This system can enhance security during the transmission of medical images through a wireless channel.

Security Aspects of Smart Cards vs. Embedded Security in Machine-to-Machine (M2M) Advanced Mobile Network Applications

NASA Astrophysics Data System (ADS)

Meyerstein, Mike; Cha, Inhyok; Shah, Yogendra

The Third Generation Partnership Project (3GPP) standardisation group currently discusses advanced applications of mobile networks such as Machine-to-Machine (M2M) communication. Several security issues arise in these contexts which warrant a fresh look at mobile networks’ security foundations, resting on smart cards. This paper contributes a security/efficiency analysis to this discussion and highlights the role of trusted platform technology to approach these issues.

Molecular transport network security using multi-wavelength optical spins.

PubMed

Tunsiri, Surachai; Thammawongsa, Nopparat; Mitatha, Somsak; Yupapin, Preecha P

2016-01-01

Multi-wavelength generation system using an optical spin within the modified add-drop optical filter known as a PANDA ring resonator for molecular transport network security is proposed. By using the dark-bright soliton pair control, the optical capsules can be constructed and applied to securely transport the trapped molecules within the network. The advantage is that the dark and bright soliton pair (components) can securely propagate for long distance without electromagnetic interference. In operation, the optical intensity from PANDA ring resonator is fed into gold nano-antenna, where the surface plasmon oscillation between soliton pair and metallic waveguide is established.

A Secure Communication Suite for Underwater Acoustic Sensor Networks

PubMed Central

Dini, Gianluca; Duca, Angelica Lo

2012-01-01

In this paper we describe a security suite for Underwater Acoustic Sensor Networks comprising both fixed and mobile nodes. The security suite is composed of a secure routing protocol and a set of cryptographic primitives aimed at protecting the confidentiality and the integrity of underwater communication while taking into account the unique characteristics and constraints of the acoustic channel. By means of experiments and simulations based on real data, we show that the suite is suitable for an underwater networking environment as it introduces limited, and sometimes negligible, communication and power consumption overhead. PMID:23202204

Electronic Communication in Engineering Work.

ERIC Educational Resources Information Center

Bishop, Ann P.

1992-01-01

Discusses the role of electronic networks in engineering work; reviews selected literature on engineering work, knowledge, and communication; describes current uses of electronic networks; and presents results from a study of the use of networks by engineers in the aerospace industry, including their perceptions of networks. (67 references) (LRW)

SFTP: A Secure and Fault-Tolerant Paradigm against Blackhole Attack in MANET

NASA Astrophysics Data System (ADS)

KumarRout, Jitendra; Kumar Bhoi, Sourav; Kumar Panda, Sanjaya

2013-02-01

Security issues in MANET are a challenging task nowadays. MANETs are vulnerable to passive attacks and active attacks because of a limited number of resources and lack of centralized authority. Blackhole attack is an attack in network layer which degrade the network performance by dropping the packets. In this paper, we have proposed a Secure Fault-Tolerant Paradigm (SFTP) which checks the Blackhole attack in the network. The three phases used in SFTP algorithm are designing of coverage area to find the area of coverage, Network Connection algorithm to design a fault-tolerant model and Route Discovery algorithm to discover the route and data delivery from source to destination. SFTP gives better network performance by making the network fault free.

Transport and homeostasis of potassium and phosphate: limiting factors for sustainable crop production.

PubMed

Luan, Mingda; Tang, Ren-Jie; Tang, Yumei; Tian, Wang; Hou, Congong; Zhao, Fugeng; Lan, Wenzhi; Luan, Sheng

2017-06-01

Potassium (K) and phosphate (Pi) are both macronutrients essential for plant growth and crop production, but the unrenewable resources of phosphorus rock and potash have become limiting factors for food security. One critical measure to help solve this problem is to improve nutrient use efficiency (NUE) in plants by understanding and engineering genetic networks for ion uptake, translocation, and storage. Plants have evolved multiple systems to adapt to various nutrient conditions for growth and production. Within the NUE networks, transport proteins and their regulators are the primary players for maintaining nutrient homeostasis and could be utilized to engineer high NUE traits in crop plants. A large number of publications have detailed K+ and Pi transport proteins in plants over the past three decades. Meanwhile, the discovery and validation of their regulatory mechanisms are fast-track topics for research. Here, we provide an overview of K+ and Pi transport proteins and their regulatory mechanisms, which participate in the uptake, translocation, storage, and recycling of these nutrients in plants. © The Author 2016. Published by Oxford University Press on behalf of the Society for Experimental Biology. All rights reserved. For permissions, please email: journals.permissions@oup.com.

Meet EPA Engineer Steve Clark

EPA Pesticide Factsheets

Steve Clark is an environmental engineer in EPA’s National Homeland Security Research Center (NHSRC). His research focuses on water security, exploring ways to protect and decontaminate pipes and other water “infrastructure.”

Ad-Hoc Networks and the Mobile Application Security System (MASS)

DTIC Science & Technology

2006-01-01

solution to this problem that addresses critical aspects of security in ad-hoc mobile application networks. This approach involves preventing unauthorized...modification of a mobile application , both by other applications and by hosts, and ensuring that mobile code is authentic and authorized. These...capabilities constitute the Mobile Application Security System (MASS). The MASS applies effective, robust security to mobile application -based systems

Cyber Hygiene for Control System Security

DOE PAGES

Oliver, David

2015-10-08

There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

A Multi-Attribute Pheromone Ant Secure Routing Algorithm Based on Reputation Value for Sensor Networks

PubMed Central

Zhang, Lin; Yin, Na; Fu, Xiong; Lin, Qiaomin; Wang, Ruchuan

2017-01-01

With the development of wireless sensor networks, certain network problems have become more prominent, such as limited node resources, low data transmission security, and short network life cycles. To solve these problems effectively, it is important to design an efficient and trusted secure routing algorithm for wireless sensor networks. Traditional ant-colony optimization algorithms exhibit only local convergence, without considering the residual energy of the nodes and many other problems. This paper introduces a multi-attribute pheromone ant secure routing algorithm based on reputation value (MPASR). This algorithm can reduce the energy consumption of a network and improve the reliability of the nodes’ reputations by filtering nodes with higher coincidence rates and improving the method used to update the nodes’ communication behaviors. At the same time, the node reputation value, the residual node energy and the transmission delay are combined to formulate a synthetic pheromone that is used in the formula for calculating the random proportion rule in traditional ant-colony optimization to select the optimal data transmission path. Simulation results show that the improved algorithm can increase both the security of data transmission and the quality of routing service. PMID:28282894

Formal assessment instrument for ensuring the security of NASA's networks, systems and software

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Powell, J. D.; Sherif, J.

2002-01-01

To address the problem of security for NASA's networks, systems and software, NASA has funded the Jet Propulsion Lab in conjunction with UC Davis to begin work on developing a software security assessment instrument for use in the software development and maintenance life cycle.

AVQS: attack route-based vulnerability quantification scheme for smart grid.

PubMed

Ko, Jongbin; Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification.

IDEF3 Formalization Report

DTIC Science & Technology

1991-10-01

SUBJECT TERMS 15. NUMBER OF PAGES engineering management information systems method formalization 60 information engineering process modeling 16 PRICE...CODE information systems requirements definition methods knowlede acquisition methods systems engineering 17. SECURITY CLASSIFICATION ji. SECURITY... Management , Inc., Santa Monica, California. CORYNEN, G. C., 1975, A Mathematical Theory of Modeling and Simula- tion. Ph.D. Dissertation, Department

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Secure and Cost-Effective Distributed Aggregation for Mobile Sensor Networks

PubMed Central

Guo, Kehua; Zhang, Ping; Ma, Jianhua

2016-01-01

Secure data aggregation (SDA) schemes are widely used in distributed applications, such as mobile sensor networks, to reduce communication cost, prolong the network life cycle and provide security. However, most SDA are only suited for a single type of statistics (i.e., summation-based or comparison-based statistics) and are not applicable to obtaining multiple statistic results. Most SDA are also inefficient for dynamic networks. This paper presents multi-functional secure data aggregation (MFSDA), in which the mapping step and coding step are introduced to provide value-preserving and order-preserving and, later, to enable arbitrary statistics support in the same query. MFSDA is suited for dynamic networks because these active nodes can be counted directly from aggregation data. The proposed scheme is tolerant to many types of attacks. The network load of the proposed scheme is balanced, and no significant bottleneck exists. The MFSDA includes two versions: MFSDA-I and MFSDA-II. The first one can obtain accurate results, while the second one is a more generalized version that can significantly reduce network traffic at the expense of less accuracy loss. PMID:27120599

Security and Efficiency Concerns With Distributed Collaborative Networking Environments

DTIC Science & Technology

2003-09-01

have the ability to access Web communications services of the WebEx MediaTone Network from a single login. [24] WebEx provides a range of secure...Web. WebEx services enable secure data, voice and video communications through the browser and are supported by the WebEx MediaTone Network, a global...designed to host large-scale, structured events and conferences, featuring a Q&A Manager that allows multiple moderators to handle questions while

Design of a Forecasting Service System for Monitoring of Vulnerabilities of Sensor Networks

NASA Astrophysics Data System (ADS)

Song, Jae-Gu; Kim, Jong Hyun; Seo, Dong Il; Kim, Seoksoo

This study aims to reduce security vulnerabilities of sensor networks which transmit data in an open environment by developing a forecasting service system. The system is to remove or monitor causes of breach incidents in advance. To that end, this research first examines general security vulnerabilities of sensor networks and analyzes characteristics of existing forecasting systems. Then, 5 steps of a forecasting service system are proposed in order to improve security responses.

Quantum key distribution network for multiple applications

NASA Astrophysics Data System (ADS)

Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

2017-09-01

The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

PKI security in large-scale healthcare networks.

PubMed

Mantas, Georgios; Lymberopoulos, Dimitrios; Komninos, Nikos

2012-06-01

During the past few years a lot of PKI (Public Key Infrastructures) infrastructures have been proposed for healthcare networks in order to ensure secure communication services and exchange of data among healthcare professionals. However, there is a plethora of challenges in these healthcare PKI infrastructures. Especially, there are a lot of challenges for PKI infrastructures deployed over large-scale healthcare networks. In this paper, we propose a PKI infrastructure to ensure security in a large-scale Internet-based healthcare network connecting a wide spectrum of healthcare units geographically distributed within a wide region. Furthermore, the proposed PKI infrastructure facilitates the trust issues that arise in a large-scale healthcare network including multi-domain PKI infrastructures.

A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

PubMed Central

Zhang, Lifu; Zhang, Heng

2016-01-01

Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

Optical network security using unipolar Walsh code

NASA Astrophysics Data System (ADS)

Sikder, Somali; Sarkar, Madhumita; Ghosh, Shila

2018-04-01

Optical code-division multiple-access (OCDMA) is considered as a good technique to provide optical layer security. Many research works have been published to enhance optical network security by using optical signal processing. The paper, demonstrates the design of the AWG (arrayed waveguide grating) router-based optical network for spectral-amplitude-coding (SAC) OCDMA networks with Walsh Code to design a reconfigurable network codec by changing signature codes to against eavesdropping. In this paper we proposed a code reconfiguration scheme to improve the network access confidentiality changing the signature codes by cyclic rotations, for OCDMA system. Each of the OCDMA network users is assigned a unique signature code to transmit the information and at the receiving end each receiver correlates its own signature pattern a(n) with the receiving pattern s(n). The signal arriving at proper destination leads to s(n)=a(n).

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

PubMed Central

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

PubMed

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

The Systems Librarian: Implementing Wireless Networks without Compromising Security

ERIC Educational Resources Information Center

Breeding, Marshall

2005-01-01

Many libraries are or soon will be offering Wi-Fi, also known as wireless networks. The largest perceived barriers to providing this service are concerns about security. The prime rule when deploying Wi-Fi is segregation, having a clear separation between a public wireless network and the rest of the library?s network. A number of devices can be…

Secure smart grid communications and information integration based on digital watermarking in wireless sensor networks

NASA Astrophysics Data System (ADS)

Yan, Xin; Zhang, Ling; Wu, Yang; Luo, Youlong; Zhang, Xiaoxing

2017-02-01

As more and more wireless sensor nodes and networks are employed to acquire and transmit the state information of power equipment in smart grid, we are in urgent need of some viable security solutions to ensure secure smart grid communications. Conventional information security solutions, such as encryption/decryption, digital signature and so forth, are not applicable to wireless sensor networks in smart grid any longer, where bulk messages need to be exchanged continuously. The reason is that these cryptographic solutions will account for a large portion of the extremely limited resources on sensor nodes. In this article, a security solution based on digital watermarking is adopted to achieve the secure communications for wireless sensor networks in smart grid by data and entity authentications at a low cost of operation. Our solution consists of a secure framework of digital watermarking, and two digital watermarking algorithms based on alternating electric current and time window, respectively. Both watermarking algorithms are composed of watermark generation, embedding and detection. The simulation experiments are provided to verify the correctness and practicability of our watermarking algorithms. Additionally, a new cloud-based architecture for the information integration of smart grid is proposed on the basis of our security solutions.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

Malware Mimics for Network Security Assessment

DTIC Science & Technology

2011-03-01

Master’s Thesis 4 . TITLE AND SUBTITLE Malware Mimics for Network Security Assessment 6. AUTHOR(S) Taff, William R and Salevski, Paul M. 5...Communication Protocol .......................41 viii 4 . Graphical User Interface for MM-Server .......43 C. BUILDING THE TEST PLATFORM...Extension ...............71 2. More Advanced Modules ........................72 3. Increase Scale of Test Bed ...................73 4 . Security

A First Step Towards Network Security Virtualization: From Concept to Prototype

DTIC Science & Technology

2015-10-01

ec2 security groups. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network- security.html. [3] Jeffrey R. Ballard, Ian Rae, and Aditya...20] Matthew L. Meola Michael J. Freedman Jennifer Rexford Nate Foster, Rob Harrison and David Walker. Frenetic: A High-Level Langauge for OpenFlow

The Elements of a Network to Educate for World Security.

ERIC Educational Resources Information Center

Network to Educate for World Security, New York, NY.

This publication examines efforts to educate for peace and disarmament. A proposal by the Network to Educate for World Security for the establishment of a United Nations sponsored disarmament fund devoted to worldwide peace and security education is presented in Section One. Section Two contains papers that suggest how the traditional way to…

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

Teaching Network Security in a Virtual Learning Environment

ERIC Educational Resources Information Center

Bergstrom, Laura; Grahn, Kaj J.; Karlstrom, Krister; Pulkkis, Goran; Astrom, Peik

2004-01-01

This article presents a virtual course with the topic network security. The course has been produced by Arcada Polytechnic as a part of the production team Computer Networks, Telecommunication and Telecommunication Systems in the Finnish Virtual Polytechnic. The article begins with an introduction to the evolution of the information security…

Analysis of MD5 authentication in various routing protocols using simulation tools

NASA Astrophysics Data System (ADS)

Dinakaran, M.; Darshan, K. N.; Patel, Harsh

2017-11-01

Authentication being an important paradigm of security and Computer Networks require secure paths to make the flow of the data even more secure through some security protocols. So MD-5(Message Digest 5) helps in providing data integrity to the data being sent through it and authentication to the network devices. This paper gives a brief introduction to the MD-5, simulation of the networks by including MD-5 authentication using various routing protocols like OSPF, EIGRP and RIPv2. GNS3 is being used to simulate the scenarios. Analysis of the MD-5 authentication is done in the later sections of the paper.

Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges.

PubMed

Curiac, Daniel-Ioan

2016-04-07

Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues.

Security Quality Requirements Engineering (SQUARE): Case Study Phase III

DTIC Science & Technology

2006-05-01

Security Quality Requirements Engineering (SQUARE): Case Study Phase III Lydia Chung Frank Hung Eric Hough Don Ojoko-Adams Advisor...Engineering (SQUARE): Case Study Phase III CMU/SEI-2006-SR-003 Lydia Chung Frank Hung Eric Hough Don Ojoko-Adams Advisor Nancy R. Mead...1 1.1 The SQUARE Process ............................................................................... 1 1.2 Case Study Clients

Big data, little security: Addressing security issues in your platform

NASA Astrophysics Data System (ADS)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

9. Photocopy of engineering drawing. SECURITY UPGRADES, SLC17: PLANS, SECTIONS, ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

9. Photocopy of engineering drawing. SECURITY UPGRADES, SLC17: PLANS, SECTIONS, AND DETAILS, JANUARY 1993. - Cape Canaveral Air Station, Launch Complex 17, Facility 28425, East end of Lighthouse Road, Cape Canaveral, Brevard County, FL

8. Photocopy of engineering drawing. SECURITY UPGRADES, SLC17: ELEVATIONS AND ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

8. Photocopy of engineering drawing. SECURITY UPGRADES, SLC17: ELEVATIONS AND BUILDING SECTION, JULY 1992. - Cape Canaveral Air Station, Launch Complex 17, Facility 28425, East end of Lighthouse Road, Cape Canaveral, Brevard County, FL

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

Game Theory for Wireless Sensor Networks: A Survey

PubMed Central

Shi, Hai-Yan; Wang, Wan-Liang; Kwok, Ngai-Ming; Chen, Sheng-Yong

2012-01-01

Game theory (GT) is a mathematical method that describes the phenomenon of conflict and cooperation between intelligent rational decision-makers. In particular, the theory has been proven very useful in the design of wireless sensor networks (WSNs). This article surveys the recent developments and findings of GT, its applications in WSNs, and provides the community a general view of this vibrant research area. We first introduce the typical formulation of GT in the WSN application domain. The roles of GT are described that include routing protocol design, topology control, power control and energy saving, packet forwarding, data collection, spectrum allocation, bandwidth allocation, quality of service control, coverage optimization, WSN security, and other sensor management tasks. Then, three variations of game theory are described, namely, the cooperative, non-cooperative, and repeated schemes. Finally, existing problems and future trends are identified for researchers and engineers in the field. PMID:23012533

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

PubMed

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems

PubMed Central

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D.

2016-01-01

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems. PMID:27463718

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems.

PubMed

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D

2016-07-25

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems.

Wireless physical layer security

NASA Astrophysics Data System (ADS)

Poor, H. Vincent; Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security.

PubMed

Poor, H Vincent; Schaefer, Rafael F

2017-01-03

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Wireless physical layer security

PubMed Central

Schaefer, Rafael F.

2017-01-01

Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments. PMID:28028211

Comparative-effectiveness research in distributed health data networks.

PubMed

Toh, S; Platt, R; Steiner, J F; Brown, J S

2011-12-01

Comparative-effectiveness research (CER) can be conducted within a distributed health data network. Such networks allow secure access to separate data sets from different data partners and overcome many practical obstacles related to patient privacy, data security, and proprietary concerns. A scalable network architecture supports a wide range of CER activities and meets the data infrastructure needs envisioned by the Federal Coordinating Council for Comparative Effectiveness Research.

Wireless security in mobile health.

PubMed

Osunmuyiwa, Olufolabi; Ulusoy, Ali Hakan

2012-12-01

Mobile health (m-health) is an extremely broad term that embraces mobile communication in the health sector and data packaging. The four broad categories of wireless networks are wireless personal area network, wireless metropolitan area network, wireless wide area network, and wireless local area network. Wireless local area network is the most notable of the wireless networking tools obtainable in the health sector. Transfer of delicate and critical information on radio frequencies should be secure, and the right to use must be meticulous. This article covers the business opportunities in m-health, threats faced by wireless networks in hospitals, and methods of mitigating these threats.

Requirements for a network storage service

NASA Technical Reports Server (NTRS)

Kelly, Suzanne M.; Haynes, Rena A.

1992-01-01

Sandia National Laboratories provides a high performance classified computer network as a core capability in support of its mission of nuclear weapons design and engineering, physical sciences research, and energy research and development. The network, locally known as the Internal Secure Network (ISN), was designed in 1989 and comprises multiple distributed local area networks (LAN's) residing in Albuquerque, New Mexico and Livermore, California. The TCP/IP protocol suite is used for inner-node communications. Scientific workstations and mid-range computers, running UNIX-based operating systems, compose most LAN's. One LAN, operated by the Sandia Corporate Computing Directorate, is a general purpose resource providing a supercomputer and a file server to the entire ISN. The current file server on the supercomputer LAN is an implementation of the Common File System (CFS) developed by Los Alamos National Laboratory. Subsequent to the design of the ISN, Sandia reviewed its mass storage requirements and chose to enter into a competitive procurement to replace the existing file server with one more adaptable to a UNIX/TCP/IP environment. The requirements study for the network was the starting point for the requirements study for the new file server. The file server is called the Network Storage Services (NSS) and is requirements are described in this paper. The next section gives an application or functional description of the NSS. The final section adds performance, capacity, and access constraints to the requirements.

Model-Based Fault Tolerant Control

NASA Technical Reports Server (NTRS)

Kumar, Aditya; Viassolo, Daniel

2008-01-01

The Model Based Fault Tolerant Control (MBFTC) task was conducted under the NASA Aviation Safety and Security Program. The goal of MBFTC is to develop and demonstrate real-time strategies to diagnose and accommodate anomalous aircraft engine events such as sensor faults, actuator faults, or turbine gas-path component damage that can lead to in-flight shutdowns, aborted take offs, asymmetric thrust/loss of thrust control, or engine surge/stall events. A suite of model-based fault detection algorithms were developed and evaluated. Based on the performance and maturity of the developed algorithms two approaches were selected for further analysis: (i) multiple-hypothesis testing, and (ii) neural networks; both used residuals from an Extended Kalman Filter to detect the occurrence of the selected faults. A simple fusion algorithm was implemented to combine the results from each algorithm to obtain an overall estimate of the identified fault type and magnitude. The identification of the fault type and magnitude enabled the use of an online fault accommodation strategy to correct for the adverse impact of these faults on engine operability thereby enabling continued engine operation in the presence of these faults. The performance of the fault detection and accommodation algorithm was extensively tested in a simulation environment.

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network

PubMed Central

Yang, Bin; Zhang, Jianfeng

2017-01-01

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme. PMID:28657588

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

PubMed

Yang, Bin; Zhang, Jianfeng

2017-06-28

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

A security scheme of SMS system

NASA Astrophysics Data System (ADS)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

PubMed

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

KSC-2009-4014

NASA Image and Video Library

2009-07-10

CAPE CANAVERAL, Fla. – At Astrotech Space Operations in Titusville, Fla., workers secure an overhead crane to the shipping container that holds NASA's Solar Dynamics Observatory, or SDO. SDO is the first space weather research network mission in NASA's Living With a Star Program. The spacecraft's long-term measurements will give solar scientists in-depth information about changes in the sun's magnetic field and insight into how they affect Earth. In preparation for its anticipated November launch, engineers will perform a battery of comprehensive tests to ensure SDO can withstand the stresses and vibrations of the launch itself, as well as what it will encounter in the space environment after launch. Photo credit: NASA/Tim Jacobs

Volpe engineers use biometrics to help ease border crush

DOT National Transportation Integrated Search

1997-01-01

Using technology previously reserved for military and other high security applications, engineers from the Safety and Security Systems Division of the Volpe Center have developed a number of automated biometric systems to speed the processing of freq...

Joint force protection advanced security system (JFPASS) "the future of force protection: integrate and automate"

NASA Astrophysics Data System (ADS)

Lama, Carlos E.; Fagan, Joe E.

2009-09-01

The United States Department of Defense (DoD) defines 'force protection' as "preventive measures taken to mitigate hostile actions against DoD personnel (to include family members), resources, facilities, and critical information." Advanced technologies enable significant improvements in automating and distributing situation awareness, optimizing operator time, and improving sustainability, which enhance protection and lower costs. The JFPASS Joint Capability Technology Demonstration (JCTD) demonstrates a force protection environment that combines physical security and Chemical, Biological, Radiological, Nuclear, and Explosive (CBRNE) defense through the application of integrated command and control and data fusion. The JFPASS JCTD provides a layered approach to force protection by integrating traditional sensors used in physical security, such as video cameras, battlefield surveillance radars, unmanned and unattended ground sensors. The optimization of human participation and automation of processes is achieved by employment of unmanned ground vehicles, along with remotely operated lethal and less-than-lethal weapon systems. These capabilities are integrated via a tailorable, user-defined common operational picture display through a data fusion engine operating in the background. The combined systems automate the screening of alarms, manage the information displays, and provide assessment and response measures. The data fusion engine links disparate sensors and systems, and applies tailored logic to focus the assessment of events. It enables timely responses by providing the user with automated and semi-automated decision support tools. The JFPASS JCTD uses standard communication/data exchange protocols, which allow the system to incorporate future sensor technologies or communication networks, while maintaining the ability to communicate with legacy or existing systems.

Security Services Discovery by ATM Endsystems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sholander, Peter; Tarman, Thomas

This contribution proposes strawman techniques for Security Service Discovery by ATM endsystems in ATM networks. Candidate techniques include ILMI extensions, ANS extensions and new ATM anycast addresses. Another option is a new protocol based on an IETF service discovery protocol, such as Service Location Protocol (SLP). Finally, this contribution provides strawman requirements for Security-Based Routing in ATM networks.

77 FR 67557 - Special Conditions: ATR-GIE Avions de Transport Regional, Models ATR42-500 and ATR72-212A...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-13

... to, or access by, external systems and networks may result in security vulnerabilities to the... configuration may allow the exploitation of network security vulnerabilities resulting in intentional or..., Models ATR42-500 and ATR72-212A Airplanes; Aircraft Electronic System Security Protection From...

Process Security in Chemical Engineering Education

ERIC Educational Resources Information Center

Piluso, Cristina; Uygun, Korkut; Huang, Yinlun; Lou, Helen H.

2005-01-01

The threats of terrorism have greatly alerted the chemical process industries to assure plant security at all levels: infrastructure-improvement-focused physical security, information-protection-focused cyber security, and design-and-operation-improvement-focused process security. While developing effective plant security methods and technologies…

77 FR 36305 - Stream Communications Network & Media, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Stream Communications Network & Media, Inc.; Order of Suspension of Trading June 14, 2012. It appears to the Securities and Exchange Commission that... Network & Media, Inc. because it has not filed any periodic reports since the period ended December 31...

75 FR 16123 - Dave & Buster’s, Inc.; Analysis of Proposed Consent Order to Aid Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-31

... computer networks or to conduct security investigations, such as by employing an intrusion detection system and monitoring system logs; (b) failed to adequately restrict third-party access to its networks, such... reasonable and appropriate security for personal information on its computer networks. Among other things...

AVQS: Attack Route-Based Vulnerability Quantification Scheme for Smart Grid

PubMed Central

Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification. PMID:25152923

Trust recovery model of Ad Hoc network based on identity authentication scheme

NASA Astrophysics Data System (ADS)

Liu, Jie; Huan, Shuiyuan

2017-05-01

Mobile Ad Hoc network trust model is widely used to solve mobile Ad Hoc network security issues. Aiming at the problem of reducing the network availability caused by the processing of malicious nodes and selfish nodes in mobile Ad Hoc network routing based on trust model, an authentication mechanism based on identity authentication mobile Ad Hoc network is proposed, which uses identity authentication to identify malicious nodes, And trust the recovery of selfish nodes in order to achieve the purpose of reducing network congestion and improving network quality. The simulation results show that the implementation of the mechanism can effectively improve the network availability and security.

A secure 3-way routing protocols for intermittently connected mobile ad hoc networks.

PubMed

Sekaran, Ramesh; Parasuraman, Ganesh Kumar

2014-01-01

The mobile ad hoc network may be partially connected or it may be disconnected in nature and these forms of networks are termed intermittently connected mobile ad hoc network (ICMANET). The routing in such disconnected network is commonly an arduous task. Many routing protocols have been proposed for routing in ICMANET since decades. The routing techniques in existence for ICMANET are, namely, flooding, epidemic, probabilistic, copy case, spray and wait, and so forth. These techniques achieve an effective routing with minimum latency, higher delivery ratio, lesser overhead, and so forth. Though these techniques generate effective results, in this paper, we propose novel routing algorithms grounded on agent and cryptographic techniques, namely, location dissemination service (LoDiS) routing with agent AES, A-LoDiS with agent AES routing, and B-LoDiS with agent AES routing, ensuring optimal results with respect to various network routing parameters. The algorithm along with efficient routing ensures higher degree of security. The security level is cited testing with respect to possibility of malicious nodes into the network. This paper also aids, with the comparative results of proposed algorithms, for secure routing in ICMANET.

A Secure 3-Way Routing Protocols for Intermittently Connected Mobile Ad Hoc Networks

PubMed Central

Parasuraman, Ganesh Kumar

2014-01-01

The mobile ad hoc network may be partially connected or it may be disconnected in nature and these forms of networks are termed intermittently connected mobile ad hoc network (ICMANET). The routing in such disconnected network is commonly an arduous task. Many routing protocols have been proposed for routing in ICMANET since decades. The routing techniques in existence for ICMANET are, namely, flooding, epidemic, probabilistic, copy case, spray and wait, and so forth. These techniques achieve an effective routing with minimum latency, higher delivery ratio, lesser overhead, and so forth. Though these techniques generate effective results, in this paper, we propose novel routing algorithms grounded on agent and cryptographic techniques, namely, location dissemination service (LoDiS) routing with agent AES, A-LoDiS with agent AES routing, and B-LoDiS with agent AES routing, ensuring optimal results with respect to various network routing parameters. The algorithm along with efficient routing ensures higher degree of security. The security level is cited testing with respect to possibility of malicious nodes into the network. This paper also aids, with the comparative results of proposed algorithms, for secure routing in ICMANET. PMID:25136697

Cyber-Informed Engineering

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert S.; Benjamin, Jacob; Wright, Virginia L.

A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

Butterfly Encryption Scheme for Resource-Constrained Wireless Networks †

PubMed Central

Sampangi, Raghav V.; Sampalli, Srinivas

2015-01-01

Resource-constrained wireless networks are emerging networks such as Radio Frequency Identification (RFID) and Wireless Body Area Networks (WBAN) that might have restrictions on the available resources and the computations that can be performed. These emerging technologies are increasing in popularity, particularly in defence, anti-counterfeiting, logistics and medical applications, and in consumer applications with growing popularity of the Internet of Things. With communication over wireless channels, it is essential to focus attention on securing data. In this paper, we present an encryption scheme called Butterfly encryption scheme. We first discuss a seed update mechanism for pseudorandom number generators (PRNG), and employ this technique to generate keys and authentication parameters for resource-constrained wireless networks. Our scheme is lightweight, as in it requires less resource when implemented and offers high security through increased unpredictability, owing to continuously changing parameters. Our work focuses on accomplishing high security through simplicity and reuse. We evaluate our encryption scheme using simulation, key similarity assessment, key sequence randomness assessment, protocol analysis and security analysis. PMID:26389899

Butterfly Encryption Scheme for Resource-Constrained Wireless Networks.

PubMed

Sampangi, Raghav V; Sampalli, Srinivas

2015-09-15

Resource-constrained wireless networks are emerging networks such as Radio Frequency Identification (RFID) and Wireless Body Area Networks (WBAN) that might have restrictions on the available resources and the computations that can be performed. These emerging technologies are increasing in popularity, particularly in defence, anti-counterfeiting, logistics and medical applications, and in consumer applications with growing popularity of the Internet of Things. With communication over wireless channels, it is essential to focus attention on securing data. In this paper, we present an encryption scheme called Butterfly encryption scheme. We first discuss a seed update mechanism for pseudorandom number generators (PRNG), and employ this technique to generate keys and authentication parameters for resource-constrained wireless networks. Our scheme is lightweight, as in it requires less resource when implemented and offers high security through increased unpredictability, owing to continuously changing parameters. Our work focuses on accomplishing high security through simplicity and reuse. We evaluate our encryption scheme using simulation, key similarity assessment, key sequence randomness assessment, protocol analysis and security analysis.

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2011 CFR

2011-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2014 CFR

2014-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2010 CFR

2010-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2012 CFR

2012-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

33 CFR 103.405 - Elements of the Area Maritime Security (AMS) Assessment.

Code of Federal Regulations, 2013 CFR

2013-07-01

... networks; (6) Relevant transportation infrastructure; (7) Utilities; (8) Security resources and... Security (AMS) Assessment. 103.405 Section 103.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime...

Method of Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

NASA Technical Reports Server (NTRS)

Baras, John S. (Inventor); Roy-Chowdhury, Ayan (Inventor)

2014-01-01

A method and apparatus utilizes Layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security including a modification to the Internet Key Exchange protocol. For application-level security of web browsing with acceptable end-to-end delay, the Dual-mode SSL protocol (DSSL) is used instead of SSL. The LES and DSSL protocols achieve desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly.

The Widening Gulf between Genomics Data Generation and Consumption: A Practical Guide to Big Data Transfer Technology.

PubMed

Feltus, Frank A; Breen, Joseph R; Deng, Juan; Izard, Ryan S; Konger, Christopher A; Ligon, Walter B; Preuss, Don; Wang, Kuang-Ching

2015-01-01

In the last decade, high-throughput DNA sequencing has become a disruptive technology and pushed the life sciences into a distributed ecosystem of sequence data producers and consumers. Given the power of genomics and declining sequencing costs, biology is an emerging "Big Data" discipline that will soon enter the exabyte data range when all subdisciplines are combined. These datasets must be transferred across commercial and research networks in creative ways since sending data without thought can have serious consequences on data processing time frames. Thus, it is imperative that biologists, bioinformaticians, and information technology engineers recalibrate data processing paradigms to fit this emerging reality. This review attempts to provide a snapshot of Big Data transfer across networks, which is often overlooked by many biologists. Specifically, we discuss four key areas: 1) data transfer networks, protocols, and applications; 2) data transfer security including encryption, access, firewalls, and the Science DMZ; 3) data flow control with software-defined networking; and 4) data storage, staging, archiving and access. A primary intention of this article is to orient the biologist in key aspects of the data transfer process in order to frame their genomics-oriented needs to enterprise IT professionals.

Applying New Network Security Technologies to SCADA Systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P

2006-11-01

Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators.more » 4This page intentionally left blank.« less

Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges

PubMed Central

Curiac, Daniel-Ioan

2016-01-01

Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues. PMID:27070601

Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

PubMed

Meganathan, Navamani Thandava; Palanichamy, Yogesh

2015-01-01

Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols.

An ethernet/IP security review with intrusion detection applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughter, S. A.; Williams, R. D.

2006-07-01

Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IPmore » networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)« less

Lightweight and confidential data discovery and dissemination for wireless body area networks.

PubMed

He, Daojing; Chan, Sammy; Zhang, Yan; Yang, Haomiao

2014-03-01

As a special sensor network, a wireless body area network (WBAN) provides an economical solution to real-time monitoring and reporting of patients' physiological data. After a WBAN is deployed, it is sometimes necessary to disseminate data into the network through wireless links to adjust configuration parameters of body sensors or distribute management commands and queries to sensors. A number of such protocols have been proposed recently, but they all focus on how to ensure reliability and overlook security vulnerabilities. Taking into account the unique features and application requirements of a WBAN, this paper presents the design, implementation, and evaluation of a secure, lightweight, confidential, and denial-of-service-resistant data discovery and dissemination protocol for WBANs to ensure the data items disseminated are not altered or tampered. Based on multiple one-way key hash chains, our protocol provides instantaneous authentication and can tolerate node compromise. Besides the theoretical analysis that demonstrates the security and performance of the proposed protocol, this paper also reports the experimental evaluation of our protocol in a network of resource-limited sensor nodes, which shows its efficiency in practice. In particular, extensive security analysis shows that our protocol is provably secure.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

40 CFR 94.908 - National security exemption.

Code of Federal Regulations, 2012 CFR

2012-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE COMPRESSION-IGNITION ENGINES Exclusion and Exemption Provisions § 94.908 National security exemption. (a)(1) Any marine engine, otherwise subject to this part, that is... armor, permanently affixed weaponry, specialized electronic warfare systems, unique stealth performance...

40 CFR 94.908 - National security exemption.

Code of Federal Regulations, 2011 CFR

2011-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE COMPRESSION-IGNITION ENGINES Exclusion and Exemption Provisions § 94.908 National security exemption. (a)(1) Any marine engine, otherwise subject to this part, that is... armor, permanently affixed weaponry, specialized electronic warfare systems, unique stealth performance...

40 CFR 94.908 - National security exemption.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE COMPRESSION-IGNITION ENGINES Exclusion and Exemption Provisions § 94.908 National security exemption. (a)(1) Any marine engine, otherwise subject to this part, that is... armor, permanently affixed weaponry, specialized electronic warfare systems, unique stealth performance...

40 CFR 94.908 - National security exemption.

Code of Federal Regulations, 2014 CFR

2014-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE COMPRESSION-IGNITION ENGINES Exclusion and Exemption Provisions § 94.908 National security exemption. (a)(1) Any marine engine, otherwise subject to this part, that is... armor, permanently affixed weaponry, specialized electronic warfare systems, unique stealth performance...

40 CFR 94.908 - National security exemption.

Code of Federal Regulations, 2013 CFR

2013-07-01

... (CONTINUED) CONTROL OF EMISSIONS FROM MARINE COMPRESSION-IGNITION ENGINES Exclusion and Exemption Provisions § 94.908 National security exemption. (a)(1) Any marine engine, otherwise subject to this part, that is... armor, permanently affixed weaponry, specialized electronic warfare systems, unique stealth performance...

Apparatus, system and method for providing cryptographic key information with physically unclonable function circuitry

DOEpatents

Areno, Matthew

2015-12-08

Techniques and mechanisms for providing a value from physically unclonable function (PUF) circuitry for a cryptographic operation of a security module. In an embodiment, a cryptographic engine receives a value from PUF circuitry and based on the value, outputs a result of a cryptographic operation to a bus of the security module. The bus couples the cryptographic engine to control logic or interface logic of the security module. In another embodiment, the value is provided to the cryptographic engine from the PUF circuitry via a signal line which is distinct from the bus, where any exchange of the value by either of the cryptographic engine and the PUF circuitry is for communication of the first value independent of the bus.

Quality of service provision assessment in the healthcare information and telecommunications infrastructures.

PubMed

Babulak, Eduard

2006-01-01

The continuous increase in the complexity and the heterogeneity of corporate and healthcare telecommunications infrastructures will require new assessment methods of quality of service (QoS) provision that are capable of addressing all engineering and social issues with much faster speeds. Speed and accessibility to any information at any time from anywhere will create global communications infrastructures with great performance bottlenecks that may put in danger human lives, power supplies, national economy and security. Regardless of the technology supporting the information flows, the final verdict on the QoS is made by the end user. The users' perception of telecommunications' network infrastructure QoS provision is critical to the successful business management operation of any organization. As a result, it is essential to assess the QoS Provision in the light of user's perception. This article presents a cost effective methodology to assess the user's perception of quality of service provision utilizing the existing Staffordshire University Network (SUN) by adding a component of measurement to the existing model presented by Walker. This paper presents the real examples of CISCO Networking Solutions for Health Care givers and offers a cost effective approach to assess the QoS provision within the campus network, which could be easily adapted to any health care organization or campus network in the world.

ATM encryption testing

NASA Astrophysics Data System (ADS)

Capell, Joyce; Deeth, David

1996-01-01

This paper describes why encryption was selected by Lockheed Martin Missiles & Space as the means for securing ATM networks. The ATM encryption testing program is part of an ATM network trial provided by Pacific Bell under the California Research Education Network (CalREN). The problem being addressed is the threat to data security which results when changing from a packet switched network infrastructure to a circuit switched ATM network backbone. As organizations move to high speed cell-based networks, there is a break down in the traditional security model which is designed to protect packet switched data networks from external attacks. This is due to the fact that most data security firewalls filter IP packets, restricting inbound and outbound protocols, e.g. ftp. ATM networks, based on cell-switching over virtual circuits, does not support this method for restricting access since the protocol information is not carried by each cell. ATM switches set up multiple virtual connections, thus there is no longer a single point of entry into the internal network. The problem is further complicated by the fact that ATM networks support high speed multi-media applications, including real time video and video teleconferencing which are incompatible with packet switched networks. The ability to restrict access to Lockheed Martin networks in support of both unclassified and classified communications is required before ATM network technology can be fully deployed. The Lockheed Martin CalREN ATM testbed provides the opportunity to test ATM encryption prototypes with actual applications to assess the viability of ATM encryption methodologies prior to installing large scale ATM networks. Two prototype ATM encryptors are being tested: (1) `MILKBUSH' a prototype encryptor developed by NSA for transmission of government classified data over ATM networks, and (2) a prototype ATM encryptor developed by Sandia National Labs in New Mexico, for the encryption of proprietary data.

Preparing for a Career as a Network Engineer

ERIC Educational Resources Information Center

Morris, Gerard; Fustos, Janos; Haga, Wayne

2012-01-01

A network engineer is an Information Technology (IT) professional who designs, implements, maintains, and troubleshoots computer networks. While the United States is still experiencing relatively high unemployment, demand for network engineers remains strong. To determine what skills employers are looking for, data was collected and analyzed from…

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

A survey of visualization systems for network security.

PubMed

Shiravi, Hadi; Shiravi, Ali; Ghorbani, Ali A

2012-08-01

Security Visualization is a very young term. It expresses the idea that common visualization techniques have been designed for use cases that are not supportive of security-related data, demanding novel techniques fine tuned for the purpose of thorough analysis. Significant amount of work has been published in this area, but little work has been done to study this emerging visualization discipline. We offer a comprehensive review of network security visualization and provide a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area. We outline the incorporated visualization techniques and data sources and provide an informative table to display our findings. From the analysis of these systems, we examine issues and concerns regarding network security visualization and provide guidelines and directions for future researchers and visual system developers.

Investigating end-to-end security in the fifth generation wireless capabilities and IoT extensions

NASA Astrophysics Data System (ADS)

Uher, J.; Harper, J.; Mennecke, R. G.; Patton, P.; Farroha, B.

2016-05-01

The emerging 5th generation wireless network will be architected and specified to meet the vision of allowing the billions of devices and millions of human users to share spectrum to communicate and deliver services. The expansion of wireless networks from its current role to serve these diverse communities of interest introduces new paradigms that require multi-tiered approaches. The introduction of inherently low security components, like IoT devices, necessitates that critical data be better secured to protect the networks and users. Moreover high-speed communications that are meant to enable the autonomous vehicles require ultra reliable and low latency paths. This research explores security within the proposed new architectures and the cross interconnection of the highly protected assets with low cost/low security components forming the overarching 5th generation wireless infrastructure.

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

NASA Technical Reports Server (NTRS)

Bishop, Matt

1991-01-01

The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate.

Applications of Multi-Channel Safety Authentication Protocols in Wireless Networks.

PubMed

Chen, Young-Long; Liau, Ren-Hau; Chang, Liang-Yu

2016-01-01

People can use their web browser or mobile devices to access web services and applications which are built into these servers. Users have to input their identity and password to login the server. The identity and password may be appropriated by hackers when the network environment is not safe. The multiple secure authentication protocol can improve the security of the network environment. Mobile devices can be used to pass the authentication messages through Wi-Fi or 3G networks to serve as a second communication channel. The content of the message number is not considered in a multiple secure authentication protocol. The more excessive transmission of messages would be easier to collect and decode by hackers. In this paper, we propose two schemes which allow the server to validate the user and reduce the number of messages using the XOR operation. Our schemes can improve the security of the authentication protocol. The experimental results show that our proposed authentication protocols are more secure and effective. In regard to applications of second authentication communication channels for a smart access control system, identity identification and E-wallet, our proposed authentication protocols can ensure the safety of person and property, and achieve more effective security management mechanisms.

Secure, Mobile, Wireless Network Technology Designed, Developed, and Demonstrated

NASA Technical Reports Server (NTRS)

Ivancic, William D.; Paulsen, Phillip E.

2004-01-01

The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and mitigation of potential equipment malfunctions. As an additional benefit, team advancements were incorporated into open standards, ensuring technology transfer. Low-cost, commercial products incorporating the new technology are already available. Furthermore, these products are fully interoperable with legacy network technology equipment currently being used throughout the world.

Network-Centric Quantum Communications

NASA Astrophysics Data System (ADS)

Hughes, Richard

2014-03-01

Single-photon quantum communications (QC) offers ``future-proof'' cryptographic security rooted in the laws of physics. Today's quantum-secured communications cannot be compromised by unanticipated future technological advances. But to date, QC has only existed in point-to-point instantiations that have limited ability to address the cyber security challenges of our increasingly networked world. In my talk I will describe a fundamentally new paradigm of network-centric quantum communications (NQC) that leverages the network to bring scalable, QC-based security to user groups that may have no direct user-to-user QC connectivity. With QC links only between each of N users and a trusted network node, NQC brings quantum security to N2 user pairs, and to multi-user groups. I will describe a novel integrated photonics quantum smartcard (``QKarD'') and its operation in a multi-node NQC test bed. The QKarDs are used to implement the quantum cryptographic protocols of quantum identification, quantum key distribution and quantum secret splitting. I will explain how these cryptographic primitives are used to provide key management for encryption, authentication, and non-repudiation for user-to-user communications. My talk will conclude with a description of a recent demonstration that QC can meet both the security and quality-of-service (latency) requirements for electric grid control commands and data. These requirements cannot be met simultaneously with present-day cryptography.

77 FR 27108 - Order of Suspension of Trading; In the Matter of Anthracite Capital, Inc., Auto Data Network Inc...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-08

... of Anthracite Capital, Inc., Auto Data Network Inc., Avenue Group, Inc., Ckrush, Inc., Clickable... securities of Auto Data Network Inc. because it has not filed any periodic reports since the period ended... accurate information concerning the securities of Avenue Group, Inc. because it has not filed any periodic...

Design of the subject of quality engineering and security of the product of the degree in engineering in industrial design and development of product based in the methodology of the case

NASA Astrophysics Data System (ADS)

González, M. R.; Lambán, M. P.

2012-04-01

This paper presents the result of designing the subject Quality Engineering and Security of the Product, belonging to the Degree of Engineering in Industrial Design and Product Development, on the basis of the case methodology. Practical sessions of this subject are organized using the whole documents of the Quality System Management of the virtual company BeaLuc S.A.

Secure and Lightweight Cloud-Assisted Video Reporting Protocol over 5G-Enabled Vehicular Networks

PubMed Central

2017-01-01

In the vehicular networks, the real-time video reporting service is used to send the recorded videos in the vehicle to the cloud. However, when facilitating the real-time video reporting service in the vehicular networks, the usage of the fourth generation (4G) long term evolution (LTE) was proved to suffer from latency while the IEEE 802.11p standard does not offer sufficient scalability for a such congested environment. To overcome those drawbacks, the fifth-generation (5G)-enabled vehicular network is considered as a promising technology for empowering the real-time video reporting service. In this paper, we note that security and privacy related issues should also be carefully addressed to boost the early adoption of 5G-enabled vehicular networks. There exist a few research works for secure video reporting service in 5G-enabled vehicular networks. However, their usage is limited because of public key certificates and expensive pairing operations. Thus, we propose a secure and lightweight protocol for cloud-assisted video reporting service in 5G-enabled vehicular networks. Compared to the conventional public key certificates, the proposed protocol achieves entities’ authorization through anonymous credential. Also, by using lightweight security primitives instead of expensive bilinear pairing operations, the proposed protocol minimizes the computational overhead. From the evaluation results, we show that the proposed protocol takes the smaller computation and communication time for the cryptographic primitives than that of the well-known Eiza-Ni-Shi protocol. PMID:28946633

Secure and Lightweight Cloud-Assisted Video Reporting Protocol over 5G-Enabled Vehicular Networks.

PubMed

Nkenyereye, Lewis; Kwon, Joonho; Choi, Yoon-Ho

2017-09-23

In the vehicular networks, the real-time video reporting service is used to send the recorded videos in the vehicle to the cloud. However, when facilitating the real-time video reporting service in the vehicular networks, the usage of the fourth generation (4G) long term evolution (LTE) was proved to suffer from latency while the IEEE 802.11p standard does not offer sufficient scalability for a such congested environment. To overcome those drawbacks, the fifth-generation (5G)-enabled vehicular network is considered as a promising technology for empowering the real-time video reporting service. In this paper, we note that security and privacy related issues should also be carefully addressed to boost the early adoption of 5G-enabled vehicular networks. There exist a few research works for secure video reporting service in 5G-enabled vehicular networks. However, their usage is limited because of public key certificates and expensive pairing operations. Thus, we propose a secure and lightweight protocol for cloud-assisted video reporting service in 5G-enabled vehicular networks. Compared to the conventional public key certificates, the proposed protocol achieves entities' authorization through anonymous credential. Also, by using lightweight security primitives instead of expensive bilinear pairing operations, the proposed protocol minimizes the computational overhead. From the evaluation results, we show that the proposed protocol takes the smaller computation and communication time for the cryptographic primitives than that of the well-known Eiza-Ni-Shi protocol.

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Bundle Security Protocol for ION

NASA Technical Reports Server (NTRS)

Burleigh, Scott C.; Birrane, Edward J.; Krupiarz, Christopher

2011-01-01

This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.

Derived virtual devices: a secure distributed file system mechanism

NASA Technical Reports Server (NTRS)

VanMeter, Rodney; Hotz, Steve; Finn, Gregory

1996-01-01

This paper presents the design of derived virtual devices (DVDs). DVDs are the mechanism used by the Netstation Project to provide secure shared access to network-attached peripherals distributed in an untrusted network environment. DVDs improve Input/Output efficiency by allowing user processes to perform I/O operations directly from devices without intermediate transfer through the controlling operating system kernel. The security enforced at the device through the DVD mechanism includes resource boundary checking, user authentication, and restricted operations, e.g., read-only access. To illustrate the application of DVDs, we present the interactions between a network-attached disk and a file system designed to exploit the DVD abstraction. We further discuss third-party transfer as a mechanism intended to provide for efficient data transfer in a typical NAP environment. We show how DVDs facilitate third-party transfer, and provide the security required in a more open network environment.

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

Deep Space Network information system architecture study

NASA Technical Reports Server (NTRS)

Beswick, C. A.; Markley, R. W. (Editor); Atkinson, D. J.; Cooper, L. P.; Tausworthe, R. C.; Masline, R. C.; Jenkins, J. S.; Crowe, R. A.; Thomas, J. L.; Stoloff, M. J.

1992-01-01

The purpose of this article is to describe an architecture for the Deep Space Network (DSN) information system in the years 2000-2010 and to provide guidelines for its evolution during the 1990s. The study scope is defined to be from the front-end areas at the antennas to the end users (spacecraft teams, principal investigators, archival storage systems, and non-NASA partners). The architectural vision provides guidance for major DSN implementation efforts during the next decade. A strong motivation for the study is an expected dramatic improvement in information-systems technologies, such as the following: computer processing, automation technology (including knowledge-based systems), networking and data transport, software and hardware engineering, and human-interface technology. The proposed Ground Information System has the following major features: unified architecture from the front-end area to the end user; open-systems standards to achieve interoperability; DSN production of level 0 data; delivery of level 0 data from the Deep Space Communications Complex, if desired; dedicated telemetry processors for each receiver; security against unauthorized access and errors; and highly automated monitor and control.

Information Assurance in Wireless Networks

NASA Astrophysics Data System (ADS)

Kabara, Joseph; Krishnamurthy, Prashant; Tipper, David

2001-09-01

Emerging wireless networks will contain a hybrid infrastructure based on fixed, mobile and ad hoc topologies and technologies. In such a dynamic architecture, we define information assurance as the provisions for both information security and information availability. The implications of this definition are that the wireless network architecture must (a) provide sufficient security measures, (b) be survivable under node or link attack or failure and (c) be designed such that sufficient capacity remains for all critical services (and preferably most other services) in the event of attack or component failure. We have begun a research project to investigate the provision of information assurance for wireless networks viz. survivability, security and availability and here discuss the issues and challenges therein.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

PubMed Central

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

ARC-2001-ACD01-0018

NASA Image and Video Library

2001-02-16

New Center Network Deployment ribbon Cutting: from left to right: Maryland Edwards, Code JT upgrade project deputy task manager; Ed Murphy, foundry networks systems engineer; Bohdan Cmaylo, Code JT upgrade project task manager, Scott Santiago, Division Chief, Code JT; Greg Miller, Raytheon Network engineer and Frank Daras, Raytheon network engineering manager.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

PubMed

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

Numerical study on criteria for design and operation of water curtain system in underground oil storage cavern using site descriptive fracture networks

NASA Astrophysics Data System (ADS)

Moon, Jiwon; Yeo, In Wook

2013-04-01

Underground unlined caverns have been constructed in fractured rocks to stockpile oil and petroleum products, where they are hydraulically contained by natural groundwater pressure. However, for the case that natural groundwater pressure is not maintained at the required level, water curtain boreholes, through which water is injected, are often constructed above the cavern as engineering barrier to secure water pressure enough to overwhelm the operational pressure of the cavern. For secure containment of oil and petroleum products inside the cavern, it is essential to keep water pressure around the cavern higher than operational pressure of the cavern using either natural groundwater pressure or engineering barrier. In the Republic of Korea, a number of underground stockpile bases are being operated by Korea National Oil Corporation (KNOC) and private companies, most of which have water curtain system. The criterion that KNOC adopts for water curtain system design and operation such as the vertical distance from the cavern and operational injection rate is based on the Åberg hypothesis that the vertical hydraulic gradient should be larger than one. The criterion has been used for maintaining oil storage cavern without its thorough review. In this study, systematic numerical works have been done for reviewing the Åberg criterion. As groundwater predominantly takes places through fractures in underground caverns, discrete fracture modeling approach is essential for this study. Fracture data, obtained from boreholes drilled at the stage of site investigation at the Yeosu stockpile base in Korea, were statistically analyzed in terms of orientation and intensity, which were used to generate the site descriptive three dimensional fracture networks. Then, groundwater flow modeling has been carried out for the fracture networks. Constant head boundaries were applied along the circumference of the cavern and water curtain boreholes. Main flow channel and hydraulic connectivity between water curtain boreholes and the caverns have been identified, along which hydraulic heads are monitored to find out whether the required hydraulic pressure is maintained around the cavern. The flow modeling has been repeatedly carried out at different constant head boundary conditions to create the criterion for the optimal operation of water curtain system.

Hydrocomplexity: Addressing water security and emergent environmental risks

NASA Astrophysics Data System (ADS)

Kumar, Praveen

2015-07-01

Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

Sensor Authentication in Collaborating Sensor Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bielefeldt, Jake Uriah

2014-11-01

In this thesis, we address a new security problem in the realm of collaborating sensor networks. By collaborating sensor networks, we refer to the networks of sensor networks collaborating on a mission, with each sensor network is independently owned and operated by separate entities. Such networks are practical where a number of independent entities can deploy their own sensor networks in multi-national, commercial, and environmental scenarios, and some of these networks will integrate complementary functionalities for a mission. In the scenario, we address an authentication problem wherein the goal is for the Operator O i of Sensor Network S imore » to correctly determine the number of active sensors in Network Si. Such a problem is challenging in collaborating sensor networks where other sensor networks, despite showing an intent to collaborate, may not be completely trustworthy and could compromise the authentication process. We propose two authentication protocols to address this problem. Our protocols rely on Physically Unclonable Functions, which are a hardware based authentication primitive exploiting inherent randomness in circuit fabrication. Our protocols are light-weight, energy efficient, and highly secure against a number of attacks. To the best of our knowledge, ours is the first to addresses a practical security problem in collaborating sensor networks.« less

Network challenges for cyber physical systems with tiny wireless devices: a case study on reliable pipeline condition monitoring.

PubMed

Ali, Salman; Qaisar, Saad Bin; Saeed, Husnain; Khan, Muhammad Farhan; Naeem, Muhammad; Anpalagan, Alagan

2015-03-25

The synergy of computational and physical network components leading to the Internet of Things, Data and Services has been made feasible by the use of Cyber Physical Systems (CPSs). CPS engineering promises to impact system condition monitoring for a diverse range of fields from healthcare, manufacturing, and transportation to aerospace and warfare. CPS for environment monitoring applications completely transforms human-to-human, human-to-machine and machine-to-machine interactions with the use of Internet Cloud. A recent trend is to gain assistance from mergers between virtual networking and physical actuation to reliably perform all conventional and complex sensing and communication tasks. Oil and gas pipeline monitoring provides a novel example of the benefits of CPS, providing a reliable remote monitoring platform to leverage environment, strategic and economic benefits. In this paper, we evaluate the applications and technical requirements for seamlessly integrating CPS with sensor network plane from a reliability perspective and review the strategies for communicating information between remote monitoring sites and the widely deployed sensor nodes. Related challenges and issues in network architecture design and relevant protocols are also provided with classification. This is supported by a case study on implementing reliable monitoring of oil and gas pipeline installations. Network parameters like node-discovery, node-mobility, data security, link connectivity, data aggregation, information knowledge discovery and quality of service provisioning have been reviewed.

Network Challenges for Cyber Physical Systems with Tiny Wireless Devices: A Case Study on Reliable Pipeline Condition Monitoring

PubMed Central

Ali, Salman; Qaisar, Saad Bin; Saeed, Husnain; Farhan Khan, Muhammad; Naeem, Muhammad; Anpalagan, Alagan

2015-01-01

The synergy of computational and physical network components leading to the Internet of Things, Data and Services has been made feasible by the use of Cyber Physical Systems (CPSs). CPS engineering promises to impact system condition monitoring for a diverse range of fields from healthcare, manufacturing, and transportation to aerospace and warfare. CPS for environment monitoring applications completely transforms human-to-human, human-to-machine and machine-to-machine interactions with the use of Internet Cloud. A recent trend is to gain assistance from mergers between virtual networking and physical actuation to reliably perform all conventional and complex sensing and communication tasks. Oil and gas pipeline monitoring provides a novel example of the benefits of CPS, providing a reliable remote monitoring platform to leverage environment, strategic and economic benefits. In this paper, we evaluate the applications and technical requirements for seamlessly integrating CPS with sensor network plane from a reliability perspective and review the strategies for communicating information between remote monitoring sites and the widely deployed sensor nodes. Related challenges and issues in network architecture design and relevant protocols are also provided with classification. This is supported by a case study on implementing reliable monitoring of oil and gas pipeline installations. Network parameters like node-discovery, node-mobility, data security, link connectivity, data aggregation, information knowledge discovery and quality of service provisioning have been reviewed. PMID:25815444

Building an FTP guard

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sands, P.D.

1998-08-01

Classified designs usually include lesser classified (including unclassified) components. An engineer working on such a design needs access to the various sub-designs at lower classification levels. For simplicity, the problem is presented with only two levels: high and low. If the low-classification component designs are stored in the high network, they become inaccessible to persons working on a low network. In order to keep the networks separate, the component designs may be duplicated in all networks, resulting in a synchronization problem. Alternatively, they may be stored in the low network and brought into the high network when needed. The lattermore » solution results in the use of sneaker-net (copying the files from the low system to a tape and carrying the tape to a high system) or a file transfer guard. This paper shows how an FTP Guard was constructed and implemented without degrading the security of the underlying B3 platform. The paper then shows how the guard can be extended to an FTP proxy server or an HTTP proxy server. The extension is accomplished by allowing the high-side user to select among items that already exist on the low-side. No high-side data can be directly compromised by the extension, but a mechanism must be developed to handle the low-bandwidth covert channel that would be introduced by the application.« less

Capturing security requirements for software systems.

PubMed

El-Hadary, Hassan; El-Kassas, Sherif

2014-07-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

PubMed Central

El-Hadary, Hassan; El-Kassas, Sherif

2014-01-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

GSM-Railway as part of the European Rail Traffic Management System

NASA Astrophysics Data System (ADS)

Bibac, Ionut

2007-05-01

GSM-R is a vital component inside the ERTMS which is also an essential element of European Community rail projects; investment in equipping and the rolling stock with ERTMS could reach 5 billion eurodollars in the period 2007-2016. GSM-R is the result of over ten years of collaboration between the various European railway companies, the railway communication industry and the different standardization bodies. GSM-R provides a secure platform for voice and data communication between the operational staff of the railway companies including drivers, dispatchers, shunting team members, train engineers, and station controllers. It delivers advanced features such as group calls, voice broadcast, location based connections, and call pre-emption in case of an emergency, which significantly improves communication, collaboration, and security management across operational staff members. Taking into account the above mentioned, the paper will permit to audience to discover the GSM-R network architecture, services and applications proposed by this technology together with the future development and market situation due to the market liberalization.

A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.

PubMed

Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

2011-01-01

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

A security framework for nationwide health information exchange based on telehealth strategy.

PubMed

Zaidan, B B; Haiqi, Ahmed; Zaidan, A A; Abdulnabi, Mohamed; Kiah, M L Mat; Muzamel, Hussaen

2015-05-01

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

PubMed Central

Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

2011-01-01

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das’ protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs. PMID:22163874

Securing the communication of medical information using local biometric authentication and commercial wireless links.

PubMed

Ivanov, Vladimir I; Yu, Paul L; Baras, John S

2010-09-01

Medical information is extremely sensitive in nature - a compromise, such as eavesdropping or tampering by a malicious third party, may result in identity theft, incorrect diagnosis and treatment, and even death. Therefore, it is important to secure the transfer of medical information from the patient to the recording system. We consider a portable, wireless device transferring medical information to a remote server. We decompose this problem into two sub-problems and propose security solutions to each of them: (1) to secure the link between the patient and the portable device, and (2) to secure the link between the portable device and the network. Thus we push the limits of the network security to the edge by authenticating the user using their biometric information; authenticating the device to the network at the physical layer; and strengthening the security of the wireless link with a key exchange mechanism. The proposed authentication methods can be used for recording the readings of medical data in a central database and for accessing medical records in various settings.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

PubMed Central

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

Physical-enhanced secure strategy in an OFDM-PON.

PubMed

Zhang, Lijia; Xin, Xiangjun; Liu, Bo; Yu, Jianjun

2012-01-30

The physical layer of optical access network is vulnerable to various attacks. As the dramatic increase of users and network capacity, the issue of physical-layer security becomes more and more important. This paper proposes a physical-enhanced secure strategy for orthogonal frequency division multiplexing passive optical network (OFDM-PON) by employing frequency domain chaos scrambling. The Logistic map is adopted for the chaos mapping. The chaos scrambling strategy can dynamically allocate the scrambling matrices for different OFDM frames according to the initial condition, which enhance the confidentiality of the physical layer. A mathematical model of this secure system is derived firstly, which achieves a secure transmission at physical layer in OFDM-PON. The results from experimental implementation using Logistic mapped chaos scrambling are also given to further demonstrate the efficiency of this secure strategy. An 10.125 Gb/s 64QAM-OFDM data with Logistic mapped chaos scrambling are successfully transmitted over 25-km single mode fiber (SMF), and the experimental results show that proposed security scheme can protect the system from eavesdropper and attacker, while keep a good performance for the legal ONU.

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

Optimized ECC Implementation for Secure Communication between Heterogeneous IoT Devices.

PubMed

Marin, Leandro; Pawlowski, Marcin Piotr; Jara, Antonio

2015-08-28

The Internet of Things is integrating information systems, places, users and billions of constrained devices into one global network. This network requires secure and private means of communications. The building blocks of the Internet of Things are devices manufactured by various producers and are designed to fulfil different needs. There would be no common hardware platform that could be applied in every scenario. In such a heterogeneous environment, there is a strong need for the optimization of interoperable security. We present optimized elliptic curve Cryptography algorithms that address the security issues in the heterogeneous IoT networks. We have combined cryptographic algorithms for the NXP/Jennic 5148- and MSP430-based IoT devices and used them to created novel key negotiation protocol.

Medical Engineering and Microneurosurgery: Application and Future.

PubMed

Morita, Akio; Sora, Shigeo; Nakatomi, Hirofumi; Harada, Kanako; Sugita, Naohiko; Saito, Nobuhito; Mitsuishi, Mamoru

2016-10-15

Robotics and medical engineering can convert traditional surgery into digital and scientific procedures. Here, we describe our work to develop microsurgical robotic systems and apply engineering technology to assess microsurgical skills. With the collaboration of neurosurgeons and an engineering team, we have developed two types of microsurgical robotic systems. The first, the deep surgical systems, enable delicate surgical procedures such as vessel suturing in a deep and narrow space. The second type allows for super-fine surgical procedures such as anastomosing artificial vessels of 0.3 mm in diameter. Both systems are constructed with master and slave manipulator robots connected to local area networks. Robotic systems allowed for secure and accurate procedures in a deep surgical field. In cadaveric models, these systems showed a good potential of being useful in actual human surgeries, but mechanical refinements in thickness and durability are necessary for them to be established as clinical systems. The super-fine robotic system made the very intricate surgery possible and will be applied in clinical trials. Another trial included the digitization of surgical technique and scientific analysis of surgical skills. Robotic and human hand motions were analyzed in numerical fashion as we tried to define surgical skillfulness in a digital format. Engineered skill assessment is also feasible and should be useful for microsurgical training. Robotics and medical engineering should bring science into the surgical field and training of surgeons. Active collaboration between medical and engineering teams and academic and industry groups is mandatory to establish such medical systems to improve patient care.

Medical Engineering and Microneurosurgery: Application and Future

PubMed Central

MORITA, Akio; SORA, Shigeo; NAKATOMI, Hirofumi; HARADA, Kanako; SUGITA, Naohiko; SAITO, Nobuhito; MITSUISHI, Mamoru

2016-01-01

Robotics and medical engineering can convert traditional surgery into digital and scientific procedures. Here, we describe our work to develop microsurgical robotic systems and apply engineering technology to assess microsurgical skills. With the collaboration of neurosurgeons and an engineering team, we have developed two types of microsurgical robotic systems. The first, the deep surgical systems, enable delicate surgical procedures such as vessel suturing in a deep and narrow space. The second type allows for super-fine surgical procedures such as anastomosing artificial vessels of 0.3 mm in diameter. Both systems are constructed with master and slave manipulator robots connected to local area networks. Robotic systems allowed for secure and accurate procedures in a deep surgical field. In cadaveric models, these systems showed a good potential of being useful in actual human surgeries, but mechanical refinements in thickness and durability are necessary for them to be established as clinical systems. The super-fine robotic system made the very intricate surgery possible and will be applied in clinical trials. Another trial included the digitization of surgical technique and scientific analysis of surgical skills. Robotic and human hand motions were analyzed in numerical fashion as we tried to define surgical skillfulness in a digital format. Engineered skill assessment is also feasible and should be useful for microsurgical training. Robotics and medical engineering should bring science into the surgical field and training of surgeons. Active collaboration between medical and engineering teams and academic and industry groups is mandatory to establish such medical systems to improve patient care. PMID:27464471

A Security Strategy for Cyber Threats on Neighbor Discovery in 6Lowpan Networks

DTIC Science & Technology

2017-12-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release. Distribution is unlimited. A SECURITY...STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN NETWORKS by Cheng Hai Ang December 2017 Thesis Advisor: Preetha Thulasiraman...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE A SECURITY STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN

Modeling complexity in engineered infrastructure system: Water distribution network as an example

NASA Astrophysics Data System (ADS)

Zeng, Fang; Li, Xiang; Li, Ke

2017-02-01

The complex topology and adaptive behavior of infrastructure systems are driven by both self-organization of the demand and rigid engineering solutions. Therefore, engineering complex systems requires a method balancing holism and reductionism. To model the growth of water distribution networks, a complex network model was developed following the combination of local optimization rules and engineering considerations. The demand node generation is dynamic and follows the scaling law of urban growth. The proposed model can generate a water distribution network (WDN) similar to reported real-world WDNs on some structural properties. Comparison with different modeling approaches indicates that a realistic demand node distribution and co-evolvement of demand node and network are important for the simulation of real complex networks. The simulation results indicate that the efficiency of water distribution networks is exponentially affected by the urban growth pattern. On the contrary, the improvement of efficiency by engineering optimization is limited and relatively insignificant. The redundancy and robustness, on another aspect, can be significantly improved through engineering methods.

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive scans with an adequate framework performed on a daily basis reduce the amount of security work load as well as the timeliness in performing remediation, as verified by the NINJA framework. A vulnerability assessment/auditing architecture based on mobile agent technology is proposed and examined at the end of the article as an enhancement to the current NINJA architecture.

Network information security in a phase III Integrated Academic Information Management System (IAIMS).

PubMed

Shea, S; Sengupta, S; Crosswell, A; Clayton, P D

1992-01-01

The developing Integrated Academic Information System (IAIMS) at Columbia-Presbyterian Medical Center provides data sharing links between two separate corporate entities, namely Columbia University Medical School and The Presbyterian Hospital, using a network-based architecture. Multiple database servers with heterogeneous user authentication protocols are linked to this network. "One-stop information shopping" implies one log-on procedure per session, not separate log-on and log-off procedures for each server or application used during a session. These circumstances provide challenges at the policy and technical levels to data security at the network level and insuring smooth information access for end users of these network-based services. Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

Development of undergraduate nuclear security curriculum at College of Engineering, Universiti Tenaga Nasional

NASA Astrophysics Data System (ADS)

Hamid, Nasri A.; Mujaini, Madihah; Mohamed, Abdul Aziz

2017-01-01

The Center for Nuclear Energy (CNE), College of Engineering, Universiti Tenaga Nasional (UNITEN) has a great responsibility to undertake educational activities that promote developing human capital in the area of nuclear engineering and technology. Developing human capital in nuclear through education programs is necessary to support the implementation of nuclear power projects in Malaysia in the near future. In addition, the educational program must also meet the nuclear power industry needs and requirements. In developing a certain curriculum, the contents must comply with the university's Outcomes Based Education (OBE) philosophy. One of the important courses in the nuclear curriculum is in the area of nuclear security. Basically the nuclear security course covers the current issues of law, politics, military strategy, and technology with regard to weapons of mass destruction and related topics in international security, and review legal regulations and political relationship that determine the state of nuclear security at the moment. In addition, the course looks into all aspects of the nuclear safeguards, builds basic knowledge and understanding of nuclear non-proliferation, nuclear forensics and nuclear safeguards in general. The course also discusses tools used to combat nuclear proliferation such as treaties, institutions, multilateral arrangements and technology controls. In this paper, we elaborate the development of undergraduate nuclear security course at the College of Engineering, Universiti Tenaga Nasional. Since the course is categorized as mechanical engineering subject, it must be developed in tandem with the program educational objectives (PEO) of the Bachelor of Mechanical Engineering program. The course outcomes (CO) and transferrable skills are also identified. Furthermore, in aligning the CO with program outcomes (PO), the PO elements need to be emphasized through the CO-PO mapping. As such, all assessments and distribution of Bloom Taxonomy levels are assigned in accordance with the CO-PO mapping. Finally, the course has to fulfill the International Engineering Alliance (IEA) Graduate Attributes of the Washington Accord.

78 FR 52605 - Announcing the Twenty First Public Meeting of the Crash Injury Research and Engineering Network...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-23

... First Public Meeting of the Crash Injury Research and Engineering Network (CIREN) AGENCY: National... announces the Twenty First Public Meeting of members of the Crash Injury Research and Engineering Network... of centers, medical and engineering. Medical centers are based at Level I Trauma Centers that admit...

76 FR 46359 - Announcing the Nineteenth Public Meeting of the Crash Injury Research and Engineering Network...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-02

... Nineteenth Public Meeting of the Crash Injury Research and Engineering Network (CIREN) AGENCY: National... announces the Nineteenth Public Meeting of members of the Crash Injury Research and Engineering Network... of centers, medical and engineering. Medical centers are based at Level I Trauma Centers that admit...

77 FR 46154 - Announcing the Twentieth Public Meeting of the Crash Injury Research and Engineering Network (CIREN)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-02

... Twentieth Public Meeting of the Crash Injury Research and Engineering Network (CIREN) AGENCY: National... announces the Twentieth Public Meeting of members of the Crash Injury Research and Engineering Network... of centers, medical and engineering. Medical centers are based at Level I Trauma Centers that admit...