Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

Cyber Fighter Associate

DTIC Science & Technology

2016-01-01

accomplish a patch- management mission while securing a critical path. As a first proof of concept a simulation with a network of 10 nodes and 4...software-agility walk of the “PERFORMANCE Each Threat Managed ” tree is slightly more complex than the network -agility walk. The original design of the...CyFiA was tested to accomplish a patch- management mission while securing a critical path. As a first proof of concept a simulation with a network of 10

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

Protecting and securing networked medical devices.

PubMed

Riha, Chris

2004-01-01

Designing, building, and maintaining a secure environment for medical devices is a critical component in health care technology management. This article will address several avenues to harden a health care information network to provide a secure enclave for medical devices.

Quantum key distribution network for multiple applications

NASA Astrophysics Data System (ADS)

Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

2017-09-01

The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Research and realization of info-net security controlling system

NASA Astrophysics Data System (ADS)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

PubMed

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

Cyber Hygiene for Control System Security

DOE PAGES

Oliver, David

2015-10-08

There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Distributed network management in the flat structured mobile communities

NASA Astrophysics Data System (ADS)

Balandina, Elena

2005-10-01

Delivering proper management into the flat structured mobile communities is crucial for improving users experience and increase applications diversity in mobile networks. The available P2P applications do application-centric management, but it cannot replace network-wide management, especially when a number of different applications are used simultaneously in the network. The network-wide management is the key element required for a smooth transition from standalone P2P applications to the self-organizing mobile communities that maintain various services with quality and security guaranties. The classical centralized network management solutions are not applicable in the flat structured mobile communities due to the decentralized nature and high mobility of the underlying networks. Also the basic network management tasks have to be revised taking into account specialties of the flat structured mobile communities. The network performance management becomes more dependent on the current nodes' context, which also requires extension of the configuration management functionality. The fault management has to take into account high mobility of the network nodes. The performance and accounting managements are mainly targeted in maintain an efficient and fair access to the resources within the community, however they also allow unbalanced resource use of the nodes that explicitly permit it, e.g. as a voluntary donation to the community or due to the profession (commercial) reasons. The security management must implement the new trust models, which are based on the community feedback, professional authorization, and a mix of both. For fulfilling these and another specialties of the flat structured mobile communities, a new network management solution is demanded. The paper presents a distributed network management solution for flat structured mobile communities. Also the paper points out possible network management roles for the different parties (e.g. operators, service providing hubs/super nodes, etc.) involved in a service providing chain.

Expansion of the Center for Network Innovation and Experimentation (CENETIX) Network to a Worldwide Presence

DTIC Science & Technology

2006-09-01

data transform set contains : the security protocol (AH and/or ESP, connection mode (tunnel or transport), encryption information (DES, 3DES, AES...Management Information Base, version 2) objects are variables that contain data about the system. They are defined as part of the Simple Network...Avon Park was configured for access on the concentrator. c. Security Association (SA) • A security association contains all of the information

SecureCore Security Architecture: Authority Mode and Emergency Management

DTIC Science & Technology

2007-10-16

can shield first responders from social vultures (e.g., “ambulance chasers”) or malicious parties who could intentionally interfere with emergency...hierarchical design Communications Management: network communication Process Management...and Emergency Management 1 I. Introduction During many crises, first- responder access to sensitive, restricted emergency information is

Open source system OpenVPN in a function of Virtual Private Network

NASA Astrophysics Data System (ADS)

Skendzic, A.; Kovacic, B.

2017-05-01

Using of Virtual Private Networks (VPN) can establish high security level in network communication. VPN technology enables high security networking using distributed or public network infrastructure. VPN uses different security and managing rules inside networks. It can be set up using different communication channels like Internet or separate ISP communication infrastructure. VPN private network makes security communication channel over public network between two endpoints (computers). OpenVPN is an open source software product under GNU General Public License (GPL) that can be used to establish VPN communication between two computers inside business local network over public communication infrastructure. It uses special security protocols and 256-bit Encryption and it is capable of traversing network address translators (NATs) and firewalls. It allows computers to authenticate each other using a pre-shared secret key, certificates or username and password. This work gives review of VPN technology with a special accent on OpenVPN. This paper will also give comparison and financial benefits of using open source VPN software in business environment.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

Integrating QoS and security functions in an IP-VPN gateway

NASA Astrophysics Data System (ADS)

Fan, Kuo-Pao; Chang, Shu-Hsin; Lin, Kuan-Ming; Pen, Mau-Jy

2001-10-01

IP-based Virtual Private Network becomes more and more popular. It can not only reduce the enterprise communication cost but also increase the revenue of the service provider. The common IP-VPN application types include Intranet VPN, Extranet VPN, and remote access VPN. For the large IP-VPN market, some vendors develop dedicated IP-VPN devices; while some vendors add the VPN functions into their existing network equipment such as router, access gateway, etc. The functions in the IP-VPN device include security, QoS, and management. The common security functions supported are IPSec (IP Security), IKE (Internet Key Exchange), and Firewall. The QoS functions include bandwidth control and packet scheduling. In the management component, policy-based network management is under standardization in IETF. In this paper, we discuss issues on how to integrate the QoS and security functions in an IP-VPN Gateway. We propose three approaches to do this. They are (1) perform Qos first (2) perform IPSec first and (3) reserve fixed bandwidth for IPSec. We also compare the advantages and disadvantages of the three proposed approaches.

A Net of Friends: Investigating Friendship by Integrating Attachment Theory and Social Network Analysis.

PubMed

Gillath, Omri; Karantzas, Gery C; Selcuk, Emre

2017-11-01

The current article focuses on attachment style-an individual difference widely studied in the field of close relationships-and its application to the study of social networks. Specifically, we investigated whether attachment style predicts perception and management of social networks. In Study 1, we examined the associations of attachment style with perceptions of network tie strength and multiplexity. In Studies 2a and 2b, we investigated the association between attachment style and network management skills (initiating, maintaining, and dissolving ties) and whether network management skills mediated the associations of attachment style with network tie strength and multiplexity. In Study 3, experimentally enhancing attachment security made people more likely to initiate and less likely to dissolve social ties (for the latter, especially among those high on avoidance or anxiety). As for maintenance, security priming also increased maintenance; however, mainly among people high on attachment anxiety or low on attachment avoidance.

Security and SCADA protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Igure, V. M.; Williams, R. D.

2006-07-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

PubMed Central

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

Security and Efficiency Concerns With Distributed Collaborative Networking Environments

DTIC Science & Technology

2003-09-01

have the ability to access Web communications services of the WebEx MediaTone Network from a single login. [24] WebEx provides a range of secure...Web. WebEx services enable secure data, voice and video communications through the browser and are supported by the WebEx MediaTone Network, a global...designed to host large-scale, structured events and conferences, featuring a Q&A Manager that allows multiple moderators to handle questions while

Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

EPA Pesticide Factsheets

Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks.

PubMed

Rajeswari, S Raja; Seenivasagam, V

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated.

Comparative Study on Various Authentication Protocols in Wireless Sensor Networks

PubMed Central

Rajeswari, S. Raja; Seenivasagam, V.

2016-01-01

Wireless sensor networks (WSNs) consist of lightweight devices with low cost, low power, and short-ranged wireless communication. The sensors can communicate with each other to form a network. In WSNs, broadcast transmission is widely used along with the maximum usage of wireless networks and their applications. Hence, it has become crucial to authenticate broadcast messages. Key management is also an active research topic in WSNs. Several key management schemes have been introduced, and their benefits are not recognized in a specific WSN application. Security services are vital for ensuring the integrity, authenticity, and confidentiality of the critical information. Therefore, the authentication mechanisms are required to support these security services and to be resilient to distinct attacks. Various authentication protocols such as key management protocols, lightweight authentication protocols, and broadcast authentication protocols are compared and analyzed for all secure transmission applications. The major goal of this survey is to compare and find out the appropriate protocol for further research. Moreover, the comparisons between various authentication techniques are also illustrated. PMID:26881272

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

Physical security and IT convergence: Managing the cyber-related risks.

PubMed

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

Computer Security Products Technology Overview

DTIC Science & Technology

1988-10-01

13 3. DATABASE MANAGEMENT SYSTEMS ................................... 15 Definition...this paper addresses fall into the areas of multi-user hosts, database management systems (DBMS), workstations, networks, guards and gateways, and...provide a portion of that protection, for example, a password scheme, a file protection mechanism, a secure database management system, or even a

Network systems security analysis

NASA Astrophysics Data System (ADS)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

ERIC Educational Resources Information Center

Maar, Michael C.

2013-01-01

This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

Integrating legacy medical data sensors in a wireless network infrastucture.

PubMed

Dembeyiotis, S; Konnis, G; Koutsouris, D

2005-01-01

In the process of developing a wireless networking solution to provide effective field-deployable communications and telemetry support for rescuers during major natural disasters, we are faced with the task of interfacing the multitude of medical and other legacy data collection sensors to the network grid. In this paper, we detail a number of solutions, with particular attention given to the issue of data security. The chosen implementation allows for sensor control and management from remote network locations, while the sensors can wirelessly transmit their data to nearby network nodes securely, utilizing the latest commercially available cryptography solutions. Initial testing validates the design choices, while the network-enabled sensors are being integrated in the overall wireless network security framework.

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

Survey on Security Issues in File Management in Cloud Computing Environment

NASA Astrophysics Data System (ADS)

Gupta, Udit

2015-06-01

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

PubMed

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

PubMed Central

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-01-01

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

75 FR 14429 - Agency Information Collection Activities; Submission for Office of Management and Budget Review...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-25

... regular security audits and have been certified for operation. The CPSC observes all industry and Federal government best practices for network security. CPSC staff regularly analyzes its systems for vulnerabilities and malware, and monitor the network for real-time intrusion attempts. B. Estimated Burden The CPSC...

Identifying and tracking attacks on networks: C3I displays and related technologies

NASA Astrophysics Data System (ADS)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

Metro Optical Networks for Homeland Security

NASA Astrophysics Data System (ADS)

Bechtel, James H.

Metro optical networks provide an enticing opportunity for strengthening homeland security. Many existing and emerging fiber-optic networks can be adapted for enhanced security applications. Applications include airports, theme parks, sports venues, and border surveillance systems. Here real-time high-quality video and captured images can be collected, transported, processed, and stored for security applications. Video and data collection are important also at correctional facilities, courts, infrastructure (e.g., dams, bridges, railroads, reservoirs, power stations), and at military and other government locations. The scaling of DWDM-based networks allows vast amounts of data to be collected and transported including biometric features of individuals at security check points. Here applications will be discussed along with potential solutions and challenges. Examples of solutions to these problems are given. This includes a discussion of metropolitan aggregation platforms for voice, video, and data that are SONET compliant for use in SONET networks and the use of DWDM technology for scaling and transporting a variety of protocols. Element management software allows not only network status monitoring, but also provides optimized allocation of network resources through the use of optical switches or electrical cross connects.

Impact of Trust on Security and Performance in Tactical Networks

DTIC Science & Technology

2013-06-01

and reliability . On the other hand, in organizational theory, trust management has viewed trust as a key factor to manage relationships that flourish...environments challenges, these dynamics can hinder accurate and reliable trust evaluation of entities in the network [10], [11]. • Information Network Domain...trustworthy entities. • Social/Cognitive Network Domain: Social scientists, physiologists, and neuroscientists have studied social trust, interpersonal

The Management and Security Expert (MASE)

NASA Technical Reports Server (NTRS)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

NASA Astrophysics Data System (ADS)

Navare, Jyoti; Gemikonakli, Orhan

Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

System and Network Security Acronyms and Abbreviations

DTIC Science & Technology

2009-09-01

hazards of electromagnetic radiation to fuel HERO hazards of electromagnetic radiation to ordnance HERP hazards of electromagnetic ...ABSTRACT unclassified c. THIS PAGE unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 System and Network Security Acronyms...authentication and key management ALG application layer gateway ANSI American National Standards Institute AP access point API application

Management of the Space Physics Analysis Network (SPAN)

NASA Technical Reports Server (NTRS)

Green, James L.; Thomas, Valerie L.; Butler, Todd F.; Peters, David J.; Sisson, Patricia L.

1990-01-01

Here, the purpose is to define the operational management structure and to delineate the responsibilities of key Space Physics Analysis Network (SPAN) individuals. The management structure must take into account the large NASA and ESA science research community by giving them a major voice in the operation of the system. Appropriate NASA and ESA interfaces must be provided so that there will be adequate communications facilities available when needed. Responsibilities are delineated for the Advisory Committee, the Steering Committee, the Project Scientist, the Project Manager, the SPAN Security Manager, the Internetwork Manager, the Network Operations Manager, the Remote Site Manager, and others.

Applying a Space-Based Security Recovery Scheme for Critical Homeland Security Cyberinfrastructure Utilizing the NASA Tracking and Data Relay (TDRS) Based Space Network

NASA Technical Reports Server (NTRS)

Shaw, Harry C.; McLaughlin, Brian; Stocklin, Frank; Fortin, Andre; Israel, David; Dissanayake, Asoka; Gilliand, Denise; LaFontaine, Richard; Broomandan, Richard; Hyunh, Nancy

2015-01-01

Protection of the national infrastructure is a high priority for cybersecurity of the homeland. Critical infrastructure such as the national power grid, commercial financial networks, and communications networks have been successfully invaded and re-invaded from foreign and domestic attackers. The ability to re-establish authentication and confidentiality of the network participants via secure channels that have not been compromised would be an important countermeasure to compromise of our critical network infrastructure. This paper describes a concept of operations by which the NASA Tracking and Data Relay (TDRS) constellation of spacecraft in conjunction with the White Sands Complex (WSC) Ground Station host a security recovery system for re-establishing secure network communications in the event of a national or regional cyberattack. Users would perform security and network restoral functions via a Broadcast Satellite Service (BSS) from the TDRS constellation. The BSS enrollment only requires that each network location have a receive antenna and satellite receiver. This would be no more complex than setting up a DIRECTTV-like receiver at each network location with separate network connectivity. A GEO BSS would allow a mass re-enrollment of network nodes (up to nationwide) simultaneously depending upon downlink characteristics. This paper details the spectrum requirements, link budget, notional assets and communications requirements for the scheme. It describes the architecture of such a system and the manner in which it leverages off of the existing secure infrastructure which is already in place and managed by the NASAGSFC Space Network Project.

Industrial application for global quantum communication

NASA Astrophysics Data System (ADS)

Mirza, A.; Petruccione, F.

2012-09-01

In the last decade the quantum communication community has witnessed great advances in photonic quantum cryptography technology with the research, development and commercialization of automated Quantum Key Distribution (QKD) devices. These first generation devices are however bottlenecked by the achievable spatial coverage. This is due to the intrinsic absorption of the quantum particle into the communication medium. As QKD is of paramount importance in the future ICT landscape, various innovative solutions have been developed and tested to expand the spatial coverage of these networks such as the Quantum City initiative in Durban, South Africa. To expand this further into a global QKD-secured network, recent efforts have focussed on high-altitude free-space techniques through the use of satellites. This couples the QKD-secured Metropolitan Area Networks (MANs) with secured ground-tosatellite links as access points to a global network. Such a solution, however, has critical limitations that reduce its commercial feasibility. As parallel step to the development of satellitebased global QKD networks, we investigate the use of the commercial aircrafts' network as secure transport mechanisms in a global QKD network. This QKD-secured global network will provide a robust infrastructure to create, distribute and manage encryption keys between the MANs of the participating cities.

Secure and Time-Aware Communication of Wireless Sensors Monitoring Overhead Transmission Lines.

PubMed

Mazur, Katarzyna; Wydra, Michal; Ksiezopolski, Bogdan

2017-07-11

Existing transmission power grids suffer from high maintenance costs and scalability issues along with a lack of effective and secure system monitoring. To address these problems, we propose to use Wireless Sensor Networks (WSNs) as a technology to achieve energy efficient, reliable, and low-cost remote monitoring of transmission grids. With WSNs, smart grid enables both utilities and customers to monitor, predict and manage energy usage effectively and react to possible power grid disturbances in a timely manner. However, the increased application of WSNs also introduces new security challenges, especially related to privacy, connectivity, and security management, repeatedly causing unpredicted expenditures. Monitoring the status of the power system, a large amount of sensors generates massive amount of sensitive data. In order to build an effective Wireless Sensor Network (WSN) for a smart grid, we focus on designing a methodology of efficient and secure delivery of the data measured on transmission lines. We perform a set of simulations, in which we examine different routing algorithms, security mechanisms and WSN deployments in order to select the parameters that will not affect the delivery time but fulfill their role and ensure security at the same time. Furthermore, we analyze the optimal placement of direct wireless links, aiming at minimizing time delays, balancing network performance and decreasing deployment costs.

Secure and Time-Aware Communication of Wireless Sensors Monitoring Overhead Transmission Lines

PubMed Central

Mazur, Katarzyna; Wydra, Michal; Ksiezopolski, Bogdan

2017-01-01

Existing transmission power grids suffer from high maintenance costs and scalability issues along with a lack of effective and secure system monitoring. To address these problems, we propose to use Wireless Sensor Networks (WSNs)as a technology to achieve energy efficient, reliable, and low-cost remote monitoring of transmission grids. With WSNs, smart grid enables both utilities and customers to monitor, predict and manage energy usage effectively and react to possible power grid disturbances in a timely manner. However, the increased application of WSNs also introduces new security challenges, especially related to privacy, connectivity, and security management, repeatedly causing unpredicted expenditures. Monitoring the status of the power system, a large amount of sensors generates massive amount of sensitive data. In order to build an effective Wireless Sensor Networks (WSNs) for a smart grid, we focus on designing a methodology of efficient and secure delivery of the data measured on transmission lines. We perform a set of simulations, in which we examine different routing algorithms, security mechanisms and WSN deployments in order to select the parameters that will not affect the delivery time but fulfill their role and ensure security at the same time. Furthermore, we analyze the optimal placement of direct wireless links, aiming at minimizing time delays, balancing network performance and decreasing deployment costs. PMID:28696390

Motion/imagery secure cloud enterprise architecture analysis

NASA Astrophysics Data System (ADS)

DeLay, John L.

2012-06-01

Cloud computing with storage virtualization and new service-oriented architectures brings a new perspective to the aspect of a distributed motion imagery and persistent surveillance enterprise. Our existing research is focused mainly on content management, distributed analytics, WAN distributed cloud networking performance issues of cloud based technologies. The potential of leveraging cloud based technologies for hosting motion imagery, imagery and analytics workflows for DOD and security applications is relatively unexplored. This paper will examine technologies for managing, storing, processing and disseminating motion imagery and imagery within a distributed network environment. Finally, we propose areas for future research in the area of distributed cloud content management enterprises.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Redefining Security. A Report by the Joint Security Commission

DTIC Science & Technology

1994-02-28

security policies. This report offers recommendations on developing new strategies for achieving security within our infor-mation systems, including...better, and we outline methods of improving government and industry personnel security poli- cies. We offer recommendations on developing new strategies ... strategies , sufficient funding, and management attention if our comput- ers and networks are to protect the confidentiality, integrity, and availability of

High-end Home Firewalls CIAC-2326

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W

Networking in most large organizations is protected with corporate firewalls and managed by seasoned security professionals. Attempts to break into systems at these organizations are extremely difficult to impossible for an external intruder. With the growth in networking and the options that it makes possible, new avenues of intrusion are opening up. Corporate machines exist that are completely unprotected against intrusions, that are not managed by a security professional, and that are regularly connected to the company network. People have the option of and are encouraged to work at home using a home computer linked to the company network. Managersmore » have home computers linked to internal machines so they can keep an eye on internal processes while not physically at work. Researchers do research or writing at home and connect to the company network to download information and upload results. In most cases, these home computers are completely unprotected, except for any protection that the home user might have installed. Unfortunately, most home users are not security professionals and home computers are often used by other family members, such as children downloading music, who are completely unconcerned about security precautions. When these computers are connected to the company network, they can easily introduce viruses, worms, and other malicious code or open a channel behind the company firewall for an external intruder.« less

Security management based on trust determination in cognitive radio networks

NASA Astrophysics Data System (ADS)

Li, Jianwu; Feng, Zebing; Wei, Zhiqing; Feng, Zhiyong; Zhang, Ping

2014-12-01

Security has played a major role in cognitive radio networks. Numerous researches have mainly focused on attacking detection based on source localization and detection probability. However, few of them took the penalty of attackers into consideration and neglected how to implement effective punitive measures against attackers. To address this issue, this article proposes a novel penalty mechanism based on cognitive trust value. The main feature of this mechanism has been realized by six functions: authentication, interactive, configuration, trust value collection, storage and update, and punishment. Data fusion center (FC) and cluster heads (CHs) have been put forward as a hierarchical architecture to manage trust value of cognitive users. Misbehaving users would be punished by FC by declining their trust value; thus, guaranteeing network security via distinguishing attack users is of great necessity. Simulation results verify the rationality and effectiveness of our proposed mechanism.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Data security and patient confidentiality: the manager's role.

PubMed

Fisher, F; Madge, B

1996-10-01

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as the National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links between general practitioners (GPs) and hospitals will allow the rapid transmission of data which if intercepted could be potentially embarrassing to the patient concerned. In 1994 the British Medical Association launched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data across electronic networks. The manager's role within an acute hospital, community units and general practice, is to ensure that all employees are aware of the principles of data protection, security of hospital computer systems and that no obvious breaches of security can occur at publicly accessible terminals. Managers must be kept up to date with the latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically possible. Managers must also take responsibility for the monitoring of access to terminals and be prepared to deal severely with staff who breach the code of confidentiality. Each manager must be kept informed of employees status with regard to their 'need to know' clearance level and also to promote confidentiality of patient details throughout the hospital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security and patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practice, the partners are responsible and accountable. The British Medical Association believes as a matter of policy, that allowing access to personal health data without the patients consent, except in a legally allowable situation, should be a statutory offence.

Transition Plan For the Technology Demonstration of the Joint Network Defence and Management System (JNDMS)

DTIC Science & Technology

2009-11-01

Technology Demonstration of the Joint Network Defence and Management System (JNDMS) Brett Trask; Novembre 2009. Dès le départ, nous avons mis au point le... 13 5.1 System Specification... 13 5.1.1 Scope ............................................................................................................. 13 5.2 Security

[Research and implementation of the TLS network transport security technology based on DICOM standard].

PubMed

Lu, Xiaoqi; Wang, Lei; Zhao, Jianfeng

2012-02-01

With the development of medical information, Picture Archiving and Communications System (PACS), Hospital Information System/Radiology Information System(HIS/RIS) and other medical information management system become popular and developed, and interoperability between these systems becomes more frequent. So, these enclosed systems will be open and regionalized by means of network, and this is inevitable. If the trend becomes true, the security of information transmission may be the first problem to be solved. Based on the need for network security, we investigated the Digital Imaging and Communications in Medicine (DICOM) Standard and Transport Layer Security (TLS) Protocol, and implemented the TLS transmission of the DICOM medical information with OpenSSL toolkit and DCMTK toolkit.

Network Security Is Manageable

ERIC Educational Resources Information Center

Roberts, Gary

2006-01-01

An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

Emergent Network Defense

ERIC Educational Resources Information Center

Crane, Earl Newell

2013-01-01

The research problem that inspired this effort is the challenge of managing the security of systems in large-scale heterogeneous networked environments. Human intervention is slow and limited: humans operate at much slower speeds than networked computer communications and there are few humans associated with each network. Enabling each node in the…

Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

ERIC Educational Resources Information Center

Shim, Woohyun

2010-01-01

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

Intelligent community management system based on the devicenet fieldbus

NASA Astrophysics Data System (ADS)

Wang, Yulan; Wang, Jianxiong; Liu, Jiwen

2013-03-01

With the rapid development of the national economy and the improvement of people's living standards, people are making higher demands on the living environment. And the estate management content, management efficiency and service quality have been higher required. This paper in-depth analyzes about the intelligent community of the structure and composition. According to the users' requirements and related specifications, it achieves the district management systems, which includes Basic Information Management: the management level of housing, household information management, administrator-level management, password management, etc. Service Management: standard property costs, property charges collecting, the history of arrears and other property expenses. Security Management: household gas, water, electricity and security and other security management, security management district and other public places. Systems Management: backup database, restore database, log management. This article also carries out on the Intelligent Community System analysis, proposes an architecture which is based on B / S technology system. And it has achieved a global network device management with friendly, easy to use, unified human - machine interface.

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

NASA Astrophysics Data System (ADS)

Bui, Francis Minhthang; Hatzinakos, Dimitrios

2007-12-01

As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Experience of wireless local area network in a radiation oncology department.

PubMed

Mandal, Abhijit; Asthana, Anupam Kumar; Aggarwal, Lalit Mohan

2010-01-01

The aim of this work is to develop a wireless local area network (LAN) between different types of users (Radiation Oncologists, Radiological Physicists, Radiation Technologists, etc) for efficient patient data management and to made easy the availability of information (chair side) to improve the quality of patient care in Radiation Oncology department. We have used mobile workstations (Laptops) and stationary workstations, all equipped with wireless-fidelity (Wi-Fi) access. Wireless standard 802.11g (as recommended by Institute of Electrical and Electronic Engineers (IEEE, Piscataway, NJ) has been used. The wireless networking was configured with the Service Set Identifier (SSID), Media Access Control (MAC) address filtering, and Wired Equivalent Privacy (WEP) network securities. We are successfully using this wireless network in sharing the indigenously developed patient information management software. The proper selection of the hardware and the software combined with a secure wireless LAN setup will lead to a more efficient and productive radiation oncology department.

Enabling SDN in VANETs: What is the Impact on Security?

PubMed Central

Di Maio, Antonio; Palattella, Maria Rita; Soua, Ridha; Lamorte, Luca; Vilajosana, Xavier; Alonso-Zarate, Jesus; Engel, Thomas

2016-01-01

The demand for safe and secure journeys over roads and highways has been growing at a tremendous pace over recent decades. At the same time, the smart city paradigm has emerged to improve citizens’ quality of life by developing the smart mobility concept. Vehicular Ad hoc NETworks (VANETs) are widely recognized to be instrumental in realizing such concept, by enabling appealing safety and infotainment services. Such networks come with their own set of challenges, which range from managing high node mobility to securing data and user privacy. The Software Defined Networking (SDN) paradigm has been identified as a suitable solution for dealing with the dynamic network environment, the increased number of connected devices, and the heterogeneity of applications. While some preliminary investigations have been already conducted to check the applicability of the SDN paradigm to VANETs, and its presumed benefits for managing resources and mobility, it is still unclear what impact SDN will have on security and privacy. Security is a relevant issue in VANETs, because of the impact that threats can have on drivers’ behavior and quality of life. This paper opens a discussion on the security threats that future SDN-enabled VANETs will have to face, and investigates how SDN could be beneficial in building new countermeasures. The analysis is conducted in real use cases (smart parking, smart grid of electric vehicles, platooning, and emergency services), which are expected to be among the vehicular applications that will most benefit from introducing an SDN architecture. PMID:27929443

Enabling SDN in VANETs: What is the Impact on Security?

PubMed

Di Maio, Antonio; Palattella, Maria Rita; Soua, Ridha; Lamorte, Luca; Vilajosana, Xavier; Alonso-Zarate, Jesus; Engel, Thomas

2016-12-06

The demand for safe and secure journeys over roads and highways has been growing at a tremendous pace over recent decades. At the same time, the smart city paradigm has emerged to improve citizens' quality of life by developing the smart mobility concept. Vehicular Ad hoc NETworks (VANETs) are widely recognized to be instrumental in realizing such concept, by enabling appealing safety and infotainment services. Such networks come with their own set of challenges, which range from managing high node mobility to securing data and user privacy. The Software Defined Networking (SDN) paradigm has been identified as a suitable solution for dealing with the dynamic network environment, the increased number of connected devices, and the heterogeneity of applications. While some preliminary investigations have been already conducted to check the applicability of the SDN paradigm to VANETs, and its presumed benefits for managing resources and mobility, it is still unclear what impact SDN will have on security and privacy. Security is a relevant issue in VANETs, because of the impact that threats can have on drivers' behavior and quality of life. This paper opens a discussion on the security threats that future SDN-enabled VANETs will have to face, and investigates how SDN could be beneficial in building new countermeasures. The analysis is conducted in real use cases (smart parking, smart grid of electric vehicles, platooning, and emergency services), which are expected to be among the vehicular applications that will most benefit from introducing an SDN architecture.

COmmunications and Networking with QUantum operationally Secure Technology for Maritime Deployment (CONQUEST)

DTIC Science & Technology

2016-12-02

Quantum Computing , University of Waterloo, Waterloo ON, N2L 3G1, Canada (Dated: December 1, 2016) Continuous variable (CV) quantum key distribution (QKD...Networking with QUantum operationally-Secure Technology for Maritime Deployment (CONQUEST) Contract Period of Performance: 2 September 2016 – 1 September...this letter or have any other questions. Sincerely, Raytheon BBN Technologies Kathryn Carson Program Manager Quantum Information Processing

A Decade of Experience: Which Network Structures Maximize Fire Service Capacity for Homeland Security Incidents in Metropolitan Regions?

DTIC Science & Technology

2011-12-01

Pennsylvania Emergency Management Agency QHSR Quadrennial Homeland Security Review Report RCP Regional Catastrophic Preparedness SAA State...service has evolved from a single-purpose service focused on controlling fires to a multidimensional response element responsible for pre- hospital ... hospital preparedness program Preparedness Training for all personnel; training and network activities during prior year assist in preparedness

A security scheme of SMS system

NASA Astrophysics Data System (ADS)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

PubMed

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

DTIC Science & Technology

2007-01-15

it can detect specifically proscribed content changes to critical files (e.g., illegal shells inserted into /etc/ passwd ). Fourth, it can detect the...UNIX password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access patterns seen at the storage...content integrity verification is utilized. As a concrete example, consider a UNIX system password file (/etc/ passwd ), which consists of a set of well

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Enterprise systems security management: a framework for breakthrough protection

NASA Astrophysics Data System (ADS)

Farroha, Bassam S.; Farroha, Deborah L.

2010-04-01

Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

78 FR 9951 - Excepted Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-12

...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...

An Efficient Identity-Based Key Management Scheme for Wireless Sensor Networks Using the Bloom Filter

PubMed Central

Qin, Zhongyuan; Zhang, Xinshuai; Feng, Kerong; Zhang, Qunfang; Huang, Jie

2014-01-01

With the rapid development and widespread adoption of wireless sensor networks (WSNs), security has become an increasingly prominent problem. How to establish a session key in node communication is a challenging task for WSNs. Considering the limitations in WSNs, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identity-based key management (IBKM) scheme, which exploits the Bloom filter to authenticate the communication sensor node with storage efficiency. The security analysis shows that IBKM can prevent several attacks effectively with acceptable computation and communication overhead. PMID:25264955

A comprehensive Network Security Risk Model for process control networks.

PubMed

Henry, Matthew H; Haimes, Yacov Y

2009-02-01

The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

A Hybrid Key Management Scheme for WSNs Based on PPBR and a Tree-Based Path Key Establishment Method

PubMed Central

Zhang, Ying; Liang, Jixing; Zheng, Bingxin; Chen, Wei

2016-01-01

With the development of wireless sensor networks (WSNs), in most application scenarios traditional WSNs with static sink nodes will be gradually replaced by Mobile Sinks (MSs), and the corresponding application requires a secure communication environment. Current key management researches pay less attention to the security of sensor networks with MS. This paper proposes a hybrid key management schemes based on a Polynomial Pool-based key pre-distribution and Basic Random key pre-distribution (PPBR) to be used in WSNs with MS. The scheme takes full advantages of these two kinds of methods to improve the cracking difficulty of the key system. The storage effectiveness and the network resilience can be significantly enhanced as well. The tree-based path key establishment method is introduced to effectively solve the problem of communication link connectivity. Simulation clearly shows that the proposed scheme performs better in terms of network resilience, connectivity and storage effectiveness compared to other widely used schemes. PMID:27070624

XNDM: An Experimental Network Data Manager.

DTIC Science & Technology

1981-06-01

return this copy. Retain or destroy. t t , UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE fWln Dtet Entred) READ INSTRUCTIONSREPORT DOCUMENTATION...MONITORING AGENCY NAME & AODRESS(IE’ different Irom Controlling Office) 15 SECURITY CLASS, (I this report) UNCLASSIFIED Same Is DECLASSIFICATION...DD JAN% 1473 EDITION OF I NOV 65 IS OBSOLETE UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGE ("hen Date Entered) -: o . <. UNCLASSIFIED SECURITY

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Utilizing Social Networks in Times of Crisis: Understanding, Exploring and Analyzing Critical Incident Management at Institutions of Higher Education

ERIC Educational Resources Information Center

Asselin, Martha Jo

2012-01-01

With the rising number of major crises on college campuses today (Security on Campus Inc., 2009), institutions of higher education can benefit from understanding of how social networks may be used in times of emergency. What is currently known about the usage of social networks is not integral to the current practices of crisis management that are…

Wireless networks of opportunity in support of secure field operations

NASA Astrophysics Data System (ADS)

Stehle, Roy H.; Lewis, Mark

1997-02-01

Under funding from the Defense Advanced Research Projects Agency (DARPA) for joint military and law enforcement technologies, demonstrations of secure information transfer in support of law enforcement and military operations other than war, using wireless and wired technology, were held in September 1996 at several locations in the United States. In this paper, the network architecture, protocols, and equipment supporting the demonstration's scenarios are presented, together with initial results, including lessons learned and desired system enhancements. Wireless networks of opportunity encompassed in-building (wireless-LAN), campus-wide (Metricom Inc.), metropolitan (AMPS cellular, CDPD), and national (one- and two-way satellite) systems. Evolving DARPA-sponsored packet radio technology was incorporated. All data was encrypted, using multilevel information system security initiative (MISSI)FORTEZZA technology, for carriage over unsecured and unclassified commercial networks. The identification and authentication process inherent in the security system permitted logging for database accesses and provided an audit trail useful in evidence gathering. Wireless and wireline communications support, to and between modeled crisis management centers, was demonstrated. Mechanisms for the guarded transport of data through the secret-high military tactical Internet were included, to support joint law enforcement and crisis management missions. A secure World Wide Web (WWW) browser forms the primary, user-friendly interface for information retrieval and submission. The WWW pages were structured to be sensitive to the bandwidth, error rate, and cost of the communications medium in use (e.g., the use of and resolution for graphical data). Both still and motion compressed video were demonstrated, along with secure voice transmission from laptop computers in the field. Issues of network bandwidth, airtime costs, and deployment status are discussed.

Analysis of Cisco Open Network Environment (ONE) OpenFlow Controller Implementation

DTIC Science & Technology

2014-08-01

Software - Defined Networking ( SDN ), when fully realized, offer many improvements over the current rigid and...functionalities like handshake, connection setup, switch management, and security. 15. SUBJECT TERMS OpenFlow, software - defined networking , Cisco ONE, SDN ...innovating packet-forwarding technologies. Network device roles are strictly defined with little or no flexibility. In Software - Defined Networks ( SDNs ),

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks.

PubMed

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-03-24

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure.

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks

PubMed Central

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-01-01

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure. PMID:28338632

A systems approach to risk reduction of transportation infrastructure networks subject to multiple hazards : final report, December 31, 2008.

DOT National Transportation Integrated Search

2008-12-31

Integrity, robustness, reliability, and resiliency of infrastructure networks are vital to the economy, : security and well-being of any country. Faced with threats caused by natural and man-made hazards, : transportation infrastructure network manag...

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Federated Security: The Shibboleth Approach

ERIC Educational Resources Information Center

Morgan, R. L.; Cantor, Scott; Carmody, Steven; Hoehn, Walter; Klingenstein, Ken

2004-01-01

The Fifth Annual Educause Current Issues Survey ranked "security and identity management" near the top of the list of critical IT challenges on campus today. Recognition of the crucial importance of securing networked resources led Internet2 to establish its Middleware Initiative (I2MI) in 1999. While Internet2 was founded to develop and deploy…

The Battle to Secure Our Public Access Computers

ERIC Educational Resources Information Center

Sendze, Monique

2006-01-01

Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

78 FR 33136 - Self-Regulatory Organizations; BATS Y-Exchange, Inc.; Order Granting Approval to Proposed Rule...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-03

... that, due to technical limitations in order management systems and routing networks, such member... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-69643; File Nos. SR-BYX-2013-008] Self... the Securities and Exchange Commission (``Commission'') pursuant to Section 19(b)(1) of the Securities...

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

Traffic Driven Analysis of Cellular and WiFi Networks

ERIC Educational Resources Information Center

Paul, Utpal Kumar

2012-01-01

Since the days Internet traffic proliferated, measurement, monitoring and analysis of network traffic have been critical to not only the basic understanding of large networks, but also to seek improvements in resource management, traffic engineering and security. At the current times traffic in wireless local and wide area networks are facing…

NASA Automatic Information Security Handbook

NASA Technical Reports Server (NTRS)

1993-01-01

This handbook details the Automated Information Security (AIS) management process for NASA. Automated information system security is becoming an increasingly important issue for all NASA managers and with rapid advancements in computer and network technologies and the demanding nature of space exploration and space research have made NASA increasingly dependent on automated systems to store, process, and transmit vast amounts of mission support information, hence the need for AIS systems and management. This handbook provides the consistent policies, procedures, and guidance to assure that an aggressive and effective AIS programs is developed, implemented, and sustained at all NASA organizations and NASA support contractors.

In acceptance we trust? Conceptualising acceptance as a viable approach to NGO security management.

PubMed

Fast, Larissa A; Freeman, C Faith; O'Neill, Michael; Rowley, Elizabeth

2013-04-01

This paper documents current understanding of acceptance as a security management approach and explores issues and challenges non-governmental organisations (NGOs) confront when implementing an acceptance approach to security management. It argues that the failure of organisations to systematise and clearly articulate acceptance as a distinct security management approach and a lack of organisational policies and procedures concerning acceptance hinder its efficacy as a security management approach. The paper identifies key and cross-cutting components of acceptance that are critical to its effective implementation in order to advance a comprehensive and systematic concept of acceptance. The key components of acceptance illustrate how organisational and staff functions affect positively or negatively an organisation's acceptance, and include: an organisation's principles and mission, communications, negotiation, programming, relationships and networks, stakeholder and context analysis, staffing, and image. The paper contends that acceptance is linked not only to good programming, but also to overall organisational management and structures. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

Secure SCADA communication by using a modified key management scheme.

PubMed

Rezai, Abdalhossein; Keshavarzi, Parviz; Moravej, Zahra

2013-07-01

This paper presents and evaluates a new cryptographic key management scheme which increases the efficiency and security of the Supervisory Control And Data Acquisition (SCADA) communication. In the proposed key management scheme, two key update phases are used: session key update and master key update. In the session key update phase, session keys are generated in the master station. In the master key update phase, the Elliptic Curve Diffie-Hellman (ECDH) protocol is used. The Poisson process is also used to model the Security Index (SI) and Quality of Service (QoS). Our analysis shows that the proposed key management not only supports the required speed in the MODBUS implementation but also has several advantages compared to other key management schemes for secure communication in SCADA networks. Copyright © 2013 ISA. Published by Elsevier Ltd. All rights reserved.

76 FR 35062 - Apparel America, Inc. (n/k/a HSK Industries, Inc.), Decora Industries, Inc., Diversicon Holdings...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-15

... Transportation Network Group, Inc., and Premier Wealth Management, Inc. (a/k/a Premiere Wealth Management, Inc... lack of current and accurate information concerning the securities of Integrated Transportation Network Group, Inc. because it has not filed any periodic reports since the period ended September 30, 1999. It...

System security in the space flight operations center

NASA Technical Reports Server (NTRS)

Wagner, David A.

1988-01-01

The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

Network information security in a phase III Integrated Academic Information Management System (IAIMS).

PubMed

Shea, S; Sengupta, S; Crosswell, A; Clayton, P D

1992-01-01

The developing Integrated Academic Information System (IAIMS) at Columbia-Presbyterian Medical Center provides data sharing links between two separate corporate entities, namely Columbia University Medical School and The Presbyterian Hospital, using a network-based architecture. Multiple database servers with heterogeneous user authentication protocols are linked to this network. "One-stop information shopping" implies one log-on procedure per session, not separate log-on and log-off procedures for each server or application used during a session. These circumstances provide challenges at the policy and technical levels to data security at the network level and insuring smooth information access for end users of these network-based services. Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.

1997-11-01

This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSImore » addressed some of these issues to create a more manageable public key infrastructure.« less

Corporate Perspective: An Interview with John Sculley.

ERIC Educational Resources Information Center

Temares, M. Lewis

1989-01-01

John Sculley, the chairman of the board of Apple Computer, Inc., discusses information technology management, management strategies, network management, the Chief Information Officer, strategic planning, back-to-the-future planning, business and university joint ventures, and security issues. (MLW)

BARI+: A Biometric Based Distributed Key Management Approach for Wireless Body Area Networks

PubMed Central

Muhammad, Khaliq-ur-Rahman Raazi Syed; Lee, Heejo; Lee, Sungyoung; Lee, Young-Koo

2010-01-01

Wireless body area networks (WBAN) consist of resource constrained sensing devices just like other wireless sensor networks (WSN). However, they differ from WSN in topology, scale and security requirements. Due to these differences, key management schemes designed for WSN are inefficient and unnecessarily complex when applied to WBAN. Considering the key management issue, WBAN are also different from WPAN because WBAN can use random biometric measurements as keys. We highlight the differences between WSN and WBAN and propose an efficient key management scheme, which makes use of biometrics and is specifically designed for WBAN domain. PMID:22319333

Key management schemes using routing information frames in secure wireless sensor networks

NASA Astrophysics Data System (ADS)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The article considers the problems and objectives of key management for data encryption in wireless sensor networks (WSN) of SCADA systems. The structure of the key information in the ZigBee network and methods of keys obtaining are discussed. The use of a hybrid key management schemes is most suitable for WSN. The session symmetric key is used to encrypt the sensor data, asymmetric keys are used to encrypt the session key transmitted from the routing information. Three algorithms of hybrid key management using routing information frames determined by routing methods and the WSN topology are presented.

BARI+: a biometric based distributed key management approach for wireless body area networks.

PubMed

Muhammad, Khaliq-ur-Rahman Raazi Syed; Lee, Heejo; Lee, Sungyoung; Lee, Young-Koo

2010-01-01

Wireless body area networks (WBAN) consist of resource constrained sensing devices just like other wireless sensor networks (WSN). However, they differ from WSN in topology, scale and security requirements. Due to these differences, key management schemes designed for WSN are inefficient and unnecessarily complex when applied to WBAN. Considering the key management issue, WBAN are also different from WPAN because WBAN can use random biometric measurements as keys. We highlight the differences between WSN and WBAN and propose an efficient key management scheme, which makes use of biometrics and is specifically designed for WBAN domain.

Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

DOE PAGES

Vollmer, Todd; Manic, Milos; Linda, Ondrej

2013-06-01

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfiguremore » in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.« less

Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks

NASA Astrophysics Data System (ADS)

Naranjo, J. A. M.; López-Ramos, J. A.; Casado, L. G.

Key distribution for multimedia live streaming peer-to-peer overlay networks is a field still in its childhood stage. A scheme designed for networks of this kind must seek security and efficiency while keeping in mind the following restrictions: limited bandwidth, continuous playing, great audience size and clients churn. This paper introduces two novel schemes that allow a trade-off between security and efficiency by allowing to dynamically vary the number of levels used in the key hierarchy. These changes are motivated by great variations in audience size, and initiated by decision of the Key Server. Additionally, a comparative study of both is presented, focusing on security and audience size. Results show that larger key hierarchies can supply bigger audiences, but offer less security against statistical attacks. The opposite happens for shorter key hierarchies.

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

Lightweight and confidential data discovery and dissemination for wireless body area networks.

PubMed

He, Daojing; Chan, Sammy; Zhang, Yan; Yang, Haomiao

2014-03-01

As a special sensor network, a wireless body area network (WBAN) provides an economical solution to real-time monitoring and reporting of patients' physiological data. After a WBAN is deployed, it is sometimes necessary to disseminate data into the network through wireless links to adjust configuration parameters of body sensors or distribute management commands and queries to sensors. A number of such protocols have been proposed recently, but they all focus on how to ensure reliability and overlook security vulnerabilities. Taking into account the unique features and application requirements of a WBAN, this paper presents the design, implementation, and evaluation of a secure, lightweight, confidential, and denial-of-service-resistant data discovery and dissemination protocol for WBANs to ensure the data items disseminated are not altered or tampered. Based on multiple one-way key hash chains, our protocol provides instantaneous authentication and can tolerate node compromise. Besides the theoretical analysis that demonstrates the security and performance of the proposed protocol, this paper also reports the experimental evaluation of our protocol in a network of resource-limited sensor nodes, which shows its efficiency in practice. In particular, extensive security analysis shows that our protocol is provably secure.

An Artificial Neural Network-Based Decision-Support System for Integrated Network Security

DTIC Science & Technology

2014-09-01

group that they need to know in order to make team-based decisions in real-time environments, (c) Employ secure cloud computing services to host mobile...THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force...out-of-the-loop syndrome and create complexity creep. As a result, full automation efforts can lead to inappropriate decision-making despite a

Managing Documents in the Wider Area: Intelligent Document Management.

ERIC Educational Resources Information Center

Bittleston, Richard

1995-01-01

Discusses techniques for managing documents in wide area networks, reviews technique limitations, and offers recommendations to database designers. Presented techniques include: increasing bandwidth, reducing data traffic, synchronizing documentation, partial synchronization, audit trials, navigation, and distribution control and security. Two…

Applications of Multi-Channel Safety Authentication Protocols in Wireless Networks.

PubMed

Chen, Young-Long; Liau, Ren-Hau; Chang, Liang-Yu

2016-01-01

People can use their web browser or mobile devices to access web services and applications which are built into these servers. Users have to input their identity and password to login the server. The identity and password may be appropriated by hackers when the network environment is not safe. The multiple secure authentication protocol can improve the security of the network environment. Mobile devices can be used to pass the authentication messages through Wi-Fi or 3G networks to serve as a second communication channel. The content of the message number is not considered in a multiple secure authentication protocol. The more excessive transmission of messages would be easier to collect and decode by hackers. In this paper, we propose two schemes which allow the server to validate the user and reduce the number of messages using the XOR operation. Our schemes can improve the security of the authentication protocol. The experimental results show that our proposed authentication protocols are more secure and effective. In regard to applications of second authentication communication channels for a smart access control system, identity identification and E-wallet, our proposed authentication protocols can ensure the safety of person and property, and achieve more effective security management mechanisms.

IPv6 Security

NASA Astrophysics Data System (ADS)

Babik, M.; Chudoba, J.; Dewhurst, A.; Finnern, T.; Froy, T.; Grigoras, C.; Hafeez, K.; Hoeft, B.; Idiculla, T.; Kelsey, D. P.; López Muñoz, F.; Martelli, E.; Nandakumar, R.; Ohrenberg, K.; Prelz, F.; Rand, D.; Sciabà, A.; Tigerstedt, U.; Traynor, D.; Wartel, R.

2017-10-01

IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.

3VSR: Three Valued Secure Routing for Vehicular Ad Hoc Networks using Sensing Logic in Adversarial Environment

PubMed Central

Wang, Liangmin

2018-01-01

Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular networks, which are considered to be challenging due to its high speed and network dynamics. The goal of future vehicular networks is to improve road safety, promote commercial or infotainment products and to reduce the traffic accidents. All these applications are based on the information exchange among nodes, so not only reliable data delivery but also the authenticity and credibility of the data itself are prerequisite. To cope with the aforementioned problem, trust management come up as promising candidate to conduct node’s transaction and interaction management, which requires distributed mobile nodes cooperation for achieving design goals. In this paper, we propose a trust-based routing protocol i.e., 3VSR (Three Valued Secure Routing), which extends the widely used AODV (Ad hoc On-demand Distance Vector) routing protocol and employs the idea of Sensing Logic-based trust model to enhance the security solution of VANET (Vehicular Ad-Hoc Network). The existing routing protocol are mostly based on key or signature-based schemes, which off course increases computation overhead. In our proposed 3VSR, trust among entities is updated frequently by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior uncertainty of the said event. Also by using trust recommendation message exchange, nodes are able to reduce computation and routing overhead. The simulated results shows that the proposed scheme is secure and practical. PMID:29538314

3VSR: Three Valued Secure Routing for Vehicular Ad Hoc Networks using Sensing Logic in Adversarial Environment.

PubMed

Sohail, Muhammad; Wang, Liangmin

2018-03-14

Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular networks, which are considered to be challenging due to its high speed and network dynamics. The goal of future vehicular networks is to improve road safety, promote commercial or infotainment products and to reduce the traffic accidents. All these applications are based on the information exchange among nodes, so not only reliable data delivery but also the authenticity and credibility of the data itself are prerequisite. To cope with the aforementioned problem, trust management come up as promising candidate to conduct node's transaction and interaction management, which requires distributed mobile nodes cooperation for achieving design goals. In this paper, we propose a trust-based routing protocol i.e., 3VSR (Three Valued Secure Routing), which extends the widely used AODV (Ad hoc On-demand Distance Vector) routing protocol and employs the idea of Sensing Logic-based trust model to enhance the security solution of VANET (Vehicular Ad-Hoc Network). The existing routing protocol are mostly based on key or signature-based schemes, which off course increases computation overhead. In our proposed 3VSR, trust among entities is updated frequently by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior uncertainty of the said event. Also by using trust recommendation message exchange, nodes are able to reduce computation and routing overhead. The simulated results shows that the proposed scheme is secure and practical.

Secure authentication protocol for Internet applications over CATV network

NASA Astrophysics Data System (ADS)

Chin, Le-Pond

1998-02-01

An authentication protocol is proposed in this paper to implement secure functions which include two way authentication and key management between end users and head-end. The protocol can protect transmission from frauds, attacks such as reply and wiretap. Location privacy is also achieved. A rest protocol is designed to restore the system once when systems fail. The security is verified by taking several security and privacy requirements into consideration.

Secure electronic commerce communication system based on CA

NASA Astrophysics Data System (ADS)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

Analysis Of Using Firewall And Single Honeypot In Training Attack On Wireless Network

NASA Astrophysics Data System (ADS)

Mohd. Diansyah, Tengku.; Faisal, Ilham; Perdana, Adidtya; Octaviani Sembiring, Boni; Hidayati Sinaga, Tantri

2017-12-01

Security issues become one of the important aspects of a network, especially a network security on the server. These problems underlie the need to build a system that can detect threats from parties who do not have access rights (hackers) that are by building a security system honeypot. A Honeypot is a diversion of intruders' attention, in order for intruders to think that it has managed to break down and retrieve data from a network, when in fact the data is not important and the location is isolated. A way to trap or deny unauthorized use of effort in an information system. One type of honeypot is honeyd. Honeyd is a low interaction honeypot that has a smaller risk compared to high interaction types because the interaction with the honeypot does not directly involve the real system. The purpose of the implementation of honeypot and firewall, firewall is used on Mikrotik. Can be used as an administrative tool to view reports of Honeyd generated activity and administrators can also view reports that are stored in the logs in order to assist in determining network security policies.

A hybrid method for protection against threats to a network infrastructure for an electronic warfare management system

NASA Astrophysics Data System (ADS)

Byłak, Michał; RóŻański, Grzegorz

2017-04-01

The article presents the concept of ensuring the security of network information infrastructure for the management of Electronic Warfare (EW) systems. The concept takes into account the reactive and proactive tools against threats. An overview of the methods used to support the safety of IT networks and information sources about threats is presented. Integration of mechanisms that allow for effective intrusion detection and rapid response to threats in a network has been proposed. The architecture of the research environment is also presented.

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2013 CFR

2013-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2011 CFR

2011-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2014 CFR

2014-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

15 CFR Supplement No. 5 to Part 742 - Encryption Registration

Code of Federal Regulations, 2012 CFR

2012-01-01

... registration, i.e., the information as described in this Supplement, submitted as a support documentation... (h) Smartcards or other identity management (i) Computer or network forensics (j) Software (i) Operating systems (ii) Applications (k) Toolkits/ASICs/components (l) Information security including secure...

Trust Management and Accountability for Internet Security

ERIC Educational Resources Information Center

Liu, Wayne W.

2011-01-01

Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

Development and implementation of a PACS network and resource manager

NASA Astrophysics Data System (ADS)

Stewart, Brent K.; Taira, Ricky K.; Dwyer, Samuel J., III; Huang, H. K.

1992-07-01

Clinical acceptance of PACS is predicated upon maximum uptime. Upon component failure, detection, diagnosis, reconfiguration and repair must occur immediately. Our current PACS network is large, heterogeneous, complex and wide-spread geographically. The overwhelming number of network devices, computers and software processes involved in a departmental or inter-institutional PACS makes development of tools for network and resource management critical. The authors have developed and implemented a comprehensive solution (PACS Network-Resource Manager) using the OSI Network Management Framework with network element agents that respond to queries and commands for network management stations. Managed resources include: communication protocol layers for Ethernet, FDDI and UltraNet; network devices; computer and operating system resources; and application, database and network services. The Network-Resource Manager is currently being used for warning, fault, security violation and configuration modification event notification. Analysis, automation and control applications have been added so that PACS resources can be dynamically reconfigured and so that users are notified when active involvement is required. Custom data and error logging have been implemented that allow statistics for each PACS subsystem to be charted for performance data. The Network-Resource Manager allows our departmental PACS system to be monitored continuously and thoroughly, with a minimal amount of personal involvement and time.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

PubMed

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

Lincoln Laboratory Journal. Volume 22, Number 1, 2016

DTIC Science & Technology

2016-06-09

needs cyber ranges and other infrastructure to conduct scal- able, repeatable, scientific, realistic and inexpensive testing, training, and mission...support this mission, infrastructure is being upgraded to make it more efficient and secure. In “Secur- ing the U.S. Transportation Command,” Jeff...using the Electronic Key Management System (EKMS) or over a digital network by using the Key Manage- ment Infrastructure (KMI). The units must then

Bluetooth-based wireless sensor networks

NASA Astrophysics Data System (ADS)

You, Ke; Liu, Rui Qiang

2007-11-01

In this work a Bluetooth-based wireless sensor network is proposed. In this bluetooth-based wireless sensor networks, information-driven star topology and energy-saved mode are used, through which a blue master node can control more than seven slave node, the energy of each sensor node is reduced and secure management of each sensor node is improved.

System Requirement Analyses for Ubiquitous Environment Management System

NASA Astrophysics Data System (ADS)

Lim, Sang Boem; Gil, Kyung Jun; Choe, Ho Rim; Eo, Yang Dam

We are living in new stage of society. U-City introduces new paradigm that cannot be archived in traditional city to future city. Korea is one of the most active countries to construct U-City based on advances of IT technologies - especially based on high-speed network through out country [1]. Peoples are realizing ubiquitous service is key factor of success of U-City. Among the U-services, U-security service is one of the most important services. Nowadays we have to concern about traditional threat and also personal information. Since apartment complex is the most common residence type in Korea. We are developing security rules and system based on analyses of apartment complex and assert of apartment complex. Based on these analyses, we are developing apartment complex security using various technologies including home network system. We also will discuss basic home network security architecture.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

PubMed

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroaki; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

PubMed Central

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic. PMID:26580963

An object-based storage model for distributed remote sensing images

NASA Astrophysics Data System (ADS)

Yu, Zhanwu; Li, Zhongmin; Zheng, Sheng

2006-10-01

It is very difficult to design an integrated storage solution for distributed remote sensing images to offer high performance network storage services and secure data sharing across platforms using current network storage models such as direct attached storage, network attached storage and storage area network. Object-based storage, as new generation network storage technology emerged recently, separates the data path, the control path and the management path, which solves the bottleneck problem of metadata existed in traditional storage models, and has the characteristics of parallel data access, data sharing across platforms, intelligence of storage devices and security of data access. We use the object-based storage in the storage management of remote sensing images to construct an object-based storage model for distributed remote sensing images. In the storage model, remote sensing images are organized as remote sensing objects stored in the object-based storage devices. According to the storage model, we present the architecture of a distributed remote sensing images application system based on object-based storage, and give some test results about the write performance comparison of traditional network storage model and object-based storage model.

48 CFR 1804.470-4 - Contract clause.

Code of Federal Regulations, 2010 CFR

2010-10-01

... clause. (a) Insert the clause at 1852.204-76, Security Requirements for Unclassified Information...— (1) Have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or... Security Manager before granting any waivers to paragraph (b) of the clause; and (2) The Center Chief of...

Health information security: a case study of three selected medical centers in iran.

PubMed

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-03-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

Health Information Security: A Case Study of Three Selected Medical Centers in Iran

PubMed Central

Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

2013-01-01

Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

Network-Centric Quantum Communications

NASA Astrophysics Data System (ADS)

Hughes, Richard

2014-03-01

Single-photon quantum communications (QC) offers ``future-proof'' cryptographic security rooted in the laws of physics. Today's quantum-secured communications cannot be compromised by unanticipated future technological advances. But to date, QC has only existed in point-to-point instantiations that have limited ability to address the cyber security challenges of our increasingly networked world. In my talk I will describe a fundamentally new paradigm of network-centric quantum communications (NQC) that leverages the network to bring scalable, QC-based security to user groups that may have no direct user-to-user QC connectivity. With QC links only between each of N users and a trusted network node, NQC brings quantum security to N2 user pairs, and to multi-user groups. I will describe a novel integrated photonics quantum smartcard (``QKarD'') and its operation in a multi-node NQC test bed. The QKarDs are used to implement the quantum cryptographic protocols of quantum identification, quantum key distribution and quantum secret splitting. I will explain how these cryptographic primitives are used to provide key management for encryption, authentication, and non-repudiation for user-to-user communications. My talk will conclude with a description of a recent demonstration that QC can meet both the security and quality-of-service (latency) requirements for electric grid control commands and data. These requirements cannot be met simultaneously with present-day cryptography.

Can SNMP be Used to Create a Silent SS in an 802.16 Implementation

DTIC Science & Technology

2008-09-01

wireless transmissions by using the Simple Network Management Protocol (SNMP). SNMP is a networking protocol that can be used by network ...802.16 as a unique networking technology. In a more familiar wireless networking environment like Wi-Fi, there is no central scheduler for access to...much a concern due to the scheduling algorithm , this power saving method provides good transmission security as a

Cyber Infrastructure Protection

DTIC Science & Technology

2011-05-01

274 TOWARD A SOLUTION THAT WORKS Building on our long history of involvement in assuring all types of communications networks, Tel- cordia has...wireless, and security areas. He currently has responsibility for a new Tel- cordia software product in IP network management, and has led all product

Modeling, Simulation and Analysis of Public Key Infrastructure

NASA Technical Reports Server (NTRS)

Liu, Yuan-Kwei; Tuey, Richard; Ma, Paul (Technical Monitor)

1998-01-01

Security is an essential part of network communication. The advances in cryptography have provided solutions to many of the network security requirements. Public Key Infrastructure (PKI) is the foundation of the cryptography applications. The main objective of this research is to design a model to simulate a reliable, scalable, manageable, and high-performance public key infrastructure. We build a model to simulate the NASA public key infrastructure by using SimProcess and MatLab Software. The simulation is from top level all the way down to the computation needed for encryption, decryption, digital signature, and secure web server. The application of secure web server could be utilized in wireless communications. The results of the simulation are analyzed and confirmed by using queueing theory.

Dynamic Trust Management for Delay Tolerant Networks and Its Application to Secure Routing

DTIC Science & Technology

2012-09-28

population of misbehaving nodes or evolving hostility or social relations such that an application (e.g., secure routing) built on top of trust...optimization in DTNs in response to dynamically changing conditions such as increasing population of misbehaving nodes. The design part addresses the...The rest of the paper is organized as follows. In Section 2, we survey existing trust management protocols and approaches to deal with misbehaved

Data management issues in mobile ad hoc networks

PubMed Central

HARA, Takahiro

2017-01-01

Research on mobile ad hoc networks (MANETs) has become a hot research topic since the middle 1990’s. Over the first decade, most research focused on networking techniques, ignoring data management issues. We, however, realized early the importance of data management in MANETs, and have been conducting studies in this area for 15 years. In this review, we summarize some key technical issues related to data management in MANETs, and the studies we have done in addressing these issues, which include placement of data replicas, update management, and query processing with security management. The techniques proposed in our studies have been designed with deep considerations of MANET features including network partitioning, node participation/disappearance, limited network bandwidth, and energy efficiency. Our studies published in early 2000’s have developed a new research field as data management in MANETs. Also, our recent studies are expected to be significant guidelines of new research directions. We conclude the review by discussing some future directions for research. PMID:28496052

Data management issues in mobile ad hoc networks.

PubMed

Hara, Takahiro

2017-01-01

Research on mobile ad hoc networks (MANETs) has become a hot research topic since the middle 1990's. Over the first decade, most research focused on networking techniques, ignoring data management issues. We, however, realized early the importance of data management in MANETs, and have been conducting studies in this area for 15 years. In this review, we summarize some key technical issues related to data management in MANETs, and the studies we have done in addressing these issues, which include placement of data replicas, update management, and query processing with security management. The techniques proposed in our studies have been designed with deep considerations of MANET features including network partitioning, node participation/disappearance, limited network bandwidth, and energy efficiency. Our studies published in early 2000's have developed a new research field as data management in MANETs. Also, our recent studies are expected to be significant guidelines of new research directions. We conclude the review by discussing some future directions for research.

Considering IIOT and security for the DoD

NASA Astrophysics Data System (ADS)

Klawon, Kevin; Gold, Josh; Bachman, Kristen; Landoll, Darren

2016-05-01

The Internet of Things (IoT) has come of age and domestic and industrial devices are all "smart". But how can they be universally classified and queried? How do we know that the underlying architecture is secure enough to deploy on a defense network? By leverage existing platforms designed for interoperability, extensibility, and security that can manage data across multiple domains and runs on any platform.

Coalition Network Defence Common Operational Picture

DTIC Science & Technology

2010-11-01

27000 .org/ iso -27005.htm [26] ISO 8601:2004, Data elements and interchange formats - Information interchange - Representation of dates and times, http://ww.iso.org, http://en.wikipedia.org/wiki/ISO_8601 ...Regular_expression [25] ISO /IEC 27005:2008, Information technology -- Security techniques -- Information security risk management, http://ww.iso.org,; http://www

Making Schools Safe: The Role of the Modern Business Officer.

ERIC Educational Resources Information Center

Stephens, Ronald D.

1990-01-01

School business officials are held responsible for school safety. After conducting a school security audit, the following strategies are recommended: establishing a local school security task force; forming a comprehensive crisis management plan; establishing a school communication network; and providing school staff with inservice training on…

Low-power cryptographic coprocessor for autonomous wireless sensor networks

NASA Astrophysics Data System (ADS)

Olszyna, Jakub; Winiecki, Wiesław

2013-10-01

The concept of autonomous wireless sensor networks involves energy harvesting, as well as effective management of system resources. Public-key cryptography (PKC) offers the advantage of elegant key agreement schemes with which a secret key can be securely established over unsecure channels. In addition to solving the key management problem, the other major application of PKC is digital signatures, with which non-repudiation of messages exchanges can be achieved. The motivation for studying low-power and area efficient modular arithmetic algorithms comes from enabling public-key security for low-power devices that can perform under constrained environment like autonomous wireless sensor networks. This paper presents a cryptographic coprocessor tailored to the autonomous wireless sensor networks constraints. Such hardware circuit is aimed to support the implementation of different public-key cryptosystems based on modular arithmetic in GF(p) and GF(2m). Key components of the coprocessor are described as GEZEL models and can be easily transformed to VHDL and implemented in hardware.

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System.more » Selected papers were processed separately for inclusion in the Energy Science and Technology Database.« less

Securing electronic mail: The risks and future of electronic mail

NASA Astrophysics Data System (ADS)

Weeber, S. A.

1993-03-01

The network explosion of the past decade has significantly affected how many of us conduct our day to day work. We increasingly rely on network services such as electronic mail, file transfer, and network newsgroups to collect and distribute information. Unfortunately, few of the network services in use today were designed with the security issues of large heterogeneous networks in mind. In particular, electronic mail, although heavily relied upon, is notoriously insecure. Messages can be forged, snooped, and even altered by users with only a moderate level of system proficiency. The level of trust that can be assigned at present to these services needs to be carefully considered. In the past few years, standards and tools have begun to appear addressing the security concerns of electronic mail. Principal among these are RFC's 1421, 1422, 1423, and 1424, which propose Internet standards in the areas of message encipherment, key management, and algorithms for privacy enhanced mail (PEM). Additionally, three PEM systems, offering varying levels of compliance with the PEM RFC's, have also recently emerged: PGP, RIPEM, and TIS/PEM. This paper addresses the motivations and requirements for more secure electronic mail, and evaluates the suitability of the currently available PEM systems.

Location-Aware Dynamic Session-Key Management for Grid-Based Wireless Sensor Networks

PubMed Central

Chen, Chin-Ling; Lin, I-Hsien

2010-01-01

Security is a critical issue for sensor networks used in hostile environments. When wireless sensor nodes in a wireless sensor network are distributed in an insecure hostile environment, the sensor nodes must be protected: a secret key must be used to protect the nodes transmitting messages. If the nodes are not protected and become compromised, many types of attacks against the network may result. Such is the case with existing schemes, which are vulnerable to attacks because they mostly provide a hop-by-hop paradigm, which is insufficient to defend against known attacks. We propose a location-aware dynamic session-key management protocol for grid-based wireless sensor networks. The proposed protocol improves the security of a secret key. The proposed scheme also includes a key that is dynamically updated. This dynamic update can lower the probability of the key being guessed correctly. Thus currently known attacks can be defended. By utilizing the local information, the proposed scheme can also limit the flooding region in order to reduce the energy that is consumed in discovering routing paths. PMID:22163606

Location-aware dynamic session-key management for grid-based Wireless Sensor Networks.

PubMed

Chen, Chin-Ling; Lin, I-Hsien

2010-01-01

Security is a critical issue for sensor networks used in hostile environments. When wireless sensor nodes in a wireless sensor network are distributed in an insecure hostile environment, the sensor nodes must be protected: a secret key must be used to protect the nodes transmitting messages. If the nodes are not protected and become compromised, many types of attacks against the network may result. Such is the case with existing schemes, which are vulnerable to attacks because they mostly provide a hop-by-hop paradigm, which is insufficient to defend against known attacks. We propose a location-aware dynamic session-key management protocol for grid-based wireless sensor networks. The proposed protocol improves the security of a secret key. The proposed scheme also includes a key that is dynamically updated. This dynamic update can lower the probability of the key being guessed correctly. Thus currently known attacks can be defended. By utilizing the local information, the proposed scheme can also limit the flooding region in order to reduce the energy that is consumed in discovering routing paths.

A resilient and secure software platform and architecture for distributed spacecraft

NASA Astrophysics Data System (ADS)

Otte, William R.; Dubey, Abhishek; Karsai, Gabor

2014-06-01

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Dynamic Key Management Schemes for Secure Group Access Control Using Hierarchical Clustering in Mobile Ad Hoc Networks

NASA Astrophysics Data System (ADS)

Tsaur, Woei-Jiunn; Pai, Haw-Tyng

2008-11-01

The applications of group computing and communication motivate the requirement to provide group access control in mobile ad hoc networks (MANETs). The operation in MANETs' groups performs a decentralized manner and accommodated membership dynamically. Moreover, due to lack of centralized control, MANETs' groups are inherently insecure and vulnerable to attacks from both within and outside the groups. Such features make access control more challenging in MANETs. Recently, several researchers have proposed group access control mechanisms in MANETs based on a variety of threshold signatures. However, these mechanisms cannot actually satisfy MANETs' dynamic environments. This is because the threshold-based mechanisms cannot be achieved when the number of members is not up to the threshold value. Hence, by combining the efficient elliptic curve cryptosystem, self-certified public key cryptosystem and secure filter technique, we construct dynamic key management schemes based on hierarchical clustering for securing group access control in MANETs. Specifically, the proposed schemes can constantly accomplish secure group access control only by renewing the secure filters of few cluster heads, when a cluster head joins or leaves a cross-cluster. In such a new way, we can find that the proposed group access control scheme can be very effective for securing practical applications in MANETs.

Systematic Assessment of the Impact of User Roles on Network Flow Patterns

DTIC Science & Technology

2017-09-01

Protocol SNMP Simple Network Management Protocol SQL Structured Query Language SSH Secure Shell SYN TCP Sync Flag SVDD Support Vector Data Description SVM...and evaluating users based on roles provide the best approach for defining normal digital behaviors? People are individuals, with different interests...activities on the network. We evaluate the assumption that users sharing similar roles exhibit similar network behaviors, and contrast the level of similarity

Complexity, Robustness, and Multistability in Network Systems with Switching Topologies: A Hierarchical Hybrid Control Approach

DTIC Science & Technology

2015-05-22

sensor networks for managing power levels of wireless networks ; air and ground transportation systems for air traffic control and payload transport and... network systems, large-scale systems, adaptive control, discontinuous systems 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF...cover a broad spectrum of ap- plications including cooperative control of unmanned air vehicles, autonomous underwater vehicles, distributed sensor

The Naval Postgraduate School SECURE ARCHIVAL STORAGE SYSTEM. Part II. Segment and Process Management Implementation.

DTIC Science & Technology

1981-03-01

Research Instructor of Computer Scienr-. Reviewed by: Released by: WILLIAM M. TOLLES Department puter Science Dean of Research 4c t SECURITY...Lyle A. Cox, Roger R. Schell, and Sonja L. Perdue 9. PERFORMING ORGANIZATION NAME ANO ADDRESS 10. PROGRAM ELEMENT. PROJECT. TASK AREA A WORK UNIT... Computer Networks, Operating Systems, Computer Security 20. AftUrCT (Cnthm, w v re eae old* It n..*p and idm 0 F W blk ..m.m.o’) ",A_;he security

76 FR 5973 - Privacy Act of 1974; Notice; Publication of the Systems of Records Managed by the Commodity...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-02

...: Paper records are stored in file folders, binders, computer files (eLaw) and computer disks. Electronic records, including computer files, are stored on the Commission's network and other electronic media as... physical security measures. Technical security measures within CFTC include restrictions on computer access...

77 FR 13294 - Announcing Approval of Federal Information Processing Standard (FIPS) Publication 180-4, Secure...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-06

... hash algorithms in many computer network applications. On February 11, 2011, NIST published a notice in... Information Security Management Act (FISMA) of 2002 (Pub. L. 107-347), the Secretary of Commerce is authorized to approve Federal Information Processing Standards (FIPS). NIST activities to develop computer...

78 FR 27261 - Self-Regulatory Organizations; New York Stock Exchange LLC; NYSE MKT LLC; Order Granting Approval...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-09

... management systems and routing networks, such member organizations may not be able to fully segregate Retail... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-69513; File Nos. SR-NYSE-2013-08; SR-NYSEMKT... with NYSE, the ``Exchanges'') each filed with the Securities and Exchange Commission (``Commission...

Vulnerability survival analysis: a novel approach to vulnerability management

NASA Astrophysics Data System (ADS)

Farris, Katheryn A.; Sullivan, John; Cybenko, George

2017-05-01

Computer security vulnerabilities span across large, enterprise networks and have to be mitigated by security engineers on a routine basis. Presently, security engineers will assess their "risk posture" through quantifying the number of vulnerabilities with a high Common Vulnerability Severity Score (CVSS). Yet, little to no attention is given to the length of time by which vulnerabilities persist and survive on the network. In this paper, we review a novel approach to quantifying the length of time a vulnerability persists on the network, its time-to-death, and predictors of lower vulnerability survival rates. Our contribution is unique in that we apply the cox proportional hazards regression model to real data from an operational IT environment. This paper provides a mathematical overview of the theory behind survival analysis methods, a description of our vulnerability data, and an interpretation of the results.

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

Facilities | Transportation Research | NREL

Science.gov Websites

detailed chemical characterization, performance property measurements, and stability research. Photo of Technology Evaluation Center This off-network data center provides secure management, storage, and processing

Threats and countermeasures for network security

NASA Technical Reports Server (NTRS)

Denning, Peter J.

1991-01-01

In the late 1980's, the traditional threat of anonymous break-ins to networked computers was joined by viruses and worms, multiplicative surrogates that carry out the bidding of their authors. Technologies for authentication and secrecy, supplemented by good management practices, are the principal countermeasures. Four articles on these subjects are presented.

VMSoar: a cognitive agent for network security

NASA Astrophysics Data System (ADS)

Benjamin, David P.; Shankar-Iyer, Ranjita; Perumal, Archana

2005-03-01

VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration"s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar"s learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.

Quantum Secure Group Communication.

PubMed

Li, Zheng-Hong; Zubairy, M Suhail; Al-Amri, M

2018-03-01

We propose a quantum secure group communication protocol for the purpose of sharing the same message among multiple authorized users. Our protocol can remove the need for key management that is needed for the quantum network built on quantum key distribution. Comparing with the secure quantum network based on BB84, we show our protocol is more efficient and securer. Particularly, in the security analysis, we introduce a new way of attack, i.e., the counterfactual quantum attack, which can steal information by "invisible" photons. This invisible photon can reveal a single-photon detector in the photon path without triggering the detector. Moreover, the photon can identify phase operations applied to itself, thereby stealing information. To defeat this counterfactual quantum attack, we propose a quantum multi-user authorization system. It allows us to precisely control the communication time so that the attack can not be completed in time.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

Practical recommendations for strengthening national and regional laboratory networks in Africa in the Global Health Security era.

PubMed

Best, Michele; Sakande, Jean

2016-01-01

The role of national health laboratories in support of public health response has expanded beyond laboratory testing to include a number of other core functions such as emergency response, training and outreach, communications, laboratory-based surveillance and data management. These functions can only be accomplished by an efficient and resilient national laboratory network that includes public health, reference, clinical and other laboratories. It is a primary responsibility of the national health laboratory in the Ministry of Health to develop and maintain the national laboratory network in the country. In this article, we present practical recommendations based on 17 years of network development experience for the development of effective national laboratory networks. These recommendations and examples of current laboratory networks, are provided to facilitate laboratory network development in other states. The development of resilient, integrated laboratory networks will enhance each state's public health system and is critical to the development of a robust national laboratory response network to meet global health security threats.

Practical recommendations for strengthening national and regional laboratory networks in Africa in the Global Health Security era

PubMed Central

2016-01-01

The role of national health laboratories in support of public health response has expanded beyond laboratory testing to include a number of other core functions such as emergency response, training and outreach, communications, laboratory-based surveillance and data management. These functions can only be accomplished by an efficient and resilient national laboratory network that includes public health, reference, clinical and other laboratories. It is a primary responsibility of the national health laboratory in the Ministry of Health to develop and maintain the national laboratory network in the country. In this article, we present practical recommendations based on 17 years of network development experience for the development of effective national laboratory networks. These recommendations and examples of current laboratory networks, are provided to facilitate laboratory network development in other states. The development of resilient, integrated laboratory networks will enhance each state’s public health system and is critical to the development of a robust national laboratory response network to meet global health security threats. PMID:28879137

A Collection of Technical Studies Completed for the Computer-Aided Acquisition and Logistic Support (CALS) Program Fiscal Year 1988. Volume 1. Text, Security and Data Management

DTIC Science & Technology

1991-03-01

management methodologies claim to be "expert systems" with security intelligence built into them to I derive a body of both facts and speculative data ... Data Administration considerations . III -21 IV. ARTIFICIAL INTELLIGENCE . .. .. .. . .. IV - 1 A. Description of Technologies . . . . . .. IV - 1 1...as intelligent gateways, wide area networks, and distributed databases for the distribution of logistics products. The integrity of CALS data and the

State of the Practice of Intrusion Detection Technologies

DTIC Science & Technology

2000-01-01

security incident response teams ) - the role of IDS in threat management, such as defining alarm severity, monitoring, alerting, and policy-based...attacks in an effort to sneak under the radar of security specialists and intrusion detection software, a U.S. Navy network security team said today...to get the smoking gun," said Stephen Northcutt, head of the Shadow intrusion detection team at the Naval Surface Warfare Center. "To know what’s

Management, Security, and Congressional Oversight. Federal Government Information Technology.

ERIC Educational Resources Information Center

Congress of the U.S., Washington, DC. Office of Technology Assessment.

This report considers the management, use, and congressional oversight of information technology in the Federal Government as rapid advances in technology--e.g., microcomputers, computer networking, computer modeling, videoconferencing, and electronic information exchange--are generating many new applications, opportunities, and issues which are…

A Game Theory Based Solution for Security Challenges in CRNs

NASA Astrophysics Data System (ADS)

Poonam; Nagpal, Chander Kumar

2018-03-01

Cognitive radio networks (CRNs) are being envisioned to drive the next generation Ad hoc wireless networks due to their ability to provide communications resilience in continuously changing environments through the use of dynamic spectrum access. Conventionally CRNs are dependent upon the information gathered by other secondary users to ensure the accuracy of spectrum sensing making them vulnerable to security attacks leading to the need of security mechanisms like cryptography and trust. However, a typical cryptography based solution is not a viable security solution for CRNs owing to their limited resources. Effectiveness of trust based approaches has always been, in question, due to credibility of secondary trust resources. Game theory with its ability to optimize in an environment of conflicting interests can be quite a suitable tool to manage an ad hoc network in the presence of autonomous selfish/malevolent/malicious and attacker nodes. The literature contains several theoretical proposals for augmenting game theory in the ad hoc networks without explicit/detailed implementation. This paper implements a game theory based solution in MATLAB-2015 to secure the CRN environment and compares the obtained results with the traditional approaches of trust and cryptography. The simulation result indicates that as the time progresses the game theory performs much better with higher throughput, lower jitter and better identification of selfish/malicious nodes.

A secure cluster-based multipath routing protocol for WMSNs.

PubMed

Almalkawi, Islam T; Zapata, Manel Guerrero; Al-Karaki, Jamal N

2011-01-01

The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

A Secure Cluster-Based Multipath Routing Protocol for WMSNs

PubMed Central

Almalkawi, Islam T.; Zapata, Manel Guerrero; Al-Karaki, Jamal N.

2011-01-01

The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption. PMID:22163854

Secure, Mobile, Wireless Network Technology Designed, Developed, and Demonstrated

NASA Technical Reports Server (NTRS)

Ivancic, William D.; Paulsen, Phillip E.

2004-01-01

The inability to seamlessly disseminate data securely over a high-integrity, wireless broadband network has been identified as a primary technical barrier to providing an order-of-magnitude increase in aviation capacity and safety. Secure, autonomous communications to and from aircraft will enable advanced, automated, data-intensive air traffic management concepts, increase National Air Space (NAS) capacity, and potentially reduce the overall cost of air travel operations. For the first time ever, secure, mobile, network technology was designed, developed, and demonstrated with state-ofthe- art protocols and applications by a diverse, cooperative Government-industry team led by the NASA Glenn Research Center. This revolutionary technology solution will make fundamentally new airplane system capabilities possible by enabling secure, seamless network connections from platforms in motion (e.g., cars, ships, aircraft, and satellites) to existing terrestrial systems without the need for manual reconfiguration. Called Mobile Router, the new technology autonomously connects and configures networks as they traverse from one operating theater to another. The Mobile Router demonstration aboard the Neah Bay, a U.S. Coast Guard vessel stationed in Cleveland, Ohio, accomplished secure, seamless interoperability of mobile network systems across multiple domains without manual system reconfiguration. The Neah Bay was chosen because of its low cost and communications mission similarity to low-Earth-orbiting satellite platforms. This technology was successfully advanced from technology readiness level (TRL) 2 (concept and/or application formation) to TRL 6 (system model or prototype demonstration in a relevant environment). The secure, seamless interoperability offered by the Mobile Router and encryption device will enable several new, vehicle-specific and systemwide technologies to perform such things as remote, autonomous aircraft performance monitoring and early detection and mitigation of potential equipment malfunctions. As an additional benefit, team advancements were incorporated into open standards, ensuring technology transfer. Low-cost, commercial products incorporating the new technology are already available. Furthermore, these products are fully interoperable with legacy network technology equipment currently being used throughout the world.

Architecture of security management unit for safe hosting of multiple agents

NASA Astrophysics Data System (ADS)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

The Perceptions of U.S.-Based IT Security Professionals about the Effectiveness of IT Security Frameworks: A Quantitative Study

ERIC Educational Resources Information Center

Warfield, Douglas L.

2011-01-01

The evolution of information technology has included new methodologies that use information technology to control and manage various industries and government activities. Information Technology has also evolved as its own industry with global networks of interconnectivity, such as the Internet, and frameworks, models, and methodologies to control…

A Helping Hand in the Frederick Community—Ross Smith | Poster

Cancer.gov

By day, Ross Smith is the compliance and security officer for Data Management Services, Inc., assigned to the National Cancer Institute (NCI) at Frederick. His role is to ensure the secure operation of in-house computer systems, servers, and network connections. But in his spare time, Smith is also a volunteer firefighter and emergency medical technician (EMT).

78 FR 13915 - Self-Regulatory Organizations; BATS Y-Exchange, Inc.; Notice of Filing of Proposed Rule Change...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-01

....'' The Exchange further understands that limitations in order management systems and routing networks... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-68975; File No. SR-BYX-2013-008] Self..., 2013. Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (the ``Act''),\\1\\ and Rule...

Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

DTIC Science & Technology

2010-09-23

Chris, ―An Analysis of Breaches Affecting 500 or More Individuals in Healthcare‖, HITRUST, August 2010. 2. ―2009 Annual Study: Cost of a Data Breach ,‖ Ponemon...penalties for willful neglect • Loss of human life? — While many concerns focus on a data breach , some vulnerabilities can be more severe

GLOBECOM '89 - IEEE Global Telecommunications Conference and Exhibition, Dallas, TX, Nov. 27-30, 1989, Conference Record. Volumes 1, 2, & 3

NASA Astrophysics Data System (ADS)

The present conference discusses topics in multiwavelength network technology and its applications, advanced digital radio systems in their propagation environment, mobile radio communications, switching programmability, advancements in computer communications, integrated-network management and security, HDTV and image processing in communications, basic exchange communications radio advancements in digital switching, intelligent network evolution, speech coding for telecommunications, and multiple access communications. Also discussed are network designs for quality assurance, recent progress in coherent optical systems, digital radio applications, advanced communications technologies for mobile users, communication software for switching systems, AI and expert systems in network management, intelligent multiplexing nodes, video and image coding, network protocols and performance, system methods in quality and reliability, the design and simulation of lightwave systems, local radio networks, mobile satellite communications systems, fiber networks restoration, packet video networks, human interfaces for future networks, and lightwave networking.

Security in the Cache and Forward Architecture for the Next Generation Internet

NASA Astrophysics Data System (ADS)

Hadjichristofi, G. C.; Hadjicostis, C. N.; Raychaudhuri, D.

The future Internet architecture will be comprised predominately of wireless devices. It is evident at this stage that the TCP/IP protocol that was developed decades ago will not properly support the required network functionalities since contemporary communication profiles tend to be data-driven rather than host-based. To address this paradigm shift in data propagation, a next generation architecture has been proposed, the Cache and Forward (CNF) architecture. This research investigates security aspects of this new Internet architecture. More specifically, we discuss content privacy, secure routing, key management and trust management. We identify security weaknesses of this architecture that need to be addressed and we derive security requirements that should guide future research directions. Aspects of the research can be adopted as a step-stone as we build the future Internet.

Methodology for Designing Operational Banking Risks Monitoring System

NASA Astrophysics Data System (ADS)

Kostjunina, T. N.

2018-05-01

The research looks at principles of designing an information system for monitoring operational banking risks. A proposed design methodology enables one to automate processes of collecting data on information security incidents in the banking network, serving as the basis for an integrated approach to the creation of an operational risk management system. The system can operate remotely ensuring tracking and forecasting of various operational events in the bank network. A structure of a content management system is described.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

PubMed

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick; Won, Dongho

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN's identity, password and session key. In this paper, we analyze Alizadeh et al.'s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key.

Test Design Document for the Technology Demonstration of the Joint Network Defence and Management System (JNDMS) Project

DTIC Science & Technology

2006-10-25

at this site: Timestamp IP Address Description Severity 2003 Sep 03 14:52:28 150.24.11.1 Security-Trojan- Sub7 18 2003 Sep 03 14:52:33...150.24.11.2 Security-Trojan- Sub7 18 2003 Sep 03 14:52:38 150.24.11.3 Security-Trojan- Sub7 18 4. The Security Analyst clicks on one of the lines in this...table: Severity Parameter Name Value Descriptive Details Location 3 HMCS Iroquois Type of Incident 2 Security-Trojan- Sub7 Asset Type 1 Workstation

eHealth in Belgium, a new "secure" federal network: role of patients, health professions and social security services.

PubMed

France, Francis Roger

2011-02-01

eHealth platform is the official federal network in Belgium (created by law on 21 August 2008) devoted to a secure exchange of health data in many types of applications, such as health care purposes, simplification of administrative procedures and contribution to health policy. It implies a controlled access to decentralized databases and uses encrypted personal data. The national identification number has been chosen in order to authenticate the requester, the patient, and the receiver of information exchange. Authorizations have to be respected in order to obtain personal health data. Several questions are raised about its security: the lack of mandatory request for systematic journaling on accesses to the electronic patient record as well as the absence of explicit procedures for sanctions in case of unauthorized access, the new role of social security administration in managing security where a eHealth manager can be both judge and party (in the function of trusted third party for health data encryption and of a required lawyer for texts proposed by physicians to the Commission for the protection of private life). Another critic concerns the number of physicians in minority and the absence of patients' delegates in the eHealth Board. At a time when the patient is becoming a partner in the care team, should not he be the gate-keeper for the access to his own health record? How could networks help him to get the appropriate knowledge to contribute to care and to write his testament of life? Recent laws (on private life, patient rights and euthanasia) have contributed to a behavioural change in citizens and physician attitudes. Recommendations are made in order to improve the acceptability of eHealth platform. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.

The study on network security based on software engineering

NASA Astrophysics Data System (ADS)

Jia, Shande; Ao, Qian

2012-04-01

Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

Software For Monitoring A Computer Network

NASA Technical Reports Server (NTRS)

Lee, Young H.

1992-01-01

SNMAT is rule-based expert-system computer program designed to assist personnel in monitoring status of computer network and identifying defective computers, workstations, and other components of network. Also assists in training network operators. Network for SNMAT located at Space Flight Operations Center (SFOC) at NASA's Jet Propulsion Laboratory. Intended to serve as data-reduction system providing windows, menus, and graphs, enabling users to focus on relevant information. SNMAT expected to be adaptable to other computer networks; for example in management of repair, maintenance, and security, or in administration of planning systems, billing systems, or archives.

A Survey on Trust Management for Mobile Ad Hoc Networks

DTIC Science & Technology

2011-11-01

expects, trust is dangerous implying the possible betrayal of trust. In his comments on Lagerspetz’s book titled Trust: The Tacit Demand, Lahno [24...AODV Zouridaki et al. (2005 ) [79] (2006) [80] Secure routing Direct observation [79][80] Reputation by secondhand information [80] Packet dropping...areas of signal processing, wireless communications, sensor and mobile ad hoc networks. He is co-editor of the book Wireless Sensor Networks: Signal

CHIPS. Volume 29, Issue 1, January - March 2011

DTIC Science & Technology

2011-03-01

services, like electricity, heating or cable television. Bank/Finance Fraud: • They may create counterfeit checks using their victim’s name or...consolidating disparate, stove- piped networks into a single, modern, cost-effective enterprise network with a high level of service that meets...Holland, NGEN program manager. “If NMCI is not the most secure network in the world, it is certainly close. There is no shortfall flexibility

Do social networks influence small-scale fishermen's enforcement of sea tenure?

PubMed

Stevens, Kara; Frank, Kenneth A; Kramer, Daniel B

2015-01-01

Resource systems with enforced rules and strong monitoring systems typically have more predictable resource abundance, which can confer economic and social benefits to local communities. Co-management regimes demonstrate better social and ecological outcomes, but require an active role by community members in management activities, such as monitoring and enforcement. Previous work has emphasized understanding what makes fishermen comply with rules. This research takes a different approach to understand what influences an individual to enforce rules, particularly sea tenure. We conducted interviews and used multiple regression and Akaike's Information Criteria model selection to evaluate the effect of social networks, food security, recent catch success, fisherman's age and personal gear investment on individual's enforcement of sea tenure. We found that fishermen's enforcement of sea tenure declined between the two time periods measured and that social networks, age, food security, and changes in gear investment explained enforcement behavior across three different communities on Nicaragua's Atlantic Coast, an area undergoing rapid globalization.

Cyber Security Considerations for Autonomous Tactical Wheeled Vehicles

DTIC Science & Technology

2016-04-01

extraordinarily significant (Office of the Press Secretary, 2015). The White House added that cybersecurity is a shared responsibility between the...cannot, nor would Americans want it to, provide cybersecurity for every private network. Therefore, the private sector plays a crucial role in our... Cybersecurity Initiative,” that established the procedures the Acquisition community should use to manage future of Acquisition programs. Cyber Security

Designing a Secure Exam Management System (SEMS) for M-Learning Environments

ERIC Educational Resources Information Center

Kaiiali, Mustafa; Ozkaya, Armagan; Altun, Halis; Haddad, Hatem; Alier, Marc

2016-01-01

M-learning has enhanced the e-learning by making the learning process learner-centered. However, enforcing exam security in open environments where each student has his/her own mobile/tablet device connected to a Wi-Fi network through which it is further connected to the Internet can be one of the most challenging tasks. In such environments,…

78 FR 7842 - Self-Regulatory Organizations; NYSE MKT LLC; Notice of Filing of Proposed Rule Change Amending...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... limitations in order management systems and routing networks used by such member organizations may make it... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-68746; File No. SR-NYSEMKT-2013-07] Self.... Pursuant to Section 19(b)(1) \\1\\ of the Securities Exchange Act of 1934 (the ``Act'') \\2\\ and Rule 19b-4...

78 FR 61433 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing and Immediate Effectiveness of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-03

... that limitations in order management systems and routing networks used by such ETP Holders may make it... SECURITIES AND EXCHANGE COMMISSION [Release No. 34-70565; File No. SR-NYSEARCA-2013-98] Self... September 30, 2013. Pursuant to Section 19(b)(1) \\1\\ of the Securities Exchange Act of 1934 (the ``Act'') \\2...

Secure Service Proxy: A CoAP(s) Intermediary for a Securer and Smarter Web of Things

PubMed Central

Van den Abeele, Floris; Moerman, Ingrid; Demeester, Piet

2017-01-01

As the IoT continues to grow over the coming years, resource-constrained devices and networks will see an increase in traffic as everything is connected in an open Web of Things. The performance- and function-enhancing features are difficult to provide in resource-constrained environments, but will gain importance if the WoT is to be scaled up successfully. For example, scalable open standards-based authentication and authorization will be important to manage access to the limited resources of constrained devices and networks. Additionally, features such as caching and virtualization may help further reduce the load on these constrained systems. This work presents the Secure Service Proxy (SSP): a constrained-network edge proxy with the goal of improving the performance and functionality of constrained RESTful environments. Our evaluations show that the proposed design reaches its goal by reducing the load on constrained devices while implementing a wide range of features as different adapters. Specifically, the results show that the SSP leads to significant savings in processing, network traffic, network delay and packet loss rates for constrained devices. As a result, the SSP helps to guarantee the proper operation of constrained networks as these networks form an ever-expanding Web of Things. PMID:28696393

Secure Service Proxy: A CoAP(s) Intermediary for a Securer and Smarter Web of Things.

PubMed

Van den Abeele, Floris; Moerman, Ingrid; Demeester, Piet; Hoebeke, Jeroen

2017-07-11

As the IoT continues to grow over the coming years, resource-constrained devices and networks will see an increase in traffic as everything is connected in an open Web of Things. The performance- and function-enhancing features are difficult to provide in resource-constrained environments, but will gain importance if the WoT is to be scaled up successfully. For example, scalable open standards-based authentication and authorization will be important to manage access to the limited resources of constrained devices and networks. Additionally, features such as caching and virtualization may help further reduce the load on these constrained systems. This work presents the Secure Service Proxy (SSP): a constrained-network edge proxy with the goal of improving the performance and functionality of constrained RESTful environments. Our evaluations show that the proposed design reaches its goal by reducing the load on constrained devices while implementing a wide range of features as different adapters. Specifically, the results show that the SSP leads to significant savings in processing, network traffic, network delay and packet loss rates for constrained devices. As a result, the SSP helps to guarantee the proper operation of constrained networks as these networks form an ever-expanding Web of Things.

Ontological security and connectivity provided by pets: a study in the self-management of the everyday lives of people diagnosed with a long-term mental health condition.

PubMed

Brooks, Helen; Rushton, Kelly; Walker, Sandra; Lovell, Karina; Rogers, Anne

2016-12-09

Despite evidence that connecting people to relevant wellbeing-related resources brings therapeutic benefit, there is limited understanding, in the context of mental health recovery, of the potential value and contribution of pet ownership to personal support networks for self-management. This study aimed to explore the role of pets in the support and management activities in the personal networks of people with long-term mental health problems. Semi-structured interviews centred on 'ego' network mapping were conducted in two locations (in the North West and in the South of England) with 54 participants with a diagnosis of a long-term mental health problem. Interviews explored the day-to-day experience of living with a mental illness, informed by the notion of illness work undertaken by social network members within personal networks. Narratives were elicited that explored the relationship, value, utility and meaning of pets in the context of the provision of social support and management provided by other network members. Interviews were recorded, then transcribed verbatim before being analysed using a framework analysis. The majority of pets were placed in the central, most valued circle of support within the network diagrams. Pets were implicated in relational work through the provision of secure and intimate relationships not available elsewhere. Pets constituted a valuable source of illness work in managing feelings through distraction from symptoms and upsetting experiences, and provided a form of encouragement for activity. Pets were of enhanced salience where relationships with other network members were limited or difficult. Despite these benefits, pets were unanimously neither considered nor incorporated into individual mental health care plans. Drawing on a conceptual framework built on Corbin and Strauss's notion of illness 'work' and notions of a personal workforce of support undertaken within whole networks of individuals, this study contributes to our understanding of the role of pets in the daily management of long-term mental health problems. Pets should be considered a main rather than a marginal source of support in the management of long-term mental health problems, and this has implications for the planning and delivery of mental health services.

An On-Line Information Management System for Resources for Staff Development for the Professional Development Center Network.

ERIC Educational Resources Information Center

Monroe, Eula Ewing

The Professional Development Center Network (PDC), a consortium of twenty public school districts, parochial schools, and Western Kentucky University, seeks to identify and secure resources to assist in the design and delivery of activities appropriate to the educational development of individual staff members through the online Information…

Controlled information destruction: the final frontier in preserving information security for every organisation

NASA Astrophysics Data System (ADS)

Curiac, Daniel-Ioan; Pachia, Mihai

2015-05-01

Information security represents the cornerstone of every data processing system that resides in an organisation's trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation's future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.

Secure Multicast Tree Structure Generation Method for Directed Diffusion Using A* Algorithms

NASA Astrophysics Data System (ADS)

Kim, Jin Myoung; Lee, Hae Young; Cho, Tae Ho

The application of wireless sensor networks to areas such as combat field surveillance, terrorist tracking, and highway traffic monitoring requires secure communication among the sensor nodes within the networks. Logical key hierarchy (LKH) is a tree based key management model which provides secure group communication. When a sensor node is added or evicted from the communication group, LKH updates the group key in order to ensure the security of the communications. In order to efficiently update the group key in directed diffusion, we propose a method for secure multicast tree structure generation, an extension to LKH that reduces the number of re-keying messages by considering the addition and eviction ratios of the history data. For the generation of the proposed key tree structure the A* algorithm is applied, in which the branching factor at each level can take on different value. The experiment results demonstrate the efficiency of the proposed key tree structure against the existing key tree structures of fixed branching factors.

Inter-American Biodiversity Information Network (IABIN)

Science.gov Websites

Disarmament Drugs E e-Government Education Elections Environment Equity G General Assembly Governance H Human Management Public Security R Racism and Intolerance Refugees S Scholarships School of Governance Science and

A Survey on Trust Management for Mobile Ad Hoc Networks

DTIC Science & Technology

2010-07-01

betrayal of trust. In his comments on Lagerspetz’s book titled Trust: The Tacit Demand, Lahno [24] describes the author’s view on trust as a moral...extension of AODV Zouridaki et al. (2005 ) [79] (2006) [80] Secure routing Direct observation [79][80] Reputation by secondhand information [80...the broad areas of signal processing, wireless communications, sensor and mobile ad hoc networks. He is co-editor of the book Wireless Sensor Networks

Public Safety Broadband Network Architecture Description

DTIC Science & Technology

2013-08-01

could be used to add an in-app purchase to the user’s mobile phone bill. Major operators , such as AT& T , Deutsche Telekom, Orange, Telefonica and...3GPP technologies such as CDMA2000 and WiMAX networks. MME Mobility Managemen t Entity The MME is the key control-node for the LTE access-network... operator ( operator -managed small cells, etc.) or provides sufficient security (authentication, encryption, etc.). See Figure D3. Figure D3: ITU- T

A Fresh Look at Internet Protocol Version 6 (IPv6) for Department of Defense (DoD) Networks

DTIC Science & Technology

2010-08-01

since system administration practices (such as the use of security appliances) depend heavily on tools for network management, diagnosis and protection...are mobile ad hoc networks (MANETs) and yet there is limited practical experience with MANETs and their performance. Further, the interaction between...Systems FCS Future Combat System IETF Internet Engineering Task Force ISAT Information Science and Technology BAST Board on Army Science and

The net effects of the Project NetWork return-to-work case management experiment on participant earnings, benefit receipt, and other outcomes.

PubMed

Kornfeld, R; Rupp, K

2000-01-01

The Social Security Administration (SSA) initiated Project NetWork in 1991 to test case management as a means of promoting employment among persons with disabilities. The demonstration, which targeted Social Security Disability Insurance (DI) beneficiaries and Supplemental Security Income (SSI) applicants and recipients, offered intensive outreach, work-incentive waivers, and case management/referral services. Participation in Project NetWork was voluntary. Volunteers were randomly assigned to the "treatment" group or the "control" group. Those assigned to the treatment group met individually with a case or referral manager who arranged for rehabilitation and employment services, helped clients develop an individual employment plan, and provided direct employment counseling services. Volunteers assigned to the control group could not receive services from Project NetWork but remained eligible for any employment assistance already available in their communities. For both treatment and control groups, the demonstration waived specific DI and SSI program rules considered to be work disincentives. The experimental impact study thus measures the incremental effects of case and referral management services. The eight demonstration sites were successful in implementing the experimental design roughly as planned. Project NetWork staff were able to recruit large numbers of participants and to provide rehabilitation and employment services on a substantial scale. Most of the sites easily reached their enrollment targets and were able to attract volunteers with demographic characteristics similar to those of the entire SSI and DI caseload and a broad range of moderate and severe disabilities. However, by many measures, volunteers were generally more "work-ready" than project eligible in the demonstration areas who did not volunteer to receive NetWork services. Project NetWork case management increased average annual earnings by $220 per year over the first 2 years following random assignment. This statistically significant impact, an approximate 11-percent increase in earnings, is based on administrative data on earnings. For about 70 percent of sample members, a third year of followup data was available. For this limited sample, the estimated effect of Project NetWork on annual earnings declined to roughly zero in the third followup year. The findings suggest that the increase in earnings may have been short-lived and may have disappeared by the time Project NetWork services ended. Project NetWork did not reduce reliance on SSI or DI benefits by statistically significant amounts over the 30-42 month followup period. The services provided by Project NetWork thus did not reduce overall SSI and DI caseloads or benefits by substantial amounts, especially given that only about 5 percent of the eligible caseload volunteered to participate in Project NetWork. Project NetWork produced modest net benefits to persons with disabilities and net costs to taxpayers. Persons with disabilities gained mainly because the increases in their earnings easily outweighed the small (if any) reduction in average SSI and DI benefits. For SSA and the federal government as a whole, the costs of Project NetWork were not sufficiently offset by increases in tax receipts resulting from increased earnings or reductions in average SSI and DI benefits. The modest net benefits of Project NetWork to persons with disabilities are encouraging. How such benefits of an experimental intervention should be weighed against costs of taxpayers depends on value judgments of policymakers. Because different case management projects involve different kinds of services, these results cannot be directly generalized to other case management interventions. They are nevertheless instructive for planning new initiatives. Combining case and referral management services with various other interventions, such as longer term financial support for work or altered provider incentives, could produc

Secure Data Aggregation with Fully Homomorphic Encryption in Large-Scale Wireless Sensor Networks.

PubMed

Li, Xing; Chen, Dexin; Li, Chunyan; Wang, Liangmin

2015-07-03

With the rapid development of wireless communication technology, sensor technology, information acquisition and processing technology, sensor networks will finally have a deep influence on all aspects of people's lives. The battery resources of sensor nodes should be managed efficiently in order to prolong network lifetime in large-scale wireless sensor networks (LWSNs). Data aggregation represents an important method to remove redundancy as well as unnecessary data transmission and hence cut down the energy used in communication. As sensor nodes are deployed in hostile environments, the security of the sensitive information such as confidentiality and integrity should be considered. This paper proposes Fully homomorphic Encryption based Secure data Aggregation (FESA) in LWSNs which can protect end-to-end data confidentiality and support arbitrary aggregation operations over encrypted data. In addition, by utilizing message authentication codes (MACs), this scheme can also verify data integrity during data aggregation and forwarding processes so that false data can be detected as early as possible. Although the FHE increase the computation overhead due to its large public key size, simulation results show that it is implementable in LWSNs and performs well. Compared with other protocols, the transmitted data and network overhead are reduced in our scheme.

TTCN-3 Based Conformance Testing of Mobile Broadcast Business Management System in 3G Networks

NASA Astrophysics Data System (ADS)

Wang, Zhiliang; Yin, Xia; Xiang, Yang; Zhu, Ruiping; Gao, Shirui; Wu, Xin; Liu, Shijian; Gao, Song; Zhou, Li; Li, Peng

Mobile broadcast service is one of the emerging most important new services in 3G networks. To better operate and manage mobile broadcast services, mobile broadcast business management system (MBBMS) should be designed and developed. Such a system, with its distributed nature, complicated XML data and security mechanism, faces many challenges in testing technology. In this paper, we study the conformance testing methodology of MBBMS, and design and implement a MBBMS protocol conformance testing tool based on TTCN-3, a standardized test description language that can be used in black-box testing of reactive and distributed system. In this methodology and testing tool, we present a semi-automatic XML test data generation method of TTCN-3 test suite and use HMSC model to help the design of test suite. In addition, we also propose an integrated testing method for hierarchical MBBMS security architecture. This testing tool has been used in industrial level’s testing.

Wireless local area network for the dental office.

PubMed

Mupparapu, Muralidhar

2004-01-01

Dental offices are no exception to the implementation of new and advanced technology, especially if it enhances productivity. In a rapidly transforming digital world, wireless technology has a special place, as it has truly "retired the wire" and contributed to the ease and efficient access to patient data and other software-based applications for diagnosis and treatment. If the office or the clinic is networked, access to patient management software, imaging software and treatment planning tools is enhanced. Access will be further enhanced and unrestricted if the entire network is wireless. As with any new, emerging technology, there will be issues that should be kept in mind before adapting to the wireless environment. Foremost is the network security involved in the installation and use of these wireless networks. This short, technical manuscript deals with standards and choices in wireless technology currently available for implementation within a dental office. The benefits of each network security protocol available to protect patient data and boost the efficiency of a modern dental office are discussed.

A security architecture for health information networks.

PubMed

Kailar, Rajashekar; Muralidhar, Vinod

2007-10-11

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

Networking: A Key to Career Communication and Management Consulting Success

ERIC Educational Resources Information Center

Clark, Thomas

2009-01-01

Now that job security with one organization is a relic of the past and companies are outsourcing training and other "nonessential" functions, the author suggests in his career communication classes that students develop the same inventive strategies to plan their employment futures that management consultants use to market themselves in the 21st…

Privacy-Preserving Security for Vehicular Communications

ERIC Educational Resources Information Center

Weerasinghe, Hesiri Dhammika

2011-01-01

Because of the large number of deaths, severe injuries and huge financial loss due to auto accidents and poor traffic management, road safety and traffic management have become very important areas of interest among research community. As a result, Vehicular Ad-hoc Network (VANET) becomes a promising technology to improve road safety and quality…

Biomedical devices and systems security.

PubMed

Arney, David; Venkatasubramanian, Krishna K; Sokolsky, Oleg; Lee, Insup

2011-01-01

Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

Secure real-time wireless video streaming in the aeronautical telecommunications network

NASA Astrophysics Data System (ADS)

Czernik, Pawel; Olszyna, Jakub

2010-09-01

As Air Traffic Control Systems move from a voice only environment to one in which clearances are issued via data link, there is a risk that an unauthorized entity may attempt to masquerade as either the pilot or controller. In order to protect against this and related attacks, air-ground communications must be secured. The challenge is to add security in an environment in which bandwidth is limited. The Aeronautical Telecommunications Network (ATN) is an enabling digital network communications technology that addresses capacity and efficiency issues associated with current aeronautical voice communication systems. Equally important, the ATN facilitates migration to free flight, where direct computer-to-computer communication will automate air traffic management, minimize controller and pilot workload, and improve overall aircraft routing efficiency. Protecting ATN communications is critical since safety-of-flight is seriously affected if an unauthorized entity, a hacker for example, is able to penetrate an otherwise reliable communications system and accidentally or maliciously introduce erroneous information that jeopardizes the overall safety and integrity of a given airspace. However, an ATN security implementation must address the challenges associated with aircraft mobility, limited bandwidth communication channels, and uninterrupted operation across organizational and geopolitical boundaries. This paper provides a brief overview of the ATN, the ATN security concept, and begins a basic introduction to the relevant security concepts of security threats, security services and security mechanisms. Security mechanisms are further examined by presenting the fundamental building blocks of symmetric encipherment, asymmetric encipherment, and hash functions. The second part of this paper presents the project of cryptographiclly secure wireless communication between Unmanned Aerial Vehicles (UAV) and the ground station in the ATM system, based on the ARM9 processor development kid and Embedded Linux operation system.

A Security Architecture for Health Information Networks

PubMed Central

Kailar, Rajashekar

2007-01-01

Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today’s healthcare enterprise. Recent work on ‘nationwide health information network’ architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately. PMID:18693862

The Preparedness Web: Utilizing Regional Collaborative Networks for Homeland Security Preparedness

DTIC Science & Technology

2007-09-01

Hughes’ conflict strategies could then be used to develop methodologies for improved conflict management . 45 D. ORGANIZATIONAL CHANGE Emergency...has training in place to develop collaborative skills (e.g., conflict management , team process skills). * 2.3 (0.7) * 4 point scale; 1...included (a) knowledge of other agencies’ capabilities, (b) communication, (c) inter-agency trust and respect, and (d) conflict management . Further

Mobile Support For Logistics

DTIC Science & Technology

2016-03-01

Infrastructure to Support Mobile Devices (Takai, 2012, p. 2). The objectives needed in order to meet this goal are to: evolve spectrum management, expand... infrastructure to support wireless capabilities, and establish a mobile device security architecture (Takai, 2012, p. 2). By expanding infrastructure to...often used on Mobile Ad-Hoc Networks (MANETs). MANETS are infrastructure -less networks that include, but are not limited to, mobile devices. These

Wireless Distribution Systems To Support Medical Response to Disasters

PubMed Central

Arisoylu, Mustafa; Mishra, Rajesh; Rao, Ramesh; Lenert, Leslie A.

2005-01-01

We discuss the design of multi-hop access networks with multiple gateways that supports medical response to disasters. We examine and implement protocols to ensure high bandwidth, robust, self-healing and secure wireless multi-hop access networks for extreme conditions. Address management, path setup, gateway discovery and selection protocols are described. Future directions and plans are also considered. PMID:16779171

Wireless local area network in a prehospital environment

PubMed Central

Chen, Dongquan; Soong, Seng-jaw; Grimes, Gary J; Orthner, Helmuth F

2004-01-01

Background Wireless local area networks (WLANs) are considered the next generation of clinical data network. They open the possibility for capturing clinical data in a prehospital setting (e.g., a patient's home) using various devices, such as personal digital assistants, laptops, digital electrocardiogram (EKG) machines, and even cellular phones, and transmitting the captured data to a physician or hospital. The transmission rate is crucial to the applicability of the technology in the prehospital setting. Methods We created two separate WLANs to simulate a virtual local are network environment such as in a patient's home or an emergency room (ER). The effects of different methods of data transmission, number of clients, and roaming among different access points on the file transfer rate were determined. Results The present results suggest that it is feasible to transfer small files such as patient demographics and EKG data from the patient's home to the ER at a reasonable speed. Encryption, user control, and access control were implemented and results discussed. Conclusions Implementing a WLAN in a centrally managed and multiple-layer-controlled access control server is the key to ensuring its security and accessibility. Future studies should focus on product capacity, speed, compatibility, interoperability, and security management. PMID:15339336

Wireless local area network in a prehospital environment.

PubMed

Chen, Dongquan; Soong, Seng-jaw; Grimes, Gary J; Orthner, Helmuth F

2004-08-31

Wireless local area networks (WLANs) are considered the next generation of clinical data network. They open the possibility for capturing clinical data in a prehospital setting (e.g., a patient's home) using various devices, such as personal digital assistants, laptops, digital electrocardiogram (EKG) machines, and even cellular phones, and transmitting the captured data to a physician or hospital. The transmission rate is crucial to the applicability of the technology in the prehospital setting. We created two separate WLANs to simulate a virtual local are network environment such as in a patient's home or an emergency room (ER). The effects of different methods of data transmission, number of clients, and roaming among different access points on the file transfer rate were determined. The present results suggest that it is feasible to transfer small files such as patient demographics and EKG data from the patient's home to the ER at a reasonable speed. Encryption, user control, and access control were implemented and results discussed. Implementing a WLAN in a centrally managed and multiple-layer-controlled access control server is the key to ensuring its security and accessibility. Future studies should focus on product capacity, speed, compatibility, interoperability, and security management.

Security analysis and enhanced user authentication in proxy mobile IPv6 networks

PubMed Central

Kang, Dongwoo; Jung, Jaewook; Lee, Donghoon; Kim, Hyoungshick

2017-01-01

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN’s identity, password and session key. In this paper, we analyze Alizadeh et al.’s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key. PMID:28719621

Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

NASA Technical Reports Server (NTRS)

1985-01-01

The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

A study of the security technology and a new security model for WiFi network

NASA Astrophysics Data System (ADS)

Huang, Jing

2013-07-01

The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

Angle and Context Free Grammar Based Precarious Node Detection and Secure Data Transmission in MANETs.

PubMed

Veerasamy, Anitha; Madane, Srinivasa Rao; Sivakumar, K; Sivaraman, Audithan

2016-01-01

Growing attractiveness of Mobile Ad Hoc Networks (MANETs), its features, and usage has led to the launching of threats and attacks to bring negative consequences in the society. The typical features of MANETs, especially with dynamic topology and open wireless medium, may leave MANETs vulnerable. Trust management using uncertain reasoning scheme has previously attempted to solve this problem. However, it produces additional overhead while securing the network. Hence, a Location and Trust-based secure communication scheme (L&TS) is proposed to overcome this limitation. Since the design securing requires more than two data algorithms, the cost of the system goes up. Another mechanism proposed in this paper, Angle and Context Free Grammar (ACFG) based precarious node elimination and secure communication in MANETs, intends to secure data transmission and detect precarious nodes in a MANET at a comparatively lower cost. The Elliptic Curve function is used to isolate a malicious node, thereby incorporating secure data transfer. Simulation results show that the dynamic estimation of the metrics improves throughput by 26% in L&TS when compared to the TMUR. ACFG achieves 33% and 51% throughput increase when compared to L&TS and TMUR mechanisms, respectively.

STUDY ON SUPPORTING FOR DRAWING UP THE BCP FOR URBAN EXPRESSWAY NETWORK USING BY TRAFFIC SIMULATION SYSTEM

NASA Astrophysics Data System (ADS)

Yamawaki, Masashi; Shiraki, Wataru; Inomo, Hitoshi; Yasuda, Keiichi

The urban expressway network is an important infrastructure to execute a disaster restoration. Therefore, it is necessary to draw up the BCP (Business Continuity Plan) to enable securing of road user's safety and restoration of facilities, etc. It is important that each urban expressway manager execute decision and improvement of effective BCP countermeasures when disaster occurs by assuming various disaster situations. Then, in this study, we develop the traffic simulation system that can reproduce various disaster situations and traffic actions, and examine some methods supporting for drawing up the BCP for an urban expressway network. For disaster outside assumption such as tsunami generated by a huge earthquake, we examine some approaches securing safety of users and cars on the Hanshin Expressway Network as well as on general roads. And, we aim to propose a tsunami countermeasure not considered in the current urban expressway BCP.

Water Security Toolkit User Manual: Version 1.3 | Science ...

EPA Pesticide Factsheets

User manual: Data Product/Software The Water Security Toolkit (WST) is a suite of tools that help provide the information necessary to make good decisions resulting in the minimization of further human exposure to contaminants, and the maximization of the effectiveness of intervention strategies. WST assists in the evaluation of multiple response actions in order to select the most beneficial consequence management strategy. It includes hydraulic and water quality modeling software and optimization methodologies to identify: (1) sensor locations to detect contamination, (2) locations in the network in which the contamination was introduced, (3) hydrants to remove contaminated water from the distribution system, (4) locations in the network to inject decontamination agents to inactivate, remove or destroy contaminants, (5) locations in the network to take grab sample to confirm contamination or cleanup and (6) valves to close in order to isolate contaminated areas of the network.

[Study on network architecture of a tele-medical information sharing platform].

PubMed

Pan, Lin; Yu, Lun; Chen, Jin-xiong

2006-07-01

In the article,a plan of network construction which satisfies the demand of applications for a telemedical information sharing platform is proposed. We choice network access plans in view of user actual situation, through the analysis of the service demand and many kinds of network access technologies. Hospital servers that locate in LAN link sharing platform with node servers, should separate from the broadband network of sharing platform in order to ensure the security of the internal hospital network and the administration management. We use the VPN technology to realize the safe transmission of information in the platform network. Preliminary experiments have proved the plan is practicable.

Biometric identity management for standard mobile medical networks.

PubMed

Egner, Alexandru; Soceanu, Alexandru; Moldoveanu, Florica

2012-01-01

The explosion of healthcare costs over the last decade has prompted the ICT industry to respond with solutions for reducing costs while improving healthcare quality. The ISO/IEEE 11073 family of standards recently released is the first step towards interoperability of mobile medical devices used in patient environments. The standards do not, however, tackle security problems, such as identity management, or the secure exchange of medical data. This paper proposes an enhancement of the ISO/IEEE 11073-20601 protocol with an identity management system based on biometry. The paper describes a novel biometric-based authentication process, together with the biometric key generation algorithm. The proposed extension of the ISO/IEEE 11073-20601 is also presented.

The research of computer network security and protection strategy

NASA Astrophysics Data System (ADS)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Marine data security based on blockchain technology

NASA Astrophysics Data System (ADS)

Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

2018-03-01

With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

NASA Astrophysics Data System (ADS)

Zhang, Yuanfei; Pei, Qianwen; Dai, Feifei; Zhang, Lei

2017-10-01

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.

The Role of Healthcare Technology Management in Facilitating Medical Device Cybersecurity.

PubMed

Busdicker, Mike; Upendra, Priyanka

2017-09-02

This article discusses the role of healthcare technology management (HTM) in medical device cybersecurity and outlines concepts that are applicable to HTM professionals at a healthcare delivery organization or at an integrated delivery network, regardless of size. It provides direction for HTM professionals who are unfamiliar with the security aspects of managing healthcare technologies but are familiar with standards from The Joint Commission (TJC). It provides a useful set of recommendations, including relevant references for incorporating good security practices into HTM practice. Recommendations for policies, procedures, and processes referencing TJC standards are easily applicable to HTM departments with limited resources and to those with no resource concerns. The authors outline processes from their organization as well as best practices learned through information sharing at AAMI, National Health Information Sharing and Analysis Center (NH-ISAC), and Medical Device Innovation, Safety, and Security Consortium (MDISS) conferences and workshops.

Bio-mimic optimization strategies in wireless sensor networks: a survey.

PubMed

Adnan, Md Akhtaruzzaman; Abdur Razzaque, Mohammd; Ahmed, Ishtiaque; Isnin, Ismail Fauzi

2013-12-24

For the past 20 years, many authors have focused their investigations on wireless sensor networks. Various issues related to wireless sensor networks such as energy minimization (optimization), compression schemes, self-organizing network algorithms, routing protocols, quality of service management, security, energy harvesting, etc., have been extensively explored. The three most important issues among these are energy efficiency, quality of service and security management. To get the best possible results in one or more of these issues in wireless sensor networks optimization is necessary. Furthermore, in number of applications (e.g., body area sensor networks, vehicular ad hoc networks) these issues might conflict and require a trade-off amongst them. Due to the high energy consumption and data processing requirements, the use of classical algorithms has historically been disregarded. In this context contemporary researchers started using bio-mimetic strategy-based optimization techniques in the field of wireless sensor networks. These techniques are diverse and involve many different optimization algorithms. As far as we know, most existing works tend to focus only on optimization of one specific issue of the three mentioned above. It is high time that these individual efforts are put into perspective and a more holistic view is taken. In this paper we take a step in that direction by presenting a survey of the literature in the area of wireless sensor network optimization concentrating especially on the three most widely used bio-mimetic algorithms, namely, particle swarm optimization, ant colony optimization and genetic algorithm. In addition, to stimulate new research and development interests in this field, open research issues, challenges and future research directions are highlighted.

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

IS Security in a world of lightpaths

NASA Astrophysics Data System (ADS)

Tasker, R.

Security is a cornerstone for the delivery of consistent and reliable services in every aspect of the business of an organisation. The traditional IP network service provided to Institutes is carefully managed and controlled to limit illegal and/or antisocial use to protect the business processes of that Institute. SuperJANET5 has the capability for additional bandwidth circuits lightpaths - to be provided between specific endpoints across the network to meet specific need. Because these are end-to-end circuits they reach right into the heart of an organisation, typically providing a high bandwidth interconnection, and often at rates that are difficult to police. This paper explores this problem space and provides a strategy to minimise any associated risk through the development of an appropriate Security Policy that can sit alongside an Institute's overall approach in this area. .

Using Swarming Agents for Scalable Security in Large Network Environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crouse, Michael; White, Jacob L.; Fulp, Errin W.

2011-09-23

The difficulty of securing computer infrastructures increases as they grow in size and complexity. Network-based security solutions such as IDS and firewalls cannot scale because of exponentially increasing computational costs inherent in detecting the rapidly growing number of threat signatures. Hostbased solutions like virus scanners and IDS suffer similar issues, and these are compounded when enterprises try to monitor these in a centralized manner. Swarm-based autonomous agent systems like digital ants and artificial immune systems can provide a scalable security solution for large network environments. The digital ants approach offers a biologically inspired design where each ant in the virtualmore » colony can detect atoms of evidence that may help identify a possible threat. By assembling the atomic evidences from different ant types the colony may detect the threat. This decentralized approach can require, on average, fewer computational resources than traditional centralized solutions; however there are limits to its scalability. This paper describes how dividing a large infrastructure into smaller managed enclaves allows the digital ant framework to effectively operate in larger environments. Experimental results will show that using smaller enclaves allows for more consistent distribution of agents and results in faster response times.« less

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

DOE Office of Scientific and Technical Information (OSTI.GOV)

Orvis, W J; Krystosek, P; Smith, J

2002-11-27

With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does notmore » consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these items do not take a lot of work, but require an awareness of the risks involved in not doing them or doing them incorrectly. The security of home networks and communications with company networks can be significantly improved by adding an appropriate software or hardware firewall to the home network and using a protected protocol such as Secure Sockets Layer (SSL), a Virtual Private Network (VPN), or Secure Shell (SSH) for connecting to the company network.« less

Moving Target Techniques: Leveraging Uncertainty for CyberDefense

DTIC Science & Technology

2015-12-15

cyberattacks is a continual struggle for system managers. Attackers often need only find one vulnerability (a flaw or bug that an attacker can exploit...additional parsing code itself could have security-relevant software bugs . Dynamic  Network   Techniques in the dynamic network domain change the...evaluation of MT techniques can benefit from a variety of evaluation approaches, including abstract analysis, modeling and simulation, test bed

A terrorism response plan for hospital security and safety officers.

PubMed

White, Donald E

2002-01-01

Security and Safety managers in today's healthcare facilities need to factor terrorism response into their emergency management plans, separate from the customary disaster plans and the comparatively recent security plans. Terrorism incidents will likely be security occurrences that use a weapon of mass destruction to magnify the incidents into disasters. Facility Y2K Plans can provide an excellent framework for the detailed contingency planning needed for terrorism response by healthcare facilities. Tabbed binder notebooks, with bulleted procedures and contact points for each functional section, can provide security and safety officers with at-a-glance instructions for quick 24/7 implementation. Each functional section should focus upon what activities or severity levels trigger activation of the backup processes. Network with your countywide, regional, and/or state organizations to learn what your peers are doing. Comprehensively inventory your state, local, and commercial resources so that you have alternate providers readily available 24/7 to assist your facility upon disasters.

NetWall distributed firewall in the use of campus network

NASA Astrophysics Data System (ADS)

He, Junhua; Zhang, Pengshuai

2011-10-01

Internet provides a modern means of education but also non-mainstream consciousness and poor dissemination of information opens the door, network and moral issues have become prominent, poor dissemination of information and network spread rumors and negative effects of new problems, ideological and political education in schools had a huge impact, poses a severe challenge. This paper presents a distributed firewall will NetWall deployed in a campus network solution. The characteristics of the campus network, using technology to filter out bad information on the means of control, of sensitive information related to the record, establish a complete information security management platform for the campus network.

CyberSecurity Monitoring Tools and Projects: A Compendium of Commercial and Government Tools and Government Research Projects

DTIC Science & Technology

2000-08-01

identify changes to the risk levels of business network functions based on proposed modifications. Expert can model networks as well (see special...network from departmental systems to enterprise-wide environments. ACX is scaled with the use of a Policy Model Database(PMDB). The PMDB is a management...This Entry February 8, 2000 Description BlackICE Defender is a host-based intrusion detector designed for use on home or small business systems. It

Leveraging the laboratory response network model for the global health security agenda.

PubMed

Mangal, Chris N; Maryogo-Robinson, Lucy

2014-01-01

Promoting global health security as an international priority is a challenge; the US Centers for Disease Control and Prevention (CDC) in its Global Health Security Agenda has articulated the importance of accelerating progress toward a world safe and secure from infectious disease threats. The goals are to (1) prevent and reduce the likelihood of outbreaks-natural, accidental, or intentional; (2) detect threats early to save lives; and (3) respond rapidly and effectively using multisectoral, international coordination and communication. Foundational to this agenda is the World Health Organization (WHO) Revised International Health Regulations (IHR) of 2005, which provide the legal framework for countries to strengthen their health systems in order to be able to respond to any public health emergency of international concern. This article proposes leveraging the distributed structure of the US-managed Laboratory Response Network for Biological Threats Preparedness (LRN-B) to develop the core capacity of laboratory testing and to fulfill the laboratory-strengthening component of the Global Health Security Agenda. The LRN model offers an effective mechanism to detect and respond to public health emergencies of international concern.

Leveraging the Laboratory Response Network Model for the Global Health Security Agenda

PubMed Central

Maryogo-Robinson, Lucy

2014-01-01

Promoting global health security as an international priority is a challenge; the US Centers for Disease Control and Prevention (CDC) in its Global Health Security Agenda has articulated the importance of accelerating progress toward a world safe and secure from infectious disease threats. The goals are to (1) prevent and reduce the likelihood of outbreaks—natural, accidental, or intentional; (2) detect threats early to save lives; and (3) respond rapidly and effectively using multisectoral, international coordination and communication. Foundational to this agenda is the World Health Organization (WHO) Revised International Health Regulations (IHR) of 2005, which provide the legal framework for countries to strengthen their health systems in order to be able to respond to any public health emergency of international concern. This article proposes leveraging the distributed structure of the US-managed Laboratory Response Network for Biological Threats Preparedness (LRN-B) to develop the core capacity of laboratory testing and to fulfill the laboratory-strengthening component of the Global Health Security Agenda. The LRN model offers an effective mechanism to detect and respond to public health emergencies of international concern. PMID:25254916

Safety management of Ethernet broadband access based on VLAN aggregation

NASA Astrophysics Data System (ADS)

Wang, Li

2004-04-01

With broadband access network development, the Ethernet technology is more and more applied access network now. It is different from the private network -LAN. The differences lie in four points: customer management, safety management, service management and count-fee management. This paper mainly discusses the safety management related questions. Safety management means that the access network must secure the customer data safety, isolate the broad message which brings the customer private information, such as ARP, DHCP, and protect key equipment from attack. Virtue LAN (VLAN) technology can restrict network broadcast flow. We can config each customer port with a VLAN, so each customer is isolated with others. The IP address bound with VLAN ID can be routed rightly. But this technology brings another question: IP address shortage. VLAN aggregation technology can solve this problem well. Such a mechanism provides several advantages over traditional IPv4 addressing architectures employed in large switched LANs today. With VLAN aggregation technology, we introduce the notion of sub-VLANs and super-VLANs, a much more optimal approach to IP addressing can be realized. This paper will expatiate the VLAN aggregation model and its implementation in Ethernet access network. It is obvious that the customers in different sub-VLANs can not communication to each other because the ARP packet is isolated. Proxy ARP can enable the communication among them. This paper will also expatiate the proxy ARP model and its implementation in Ethernet access network.

Dynamic Communication Resource Negotiations

NASA Technical Reports Server (NTRS)

Chow, Edward; Vatan, Farrokh; Paloulian, George; Frisbie, Steve; Srostlik, Zuzana; Kalomiris, Vasilios; Apgar, Daniel

2012-01-01

Today's advanced network management systems can automate many aspects of the tactical networking operations within a military domain. However, automation of joint and coalition tactical networking across multiple domains remains challenging. Due to potentially conflicting goals and priorities, human agreement is often required before implementation into the network operations. This is further complicated by incompatible network management systems and security policies, rendering it difficult to implement automatic network management, thus requiring manual human intervention to the communication protocols used at various network routers and endpoints. This process of manual human intervention is tedious, error-prone, and slow. In order to facilitate a better solution, we are pursuing a technology which makes network management automated, reliable, and fast. Automating the negotiation of the common network communication parameters between different parties is the subject of this paper. We present the technology that enables inter-force dynamic communication resource negotiations to enable ad-hoc inter-operation in the field between force domains, without pre-planning. It also will enable a dynamic response to changing conditions within the area of operations. Our solution enables the rapid blending of intra-domain policies so that the forces involved are able to inter-operate effectively without overwhelming each other's networks with in-appropriate or un-warranted traffic. It will evaluate the policy rules and configuration data for each of the domains, then generate a compatible inter-domain policy and configuration that will update the gateway systems between the two domains.

Secure Data Aggregation with Fully Homomorphic Encryption in Large-Scale Wireless Sensor Networks

PubMed Central

Li, Xing; Chen, Dexin; Li, Chunyan; Wang, Liangmin

2015-01-01

With the rapid development of wireless communication technology, sensor technology, information acquisition and processing technology, sensor networks will finally have a deep influence on all aspects of people’s lives. The battery resources of sensor nodes should be managed efficiently in order to prolong network lifetime in large-scale wireless sensor networks (LWSNs). Data aggregation represents an important method to remove redundancy as well as unnecessary data transmission and hence cut down the energy used in communication. As sensor nodes are deployed in hostile environments, the security of the sensitive information such as confidentiality and integrity should be considered. This paper proposes Fully homomorphic Encryption based Secure data Aggregation (FESA) in LWSNs which can protect end-to-end data confidentiality and support arbitrary aggregation operations over encrypted data. In addition, by utilizing message authentication codes (MACs), this scheme can also verify data integrity during data aggregation and forwarding processes so that false data can be detected as early as possible. Although the FHE increase the computation overhead due to its large public key size, simulation results show that it is implementable in LWSNs and performs well. Compared with other protocols, the transmitted data and network overhead are reduced in our scheme. PMID:26151208

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

PubMed

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

PubMed Central

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-01-01

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes. PMID:24721764

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

Comprehensive security framework for the communication and storage of medical images

NASA Astrophysics Data System (ADS)

Slik, David; Montour, Mike; Altman, Tym

2003-05-01

Confidentiality, integrity verification and access control of medical imagery and associated metadata is critical for the successful deployment of integrated healthcare networks that extend beyond the department level. As medical imagery continues to become widely accessed across multiple administrative domains and geographically distributed locations, image data should be able to travel and be stored on untrusted infrastructure, including public networks and server equipment operated by external entities. Given these challenges associated with protecting large-scale distributed networks, measures must be taken to protect patient identifiable information while guarding against tampering, denial of service attacks, and providing robust audit mechanisms. The proposed framework outlines a series of security practices for the protection of medical images, incorporating Transport Layer Security (TLS), public and secret key cryptography, certificate management and a token based trusted computing base. It outlines measures that can be utilized to protect information stored within databases, online and nearline storage, and during transport over trusted and untrusted networks. In addition, it provides a framework for ensuring end-to-end integrity of image data from acquisition to viewing, and presents a potential solution to the challenges associated with access control across multiple administrative domains and institution user bases.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

DTIC Science & Technology

2010-09-01

secure ad-hoc networks of mobile sensors deployed in a hostile environment . These sensors are normally small 86 and resource...Communications Magazine, 51, 2008. 45. Kumar, S.A. “Classification and Review of Security Schemes in Mobile Comput- ing”. Wireless Sensor Network , 2010... Networks ”. Wireless /Mobile Network Security , 2008. 85. Xiao, Y. “Accountability for Wireless LANs, Ad Hoc Networks , and Wireless

An eConsent-based System Architecture Supporting Cooperation in Integrated Healthcare Networks.

PubMed

Bergmann, Joachim; Bott, Oliver J; Hoffmann, Ina; Pretschner, Dietrich P

2005-01-01

The economical need for efficient healthcare leads to cooperative shared care networks. A virtual electronic health record is required, which integrates patient related information but reflects the distributed infrastructure and restricts access only to those health professionals involved into the care process. Our work aims on specification and development of a system architecture fulfilling these requirements to be used in concrete regional pilot studies. Methodical analysis and specification have been performed in a healthcare network using the formal method and modelling tool MOSAIK-M. The complexity of the application field was reduced by focusing on the scenario of thyroid disease care, which still includes various interdisciplinary cooperation. Result is an architecture for a secure distributed electronic health record for integrated care networks, specified in terms of a MOSAIK-M-based system model. The architecture proposes business processes, application services, and a sophisticated security concept, providing a platform for distributed document-based, patient-centred, and secure cooperation. A corresponding system prototype has been developed for pilot studies, using advanced application server technologies. The architecture combines a consolidated patient-centred document management with a decentralized system structure without needs for replication management. An eConsent-based approach assures, that access to the distributed health record remains under control of the patient. The proposed architecture replaces message-based communication approaches, because it implements a virtual health record providing complete and current information. Acceptance of the new communication services depends on compatibility with the clinical routine. Unique and cross-institutional identification of a patient is also a challenge, but will loose significance with establishing common patient cards.

On a simulation study for reliable and secured smart grid communications

NASA Astrophysics Data System (ADS)

Mallapuram, Sriharsha; Moulema, Paul; Yu, Wei

2015-05-01

Demand response is one of key smart grid applications that aims to reduce power generation at peak hours and maintain a balance between supply and demand. With the support of communication networks, energy consumers can become active actors in the energy management process by adjusting or rescheduling their electricity usage during peak hours based on utilities pricing incentives. Nonetheless, the integration of communication networks expose the smart grid to cyber-attacks. In this paper, we developed a smart grid simulation test-bed and designed evaluation scenarios. By leveraging the capabilities of Matlab and ns-3 simulation tools, we conducted a simulation study to evaluate the impact of cyber-attacks on demand response application. Our data shows that cyber-attacks could seriously disrupt smart grid operations, thus confirming the need of secure and resilient communication networks for supporting smart grid operations.

Understanding and Managing Causality of Change in Socio-Technical Systems II

DTIC Science & Technology

2011-01-25

SUBJECT TERMS Cognition , Human Effectiveness, Information Science 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as Report (SAR) 18...at large taking into account the cognitive interaction between humans and technology. 8 Hussein Abbass Professor Abbass leads the...Network Centric Operations Future Air Traffic Management Systems Cognitive Engineering including Human-Computer Integration In all of the

Access Control of Web- and Java-Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.

2013-01-01

Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, Craig; Larmouth, Robert

The project was conceived and executed with the overarching objective to provide cost effective tools to cooperative utilities that enabled them to quickly detect, characterize and take remediative action against cyber attacks.

The National Information Infrastructure: Agenda for Action.

ERIC Educational Resources Information Center

Microcomputers for Information Management, 1995

1995-01-01

Discusses the National Information Infrastructure and the role of the government. Topics include private sector investment; universal service; technological innovation; user orientation; information security and network reliability; management of the radio frequency spectrum; intellectual property rights; coordination with other levels of…

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEPARTMENT OF DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... defense information. (e) Cyber incident means actions taken through the use of computer networks that... residing therein. (f) Cyber intrusion damage assessment means a managed, coordinated process to determine...

An overview of the DII-HEP OpenStack based CMS data analysis

NASA Astrophysics Data System (ADS)

Osmani, L.; Tarkoma, S.; Eerola, P.; Komu, M.; Kortelainen, M. J.; Kraemer, O.; Lindén, T.; Toor, S.; White, J.

2015-05-01

An OpenStack based private cloud with the Cluster File System has been built and used with both CMS analysis and Monte Carlo simulation jobs in the Datacenter Indirection Infrastructure for Secure High Energy Physics (DII-HEP) project. On the cloud we run the ARC middleware that allows running CMS applications without changes on the job submission side. Our test results indicate that the adopted approach provides a scalable and resilient solution for managing resources without compromising on performance and high availability. To manage the virtual machines (VM) dynamically in an elastic fasion, we are testing the EMI authorization service (Argus) and the Execution Environment Service (Argus-EES). An OpenStackplugin has been developed for Argus-EES. The Host Identity Protocol (HIP) has been designed for mobile networks and it provides a secure method for IP multihoming. HIP separates the end-point identifier and locator role for IP address which increases the network availability for the applications. Our solution leverages HIP for traffic management. This presentation gives an update on the status of the work and our lessons learned in creating an OpenStackbased cloud for HEP.

Routing architecture and security for airborne networks

NASA Astrophysics Data System (ADS)

Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

2009-05-01

Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

Quantifying effectiveness in emergency management.

PubMed

Weaver, John Michael

2014-01-01

This study looked at the relationship between the Departments of Defense (DOD) and Homeland Security (DHS). Moreover, it reviewed the interface between their two subordinate organizations (Northern Command under DOD and the Federal Emergency Management Agency under DHS) with primacy over domestic disasters. Understanding the importance of intergovernmental relations (IGRs), the article dissected the interrelatedness of these organizations regarding hurricanes and the subsequent involvement of federal preparation and response efforts. The informal networked relationships were evaluated using regression analysis focusing on secondary sources of data and several variables. The vitality of collaborative networks is grounded in literature and has been espoused by Waugh and Streib in the world of emergency management; this study expanded on their premise.

Technologies for Networked Enabled Operations

NASA Technical Reports Server (NTRS)

Glass, B.; Levine, J.

2005-01-01

Current point-to-point data links will not scale to support future integration of surveillance, security, and globally-distributed air traffic data, and already hinders efficiency and capacity. While the FAA and industry focus on a transition to initial system-wide information management (SWIM) capabilities, this paper describes a set of initial studies of NAS network-enabled operations technology gaps targeted for maturity in later SWIM spirals (201 5-2020 timeframe).

Global Networks: Emerging Constraints on Strategy (Defense Horizons, July 2004)

DTIC Science & Technology

2004-07-01

that will have a substantial and long-term economic impact , as well as political, social , and security implications.28 This is not just about selling...fundamentally, the economic, social , and political relationships premised on them change as well. Historical forces drive the system to a new...telecommunications network design. These are not sweatshops . Working conditions at India’s IT develop- ment companies—whether managed directly by Western

Joint Information Environment: DOD Needs to Strengthen Governance and Management

DTIC Science & Technology

2016-07-01

provide fast and secure connections to any application or service from any authorized network at any time Software application rationalization and...deployment at all sites. DOD further defines an automated information system as a system of computer hardware, computer software , data or telecommunications ...Why GAO Did This Study For fiscal year 2017, DOD plans to spend more than $38 billion on information technology to support thousands of networks and

Research on computer virus database management system

NASA Astrophysics Data System (ADS)

Qi, Guoquan

2011-12-01

The growing proliferation of computer viruses becomes the lethal threat and research focus of the security of network information. While new virus is emerging, the number of viruses is growing, virus classification increasing complex. Virus naming because of agencies' capture time differences can not be unified. Although each agency has its own virus database, the communication between each other lacks, or virus information is incomplete, or a small number of sample information. This paper introduces the current construction status of the virus database at home and abroad, analyzes how to standardize and complete description of virus characteristics, and then gives the information integrity, storage security and manageable computer virus database design scheme.

A Lightweight Encryption Scheme Combined with Trust Management for Privacy-Preserving in Body Sensor Networks.

PubMed

Guo, Ping; Wang, Jin; Ji, Sai; Geng, Xue Hua; Xiong, Neal N

2015-12-01

With the pervasiveness of smart phones and the advance of wireless body sensor network (BSN), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving framework combining with multilevel trust management. In our scheme, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive PHI (personal health information) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient lightweight encryption for those users whose trust level is low, which is based on mix cipher algorithms and pair of plain text and cipher texts, and allow a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis and simulations show that the proposed framework can efficiently achieve user-centric privacy protection in m-Healthcare system.

Bio-Mimic Optimization Strategies in Wireless Sensor Networks: A Survey

PubMed Central

Adnan, Md. Akhtaruzzaman; Razzaque, Mohammd Abdur; Ahmed, Ishtiaque; Isnin, Ismail Fauzi

2014-01-01

For the past 20 years, many authors have focused their investigations on wireless sensor networks. Various issues related to wireless sensor networks such as energy minimization (optimization), compression schemes, self-organizing network algorithms, routing protocols, quality of service management, security, energy harvesting, etc., have been extensively explored. The three most important issues among these are energy efficiency, quality of service and security management. To get the best possible results in one or more of these issues in wireless sensor networks optimization is necessary. Furthermore, in number of applications (e.g., body area sensor networks, vehicular ad hoc networks) these issues might conflict and require a trade-off amongst them. Due to the high energy consumption and data processing requirements, the use of classical algorithms has historically been disregarded. In this context contemporary researchers started using bio-mimetic strategy-based optimization techniques in the field of wireless sensor networks. These techniques are diverse and involve many different optimization algorithms. As far as we know, most existing works tend to focus only on optimization of one specific issue of the three mentioned above. It is high time that these individual efforts are put into perspective and a more holistic view is taken. In this paper we take a step in that direction by presenting a survey of the literature in the area of wireless sensor network optimization concentrating especially on the three most widely used bio-mimetic algorithms, namely, particle swarm optimization, ant colony optimization and genetic algorithm. In addition, to stimulate new research and development interests in this field, open research issues, challenges and future research directions are highlighted. PMID:24368702

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

WLC Preface

NASA Astrophysics Data System (ADS)

Miret, Josep M.; Sebé, Francesc

Low-cost devices are the key component of several applications: RFID tags permit an automated supply chain management while smart cards are a secure means of storing cryptographic keys required for remote and secure authentication in e-commerce and e-government applications. These devices must be cheap in order to permit their cost-effective massive manufacturing and deployment. Unfortunately, their low cost limits their computational power. Other devices such as nodes of sensor networks suffer from an additional constraint, namely, their limited battery life. Secure applications designed for these devices cannot make use of classical cryptographic primitives designed for full-fledged computers.

Secure Reliable Processing Systems

DTIC Science & Technology

1984-02-21

be attainable in principle, the more difficult goal is to meet all of the above while still maintaining good performance within the framwork of a well...managing the network, the user sees a conceptually simpler storage facility, composed merely of files, without machine boundaries, replicated copies

48 CFR 252.239-7016 - Telecommunications security equipment, devices, techniques, and services.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., record, and data communications, including management information systems and local data networks that...) Sensitive information means any information the loss, misuse, or modification of which, or unauthorized... subcontractors to transmit— (i) Classified or sensitive information; (ii) Matters involving intelligence...

32 CFR 236.2 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEPARTMENT OF DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE... information. (e) Cyber incident means actions taken through the use of computer networks that result in an...) Cyber intrusion damage assessment means a managed, coordinated process to determine the effect on...

Gross anatomy of network security

NASA Technical Reports Server (NTRS)

Siu, Thomas J.

2002-01-01

Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

Methods of Organizational Information Security

NASA Astrophysics Data System (ADS)

Martins, José; Dos Santos, Henrique

The principle objective of this article is to present a literature review for the methods used in the security of information at the level of organizations. Some of the principle problems are identified and a first group of relevant dimensions is presented for an efficient management of information security. The study is based on the literature review made, using some of the more relevant certified articles of this theme, in international reports and in the principle norms of management of information security. From the readings that were done, we identified some of the methods oriented for risk management, norms of certification and good practice of security of information. Some of the norms are oriented for the certification of the product or system and others oriented to the processes of the business. There are also studies with the proposal of Frameworks that suggest the integration of different approaches with the foundation of norms focused on technologies, in processes and taking into consideration the organizational and human environment of the organizations. In our perspective, the biggest contribute to the security of information is the development of a method of security of information for an organization in a conflicting environment. This should make available the security of information, against the possible dimensions of attack that the threats could exploit, through the vulnerability of the organizational actives. This method should support the new concepts of "Network centric warfare", "Information superiority" and "Information warfare" especially developed in this last decade, where information is seen simultaneously as a weapon and as a target.

Network Security Validation Using Game Theory

NASA Astrophysics Data System (ADS)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

A Decision Framework for Enhancing Mobile Ad Hoc Network Stability and Security

DTIC Science & Technology

2008-06-01

www.selfless-security.org/papers/addendum.php#ivt, accessed: March 2008. [10] Berners - Lee , T., Hendler, J., and O. Lassila, "The Semantic Web," in...study under her mentorship. Professor Tim Levin consistently offered his time and expertise throughout my time at NPS. Watching and listening to...Senge, "Tests for Building Confidence in System Dynamics Models," in TIMS Studies in the Management Sciences, Vol. 14, pp. 209-228, 1980. [40

A Network Access Control Framework for 6LoWPAN Networks

PubMed Central

Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

2013-01-01

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

The Third Annual NASA Science Internet User Working Group Conference

NASA Technical Reports Server (NTRS)

Lev, Brian S. (Editor); Gary, J. Patrick (Editor)

1993-01-01

The NASA Science Internet (NSI) User Support Office (USO) sponsored the Third Annual NSI User Working Group (NSIUWG) Conference March 30 through April 3, 1992, in Greenbelt, MD. Approximately 130 NSI users attended to learn more about the NSI, hear from projects which use NSI, and receive updates about new networking technologies and services. This report contains material relevant to the conference; copies of the agenda, meeting summaries, presentations, and descriptions of exhibitors. Plenary sessions featured a variety of speakers, including NSI project management, scientists, and NSI user project managers whose projects and applications effectively use NSI, and notable citizens of the larger Internet community. The conference also included exhibits of advanced networking applications; tutorials on internetworking, computer security, and networking technologies; and user subgroup meetings on the future direction of the conference, networking, and user services and applications.

Technical note: Efficient online source identification algorithm for integration within a contamination event management system

NASA Astrophysics Data System (ADS)

Deuerlein, Jochen; Meyer-Harries, Lea; Guth, Nicolai

2017-07-01

Drinking water distribution networks are part of critical infrastructures and are exposed to a number of different risks. One of them is the risk of unintended or deliberate contamination of the drinking water within the pipe network. Over the past decade research has focused on the development of new sensors that are able to detect malicious substances in the network and early warning systems for contamination. In addition to the optimal placement of sensors, the automatic identification of the source of a contamination is an important component of an early warning and event management system for security enhancement of water supply networks. Many publications deal with the algorithmic development; however, only little information exists about the integration within a comprehensive real-time event detection and management system. In the following the analytical solution and the software implementation of a real-time source identification module and its integration within a web-based event management system are described. The development was part of the SAFEWATER project, which was funded under FP 7 of the European Commission.

Immune Inspired Security Approach for Manets: a Case Study

NASA Astrophysics Data System (ADS)

Mohamed, Yasir Abdelgadir

2011-06-01

This paper extends the work that has earlier been established. Immune inspired approach for securing mobile ad hoc networks is specified there. Although it is clearly indicated there that the research scope is the wireless networks in general and hybrid mobile ad hoc networks in particular, we have seen that specifying the security system in one of the communications applications that need further security approach may help to understand how effectively the system can contribute to this vital and important networks sector. Security in this type of networks is important and controversial as it plays a key role in users' eagerness or reluctance for the services provided by these networks. In this paper, the immune inspired security system is specified to secure web services in converged networks.

Competitive Cyber-Insurance and Internet Security

NASA Astrophysics Data System (ADS)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Smart thermal networks for smart cities - Introduction of concepts and measures

NASA Astrophysics Data System (ADS)

Schmidt, R. R.; Pol, O.; Basciotti, D.; Page, J.

2012-10-01

In order to contribute to high living standards, climate mitigation and energy supply security, future urban energy systems require a holistic approach. In particular an intelligent integration of thermal networks is necessary. This paper will briefly present the "smart city" concept and introduce an associated definition for smart thermal networks defined on three levels: 1. the interaction with urban planning processes and the interface to the overall urban energy system, 2. the adaptation of the temperature level and 3. supply and demand-side management strategies.

The USA-NPN Information Management System: A tool in support of phenological assessments

NASA Astrophysics Data System (ADS)

Rosemartin, A.; Vazquez, R.; Wilson, B. E.; Denny, E. G.

2009-12-01

The USA National Phenology Network (USA-NPN) serves science and society by promoting a broad understanding of plant and animal phenology and the relationships among phenological patterns and all aspects of environmental change. Data management and information sharing are central to the USA-NPN mission. The USA-NPN develops, implements, and maintains a comprehensive Information Management System (IMS) to serve the needs of the network, including the collection, storage and dissemination of phenology data, access to phenology-related information, tools for data interpretation, and communication among partners of the USA-NPN. The IMS includes components for data storage, such as the National Phenology Database (NPD), and several online user interfaces to accommodate data entry, data download, data visualization and catalog searches for phenology-related information. The IMS is governed by a set of standards to ensure security, privacy, data access, and data quality. The National Phenology Database is designed to efficiently accommodate large quantities of phenology data, to be flexible to the changing needs of the network, and to provide for quality control. The database stores phenology data from multiple sources (e.g., partner organizations, researchers and citizen observers), and provides for integration with legacy datasets. Several services will be created to provide access to the data, including reports, visualization interfaces, and web services. These services will provide integrated access to phenology and related information for scientists, decision-makers and general audiences. Phenological assessments at any scale will rely on secure and flexible information management systems for the organization and analysis of phenology data. The USA-NPN’s IMS can serve phenology assessments directly, through data management and indirectly as a model for large-scale integrated data management.

Flexible session management in a distributed environment

NASA Astrophysics Data System (ADS)

Miller, Zach; Bradley, Dan; Tannenbaum, Todd; Sfiligoi, Igor

2010-04-01

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.

Securing Cyber Acquisitions

DTIC Science & Technology

2015-02-01

networking provides 24-hour access to data and information between friends and strangers alike. Technology also has played a significant role in the world’s...economic environment, many or- ganizations look at cyber budgets as areas to cut back. And many top-level managers and members of the acquisition

Report: Fiscal Year 2013 Federal Information Security Management Act Report

EPA Pesticide Factsheets

Report #14-P-0033, November 26, 2013. The EPA’s network and data could be exploited without processes to evaluate risks and timely remediate vulnerabilities. Data processed by EPA contractors could be at risk because adequate controls may not be in place.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks.

PubMed

Kim, Ki-Wook; Han, Youn-Hee; Min, Sung-Gi

2017-09-21

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism.

An Authentication and Key Management Mechanism for Resource Constrained Devices in IEEE 802.11-based IoT Access Networks

PubMed Central

Han, Youn-Hee; Min, Sung-Gi

2017-01-01

Many Internet of Things (IoT) services utilize an IoT access network to connect small devices with remote servers. They can share an access network with standard communication technology, such as IEEE 802.11ah. However, an authentication and key management (AKM) mechanism for resource constrained IoT devices using IEEE 802.11ah has not been proposed as yet. We therefore propose a new AKM mechanism for an IoT access network, which is based on IEEE 802.11 key management with the IEEE 802.1X authentication mechanism. The proposed AKM mechanism does not require any pre-configured security information between the access network domain and the IoT service domain. It considers the resource constraints of IoT devices, allowing IoT devices to delegate the burden of AKM processes to a powerful agent. The agent has sufficient power to support various authentication methods for the access point, and it performs cryptographic functions for the IoT devices. Performance analysis shows that the proposed mechanism greatly reduces computation costs, network costs, and memory usage of the resource-constrained IoT device as compared to the existing IEEE 802.11 Key Management with the IEEE 802.1X authentication mechanism. PMID:28934152

Implementation of remote monitoring and managing switches

NASA Astrophysics Data System (ADS)

Leng, Junmin; Fu, Guo

2010-12-01

In order to strengthen the safety performance of the network and provide the big convenience and efficiency for the operator and the manager, the system of remote monitoring and managing switches has been designed and achieved using the advanced network technology and present network resources. The fast speed Internet Protocol Cameras (FS IP Camera) is selected, which has 32-bit RSIC embedded processor and can support a number of protocols. An Optimal image compress algorithm Motion-JPEG is adopted so that high resolution images can be transmitted by narrow network bandwidth. The architecture of the whole monitoring and managing system is designed and implemented according to the current infrastructure of the network and switches. The control and administrative software is projected. The dynamical webpage Java Server Pages (JSP) development platform is utilized in the system. SQL (Structured Query Language) Server database is applied to save and access images information, network messages and users' data. The reliability and security of the system is further strengthened by the access control. The software in the system is made to be cross-platform so that multiple operating systems (UNIX, Linux and Windows operating systems) are supported. The application of the system can greatly reduce manpower cost, and can quickly find and solve problems.

Hybrid network defense model based on fuzzy evaluation.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Finding and Keeping a Job: The Value and Meaning of Employment for Parolees.

PubMed

Cherney, Adrian; Fitzgerald, Robin

2016-01-01

Finding stable employment has been identified as one of the best predictors of post-release success among prisoners. However, offenders face a number of challenges in securing employment when released from prison. This article examines processes that shape the abilities and motivations of parolees to secure gainful employment by examining interview data collected from parolees in Queensland, Australia (n = 50). We explore the role of social networks and commercial employment providers in helping parolees find work, the perceived value of institutional work and training, and the meanings, challenges, and impact of managing the disclosure of one's criminal past to employers. Findings highlight that the role and influence of employment on a parolee's reintegration is conditional on his or her supportive social networks, ability to manage stigma, and personal changes in identity, which elevate the importance of work in a parolee's life. Our findings also show how employment provides opportunities for offenders to self-construct and articulate new identities. © The Author(s) 2014.

SEADE: Countering the Futility of Network Security

DTIC Science & Technology

2015-10-01

guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks.

PubMed

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-04-12

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes' resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach.

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

Smartphone-based secure authenticated session sharing in Internet of Personal Things

NASA Astrophysics Data System (ADS)

Krishnan, Ram; Ninglekhu, Jiwan

2015-03-01

In the context of password-based authentication, a user can only memorize limited number of usernames and passwords. They are generally referred to as user-credentials. Longer character length of passwords further adds complication in mastering them. The expansion of the Internet and our growing dependency on it, has made it almost impossible for us to handle the big pool of user-credentials. Using simple, same or similar passwords is considered a poor practice, as it can easily be compromised by password cracking tools and social engineering attacks. Therefore, a robust and painless technique to manage personal credentials for websites is desirable. In this paper, a novel technique for user-credentials management via a smart mobile device such as a smartphone in a local network is proposed. We present a secure user-credential management scheme in which user's account login (username) and password associated with websites domain name is saved into the mobile device's database using a mobile application. We develop a custom browser extension application for client and use it to import user's credentials linked with the corresponding website from the mobile device via the local Wi-Fi network connection. The browser extension imports and identifies the authentication credentials and pushes them into the target TextBox locations in the webpage, ready for the user to execute. This scheme is suitably demonstrated between two personal devices in a local network.

Development of a privacy and security policy framework for a multistate comparative effectiveness research network.

PubMed

Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila

2013-08-01

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Dense wavelength division multiplexing devices for metropolitan-area datacom and telecom networks

NASA Astrophysics Data System (ADS)

DeCusatis, Casimer M.; Priest, David G.

2000-12-01

Large data processing environments in use today can require multi-gigabyte or terabyte capacity in the data communication infrastructure; these requirements are being driven by storage area networks with access to petabyte data bases, new architecture for parallel processing which require high bandwidth optical links, and rapidly growing network applications such as electronic commerce over the Internet or virtual private networks. These datacom applications require high availability, fault tolerance, security, and the capacity to recover from any single point of failure without relying on traditional SONET-based networking. These requirements, coupled with fiber exhaust in metropolitan areas, are driving the introduction of dense optical wavelength division multiplexing (DWDM) in data communication systems, particularly for large enterprise servers or mainframes. In this paper, we examine the technical requirements for emerging nextgeneration DWDM systems. Protocols for storage area networks and computer architectures such as Parallel Sysplex are presented, including their fiber bandwidth requirements. We then describe two commercially available DWDM solutions, a first generation 10 channel system and a recently announced next generation 32 channel system. Technical requirements, network management and security, fault tolerant network designs, new network topologies enabled by DWDM, and the role of time division multiplexing in the network are all discussed. Finally, we present a description of testing conducted on these networks and future directions for this technology.

Security and Privacy Preservation in Human-Involved Networks

NASA Astrophysics Data System (ADS)

Asher, Craig; Aumasson, Jean-Philippe; Phan, Raphael C.-W.

This paper discusses security within human-involved networks, with a focus on social networking services (SNS). We argue that more secure networks could be designed using semi-formal security models inspired from cryptography, as well as notions like that of ceremony, which exploits human-specific abilities and psychology to assist creating more secure protocols. We illustrate some of our ideas with the example of the SNS Facebook.

Resource Sharing in a Network of Personal Computers.

DTIC Science & Technology

1982-12-01

magnetic card, or a more secure identifier such as a machine-read fingerprint or voiceprint. Security and Protection 57 (3) (R, key) (5) (RB’ B, key) (B...operations are invoked via messages, a program and its terminal can easily be located on separate machines. In Spice, an interface process called Canvas ...request of a process. In Canvas , a process can only subdivide windows that it already has. On the other hand, the window manager treats the screen as a

Robust Functionality and Active Data Management for Cooperative Networks in the Presence of WMD Stressors

DTIC Science & Technology

2011-09-01

topological impairments," Wiley Handbook of Science and Technology for Homeland Security, 2009. Technical Summary Introduction: DCSs offer a flexible...8217l , nfc ,approx = 1 - 2 2" N 1S t e second argest rugenv(.l..lue o Tapprox , where aN = .,., an subscript "nEe" denotes the eigenvalues for the case...robust distributed computing in the presence of topological impairmt~nts," Wiley Handbook of Science and Technology for Homeland Security, 2009. (3

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Use of a wireless local area network in an orthodontic clinic.

PubMed

Mupparapu, Muralidhar; Binder, Robert E; Cummins, John M

2005-06-01

Radiographic images and other patient records, including medical histories, demographics, and health insurance information, can now be stored digitally and accessed via patient management programs. However, digital image acquisition and diagnosis and treatment planning are independent tasks, and each is time consuming, especially when performed at different computer workstations. Networking or linking the computers in an office enhances access to imaging and treatment planning tools. Access can be further enhanced if the entire network is wireless. Thanks to wireless technology, stand-alone, desk-bound personal computers have been replaced with mobile, hand-held devices that can communicate with each other and the rest of the world via the Internet. As with any emerging technology, some issues should be kept in mind when adapting to the wireless environment. Foremost is network security. Second is the choice of mobile hardware devices that are used by the orthodontist, office staff, and patients. This article details the standards and choices in wireless technology that can be implemented in an orthodontic clinic and suggests how to select suitable mobile hardware for accessing or adding data to a preexisting network. The network security protocols discussed comply with HIPAA regulations and boost the efficiency of a modern orthodontic clinic.

Computer Network Security: Best Practices for Alberta School Jurisdictions.

ERIC Educational Resources Information Center

Alberta Dept. of Education, Edmonton.

This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

Smart Practices In Building Interorganizational Collaborative Capacity to Strengthen the Florida Comprehensive Disaster Management Enterprise

DTIC Science & Technology

2011-12-01

private company , homeland security and disaster response affects most organizations and networks of people at specific periods of their existence...Preparedness and Assistance Trust Fund, due to controversy over a $2.00 assessment on homeowners’ insurance policies and a $4.00 assessment on commercial...fuel management strategies while taking into consideration rules for traffic safety, insurance and liability factors, right-of-ways and land

Managing Network Security Policies in Tactical Manet’s Using Drama

DTIC Science & Technology

2010-08-04

Cheng, M. Raykova, A. Poylisher, S. Alexander, M. Eiger, S. M. Bellovin, “ The Zodiac Policy Subsystem: A Policy-Based Management System for a High...hour per response, including the time for reviewing instructions, searching data sources, gathering and maintaining the data needed, and completing and...reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information

Service-oriented Software Defined Optical Networks for Cloud Computing

NASA Astrophysics Data System (ADS)

Liu, Yuze; Li, Hui; Ji, Yuefeng

2017-10-01

With the development of big data and cloud computing technology, the traditional software-defined network is facing new challenges (e.g., ubiquitous accessibility, higher bandwidth, more flexible management and greater security). This paper proposes a new service-oriented software defined optical network architecture, including a resource layer, a service abstract layer, a control layer and an application layer. We then dwell on the corresponding service providing method. Different service ID is used to identify the service a device can offer. Finally, we experimentally evaluate that proposed service providing method can be applied to transmit different services based on the service ID in the service-oriented software defined optical network.

Hybrid Network Defense Model Based on Fuzzy Evaluation

PubMed Central

2014-01-01

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture. PMID:24574870

Hybrid architecture for building secure sensor networks

NASA Astrophysics Data System (ADS)

Owens, Ken R., Jr.; Watkins, Steve E.

2012-04-01

Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

Secure data exchange between intelligent devices and computing centers

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

An Outline of Data Aggregation Security in Heterogeneous Wireless Sensor Networks

PubMed Central

Boubiche, Sabrina; Boubiche, Djallel Eddine; Bilami, Azzedine; Toral-Cruz, Homero

2016-01-01

Data aggregation processes aim to reduce the amount of exchanged data in wireless sensor networks and consequently minimize the packet overhead and optimize energy efficiency. Securing the data aggregation process is a real challenge since the aggregation nodes must access the relayed data to apply the aggregation functions. The data aggregation security problem has been widely addressed in classical homogeneous wireless sensor networks, however, most of the proposed security protocols cannot guarantee a high level of security since the sensor node resources are limited. Heterogeneous wireless sensor networks have recently emerged as a new wireless sensor network category which expands the sensor nodes’ resources and capabilities. These new kinds of WSNs have opened new research opportunities where security represents a most attractive area. Indeed, robust and high security level algorithms can be used to secure the data aggregation at the heterogeneous aggregation nodes which is impossible in classical homogeneous WSNs. Contrary to the homogeneous sensor networks, the data aggregation security problem is still not sufficiently covered and the proposed data aggregation security protocols are numberless. To address this recent research area, this paper describes the data aggregation security problem in heterogeneous wireless sensor networks and surveys a few proposed security protocols. A classification and evaluation of the existing protocols is also introduced based on the adopted data aggregation security approach. PMID:27077866

Authenticated IGMP for Controlling Access to Multicast Distribution Tree

NASA Astrophysics Data System (ADS)

Park, Chang-Seop; Kang, Hyun-Sun

A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

Key Management Scheme Based on Route Planning of Mobile Sink in Wireless Sensor Networks.

PubMed

Zhang, Ying; Liang, Jixing; Zheng, Bingxin; Jiang, Shengming; Chen, Wei

2016-01-29

In many wireless sensor network application scenarios the key management scheme with a Mobile Sink (MS) should be fully investigated. This paper proposes a key management scheme based on dynamic clustering and optimal-routing choice of MS. The concept of Traveling Salesman Problem with Neighbor areas (TSPN) in dynamic clustering for data exchange is proposed, and the selection probability is used in MS route planning. The proposed scheme extends static key management to dynamic key management by considering the dynamic clustering and mobility of MSs, which can effectively balance the total energy consumption during the activities. Considering the different resources available to the member nodes and sink node, the session key between cluster head and MS is established by modified an ECC encryption with Diffie-Hellman key exchange (ECDH) algorithm and the session key between member node and cluster head is built with a binary symmetric polynomial. By analyzing the security of data storage, data transfer and the mechanism of dynamic key management, the proposed scheme has more advantages to help improve the resilience of the key management system of the network on the premise of satisfying higher connectivity and storage efficiency.

Converging Redundant Sensor Network Information for Improved Building Control

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dale Tiller; D. Phil; Gregor Henze

2007-09-30

This project investigated the development and application of sensor networks to enhance building energy management and security. Commercial, industrial and residential buildings often incorporate systems used to determine occupancy, but current sensor technology and control algorithms limit the effectiveness of these systems. For example, most of these systems rely on single monitoring points to detect occupancy, when more than one monitoring point could improve system performance. Phase I of the project focused on instrumentation and data collection. During the initial project phase, a new occupancy detection system was developed, commissioned and installed in a sample of private offices and open-planmore » office workstations. Data acquisition systems were developed and deployed to collect data on space occupancy profiles. Phase II of the project demonstrated that a network of several sensors provides a more accurate measure of occupancy than is possible using systems based on single monitoring points. This phase also established that analysis algorithms could be applied to the sensor network data stream to improve the accuracy of system performance in energy management and security applications. In Phase III of the project, the sensor network from Phase I was complemented by a control strategy developed based on the results from the first two project phases: this controller was implemented in a small sample of work areas, and applied to lighting control. Two additional technologies were developed in the course of completing the project. A prototype web-based display that portrays the current status of each detector in a sensor network monitoring building occupancy was designed and implemented. A new capability that enables occupancy sensors in a sensor network to dynamically set the 'time delay' interval based on ongoing occupant behavior in the space was also designed and implemented.« less

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Security Code Red or Ready? Leaders Sharing--For Tech Leaders

ERIC Educational Resources Information Center

Hall, Don; Kelly, Pat

2005-01-01

Increasingly, teachers rely on computer software and networks to both enhance curriculum management and provide engaging learning opportunities in instruction. New software is enabling more frequent formative assessments to better focus day-to-day lessons on the unique needs of individual learners. Administrators use increasingly complex data…

20 CFR 411.660 - Is SSA's decision final?

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Is SSA's decision final? 411.660 Section 411.660 Employees' Benefits SOCIAL SECURITY ADMINISTRATION THE TICKET TO WORK AND SELF-SUFFICIENCY PROGRAM Ticket to Work Program Dispute Resolution Disputes Between Employment Networks and Program Managers § 411...

20 CFR 411.660 - Is SSA's decision final?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Is SSA's decision final? 411.660 Section 411.660 Employees' Benefits SOCIAL SECURITY ADMINISTRATION THE TICKET TO WORK AND SELF-SUFFICIENCY PROGRAM Ticket to Work Program Dispute Resolution Disputes Between Employment Networks and Program Managers § 411...

20 CFR 411.660 - Is SSA's decision final?

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Is SSA's decision final? 411.660 Section 411.660 Employees' Benefits SOCIAL SECURITY ADMINISTRATION THE TICKET TO WORK AND SELF-SUFFICIENCY PROGRAM Ticket to Work Program Dispute Resolution Disputes Between Employment Networks and Program Managers § 411...

20 CFR 411.660 - Is SSA's decision final?

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Is SSA's decision final? 411.660 Section 411.660 Employees' Benefits SOCIAL SECURITY ADMINISTRATION THE TICKET TO WORK AND SELF-SUFFICIENCY PROGRAM Ticket to Work Program Dispute Resolution Disputes Between Employment Networks and Program Managers § 411...

20 CFR 411.660 - Is SSA's decision final?

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Is SSA's decision final? 411.660 Section 411.660 Employees' Benefits SOCIAL SECURITY ADMINISTRATION THE TICKET TO WORK AND SELF-SUFFICIENCY PROGRAM Ticket to Work Program Dispute Resolution Disputes Between Employment Networks and Program Managers § 411...

Advanced Cyber Attack Modeling Analysis and Visualization

DTIC Science & Technology

2010-03-01

Graph Analysis Network Web Logs Netflow Data TCP Dump Data System Logs Detect Protect Security Management What-If Figure 8. TVA attack graphs for...Clustered Graphs,” in Proceedings of the Symposium on Graph Drawing, September 1996. [25] K. Lakkaraju, W. Yurcik, A. Lee, “NVisionIP: NetFlow

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

DOEpatents

Chen, Yu-Gene T.

2013-04-16

A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, K.; Tsai, H.; Liu, Y. Y.

Radio frequency identification (RFID) is one of today's most rapidly growing technologies in the automatic data collection industry. Although commercial applications are already widespread, the use of this technology for managing nuclear materials is only in its infancy. Employing an RFID system has the potential to offer an immense payback: enhanced safety and security, reduced need for manned surveillance, real-time access to status and event history data, and overall cost-effectiveness. The Packaging Certification Program (PCP) in the U.S. Department of Energy's (DOE's) Office of Environmental Management (EM), Office of Packaging and Transportation (EM-63), is developing an RFID system for nuclearmore » materials management. The system consists of battery-powered RFID tags with onboard sensors and memories, a reader network, application software, a database server and web pages. The tags monitor and record critical parameters, including the status of seals, movement of objects, and environmental conditions of the nuclear material packages in real time. They also provide instant warnings or alarms when preset thresholds for the sensors are exceeded. The information collected by the readers is transmitted to a dedicated central database server that can be accessed by authorized users across the DOE complex via a secured network. The onboard memory of the tags allows the materials manifest and event history data to reside with the packages throughout their life cycles in storage, transportation, and disposal. Data security is currently based on Advanced Encryption Standard-256. The software provides easy-to-use graphical interfaces that allow access to all vital information once the security and privilege requirements are met. An innovative scheme has been developed for managing batteries in service for more than 10 years without needing to be changed. A miniature onboard dosimeter is being developed for applications that require radiation surveillance. A field demonstration of the RFID system was recently conducted to assess its performance. The preliminary results of the demonstration are reported in this paper.« less

Ecological Networks in Stored Grain: Key Postharvest Nodes for Emerging Pests, Pathogens, and Mycotoxins.

PubMed

Hernandez Nopsa, John F; Daglish, Gregory J; Hagstrum, David W; Leslie, John F; Phillips, Thomas W; Scoglio, Caterina; Thomas-Sharma, Sara; Walter, Gimme H; Garrett, Karen A

2015-10-01

Wheat is at peak quality soon after harvest. Subsequently, diverse biota use wheat as a resource in storage, including insects and mycotoxin-producing fungi. Transportation networks for stored grain are crucial to food security and provide a model system for an analysis of the population structure, evolution, and dispersal of biota in networks. We evaluated the structure of rail networks for grain transport in the United States and Eastern Australia to identify the shortest paths for the anthropogenic dispersal of pests and mycotoxins, as well as the major sources, sinks, and bridges for movement. We found important differences in the risk profile in these two countries and identified priority control points for sampling, detection, and management. An understanding of these key locations and roles within the network is a new type of basic research result in postharvest science and will provide insights for the integrated pest management of high-risk subpopulations, such as pesticide-resistant insect pests.

Ecological Networks in Stored Grain: Key Postharvest Nodes for Emerging Pests, Pathogens, and Mycotoxins

PubMed Central

Hernandez Nopsa, John F.; Daglish, Gregory J.; Hagstrum, David W.; Leslie, John F.; Phillips, Thomas W.; Scoglio, Caterina; Thomas-Sharma, Sara; Walter, Gimme H.; Garrett, Karen A.

2015-01-01

Wheat is at peak quality soon after harvest. Subsequently, diverse biota use wheat as a resource in storage, including insects and mycotoxin-producing fungi. Transportation networks for stored grain are crucial to food security and provide a model system for an analysis of the population structure, evolution, and dispersal of biota in networks. We evaluated the structure of rail networks for grain transport in the United States and Eastern Australia to identify the shortest paths for the anthropogenic dispersal of pests and mycotoxins, as well as the major sources, sinks, and bridges for movement. We found important differences in the risk profile in these two countries and identified priority control points for sampling, detection, and management. An understanding of these key locations and roles within the network is a new type of basic research result in postharvest science and will provide insights for the integrated pest management of high-risk subpopulations, such as pesticide-resistant insect pests. PMID:26955074

The provincial health office as performance manager: change in the local healthcare system after Thailand's universal coverage reforms.

PubMed

Intaranongpai, Siranee; Hughes, David; Leethongdee, Songkramchai

2012-01-01

This paper examines the implementation of Thailand's universal coverage healthcare reforms in a rural province, using data from field studies undertaken in 2003-2005 and 2008-2011. We focus on the strand of policy that aimed to develop primary care by allocating funds to contracting units for primary care (CUPs) responsible for managing local service networks. The two studies document a striking change in the balance of power in the local healthcare system over the 8-year period. Initially, the newly formed CUPs gained influence as 'power followed the money', and the provincial health offices (PHOs), which had commanded the service units, were left with a weaker co-ordination role. However, the situation changed as a new insurance purchaser, the National Health Security Office, took financial control and established regional outposts. National Health Security Office outposts worked with PHOs to develop rationalised management tools-strategic plans, targets, KPIs and benchmarking-that installed the PHOs as performance managers of local healthcare systems. New lines of accountability and changed budgetary systems reduced the power of the CUPs to control resource allocation and patterns of services within CUP networks. Whereas some CUPs fought to retain limited autonomy, the PHO has been able to regain much of its former control. We suggest that implementation theory needs to take a long view to capture the complexity of a major reform initiative and argue for an analysis that recognises the key role of policy networks and advocacy coalitions that span national and local levels and realign over time. Copyright © 2012 John Wiley & Sons, Ltd.

Security Concepts for Satellite Links

NASA Astrophysics Data System (ADS)

Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

2008-08-01

The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

Security Encryption Scheme for Communication of Web Based Control Systems

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

Key Exchange Trust Evaluation in Peer-to-Peer Sensor Networks With Unconditionally Secure Key Exchange

NASA Astrophysics Data System (ADS)

Gonzalez, Elias; Kish, Laszlo B.

2016-03-01

As the utilization of sensor networks continue to increase, the importance of security becomes more profound. Many industries depend on sensor networks for critical tasks, and a malicious entity can potentially cause catastrophic damage. We propose a new key exchange trust evaluation for peer-to-peer sensor networks, where part of the network has unconditionally secure key exchange. For a given sensor, the higher the portion of channels with unconditionally secure key exchange the higher the trust value. We give a brief introduction to unconditionally secured key exchange concepts and mention current trust measures in sensor networks. We demonstrate the new key exchange trust measure on a hypothetical sensor network using both wired and wireless communication channels.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

National Security Technology Incubator Business Plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

This document contains a business plan for the National Security Technology Incubator (NSTI), developed as part of the National Security Preparedness Project (NSPP) and performed under a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This business plan describes key features of the NSTI, including the vision and mission, organizational structure and staffing, services, evaluation criteria, marketing strategies, client processes, a budget, incubator evaluation criteria, and a development schedule. The purpose of the NSPP is to promote national security technologies through business incubation, technology demonstration and validation, and workforce development. The NSTI will focus on serving businesses with nationalmore » security technology applications by nurturing them through critical stages of early development. The vision of the NSTI is to be a successful incubator of technologies and private enterprise that assist the NNSA in meeting new challenges in national safety, security, and protection of the homeland. The NSTI is operated and managed by the Arrowhead Center, responsible for leading the economic development mission of New Mexico State University (NMSU). The Arrowhead Center will recruit business with applications for national security technologies recruited for the NSTI program. The Arrowhead Center and its strategic partners will provide business incubation services, including hands-on mentoring in general business matters, marketing, proposal writing, management, accounting, and finance. Additionally, networking opportunities and technology development assistance will be provided.« less

78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-29

... Network Advisory Committee (HSINAC) AGENCY: Operation Coordination and Planning/Office of Chief.... SUMMARY: The Homeland Security Information Network Advisory Council (HSINAC) will meet December 17, 2013... , Phone: 202-343-4212. SUPPLEMENTARY INFORMATION: The Homeland Security Information Network Advisory...

Security of Quantum Repeater Network Operation

DTIC Science & Technology

2016-10-03

AFRL-AFOSR-JP-TR-2016-0079 Security of Quantum Repeater Network Operation Rodney Van Meter KEIO UNIVERSITY Final Report 10/03/2016 DISTRIBUTION A...To)  29 May 2014 to 28 May 2016 4. TITLE AND SUBTITLE Security of Quantum Repeater Network Operation 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386...ABSTRACT Much of the work on quantum networks , both entangled and unentangled, has been about the uses of quantum networks to enhance end- host security

Computer Network Security- The Challenges of Securing a Computer Network

NASA Technical Reports Server (NTRS)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

Proton beam therapy control system

DOEpatents

Baumann, Michael A [Riverside, CA; Beloussov, Alexandre V [Bernardino, CA; Bakir, Julide [Alta Loma, CA; Armon, Deganit [Redlands, CA; Olsen, Howard B [Colton, CA; Salem, Dana [Riverside, CA

2008-07-08

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A.; Beloussov, Alexandre V.; Bakir, Julide; Armon, Deganit; Olsen, Howard B.; Salem, Dana

2010-09-21

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A; Beloussov, Alexandre V; Bakir, Julide; Armon, Deganit; Olsen, Howard B; Salem, Dana

2013-06-25

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Proton beam therapy control system

DOEpatents

Baumann, Michael A; Beloussov, Alexandre V; Bakir, Julide; Armon, Deganit; Olsen, Howard B; Salem, Dana

2013-12-03

A tiered communications architecture for managing network traffic in a distributed system. Communication between client or control computers and a plurality of hardware devices is administered by agent and monitor devices whose activities are coordinated to reduce the number of open channels or sockets. The communications architecture also improves the transparency and scalability of the distributed system by reducing network mapping dependence. The architecture is desirably implemented in a proton beam therapy system to provide flexible security policies which improve patent safety and facilitate system maintenance and development.

Behavior-based network management: a unique model-based approach to implementing cyber superiority

NASA Astrophysics Data System (ADS)

Seng, Jocelyn M.

2016-05-01

Behavior-Based Network Management (BBNM) is a technological and strategic approach to mastering the identification and assessment of network behavior, whether human-driven or machine-generated. Recognizing that all five U.S. Air Force (USAF) mission areas rely on the cyber domain to support, enhance and execute their tasks, BBNM is designed to elevate awareness and improve the ability to better understand the degree of reliance placed upon a digital capability and the operational risk.2 Thus, the objective of BBNM is to provide a holistic view of the digital battle space to better assess the effects of security, monitoring, provisioning, utilization management, allocation to support mission sustainment and change control. Leveraging advances in conceptual modeling made possible by a novel advancement in software design and implementation known as Vector Relational Data Modeling (VRDM™), the BBNM approach entails creating a network simulation in which meaning can be inferred and used to manage network behavior according to policy, such as quickly detecting and countering malicious behavior. Initial research configurations have yielded executable BBNM models as combinations of conceptualized behavior within a network management simulation that includes only concepts of threats and definitions of "good" behavior. A proof of concept assessment called "Lab Rat," was designed to demonstrate the simplicity of network modeling and the ability to perform adaptation. The model was tested on real world threat data and demonstrated adaptive and inferential learning behavior. Preliminary results indicate this is a viable approach towards achieving cyber superiority in today's volatile, uncertain, complex and ambiguous (VUCA) environment.

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 47 Telecommunication 3 2011-10-01 2011-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 47 Telecommunication 3 2010-10-01 2010-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2013-10-01 2013-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.5111 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information. § 64.5111 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.5111 Section 64.5111 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2014-10-01 2014-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

47 CFR 64.2011 - Notification of customer proprietary network information security breaches.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Proprietary Network Information § 64.2011 Notification of customer proprietary network information security... 47 Telecommunication 3 2012-10-01 2012-10-01 false Notification of customer proprietary network information security breaches. 64.2011 Section 64.2011 Telecommunication FEDERAL COMMUNICATIONS COMMISSION...

A feedback-based secure path approach for wireless sensor network data collection.

PubMed

Mao, Yuxin; Wei, Guiyi

2010-01-01

The unattended nature of wireless sensor networks makes them very vulnerable to malicious attacks. Therefore, how to preserve secure data collection is an important issue to wireless sensor networks. In this paper, we propose a novel approach of secure data collection for wireless sensor networks. We explore secret sharing and multipath routing to achieve secure data collection in wireless sensor network with compromised nodes. We present a novel tracing-feedback mechanism, which makes full use of the routing functionality of wireless sensor networks, to improve the quality of data collection. The major advantage of the approach is that the secure paths are constructed as a by-product of data collection. The process of secure routing causes little overhead to the sensor nodes in the network. Compared with existing works, the algorithms of the proposed approach are easy to implement and execute in resource-constrained wireless sensor networks. According to the result of a simulation experiment, the performance of the approach is better than the recent approaches with a similar purpose.

Insecure Behaviors on Mobile Devices Under Stress

DTIC Science & Technology

2014-04-08

a text or in an email . The most secure network is only as secure as its most careless user. Thus, in the current project we sought to discover the...challenges in mobile security is human behavior. The most secure password may be useless if it is sent as a text or in an email . The most secure network...The most secure password may be useless if it is sent as a text or in an email . The most secure network is only as secure as its most careless user

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Improving the Quality of Service and Security of Military Networks with a Network Tasking Order Process

DTIC Science & Technology

2010-09-01

IMPROVING THE QUALITY OF SERVICE AND SECURITY OF MILITARY NETWORKS WITH A NETWORK TASKING ORDER...United States. AFIT/DCS/ENG/10-09 IMPROVING THE QUALITY OF SERVICE AND SECURITY OF MILITARY NETWORKS WITH A NETWORK TASKING ORDER PROCESS...USAF September 2010 APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED AFIT/DCS/ENG/10-09 IMPROVING THE QUALITY OF SERVICE AND

Field test of quantum key distribution in the Tokyo QKD Network.

PubMed

Sasaki, M; Fujiwara, M; Ishizuka, H; Klaus, W; Wakui, K; Takeoka, M; Miki, S; Yamashita, T; Wang, Z; Tanaka, A; Yoshino, K; Nambu, Y; Takahashi, S; Tajima, A; Tomita, A; Domeki, T; Hasegawa, T; Sakai, Y; Kobayashi, H; Asai, T; Shimizu, K; Tokura, T; Tsurumaru, T; Matsui, M; Honjo, T; Tamaki, K; Takesue, H; Tokura, Y; Dynes, J F; Dixon, A R; Sharpe, A W; Yuan, Z L; Shields, A J; Uchikoga, S; Legré, M; Robyr, S; Trinkler, P; Monat, L; Page, J-B; Ribordy, G; Poppe, A; Allacher, A; Maurhart, O; Länger, T; Peev, M; Zeilinger, A

2011-05-23

A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us to demonstrate the world-first secure TV conferencing over a distance of 45km. The network includes a commercial QKD product for long-term stable operation, and application interface to secure mobile phones. Detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network.

Mobile Virtual Private Networking

NASA Astrophysics Data System (ADS)

Pulkkis, Göran; Grahn, Kaj; Mårtens, Mathias; Mattsson, Jonny

Mobile Virtual Private Networking (VPN) solutions based on the Internet Security Protocol (IPSec), Transport Layer Security/Secure Socket Layer (SSL/TLS), Secure Shell (SSH), 3G/GPRS cellular networks, Mobile IP, and the presently experimental Host Identity Protocol (HIP) are described, compared and evaluated. Mobile VPN solutions based on HIP are recommended for future networking because of superior processing efficiency and network capacity demand features. Mobile VPN implementation issues associated with the IP protocol versions IPv4 and IPv6 are also evaluated. Mobile VPN implementation experiences are presented and discussed.

Evaluating open-source cloud computing solutions for geosciences

NASA Astrophysics Data System (ADS)

Huang, Qunying; Yang, Chaowei; Liu, Kai; Xia, Jizhe; Xu, Chen; Li, Jing; Gui, Zhipeng; Sun, Min; Li, Zhenglong

2013-09-01

Many organizations start to adopt cloud computing for better utilizing computing resources by taking advantage of its scalability, cost reduction, and easy to access characteristics. Many private or community cloud computing platforms are being built using open-source cloud solutions. However, little has been done to systematically compare and evaluate the features and performance of open-source solutions in supporting Geosciences. This paper provides a comprehensive study of three open-source cloud solutions, including OpenNebula, Eucalyptus, and CloudStack. We compared a variety of features, capabilities, technologies and performances including: (1) general features and supported services for cloud resource creation and management, (2) advanced capabilities for networking and security, and (3) the performance of the cloud solutions in provisioning and operating the cloud resources as well as the performance of virtual machines initiated and managed by the cloud solutions in supporting selected geoscience applications. Our study found that: (1) no significant performance differences in central processing unit (CPU), memory and I/O of virtual machines created and managed by different solutions, (2) OpenNebula has the fastest internal network while both Eucalyptus and CloudStack have better virtual machine isolation and security strategies, (3) Cloudstack has the fastest operations in handling virtual machines, images, snapshots, volumes and networking, followed by OpenNebula, and (4) the selected cloud computing solutions are capable for supporting concurrent intensive web applications, computing intensive applications, and small-scale model simulations without intensive data communication.

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-13

... Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and... classified national security information (classified information) on computer networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified information to be shared...

Controller–Pilot Data Link Communication Security

PubMed Central

Polishchuk, Tatiana; Wernberg, Max

2018-01-01

The increased utilization of the new types of cockpit communications, including controller–pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system. PMID:29783791

Controller⁻Pilot Data Link Communication Security.

PubMed

Gurtov, Andrei; Polishchuk, Tatiana; Wernberg, Max

2018-05-20

The increased utilization of the new types of cockpit communications, including controller⁻pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system.

Communication Security for Control Systems in Smart Grid

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

PubMed Central

Paramasivan, B.; Kaliappan, M.

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

PubMed

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Department of Homeland Security: Assessments of Selected Complex Acquisitions

DTIC Science & Technology

2010-06-01

10 The two nonmajor programs selected—the Biosurveillance Common...Management Directive AD 102-01, and approves acquisitions to proceed to their next acquisition life- cycle phases upon satisfaction of applicable ...programs are Biosurveillance Common Operating Network and the Integrated Public Alert and Warning System. BioWatch Generation-3 had not started

Edgeware Security Risk Management: A Three Essay Thesis on Cloud, Virtualization and Wireless Grid Vulnerabilities

ERIC Educational Resources Information Center

Brooks, Tyson T.

2013-01-01

This thesis identifies three essays which contribute to the foundational understanding of the vulnerabilities and risk towards potentially implementing wireless grid Edgeware technology in a virtualized cloud environment. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g. individuals who…

[Regional ecological planning and ecological network construction: a case study of "Ji Triangle" Region].

PubMed

Li, Bo; Han, Zeng-Lin; Tong, Lian-Jun

2009-05-01

By the methods of in situ investigation and regional ecological planning, the present ecological environment, ecosystem vulnerability, and ecological environment sensitivity in "Ji Triangle" Region were analyzed, and the ecological network of the study area was constructed. According to the ecological resources abundance degree, ecological recovery, farmland windbreak system, environmental carrying capacity, forestry foundation, and ecosystem integrity, the study area was classified into three regional ecological function ecosystems, i. e., east low hill ecosystem, middle plain ecosystem, and west plain wetland ecosystem. On the basis of marking regional ecological nodes, the regional ecological corridor (Haerbin-Dalian regional axis, Changchun-Jilin, Changchun-Songyuan, Jilin-Songyuan, Jilin-Siping, and Songyuan-Siping transportation corridor) and regional ecological network (one ring, three links, and three belts) were constructed. Taking the requests of regional ecological security into consideration, the ecological environment security system of "Ji Triangle" Region, including regional ecological conservation district, regional ecological restored district, and regional ecological management district, was built.

Evaluation of a Cyber Security System for Hospital Network.

PubMed

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

Detection of network attacks based on adaptive resonance theory

NASA Astrophysics Data System (ADS)

Bukhanov, D. G.; Polyakov, V. M.

2018-05-01

The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

3 CFR 13587 - Executive Order 13587 of October 7, 2011. Structural Reforms To Improve the Security of...

Code of Federal Regulations, 2012 CFR

2012-01-01

... Reforms To Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of... October 7, 2011 EO 13587 Structural Reforms To Improve the Security of Classified Networks and the... networks, it is hereby ordered as follows: Section 1. Policy. Our Nation's security requires classified...

Understand the Big Picture So You Can Plan for Network Security

ERIC Educational Resources Information Center

Cervone, Frank

2005-01-01

This article discusses network security for libraries. It indicates that there were only six exploit (security exposure) problems, worldwide, reported to the CERT Coordination Center back in 1988. In that year, the CERT had just been established to provide a clearinghouse for exchanging information about network security problems. By 2003, the…

Using Public Network Infrastructures for UAV Remote Sensing in Civilian Security Operations

DTIC Science & Technology

2011-03-01

leveraging public wireless communication networks for UAV-based sensor networks with respect to existing constraints and user requirements...Detection with an Autonomous Micro UAV Mesh Network . In the near future police departments, fire brigades and other homeland security ...UAV-based sensor networks with respect to existing constraints and user requirements. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION

Virtual management of radiology examinations in the virtual radiology environment using common object request broker architecture services.

PubMed

Martinez, R; Rozenblit, J; Cook, J F; Chacko, A K; Timboe, H L

1999-05-01

In the Department of Defense (DoD), US Army Medical Command is now embarking on an extremely exciting new project--creating a virtual radiology environment (VRE) for the management of radiology examinations. The business of radiology in the military is therefore being reengineered on several fronts by the VRE Project. In the VRE Project, a set of intelligent agent algorithms determine where examinations are to routed for reading bases on a knowledge base of the entire VRE. The set of algorithms, called the Meta-Manager, is hierarchical and uses object-based communications between medical treatment facilities (MTFs) and medical centers that have digital imaging network picture archiving and communications systems (DIN-PACS) networks. The communications is based on use of common object request broker architecture (CORBA) objects and services to send patient demographics and examination images from DIN-PACS networks in the MTFs to the DIN-PACS networks at the medical centers for diagnosis. The Meta-Manager is also responsible for updating the diagnosis at the originating MTF. CORBA services are used to perform secure message communications between DIN-PACS nodes in the VRE network. The Meta-Manager has a fail-safe architecture that allows the master Meta-Manager function to float to regional Meta-Manager sites in case of server failure. A prototype of the CORBA-based Meta-Manager is being developed by the University of Arizona's Computer Engineering Research Laboratory using the unified modeling language (UML) as a design tool. The prototype will implement the main functions described in the Meta-Manager design specification. The results of this project are expected to reengineer the process of radiology in the military and have extensions to commercial radiology environments.

Optimal service distribution in WSN service system subject to data security constraints.

PubMed

Wu, Zhao; Xiong, Naixue; Huang, Yannong; Gu, Qiong

2014-08-04

Services composition technology provides a flexible approach to building Wireless Sensor Network (WSN) Service Applications (WSA) in a service oriented tasking system for WSN. Maintaining the data security of WSA is one of the most important goals in sensor network research. In this paper, we consider a WSN service oriented tasking system in which the WSN Services Broker (WSB), as the resource management center, can map the service request from user into a set of atom-services (AS) and send them to some independent sensor nodes (SN) for parallel execution. The distribution of ASs among these SNs affects the data security as well as the reliability and performance of WSA because these SNs can be of different and independent specifications. By the optimal service partition into the ASs and their distribution among SNs, the WSB can provide the maximum possible service reliability and/or expected performance subject to data security constraints. This paper proposes an algorithm of optimal service partition and distribution based on the universal generating function (UGF) and the genetic algorithm (GA) approach. The experimental analysis is presented to demonstrate the feasibility of the suggested algorithm.

Optimal Service Distribution in WSN Service System Subject to Data Security Constraints

PubMed Central

Wu, Zhao; Xiong, Naixue; Huang, Yannong; Gu, Qiong

2014-01-01

Services composition technology provides a flexible approach to building Wireless Sensor Network (WSN) Service Applications (WSA) in a service oriented tasking system for WSN. Maintaining the data security of WSA is one of the most important goals in sensor network research. In this paper, we consider a WSN service oriented tasking system in which the WSN Services Broker (WSB), as the resource management center, can map the service request from user into a set of atom-services (AS) and send them to some independent sensor nodes (SN) for parallel execution. The distribution of ASs among these SNs affects the data security as well as the reliability and performance of WSA because these SNs can be of different and independent specifications. By the optimal service partition into the ASs and their distribution among SNs, the WSB can provide the maximum possible service reliability and/or expected performance subject to data security constraints. This paper proposes an algorithm of optimal service partition and distribution based on the universal generating function (UGF) and the genetic algorithm (GA) approach. The experimental analysis is presented to demonstrate the feasibility of the suggested algorithm. PMID:25093346

Potential uses of a wireless network in physical security systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Witzke, Edward L.

2010-07-01

Many possible applications requiring or benefiting from a wireless network are available for bolstering physical security and awareness at high security installations or facilities. These enhancements are not always straightforward and may require careful analysis, selection, tuning, and implementation of wireless technologies. In this paper, an introduction to wireless networks and the task of enhancing physical security is first given. Next, numerous applications of a wireless network are brought forth. The technical issues that arise when using a wireless network to support these applications are then discussed. Finally, a summary is presented.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Internet Portal For A Distributed Management of Groundwater

NASA Astrophysics Data System (ADS)

Meissner, U. F.; Rueppel, U.; Gutzke, T.; Seewald, G.; Petersen, M.

The management of groundwater resources for the supply of German cities and sub- urban areas has become a matter of public interest during the last years. Negative headlines in the Rhein-Main-Area dealt with cracks in buildings as well as damaged woodlands and inundated agriculture areas as an effect of varying groundwater levels. Usually a holistic management of groundwater resources is not existent because of the complexity of the geological system, the large number of involved groups and their divergent interests and a lack of essential information. The development of a network- based information system for an efficient groundwater management was the target of the project: ?Grundwasser-Online?[1]. The management of groundwater resources has to take into account various hydro- geological, climatic, water-economical, chemical and biological interrelations [2]. Thus, the traditional approaches in information retrieval, which are characterised by a high personnel and time expenditure, are not sufficient. Furthermore, the efficient control of the groundwater cultivation requires a direct communication between the different water supply companies, the consultant engineers, the scientists, the govern- mental agencies and the public, by using computer networks. The presented groundwater information system consists of different components, especially for the collection, storage, evaluation and visualisation of groundwater- relevant information. Network-based technologies are used [3]. For the collection of time-dependant groundwater-relevant information, modern technologies of Mobile Computing have been analysed in order to provide an integrated approach in the man- agement of large groundwater systems. The aggregated information is stored within a distributed geo-scientific database system which enables a direct integration of simu- lation programs for the evaluation of interactions in groundwater systems. Thus, even a prognosis for the evolution of groundwater states can be given. In order to gener- ate reports automatically, technologies are utilised. The visualisation of geo-scientific databases in the internet considering their geographic reference is performed with internet map servers. According to the communication of the map server with the un- derlying geo-scientific database, it is necessary that the demanded data can be filtered interactively in the internet browser using chronological and logical criteria. With re- gard to public use the security aspects within the described distributed system are of 1 major importance. Therefore, security methods for the modelling of access rights in combination with digital signatures have been analysed and implemented in order to provide a secure data exchange and communication between the different partners in the network 2

Security of Quantum Repeater Network Operation

DTIC Science & Technology

2016-10-03

readily in quantum networks than in classical networks. Our presentation at the SENT workshop attracted the attention of computer and network researchers...AFRL-AFOSR-JP-TR-2016-0079 Security of Quantum Repeater Network Operation Rodney Van Meter KEIO UNIVERSITY Final Report 10/03/2016 DISTRIBUTION A...To)  29 May 2014 to 28 May 2016 4. TITLE AND SUBTITLE Security of Quantum Repeater Network Operation 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386

A Feedback-Based Secure Path Approach for Wireless Sensor Network Data Collection

PubMed Central

Mao, Yuxin; Wei, Guiyi

2010-01-01

The unattended nature of wireless sensor networks makes them very vulnerable to malicious attacks. Therefore, how to preserve secure data collection is an important issue to wireless sensor networks. In this paper, we propose a novel approach of secure data collection for wireless sensor networks. We explore secret sharing and multipath routing to achieve secure data collection in wireless sensor network with compromised nodes. We present a novel tracing-feedback mechanism, which makes full use of the routing functionality of wireless sensor networks, to improve the quality of data collection. The major advantage of the approach is that the secure paths are constructed as a by-product of data collection. The process of secure routing causes little overhead to the sensor nodes in the network. Compared with existing works, the algorithms of the proposed approach are easy to implement and execute in resource-constrained wireless sensor networks. According to the result of a simulation experiment, the performance of the approach is better than the recent approaches with a similar purpose. PMID:22163424

Applications for radio-frequency identification technology in the perioperative setting.

PubMed

Zhao, Tiyu; Zhang, Xiaoxiang; Zeng, Lili; Xia, Shuyan; Hinton, Antentor Othrell; Li, Xiuyun

2014-06-01

We implemented a two-year project to develop a security-gated management system for the perioperative setting using radio-frequency identification (RFID) technology to enhance the management efficiency of the OR. We installed RFID readers beside the entrances to the OR and changing areas to receive and process signals from the RFID tags that we sewed into surgical scrub attire and shoes. The system also required integrating automatic access control panels, computerized lockers, light-emitting diode (LED) information screens, wireless networks, and an information system. By doing this, we are able to control the flow of personnel and materials more effectively, reduce OR costs, optimize the registration and attire-changing process for personnel, and improve management efficiency. We also anticipate this system will improve patient safety by reducing the risk of surgical site infection. Application of security-gated management systems is an important and effective way to help ensure a clean, convenient, and safe management process to manage costs in the perioperative area and promote patient safety. Copyright © 2014 AORN, Inc. Published by Elsevier Inc. All rights reserved.

SCODE: A Secure Coordination-Based Data Dissemination to Mobile Sinks in Sensor Networks

NASA Astrophysics Data System (ADS)

Hung, Lexuan; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

For many sensor network applications such as military, homeland security, it is necessary for users (sinks) to access sensor networks while they are moving. However, sink mobility brings new challenges to secure routing in large-scale sensor networks. Mobile sinks have to constantly propagate their current location to all nodes, and these nodes need to exchange messages with each other so that the sensor network can establish and maintain a secure multi-hop path between a source node and a mobile sink. This causes significant computation and communication overhead for sensor nodes. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. In this paper, we propose a secure and energy-efficient data dissemination protocol — Secure COodination-based Data dissEmination (SCODE) — for mobile sinks in sensor networks. We take advantages of coordination networks (grid structure) based on Geographical Adaptive Fidelity (GAF) protocol to construct a secure and efficient routing path between sources and sinks. Our security analysis demonstrates that the proposed protocol can defend against common attacks in sensor network routing such as replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Our performance evaluation both in mathematical analysis and simulation shows that the SCODE significantly reduces communication overhead and energy consumption while the latency is similar compared with the existing routing protocols, and it always delivers more than 90 percentage of packets successfully.

Space Communications and Navigation (SCaN) Integrated Network Architecture Definition Document (ADD). Volume 1; Executive Summary; Revision 1

NASA Technical Reports Server (NTRS)

Younes, Badri A.; Schier, James S.

2010-01-01

The SCaN Program has defined an integrated network architecture that fully meets the Administrator s mandate to the Program, and will result in a NASA infrastructure capable of providing the needed and enabling communications services to future space missions. The integrated network architecture will increase SCaN operational efficiency and interoperability through standardization, commonality and technology infusion. It will enable NASA missions requiring advanced communication and tracking capabilities such as: a. Optical communication b. Antenna arraying c. Lunar and Mars Relays d. Integrated network management (service management and network control) and integrated service execution e. Enhanced tracking for navigation f. Space internetworking with DTN and IP g. End-to-end security h. Enhanced security services Moreover, the SCaN Program has created an Integrated Network Roadmap that depicts an orchestrated and coherent evolution path toward the target architecture, encompassing all aspects that concern network assets (i.e., operations and maintenance, sustaining engineering, upgrade efforts, and major development). This roadmap identifies major NASA ADPs, and shows dependencies and drivers among the various planned undertakings and timelines. The roadmap is scalable to accommodate timely adjustments in response to Agency needs, goals, objectives and funding. Future challenges to implementing this architecture include balancing user mission needs, technology development, and the availability of funding within NASA s priorities. Strategies for addressing these challenges are to: define a flexible architecture, update the architecture periodically, use ADPs to evaluate options and determine when to make decisions, and to engage the stakeholders in these evaluations. In addition, the SCaN Program will evaluate and respond to mission need dates for technical and operational capabilities to be provided by the SCaN integrated network. In that regard, the architecture defined in this ADD is scalable to accommodate programmatic and technical changes.

Verifying the secure setup of UNIX client/servers and detection of network intrusion

NASA Astrophysics Data System (ADS)

Feingold, Richard; Bruestle, Harry R.; Bartoletti, Tony; Saroyan, R. A.; Fisher, John M.

1996-03-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today's global `Infosphere' presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI's broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI's use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on the Ethernet broadcast Local Area Network segment and product transcripts of suspicious user connections. NID's retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.

Protocol independent transmission method in software defined optical network

NASA Astrophysics Data System (ADS)

Liu, Yuze; Li, Hui; Hou, Yanfang; Qiu, Yajun; Ji, Yuefeng

2016-10-01

With the development of big data and cloud computing technology, the traditional software-defined network is facing new challenges (e.i., ubiquitous accessibility, higher bandwidth, more flexible management and greater security). Using a proprietary protocol or encoding format is a way to improve information security. However, the flow, which carried by proprietary protocol or code, cannot go through the traditional IP network. In addition, ultra- high-definition video transmission service once again become a hot spot. Traditionally, in the IP network, the Serial Digital Interface (SDI) signal must be compressed. This approach offers additional advantages but also bring some disadvantages such as signal degradation and high latency. To some extent, HD-SDI can also be regard as a proprietary protocol, which need transparent transmission such as optical channel. However, traditional optical networks cannot support flexible traffics . In response to aforementioned challenges for future network, one immediate solution would be to use NFV technology to abstract the network infrastructure and provide an all-optical switching topology graph for the SDN control plane. This paper proposes a new service-based software defined optical network architecture, including an infrastructure layer, a virtualization layer, a service abstract layer and an application layer. We then dwell on the corresponding service providing method in order to implement the protocol-independent transport. Finally, we experimentally evaluate that proposed service providing method can be applied to transmit the HD-SDI signal in the software-defined optical network.

Towards secure quantum key distribution protocol for wireless LANs: a hybrid approach

NASA Astrophysics Data System (ADS)

Naik, R. Lalu; Reddy, P. Chenna

2015-12-01

The primary goals of security such as authentication, confidentiality, integrity and non-repudiation in communication networks can be achieved with secure key distribution. Quantum mechanisms are highly secure means of distributing secret keys as they are unconditionally secure. Quantum key distribution protocols can effectively prevent various attacks in the quantum channel, while classical cryptography is efficient in authentication and verification of secret keys. By combining both quantum cryptography and classical cryptography, security of communications over networks can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic paradigms for provably secure communications to prevent replay, man-in-the-middle, and passive attacks. In this paper, we propose a new scheme with the combination of quantum cryptography and classical cryptography for 802.11i wireless LANs. Since quantum cryptography is premature in wireless networks, our work is a significant step forward toward securing communications in wireless networks. Our scheme is known as hybrid quantum key distribution protocol. Our analytical results revealed that the proposed scheme is provably secure for wireless networks.

Lack of security of networked medical equipment in radiology.

PubMed

Moses, Vinu; Korah, Ipeson

2015-02-01

OBJECTIVE. There are few articles in the literature describing the security and safety aspects of networked medical equipment in radiology departments. Most radiologists are unaware of the security issues. We review the security of the networked medical equipment of a typical radiology department. MATERIALS AND METHODS. All networked medical equipment in a radiology department was scanned for vulnerabilities with a port scanner and a network vulnerability scanner, and the vulnerabilities were classified using the Common Vulnerability Scoring System. A network sniffer was used to capture and analyze traffic on the radiology network for exposure of confidential patient data. We reviewed the use of antivirus software and firewalls on the networked medical equipment. USB ports and CD and DVD drives in the networked medical equipment were tested to see whether they allowed unauthorized access. Implementation of the virtual private network (VPN) that vendors use to access the radiology network was reviewed. RESULTS. Most of the networked medical equipment in our radiology department used vulnerable software with open ports and services. Of the 144 items scanned, 64 (44%) had at least one critical vulnerability, and 119 (83%) had at least one high-risk vulnerability. Most equipment did not encrypt traffic and allowed capture of confidential patient data. Of the 144 items scanned, two (1%) used antivirus software and three (2%) had a firewall enabled. The USB ports were not secure on 49 of the 58 (84%) items with USB ports, and the CD or DVD drive was not secure on 17 of the 31 (55%) items with a CD or DVD drive. One of three vendors had an insecure implementation of VPN access. CONCLUSION. Radiologists and the medical industry need to urgently review and rectify the security issues in existing networked medical equipment. We hope that the results of our study and this article also raise awareness among radiologists about the security issues of networked medical equipment.

A Secure Region-Based Geographic Routing Protocol (SRBGR) for Wireless Sensor Networks

PubMed Central

Adnan, Ali Idarous; Hanapi, Zurina Mohd; Othman, Mohamed; Zukarnain, Zuriati Ahmad

2017-01-01

Due to the lack of dependency for routing initiation and an inadequate allocated sextant on responding messages, the secure geographic routing protocols for Wireless Sensor Networks (WSNs) have attracted considerable attention. However, the existing protocols are more likely to drop packets when legitimate nodes fail to respond to the routing initiation messages while attackers in the allocated sextant manage to respond. Furthermore, these protocols are designed with inefficient collection window and inadequate verification criteria which may lead to a high number of attacker selections. To prevent the failure to find an appropriate relay node and undesirable packet retransmission, this paper presents Secure Region-Based Geographic Routing Protocol (SRBGR) to increase the probability of selecting the appropriate relay node. By extending the allocated sextant and applying different message contention priorities more legitimate nodes can be admitted in the routing process. Moreover, the paper also proposed the bound collection window for a sufficient collection time and verification cost for both attacker identification and isolation. Extensive simulation experiments have been performed to evaluate the performance of the proposed protocol in comparison with other existing protocols. The results demonstrate that SRBGR increases network performance in terms of the packet delivery ratio and isolates attacks such as Sybil and Black hole. PMID:28121992

A Secure Region-Based Geographic Routing Protocol (SRBGR) for Wireless Sensor Networks.

PubMed

Adnan, Ali Idarous; Hanapi, Zurina Mohd; Othman, Mohamed; Zukarnain, Zuriati Ahmad

2017-01-01

Due to the lack of dependency for routing initiation and an inadequate allocated sextant on responding messages, the secure geographic routing protocols for Wireless Sensor Networks (WSNs) have attracted considerable attention. However, the existing protocols are more likely to drop packets when legitimate nodes fail to respond to the routing initiation messages while attackers in the allocated sextant manage to respond. Furthermore, these protocols are designed with inefficient collection window and inadequate verification criteria which may lead to a high number of attacker selections. To prevent the failure to find an appropriate relay node and undesirable packet retransmission, this paper presents Secure Region-Based Geographic Routing Protocol (SRBGR) to increase the probability of selecting the appropriate relay node. By extending the allocated sextant and applying different message contention priorities more legitimate nodes can be admitted in the routing process. Moreover, the paper also proposed the bound collection window for a sufficient collection time and verification cost for both attacker identification and isolation. Extensive simulation experiments have been performed to evaluate the performance of the proposed protocol in comparison with other existing protocols. The results demonstrate that SRBGR increases network performance in terms of the packet delivery ratio and isolates attacks such as Sybil and Black hole.

Automating Network Node Behavior Characterization by Mining Communication Patterns

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Chikkagoudar, Satish; Arthur-Durett, Kristine M.

Enterprise networks of scale are complex, dynamic computing environments that respond to evolv- ing business objectives and requirements. Characteriz- ing system behaviors in these environments is essential for network management and cyber security operations. Characterization of system’s communication is typical and is supported using network flow information (NetFlow). Related work has characterized behavior using theoretical graph metrics; results are often difficult to interpret by enterprise staff. We propose a different approach, where flow information is mapped to sets of tags that contextualize the data in terms of network principals and enterprise concepts. Frequent patterns are then extracted and are expressedmore » as behaviors. Behaviors can be com- pared, identifying systems expressing similar behaviors. We evaluate the approach using flow information collected by a third party.« less

TD-LTE Wireless Private Network QoS Transmission Protection

NASA Astrophysics Data System (ADS)

Zhang, Jianming; Cheng, Chao; Wu, Zanhong

With the commencement of construction of the smart grid, the demand power business for reliability and security continues to improve, the reliability transmission of power TD-LTE Wireless Private Network are more and more attention. For TD-LTE power private network, it can provide different QoS services according to the user's business type, to protect the reliable transmission of business. This article describes in detail the AF module of PCC in the EPC network, specifically introduces set up AF module station and QoS mechanisms in the EPS load, fully considers the business characteristics of the special power network, establishing a suitable architecture for mapping QoS parameters, ensuring the implementation of each QoS business. Through using radio bearer management, we can achieve the reliable transmission of each business on physical channel.

Research and realization implementation of monitor technology on illegal external link of classified computer

NASA Astrophysics Data System (ADS)

Zhang, Hong

2017-06-01

In recent years, with the continuous development and application of network technology, network security has gradually entered people's field of vision. The host computer network external network of violations is an important reason for the threat of network security. At present, most of the work units have a certain degree of attention to network security, has taken a lot of means and methods to prevent network security problems such as the physical isolation of the internal network, install the firewall at the exit. However, these measures and methods to improve network security are often not comply with the safety rules of human behavior damage. For example, the host to wireless Internet access and dual-network card to access the Internet, inadvertently formed a two-way network of external networks and computer connections [1]. As a result, it is possible to cause some important documents and confidentiality leak even in the the circumstances of user unaware completely. Secrecy Computer Violation Out-of-band monitoring technology can largely prevent the violation by monitoring the behavior of the offending connection. In this paper, we mainly research and discuss the technology of secret computer monitoring.

A system to build distributed multivariate models and manage disparate data sharing policies: implementation in the scalable national network for effectiveness research.

PubMed

Meeker, Daniella; Jiang, Xiaoqian; Matheny, Michael E; Farcas, Claudiu; D'Arcy, Michel; Pearlman, Laura; Nookala, Lavanya; Day, Michele E; Kim, Katherine K; Kim, Hyeoneui; Boxwala, Aziz; El-Kareh, Robert; Kuo, Grace M; Resnic, Frederic S; Kesselman, Carl; Ohno-Machado, Lucila

2015-11-01

Centralized and federated models for sharing data in research networks currently exist. To build multivariate data analysis for centralized networks, transfer of patient-level data to a central computation resource is necessary. The authors implemented distributed multivariate models for federated networks in which patient-level data is kept at each site and data exchange policies are managed in a study-centric manner. The objective was to implement infrastructure that supports the functionality of some existing research networks (e.g., cohort discovery, workflow management, and estimation of multivariate analytic models on centralized data) while adding additional important new features, such as algorithms for distributed iterative multivariate models, a graphical interface for multivariate model specification, synchronous and asynchronous response to network queries, investigator-initiated studies, and study-based control of staff, protocols, and data sharing policies. Based on the requirements gathered from statisticians, administrators, and investigators from multiple institutions, the authors developed infrastructure and tools to support multisite comparative effectiveness studies using web services for multivariate statistical estimation in the SCANNER federated network. The authors implemented massively parallel (map-reduce) computation methods and a new policy management system to enable each study initiated by network participants to define the ways in which data may be processed, managed, queried, and shared. The authors illustrated the use of these systems among institutions with highly different policies and operating under different state laws. Federated research networks need not limit distributed query functionality to count queries, cohort discovery, or independently estimated analytic models. Multivariate analyses can be efficiently and securely conducted without patient-level data transport, allowing institutions with strict local data storage requirements to participate in sophisticated analyses based on federated research networks. © The Author 2015. Published by Oxford University Press on behalf of the American Medical Informatics Association.

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

NASA Astrophysics Data System (ADS)

Hassan, Ahmed A.; Bahgat, Waleed M.

2010-01-01

Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

Smart sensing surveillance system

NASA Astrophysics Data System (ADS)

Hsu, Charles; Chu, Kai-Dee; O'Looney, James; Blake, Michael; Rutar, Colleen

2010-04-01

Unattended ground sensor (UGS) networks have been widely used in remote battlefield and other tactical applications over the last few decades due to the advances of the digital signal processing. The UGS network can be applied in a variety of areas including border surveillance, special force operations, perimeter and building protection, target acquisition, situational awareness, and force protection. In this paper, a highly-distributed, fault-tolerant, and energyefficient Smart Sensing Surveillance System (S4) is presented to efficiently provide 24/7 and all weather security operation in a situation management environment. The S4 is composed of a number of distributed nodes to collect, process, and disseminate heterogeneous sensor data. Nearly all S4 nodes have passive sensors to provide rapid omnidirectional detection. In addition, Pan- Tilt- Zoom- (PTZ) Electro-Optics EO/IR cameras are integrated to selected nodes to track the objects and capture associated imagery. These S4 camera-connected nodes will provide applicable advanced on-board digital image processing capabilities to detect and track the specific objects. The imaging detection operations include unattended object detection, human feature and behavior detection, and configurable alert triggers, etc. In the S4, all the nodes are connected with a robust, reconfigurable, LPI/LPD (Low Probability of Intercept/ Low Probability of Detect) wireless mesh network using Ultra-wide band (UWB) RF technology, which can provide an ad-hoc, secure mesh network and capability to relay network information, communicate and pass situational awareness and messages. The S4 utilizes a Service Oriented Architecture such that remote applications can interact with the S4 network and use the specific presentation methods. The S4 capabilities and technologies have great potential for both military and civilian applications, enabling highly effective security support tools for improving surveillance activities in densely crowded environments and near perimeters and borders. The S4 is compliant with Open Geospatial Consortium - Sensor Web Enablement (OGC-SWE®) standards. It would be directly applicable to solutions for emergency response personnel, law enforcement, and other homeland security missions, as well as in applications requiring the interoperation of sensor networks with handheld or body-worn interface devices.

The science, technology and research network (STARNET) a searchable thematic compilation of web resources

USGS Publications Warehouse

Blados, W.R.; Cotter, G.A.; Hermann, T.

2007-01-01

International alliances in space efforts have resulted in a more rapid diffusion of space technology. This, in turn, increases pressure on organizations to push forward with technological developments and to take steps to maximize their inclusion into the research and development (R&D) process and the overall advancement and enhancement of space technology. To cope with this vast and rapidly growing amount of data and information that is vital to the success of the innovation, the Information Management Committee (IMC) of the Research Technology Agency (RTA) developed the science, technology and research network (STARNET). The purpose of this network is to facilitate access to worldwide information elements in terms of science, technology and overall research. It provides a virtual library with special emphasis on international security; a "one stop" information resource for policy makers, program managers, scientists, engineers, researchers and others. ?? 2007 IEEE.

The UK DNA banking network: a "fair access" biobank.

PubMed

Yuille, Martin; Dixon, Katherine; Platt, Andrew; Pullum, Simon; Lewis, David; Hall, Alistair; Ollier, William

2010-08-01

The UK DNA Banking Network (UDBN) is a secondary biobank: it aggregates and manages resources (samples and data) originated by others. The network comprises, on the one hand, investigator groups led by clinicians each with a distinct disease specialism and, on the other hand, a research infrastructure to manage samples and data. The infrastructure addresses the problem of providing secure quality-assured accrual, storage, replenishment and distribution capacities for samples and of facilitating access to DNA aliquots and data for new peer-reviewed studies in genetic epidemiology. 'Fair access' principles and practices have been pragmatically developed that, unlike open access policies in this area, are not cumbersome but, rather, are fit for the purpose of expediting new study designs and their implementation. UDBN has so far distributed >60,000 samples for major genotyping studies yielding >10 billion genotypes. It provides a working model that can inform progress in biobanking nationally, across Europe and internationally.

Overcoming the challenges of secure mobile applications for network-centric, data-sensitive applications

NASA Astrophysics Data System (ADS)

Farroha, Bassam; Farroha, Deborah

2012-05-01

Gaining the competitive advantage in today's aggressive environment requires our corporate leaders and Warfighters alike to be armed with up-to-date knowledge related to friendly and opposing forces. This knowledge has to be delivered in real-time between the core enterprise and tactical/mobile units at the edge. The type and sensitivity of data delivered will vary depending on users, threat level and current rules of dissemination. This paper will describe the mobile security management that basis access rights on positive identification of user, authenticating the user and the edge device. Next, Access Management is granted on a fine grain basis where each data element is tagged with meta-data that is crypto-bound to the data itself to ensure authenticity of contents and observance of data sensitivity.

MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain.

PubMed

Fan, Kai; Wang, Shangyang; Ren, Yanhui; Li, Hui; Yang, Yintang

2018-06-21

With the development of electronic information technology, electronic medical records (EMRs) have been a common way to store the patients' data in hospitals. They are stored in different hospitals' databases, even for the same patient. Therefore, it is difficult to construct a summarized EMR for one patient from multiple hospital databases due to the security and privacy concerns. Meanwhile, current EMRs systems lack a standard data management and sharing policy, making it difficult for pharmaceutical scientists to develop precise medicines based on data obtained under different policies. To solve the above problems, we proposed a blockchain-based information management system, MedBlock, to handle patients' information. In this scheme, the distributed ledger of MedBlock allows the efficient EMRs access and EMRs retrieval. The improved consensus mechanism achieves consensus of EMRs without large energy consumption and network congestion. In addition, MedBlock also exhibits high information security combining the customized access control protocols and symmetric cryptography. MedBlock can play an important role in the sensitive medical information sharing.

Internet firewalls: questions and answers

NASA Astrophysics Data System (ADS)

Ker, Keith

1996-03-01

As organizations consider connecting to the Internet, the issue of internetwork security becomes more important. There are many tools and components that can be used to secure a network, one of which is a firewall. Modern firewalls offer highly flexible private network security by controlling and monitoring all communications passing into or out of the private network. Specifically designed for security, firewalls become the private network's single point of attack from Internet intruders. Application gateways (or proxies) that have been written to be secure against even the most persistent attacks ensure that only authorized users and services access the private network. One-time passwords prevent intruders from `sniffing' and replaying the usernames and passwords of authorized users to gain access to the private network. Comprehensive logging permits constant and uniform system monitoring. `Address spoofing' attacks are prevented. The private network may use registered or unregistered IP addresses behind the firewall. Firewall-to-firewall encryption establishes a `virtual private network' across the Internet, preventing intruders from eavesdropping on private communications, eliminating the need for costly dedicated lines.

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

Ensuring Data Storage Security in Tree cast Routing Architecture for Sensor Networks

NASA Astrophysics Data System (ADS)

Kumar, K. E. Naresh; Sagar, U. Vidya; Waheed, Mohd. Abdul

2010-10-01

In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, this routing architecture moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this paper, we focus on data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in this architecture, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

Enabling Earth Science: The Facilities and People of the NCCS

NASA Technical Reports Server (NTRS)

2002-01-01

The NCCS's mass data storage system allows scientists to store and manage the vast amounts of data generated by these computations, and its high-speed network connections allow the data to be accessed quickly from the NCCS archives. Some NCCS users perform studies that are directly related to their ability to run computationally expensive and data-intensive simulations. Because the number and type of questions scientists research often are limited by computing power, the NCCS continually pursues the latest technologies in computing, mass storage, and networking technologies. Just as important as the processors, tapes, and routers of the NCCS are the personnel who administer this hardware, create and manage accounts, maintain security, and assist the scientists, often working one on one with them.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-07-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Experimental realization of an entanglement access network and secure multi-party computation

NASA Astrophysics Data System (ADS)

Chang, Xiuying; Deng, Donglin; Yuan, Xinxing; Hou, Panyu; Huang, Yuanyuan; Duan, Luming; Department of Physics, University of Michigan Collaboration; CenterQuantum Information in Tsinghua University Team

2017-04-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

Visual analysis of large heterogeneous social networks by semantic and structural abstraction.

PubMed

Shen, Zeqian; Ma, Kwan-Liu; Eliassi-Rad, Tina

2006-01-01

Social network analysis is an active area of study beyond sociology. It uncovers the invisible relationships between actors in a network and provides understanding of social processes and behaviors. It has become an important technique in a variety of application areas such as the Web, organizational studies, and homeland security. This paper presents a visual analytics tool, OntoVis, for understanding large, heterogeneous social networks, in which nodes and links could represent different concepts and relations, respectively. These concepts and relations are related through an ontology (also known as a schema). OntoVis is named such because it uses information in the ontology associated with a social network to semantically prune a large, heterogeneous network. In addition to semantic abstraction, OntoVis also allows users to do structural abstraction and importance filtering to make large networks manageable and to facilitate analytic reasoning. All these unique capabilities of OntoVis are illustrated with several case studies.

Assessment of Performance Measures for Security of the Maritime Transportation Network, Port Security Metrics : Proposed Measurement of Deterrence Capability

DOT National Transportation Integrated Search

2007-01-03

This report is the thirs in a series describing the development of performance measures pertaining to the security of the maritime transportation network (port security metrics). THe development of measures to guide improvements in maritime security ...

Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2009-01-01

A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

Guidelines for Network Security in the Learning Environment.

ERIC Educational Resources Information Center

Littman, Marlyn Kemper

1996-01-01

Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

Efficient Management of Certificate Revocation Lists in Smart Grid Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Cebe, Mumin; Akkaya, Kemal

Advanced Metering Infrastructure (AMI) forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication within an AMI needs to be secure, key management becomes an issue due to overhead and limited resources. While using public-keys eliminate some of the overhead of key management, there is still challenges regarding certificates that store and certify the publickeys. In particular, distribution and storage of certificate revocation list (CRL) is major a challenge due to cost of distribution and storage in AMI networks which typically consist of wireless multi-hop networks. Motivated by the need ofmore » keeping the CRL distribution and storage cost effective and scalable, in this paper, we present a distributed CRL management model utilizing the idea of distributed hash trees (DHTs) from peer-to-peer (P2P) networks. The basic idea is to share the burden of storage of CRLs among all the smart meters by exploiting the meshing capability of the smart meters among each other. Thus, using DHTs not only reduces the space requirements for CRLs but also makes the CRL updates more convenient. We implemented this structure on ns-3 using IEEE 802.11s mesh standard as a model for AMI and demonstrated its superior performance with respect to traditional methods of CRL management through extensive simulations.« less

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Telecommunications automated information systems and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National... network security. Each agency head shall ensure that classified information electronically accessed...

High Assurance Models for Secure Systems

ERIC Educational Resources Information Center

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

Secure remote synchronization and secure key distribution in electro-optic networks revealed by symmetries

NASA Astrophysics Data System (ADS)

Xu, Mingfeng; Pan, Wei; Zhang, Liyue

2018-07-01

Despite the intuition that synchronization of different nodes in coupled oscillator networks results from information exchange between them, it has recently been shown that remote nodes could be partially synchronous even when they are separated by intermediately unsynchronized nodes. Here based on electro-optic system, we report on a more stronger form of such synchronization pattern that is termed as secure remote synchronization, in which two remotely separated nodes could have identically synchronized dynamical behaviors while the rest of the network are both statistically and information-theoretically incoherent relative to the two synchronized nodes. The generalized form of mirror symmetry in the network structure is identified to be a key mechanism allowing for secure remote synchronization. Moreover, this synchronization mode is robust against a wild range of system parameters and noise perturbing the intermediary dynamics. The lack of information about the synchronized dynamics in the rest of the network suggests that our results could potentially lead to network-based solutions for secure key distribution and secure communication.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

Verifying the secure setup of Unix client/servers and detection of network intrusion

DOE Office of Scientific and Technical Information (OSTI.GOV)

Feingold, R.; Bruestle, H.R.; Bartoletti, T.

1995-07-01

This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to checkmore » on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.« less

High capacity fiber optic sensor networks using hybrid multiplexing techniques and their applications

NASA Astrophysics Data System (ADS)

Sun, Qizhen; Li, Xiaolei; Zhang, Manliang; Liu, Qi; Liu, Hai; Liu, Deming

2013-12-01

Fiber optic sensor network is the development trend of fiber senor technologies and industries. In this paper, I will discuss recent research progress on high capacity fiber sensor networks with hybrid multiplexing techniques and their applications in the fields of security monitoring, environment monitoring, Smart eHome, etc. Firstly, I will present the architecture of hybrid multiplexing sensor passive optical network (HSPON), and the key technologies for integrated access and intelligent management of massive fiber sensor units. Two typical hybrid WDM/TDM fiber sensor networks for perimeter intrusion monitor and cultural relics security are introduced. Secondly, we propose the concept of "Microstructure－Optical X Domin Refecltor (M-OXDR)" for fiber sensor network expansion. By fabricating smart micro-structures with the ability of multidimensional encoded and low insertion loss along the fiber, the fiber sensor network of simple structure and huge capacity more than one thousand could be achieved. Assisted by the WDM/TDM and WDM/FDM decoding methods respectively, we built the verification systems for long-haul and real-time temperature sensing. Finally, I will show the high capacity and flexible fiber sensor network with IPv6 protocol based hybrid fiber/wireless access. By developing the fiber optic sensor with embedded IPv6 protocol conversion module and IPv6 router, huge amounts of fiber optic sensor nodes can be uniquely addressed. Meanwhile, various sensing information could be integrated and accessed to the Next Generation Internet.

Outsourcing Security Services for Low Performance Portable Devices

NASA Astrophysics Data System (ADS)

Szentgyörgyi, Attila; Korn, András

The number of portable devices using wireless network technologies is on the rise. Some of these devices are incapable of, or at a disadvantage at using secure Internet services, because secure communication often requires comparatively high computing capacity. In this paper, we propose a solution which can be used to offer secure network services for low performance portable devices without severely degrading data transmission rates. We also show that using our approach these devices can utilize some secure network services which were so far unavailable to them due to a lack of software support. In order to back up our claims, we present performance measurement results obtained in a test network.

Revolution in nuclear detection affairs

NASA Astrophysics Data System (ADS)

Stern, Warren M.

2014-05-01

The detection of nuclear or radioactive materials for homeland or national security purposes is inherently difficult. This is one reason detection efforts must be seen as just one part of an overall nuclear defense strategy which includes, inter alia, material security, detection, interdiction, consequence management and recovery. Nevertheless, one could argue that there has been a revolution in detection affairs in the past several decades as the innovative application of new technology has changed the character and conduct of detection operations. This revolution will likely be most effectively reinforced in the coming decades with the networking of detectors and innovative application of anomaly detection algorithms.

Recent work on network application layer: MioNet, the virtual workplace for small businesses

NASA Astrophysics Data System (ADS)

Hesselink, Lambertus; Rizal, Dharmarus; Bjornson, Eric; Miller, Brian; Chan, Keith

2005-11-01

Small businesses must be extremely efficient and smartly leverage their resources, suppliers, and partners to successfully compete with larger firms. A successful small business requires a set of companies with interlocking business relationships that are dynamic and needs-based. There has been no software solution that creates a secure and flexible way to efficiently connect small business computer-based employees and partners. In this invited paper, we discuss MioNet, a secure and powerful data management platform which may provide millions of small businesses with a virtual workplace and help them to succeed.

MYSEA: The Monterey Security Architecture

DTIC Science & Technology

2009-01-01

Security and Protection, Organization and Design General Terms: Design; Security Keywords: access controls, authentication, information flow controls...Applicable environments include: mil- itary coalitions, agencies and organizations responding to security emergencies, and mandated sharing in business ...network architecture affords users the abil- ity to securely access information across networks at dif- ferent classifications using standardized

FSM-F: Finite State Machine Based Framework for Denial of Service and Intrusion Detection in MANET.

PubMed

N Ahmed, Malik; Abdullah, Abdul Hanan; Kaiwartya, Omprakash

2016-01-01

Due to the continuous advancements in wireless communication in terms of quality of communication and affordability of the technology, the application area of Mobile Adhoc Networks (MANETs) significantly growing particularly in military and disaster management. Considering the sensitivity of the application areas, security in terms of detection of Denial of Service (DoS) and intrusion has become prime concern in research and development in the area. The security systems suggested in the past has state recognition problem where the system is not able to accurately identify the actual state of the network nodes due to the absence of clear definition of states of the nodes. In this context, this paper proposes a framework based on Finite State Machine (FSM) for denial of service and intrusion detection in MANETs. In particular, an Interruption Detection system for Adhoc On-demand Distance Vector (ID-AODV) protocol is presented based on finite state machine. The packet dropping and sequence number attacks are closely investigated and detection systems for both types of attacks are designed. The major functional modules of ID-AODV includes network monitoring system, finite state machine and attack detection model. Simulations are carried out in network simulator NS-2 to evaluate the performance of the proposed framework. A comparative evaluation of the performance is also performed with the state-of-the-art techniques: RIDAN and AODV. The performance evaluations attest the benefits of proposed framework in terms of providing better security for denial of service and intrusion detection attacks.

Wireless networking for the dental office: current wireless standards and security protocols.

PubMed

Mupparapu, Muralidhar; Arora, Sarika

2004-11-15

Digital radiography has gained immense popularity in dentistry today in spite of the early difficulty for the profession to embrace the technology. The transition from film to digital has been happening at a faster pace in the fields of Orthodontics, Oral Surgery, Endodontics, Periodontics, and other specialties where the radiographic images (periapical, bitewing, panoramic, cephalometric, and skull radiographs) are being acquired digitally, stored within a server locally, and eventually accessed for diagnostic purposes, along with the rest of the patient data via the patient management software (PMS). A review of the literature shows the diagnostic performance of digital radiography is at least comparable to or even better than that of conventional radiography. Similarly, other digital diagnostic tools like caries detectors, cephalometric analysis software, and digital scanners were used for many years for the diagnosis and treatment planning purposes. The introduction of wireless charged-coupled device (CCD) sensors in early 2004 (Schick Technologies, Long Island City, NY) has moved digital radiography a step further into the wireless era. As with any emerging technology, there are concerns that should be looked into before adapting to the wireless environment. Foremost is the network security involved in the installation and usage of these wireless networks. This article deals with the existing standards and choices in wireless technologies that are available for implementation within a contemporary dental office. The network security protocols that protect the patient data and boost the efficiency of modern day dental clinics are enumerated.

Safe Grid

NASA Technical Reports Server (NTRS)

Chow, Edward T.; Stewart, Helen; Korsmeyer, David (Technical Monitor)

2003-01-01

The biggest users of GRID technologies came from the science and technology communities. These consist of government, industry and academia (national and international). The NASA GRID is moving into a higher technology readiness level (TRL) today; and as a joint effort among these leaders within government, academia, and industry, the NASA GRID plans to extend availability to enable scientists and engineers across these geographical boundaries collaborate to solve important problems facing the world in the 21 st century. In order to enable NASA programs and missions to use IPG resources for program and mission design, the IPG capabilities needs to be accessible from inside the NASA center networks. However, because different NASA centers maintain different security domains, the GRID penetration across different firewalls is a concern for center security people. This is the reason why some IPG resources are been separated from the NASA center network. Also, because of the center network security and ITAR concerns, the NASA IPG resource owner may not have full control over who can access remotely from outside the NASA center. In order to obtain organizational approval for secured remote access, the IPG infrastructure needs to be adapted to work with the NASA business process. Improvements need to be made before the IPG can be used for NASA program and mission development. The Secured Advanced Federated Environment (SAFE) technology is designed to provide federated security across NASA center and NASA partner's security domains. Instead of one giant center firewall which can be difficult to modify for different GRID applications, the SAFE "micro security domain" provide large number of professionally managed "micro firewalls" that can allow NASA centers to accept remote IPG access without the worry of damaging other center resources. The SAFE policy-driven capability-based federated security mechanism can enable joint organizational and resource owner approved remote access from outside of NASA centers. A SAFE enabled IPG can enable IPG capabilities to be available to NASA mission design teams across different NASA center and partner company firewalls. This paper will first discuss some of the potential security issues for IPG to work across NASA center firewalls. We will then present the SAFE federated security model. Finally we will present the concept of the architecture of a SAFE enabled IPG and how it can benefit NASA mission development.

Training Records And Information Network UNIX Version

DOE Office of Scientific and Technical Information (OSTI.GOV)

Johnston, Michael

1996-12-01

TRAIN-UNIX is used to track training requirements, qualifications, training completion and schedule training, classrooms and instructors. TRAIN-UNIX is a requirements-based system. When the identified training requirements for specific jobs are entered into the system, the employees manager or responsible training person assigns jobs to an employee. TRAIN-UNIX will then assemble an Individual Training Plan (ITP) with all courses required. ITP''s can also be modified to add any special training directed or identified by management, best business practices, procedures, etc. TRAIN-UNIX also schedules and tracks conferences, seminars, and required reading. TRAIN-UNIX is a secure database system on a server accessible viamore » the network. Access to the user functions (scheduling, data entry, ITP modification etc.) within TRAIN-UNIX are granted by function, as needed, by the system administrator. An additional level of security allows those who access TRAIN-UNIX to only add, modify or view information for the organizations to which they belong. TRAIN-UNIX scheduling function allows network access to scheduling of students. As a function of the scheduling process, TRAIN-UNIX checks to insure that the student is a valid employee, not double booked, and the instructor and classroom are not double booked. TRAIN-UNIX will report pending lapse of courses or qualifications. This ability to know the lapse of training along with built in training requesting function allows the training deliverers to forecast training needs.« less

TRAIN-UNIX. Training Records And Information Network UNIX Version

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lawrence, M.E.; Crires, J.T.; Johnston, M.

1995-12-01

TRAIN-UNIX is used to track training requirements, qualifications, training completion and schedule training, classrooms and instructors. TRAIN-UNIX is a requirements-based system. When the identified training requirements for specific jobs are entered into the system, the employees manager or responsible training person assigns jobs to an employee. TRAIN-UNIX will then assemble an Individual Training Plan (ITP) with all courses required. ITP`s can also be modified to add any special training directed or identified by management, best business practices, procedures, etc. TRAIN-UNIX also schedules and tracks conferences, seminars, and required reading. TRAIN-UNIX is a secure database system on a server accessible viamore » the network. Access to the user functions (scheduling, data entry, ITP modification etc.) within TRAIN-UNIX are granted by function, as needed, by the system administrator. An additional level of security allows those who access TRAIN-UNIX to only add, modify or view information for the organizations to which they belong. TRAIN-UNIX scheduling function allows network access to scheduling of students. As a function of the scheduling process, TRAIN-UNIX checks to insure that the student is a valid employee, not double booked, and the instructor and classroom are not double booked. TRAIN-UNIX will report pending lapse of courses or qualifications. This ability to know the lapse of training along with built in training requesting function allows the training deliverers to forecast training needs.« less

Workshop: Western hemisphere network of bird banding programs

USGS Publications Warehouse

Celis-Murillo, A.

2007-01-01

Purpose: To promote collaboration among banding programs in the Americas. Introduction: Bird banding and marking provide indispensable tools for ornithological research, management, and conservation of migratory birds on migratory routes, breeding and non-breeding grounds. Many countries and organizations in Latin America and the Caribbean are in the process of developing or have expressed interest in developing national banding schemes and databases to support their research and management programs. Coordination of developing and existing banding programs is essential for effective data management, reporting, archiving and security, and most importantly, for gaining a fuller understanding of migratory bird conservation issues and how the banding data can help. Currently, there is a well established bird-banding program in the U.S.A. and Canada, and programs in other countries are being developed as well. Ornithologists in many Latin American countries and the Caribbean are interested in using banding and marking in their research programs. Many in the ornithological community are interested in establishing banding schemes and some countries have recently initiated independent banding programs. With the number of long term collaborative and international initiatives increasing, the time is ripe to discuss and explore opportunities for international collaboration, coordination, and administration of bird banding programs in the Western Hemisphere. We propose the second ?Western Hemisphere Network of Bird Banding Programs? workshop, in association with the SCSCB, to be an essential step in the progress to strengthen international partnerships and support migratory bird conservation in the Americas and beyond. This will be the second multi-national meeting to promote collaboration among banding programs in the Americas (the first meeting was held in October 8-9, 2006 in La Mancha, Veracruz, Mexico). The Second ?Western Hemisphere Network of Bird Banding Programs? workshop will continue addressing issues surrounding the coordination of an Americas? approach to bird banding and will review in detail the advances made on the first workshop such as, coordination of bands and markers, coordination in recovery reporting, permit issues, data management and data sharing and archiving, data security, training, etc. Workshop Goals: Build on accomplishments of the network?s first workshop (Oct 8-9, 2006). Identify and explore new opportunities for data sharing, data archiving, data access, training, etc. Initiate strategies to support international collaboration and coordination amongst bird banding programs in the Western Hemisphere. Workshop structure: One day workshop of guided discussions. Participants: Representatives of government agencies, program managers and NGOs.

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jason Wright

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrainedmore » computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.« less

Enhanced Security and Pairing-free Handover Authentication Scheme for Mobile Wireless Networks

NASA Astrophysics Data System (ADS)

Chen, Rui; Shu, Guangqiang; Chen, Peng; Zhang, Lijun

2017-10-01

With the widely deployment of mobile wireless networks, we aim to propose a secure and seamless handover authentication scheme that allows users to roam freely in wireless networks without worrying about security and privacy issues. Given the open characteristic of wireless networks, safety and efficiency should be considered seriously. Several previous protocols are designed based on a bilinear pairing mapping, which is time-consuming and inefficient work, as well as unsuitable for practical situations. To address these issues, we designed a new pairing-free handover authentication scheme for mobile wireless networks. This scheme is an effective improvement of the protocol by Xu et al., which is suffer from the mobile node impersonation attack. Security analysis and simulation experiment indicate that the proposed protocol has many excellent security properties when compared with other recent similar handover schemes, such as mutual authentication and resistance to known network threats, as well as requiring lower computation and communication cost.

Network Security: What Non-Technical Administrators Must Know

ERIC Educational Resources Information Center

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

Campus network security model study

NASA Astrophysics Data System (ADS)

Zhang, Yong-ku; Song, Li-ren

2011-12-01

Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

Maude: A Wide Spectrum Language for Secure Active Networks

DTIC Science & Technology

2002-08-01

AFRL-IF-RS-TR-2002-197 Final Technical Report August 2002 MAUDE: A WIDE SPECTRUM LANGUAGE FOR SECURE ACTIVE NETWORKS SRI...MAUDE: A WIDE SPECTRUM FORMAL LANGUAGE FOR SECURE ACTIVE NETWORKS 6. AUTHOR(S) Jose Meseguer and Carolyn Talcott 5. FUNDING NUMBERS C...specifications to address this challenge. We also show how, using the Maude rewriting logic language and tools, active network systems, languages , and

A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

PubMed Central

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-01-01

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP. PMID:24002231

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

PubMed

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

Designing Secure Library Networks.

ERIC Educational Resources Information Center

Breeding, Michael

1997-01-01

Focuses on designing a library network to maximize security. Discusses UNIX and file servers; connectivity to campus, corporate networks and the Internet; separation of staff from public servers; controlling traffic; the threat of network sniffers; hubs that eliminate eavesdropping; dividing the network into subnets; Switched Ethernet;…

Network Access Control List Situation Awareness

ERIC Educational Resources Information Center

Reifers, Andrew

2010-01-01

Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

Spatial-temporal modeling of malware propagation in networks.

PubMed

Chen, Zesheng; Ji, Chuanyi

2005-09-01

Network security is an important task of network management. One threat to network security is malware (malicious software) propagation. One type of malware is called topological scanning that spreads based on topology information. The focus of this work is on modeling the spread of topological malwares, which is important for understanding their potential damages, and for developing countermeasures to protect the network infrastructure. Our model is motivated by probabilistic graphs, which have been widely investigated in machine learning. We first use a graphical representation to abstract the propagation of malwares that employ different scanning methods. We then use a spatial-temporal random process to describe the statistical dependence of malware propagation in arbitrary topologies. As the spatial dependence is particularly difficult to characterize, the problem becomes how to use simple (i.e., biased) models to approximate the spatially dependent process. In particular, we propose the independent model and the Markov model as simple approximations. We conduct both theoretical analysis and extensive simulations on large networks using both real measurements and synthesized topologies to test the performance of the proposed models. Our results show that the independent model can capture temporal dependence and detailed topology information and, thus, outperforms the previous models, whereas the Markov model incorporates a certain spatial dependence and, thus, achieves a greater accuracy in characterizing both transient and equilibrium behaviors of malware propagation.

Supporting Research and Development of Security Technologies through Network and Security Data Collection

DTIC Science & Technology

Research and development targeted at identifying and mitigating Internet security threats require current network data. To fulfill this need... researchers working for the Center for Applied Internet Data Analysis (CAIDA), a program at the San Diego Supercomputer Center (SDSC) which is based at the...vetted network and security researchers using the PREDICT/IMPACT portal and legal framework. We have also contributed to community building efforts that

Smart photonic networks and computer security for image data

NASA Astrophysics Data System (ADS)

Campello, Jorge; Gill, John T.; Morf, Martin; Flynn, Michael J.

1998-02-01

Work reported here is part of a larger project on 'Smart Photonic Networks and Computer Security for Image Data', studying the interactions of coding and security, switching architecture simulations, and basic technologies. Coding and security: coding methods that are appropriate for data security in data fusion networks were investigated. These networks have several characteristics that distinguish them form other currently employed networks, such as Ethernet LANs or the Internet. The most significant characteristics are very high maximum data rates; predominance of image data; narrowcasting - transmission of data form one source to a designated set of receivers; data fusion - combining related data from several sources; simple sensor nodes with limited buffering. These characteristics affect both the lower level network design and the higher level coding methods.Data security encompasses privacy, integrity, reliability, and availability. Privacy, integrity, and reliability can be provided through encryption and coding for error detection and correction. Availability is primarily a network issue; network nodes must be protected against failure or routed around in the case of failure. One of the more promising techniques is the use of 'secret sharing'. We consider this method as a special case of our new space-time code diversity based algorithms for secure communication. These algorithms enable us to exploit parallelism and scalable multiplexing schemes to build photonic network architectures. A number of very high-speed switching and routing architectures and their relationships with very high performance processor architectures were studied. Indications are that routers for very high speed photonic networks can be designed using the very robust and distributed TCP/IP protocol, if suitable processor architecture support is available.

Secure dissemination of electronic healthcare records in distributed wireless environments.

PubMed

Belsis, Petros; Vassis, Dimitris; Skourlas, Christos; Pantziou, Grammati

2008-01-01

A new networking paradigm has emerged with the appearance of wireless computing. Among else ad-hoc networks, mobile and ubiquitous environments can boost the performance of systems in which they get applied. Among else, medical environments are a convenient example of their applicability. With the utilisation of wireless infrastructures, medical data may be accessible to healthcare practitioners, enabling continuous access to medical data. Due to the critical nature of medical information, the design and implementation of these infrastructures demands special treatment in order to meet specific requirements; among else, special care should be taken in order to manage interoperability, security, and in order to deal with bandwidth and hardware resource constraints that characterize the wireless topology. In this paper we present an architecture that attempts to deal with these issues; moreover, in order to prove the validity of our approach we have also evaluated the performance of our platform through simulation in different operating scenarios.

Evaluation of a Secure Laptop-Based Testing Program in an Undergraduate Nursing Program: Students' Perspective.

PubMed

Tao, Jinyuan; Gunter, Glenda; Tsai, Ming-Hsiu; Lim, Dan

2016-01-01

Recently, the many robust learning management systems, and the availability of affordable laptops, have made secure laptop-based testing a reality on many campuses. The undergraduate nursing program at the authors' university began to implement a secure laptop-based testing program in 2009, which allowed students to use their newly purchased laptops to take quizzes and tests securely in classrooms. After nearly 5 years' secure laptop-based testing program implementation, a formative evaluation, using a mixed method that has both descriptive and correlational data elements, was conducted to seek constructive feedback from students to improve the program. Evaluation data show that, overall, students (n = 166) believed the secure laptop-based testing program helps them get hands-on experience of taking examinations on the computer and gets them prepared for their computerized NCLEX-RN. Students, however, had a lot of concerns about laptop glitches and campus wireless network glitches they experienced during testing. At the same time, NCLEX-RN first-time passing rate data were analyzed using the χ2 test, and revealed no significant association between the two testing methods (paper-and-pencil testing and the secure laptop-based testing) and students' first-time NCLEX-RN passing rate. Based on the odds ratio, however, the odds of students passing NCLEX-RN the first time was 1.37 times higher if they were taught with the secure laptop-based testing method than if taught with the traditional paper-and-pencil testing method in nursing school. It was recommended to the institution that better quality of laptops needs to be provided to future students, measures needed to be taken to further stabilize the campus wireless Internet network, and there was a need to reevaluate the Laptop Initiative Program.

Experimental realization of an entanglement access network and secure multi-party computation

PubMed Central

Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

2016-01-01

To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

On securing wireless sensor network--novel authentication scheme against DOS attacks.

PubMed

Raja, K Nirmal; Beno, M Marsaline

2014-10-01

Wireless sensor networks are generally deployed for collecting data from various environments. Several applications specific sensor network cryptography algorithms have been proposed in research. However WSN's has many constrictions, including low computation capability, less memory, limited energy resources, vulnerability to physical capture, which enforce unique security challenges needs to make a lot of improvements. This paper presents a novel security mechanism and algorithm for wireless sensor network security and also an application of this algorithm. The proposed scheme is given to strong authentication against Denial of Service Attacks (DOS). The scheme is simulated using network simulator2 (NS2). Then this scheme is analyzed based on the network packet delivery ratio and found that throughput has improved.

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2014 CFR

2014-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2013 CFR

2013-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2011 CFR

2011-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2010 CFR

2010-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Activities by issuers and...

Trust models for efficient communication in Mobile Cloud Computing and their applications to e-Commerce

NASA Astrophysics Data System (ADS)

Pop, Florin; Dobre, Ciprian; Mocanu, Bogdan-Costel; Citoteanu, Oana-Maria; Xhafa, Fatos

2016-11-01

Managing the large dimensions of data processed in distributed systems that are formed by datacentres and mobile devices has become a challenging issue with an important impact on the end-user. Therefore, the management process of such systems can be achieved efficiently by using uniform overlay networks, interconnected through secure and efficient routing protocols. The aim of this article is to advance our previous work with a novel trust model based on a reputation metric that actively uses the social links between users and the model of interaction between them. We present and evaluate an adaptive model for the trust management in structured overlay networks, based on a Mobile Cloud architecture and considering a honeycomb overlay. Such a model can be useful for supporting advanced mobile market-share e-Commerce platforms, where users collaborate and exchange reliable information about, for example, products of interest and supporting ad-hoc business campaigns

Dim Networks: The Utility of Social Network Analysis for Illuminating Partner Security Force Networks

DTIC Science & Technology

2015-12-01

use of social network analysis (SNA) has allowed the military to map dark networks of terrorist organizations and selectively target key elements...data to improve SC. 14. SUBJECT TERMS social network analysis, dark networks, light networks, dim networks, security cooperation, Southeast Asia...task may already exist. Recently, the use of social network analysis (SNA) has allowed the military to map dark networks of terrorist organizations

Single-shot secure quantum network coding on butterfly network with free public communication

NASA Astrophysics Data System (ADS)

Owari, Masaki; Kato, Go; Hayashi, Masahito

2018-01-01

Quantum network coding on the butterfly network has been studied as a typical example of quantum multiple cast network. We propose a secure quantum network code for the butterfly network with free public classical communication in the multiple unicast setting under restricted eavesdropper’s power. This protocol certainly transmits quantum states when there is no attack. We also show the secrecy with shared randomness as additional resource when the eavesdropper wiretaps one of the channels in the butterfly network and also derives the information sending through public classical communication. Our protocol does not require verification process, which ensures single-shot security.

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

AST: Activity-Security-Trust driven modeling of time varying networks.

PubMed

Wang, Jian; Xu, Jiake; Liu, Yanheng; Deng, Weiwen

2016-02-18

Network modeling is a flexible mathematical structure that enables to identify statistical regularities and structural principles hidden in complex systems. The majority of recent driving forces in modeling complex networks are originated from activity, in which an activity potential of a time invariant function is introduced to identify agents' interactions and to construct an activity-driven model. However, the new-emerging network evolutions are already deeply coupled with not only the explicit factors (e.g. activity) but also the implicit considerations (e.g. security and trust), so more intrinsic driving forces behind should be integrated into the modeling of time varying networks. The agents undoubtedly seek to build a time-dependent trade-off among activity, security, and trust in generating a new connection to another. Thus, we reasonably propose the Activity-Security-Trust (AST) driven model through synthetically considering the explicit and implicit driving forces (e.g. activity, security, and trust) underlying the decision process. AST-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the effects of security and trust in driving network evolution, and improving the biases induced by only involving activity representations in analyzing the dynamical processes.

Epidermolysis bullosa care in Germany.

PubMed

Bruckner-Tuderman, Leena

2010-04-01

Until 2003, no structures existed in Germany for special care of patients with rare diseases, such as epidermolysis bullosa (EB). At that point, the Federal Ministry of Education and Research announced a clinical research program-networks for rare diseases. The Network Epidermolysis Bullosa (EB Network), coordinated from the Department of Dermatology, University Medical Center Freiburg, has operated since October 2003 with the goal of improving diagnostics and clinical management, elucidating disease mechanisms, and development of novel therapies for EB (www.netzwerk-eb.de). Future goals of the EB Network include securing the clinical-diagnostic and IT structures established with grant support and focusing research on molecular disease mechanisms in EB and novel biologically valid therapies. Intensive collaborations with other networks for rare genetic diseases will generate durable structures in Germany and form a basis for future international consortia. Copyright 2010 Elsevier Inc. All rights reserved.

A network security monitor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Heberlein, L.T.; Dias, G.V.; Levitt, K.N.

1989-11-01

The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, ourmore » work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.« less

Operational Exercise Integration Recommendations for DoD Cyber Ranges

DTIC Science & Technology

2015-08-05

be the precision and recall of a security information and event management (SIEM) system ’s notifications of unauthorized access to that directory...network traffic, port scanning Deplete Resources TCP flooding, memory leak exploitation Injection Cross-site scripting attacks, SQL injection Deceptive...requirements for personnel development; tactics, techniques, and procedures (TTPs) devel- opment; and mission rehearsals . While unique in their own

Cognitive Networks

DTIC Science & Technology

2007-06-15

13 2.1.3 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 Related Efforts...objectives such as resource management, Quality of Service (QoS), security, or access control. The limitations of CN applications should come from the...achieving the best mode of operation in an SDR. 2.1.3 Quality of Service There has been a lot of research on how to define a QoS architecture for the

Green stormwater infrastructure eco-planning and development on the regional scale: a case study of Shanghai Lingang New City, East China

NASA Astrophysics Data System (ADS)

Xu, Haishun; Chen, Liang; Zhao, Bing; Zhang, Qiuzhuo; Cai, Yongli

2016-06-01

Urban underlying surface has been greatly changed with rapid urbanization, considered to be one of the major causes for the destruction of urban natural hydrological processes. This has imposed a huge challenge for stormwater management in cities. There has been a shift from gray water management to green stormwater management thinking. The green stormwater infrastructure (GSI) is regarded as an effective and cost-efficient stormwater management eco-landscape approach. China's GSI practice and the development of its theoretical framework are still in the initial stage. This paper presents an innovative framework for stormwater management, integrating green stormwater infrastructure and landscape security patterns on a regional scale based on an urban master plan. The core concept of green stormwater infrastructure eco-planning is to form an interconnected GSI network (i.e., stormwater management landscape security pattern) which consists of the location, portion, size, layout, and structure of GSI so as to efficiently safeguard natural hydrological processes. Shanghai Lingang New City, a satellite new town of Shanghai, China was selected as a case study for GSI studies. Simulation analyses of hydrological processes were carried out to identify the critical significant landscape nodes in the highpriority watersheds for stormwater management. GSI should be planned and implemented in these identified landscape nodes. The comprehensive stormwater management landscape security pattern of Shanghai Lingang New City is designed with consideration of flood control, stormwater control, runoff reduction, water quality protection, and rainwater utilization objectives which could provide guidelines for smart growth and sustainable development of this city.

A Statewide Private Microwave Wide Area Network for Real-time Natural Hazard Monitoring

NASA Astrophysics Data System (ADS)

Williams, M. C.; Kent, G.; Smith, K. D.; Plank, G.; Slater, D.; Torrisi, J.; Presser, R.; Straley, K.

2013-12-01

The Nevada Seismological Laboratory (NSL) at the University of Nevada, Reno, operates the Nevada Seismic Network, a collection of ground motion instruments installed throughout Nevada and California, for the purposes of detecting, locating, and notifying the public of earthquakes in the state. To perform these tasks effectively, NSL has designed and built a statewide wireless microwave wide-area network (WAN) in order to receive ground motion data in near real-time. This network consists of radio access points, backhauls, and backbone communication sites transmitting time-series, images, and datalogger diagnostics to our data center servers in Reno. This privately managed communication network greatly reduces the dependence on third-party infrastructure (e.g. commercial cellular networks), and is vital for emergency management response and system uptime. Any individual seismograph or data collection device is networked through a wireless point-to-multipoint connection to a remote access point (AP) using a low-cost radio/routerboard combination. Additional point-to-point connections from AP's to radio backhauls and/or mountaintop backbone sites allow the Data Center in Reno to communicate with and receive data directly from each datalogger. Dataloggers, radios, and routers can be configured using tablets on-site, or via desktop computers at the Data Center. Redundant mountaintop links can be added to the network and facilitate the re-routing of data (similar to a meshed network) in the event of a faulty, failing, or noisy communication site. All routers, radios, and servers, including those at the Data Center, have redundant power and can operate independently in the event of a grid power or public Internet outage. A managed server room at the Data Center processes earthquake data for notifications and acts as a data source for remote users. Consisting of about 500 hosts, and spanning hundreds of miles, this WAN provides network operators access to each router and datalogger in our seismic network not only for data collection, but also for maintenance and quality control. This has resulted in several partnerships with other agencies. In addition to our seismic station network for earthquake monitoring, we currently manage ~400 more channels of data (many running at 500 Hz) for the National Center for Nuclear Security (NCNS) Source Physics Experiments, a series of chemical explosions at the Nevada National Security Site. Some of our mountaintop stations have been experimentally equipped with near-infrared high-definition fire cameras for wildfire monitoring, and have recently recorded the Bison and Pedlar fires in northwest Nevada. Data for the Nevada EPSCor climate program also utilizes the NSL WAN. Real-time access to data for these experiments greatly reduces the effort required for data archival, quality control, and monitoring equipment failures. Future plans include increasing density of stations in urban areas such as Reno and Las Vegas, and expanding coverage to Tahoe and eastern Nevada.

Securing Information with Complex Optical Encryption Networks

DTIC Science & Technology

2015-08-11

Network Security, Network Vulnerability , Multi-dimentional Processing, optoelectronic devices 16. SECURITY CLASSIFICATION OF: 17. LIMITATION... optoelectronic devices and systems should be analyzed before the retrieval, any hostile hacker will need to possess multi-disciplinary scientific...sophisticated optoelectronic principles and systems where he/she needs to process the information. However, in the military applications, most military

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

78 FR 50480 - In the Matter of Redfin Network, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-19

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of Redfin Network, Inc.; Order of Suspension of Trading August 15, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of Redfin Network, Inc...

76 FR 28117 - Order of Suspension of Trading; City Network, Inc.

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Order of Suspension of Trading; City Network, Inc. May 11, 2011. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning the securities of City Network, Inc. because it has not filed...

75 FR 36456 - Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-25

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Channel America Television Network, Inc., EquiMed, Inc., Kore Holdings, Inc., Robotic Vision Systems, Inc. (n/k/a Acuity Cimatrix, Inc.), Security... information concerning the securities of Channel America Television Network, Inc. because it has not filed any...

SPOT: Optimization Tool for Network Adaptable Security

NASA Astrophysics Data System (ADS)

Ksiezopolski, Bogdan; Szalachowski, Pawel; Kotulski, Zbigniew

Recently we have observed the growth of the intelligent application especially with its mobile character, called e-anything. The implementation of these applications provides guarantee of security requirements of the cryptographic protocols which are used in the application. Traditionally the protocols have been configured with the strongest possible security mechanisms. Unfortunately, when the application is used by means of the mobile devices, the strongest protection can lead to the denial of services for them. The solution of this problem is introducing the quality of protection models which will scale the protection level depending on the actual threat level. In this article we would like to introduce the application which manages the protection level of the processes in the mobile environment. The Security Protocol Optimizing Tool (SPOT) optimizes the cryptographic protocol and defines the protocol version appropriate to the actual threat level. In this article the architecture of the SPOT is presented with a detailed description of the included modules.