Practical challenges in quantum key distribution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Diamanti, Eleni; Lo, Hoi -Kwong; Qi, Bing

Here, quantum key distribution (QKD) promises unconditional security in data communication and is currently being deployed in commercial applications. Nonetheless, before QKD can be widely adopted, it faces a number of important challenges such as secret key rate, distance, size, cost and practical security. Here, we survey those key challenges and the approaches that are currently being taken to address them.

Practical issues in quantum-key-distribution postprocessing

NASA Astrophysics Data System (ADS)

Fung, Chi-Hang Fred; Ma, Xiongfeng; Chau, H. F.

2010-01-01

Quantum key distribution (QKD) is a secure key generation method between two distant parties by wisely exploiting properties of quantum mechanics. In QKD, experimental measurement outcomes on quantum states are transformed by the two parties to a secret key. This transformation is composed of many logical steps (as guided by security proofs), which together will ultimately determine the length of the final secret key and its security. We detail the procedure for performing such classical postprocessing taking into account practical concerns (including the finite-size effect and authentication and encryption for classical communications). This procedure is directly applicable to realistic QKD experiments and thus serves as a recipe that specifies what postprocessing operations are needed and what the security level is for certain lengths of the keys. Our result is applicable to the BB84 protocol with a single or entangled photon source.

The Operator Shell: A means of privilege distribution under Unix

DOE Office of Scientific and Technical Information (OSTI.GOV)

Neuman, M.; Christoph, G.

1994-03-01

The Operator Shell (Osh) is a setuid root, security enhanced, restricted shell for providing fine-grain distribution of system privileges for a wide range of usages and requirements. Osh offers a marked improvement over other Unix privilege distribution systems in its ability to specify access to both commands and files, auditing features, and familiar interface. This paper describes the design, features, security considerations, internals, and applications of the Operator Shell.

Comment on: Supervisory Asymmetric Deterministic Secure Quantum Communication

NASA Astrophysics Data System (ADS)

Kao, Shih-Hung; Tsai, Chia-Wei; Hwang, Tzonelih

2012-12-01

In 2010, Xiu et al. (Optics Communications 284:2065-2069, 2011) proposed several applications based on a new secure four-site distribution scheme using χ-type entangled states. This paper points out that one of these applications, namely, supervisory asymmetric deterministic secure quantum communication, is subject to an information leakage problem, in which the receiver can extract two bits of a three-bit secret message without the supervisor's permission. An enhanced protocol is proposed to resolve this problem.

Access Control based on Attribute Certificates for Medical Intranet Applications

PubMed Central

Georgiadis, Christos; Pangalos, George; Khair, Marie

2001-01-01

Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

ESnet authentication services and trust federations

NASA Astrophysics Data System (ADS)

Muruganantham, Dhivakaran; Helm, Mike; Genovese, Tony

2005-01-01

ESnet provides authentication services and trust federation support for SciDAC projects, collaboratories, and other distributed computing applications. The ESnet ATF team operates the DOEGrids Certificate Authority, available to all DOE Office of Science programs, plus several custom CAs, including one for the National Fusion Collaboratory and one for NERSC. The secure hardware and software environment developed to support CAs is suitable for supporting additional custom authentication and authorization applications that your program might require. Seamless, secure interoperation across organizational and international boundaries is vital to collaborative science. We are fostering the development of international PKI federations by founding the TAGPMA, the American regional PMA, and the worldwide IGTF Policy Management Authority (PMA), as well as participating in European and Asian regional PMAs. We are investigating and prototyping distributed authentication technology that will allow us to support the "roaming scientist" (distributed wireless via eduroam), as well as more secure authentication methods (one-time password tokens).

A resilient and secure software platform and architecture for distributed spacecraft

NASA Astrophysics Data System (ADS)

Otte, William R.; Dubey, Abhishek; Karsai, Gabor

2014-06-01

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

An authentication infrastructure for today and tomorrow

DOE Office of Scientific and Technical Information (OSTI.GOV)

Engert, D.E.

1996-06-01

The Open Software Foundation`s Distributed Computing Environment (OSF/DCE) was originally designed to provide a secure environment for distributed applications. By combining it with Kerberos Version 5 from MIT, it can be extended to provide network security as well. This combination can be used to build both an inter and intra organizational infrastructure while providing single sign-on for the user with overall improved security. The ESnet community of the Department of Energy is building just such an infrastructure. ESnet has modified these systems to improve their interoperability, while encouraging the developers to incorporate these changes and work more closely together tomore » continue to improve the interoperability. The success of this infrastructure depends on its flexibility to meet the needs of many applications and network security requirements. The open nature of Kerberos, combined with the vendor support of OSF/DCE, provides the infrastructure for today and tomorrow.« less

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

Network Security Validation Using Game Theory

NASA Astrophysics Data System (ADS)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

Smart sensing surveillance system

NASA Astrophysics Data System (ADS)

Hsu, Charles; Chu, Kai-Dee; O'Looney, James; Blake, Michael; Rutar, Colleen

2010-04-01

An effective public safety sensor system for heavily-populated applications requires sophisticated and geographically-distributed infrastructures, centralized supervision, and deployment of large-scale security and surveillance networks. Artificial intelligence in sensor systems is a critical design to raise awareness levels, improve the performance of the system and adapt to a changing scenario and environment. In this paper, a highly-distributed, fault-tolerant, and energy-efficient Smart Sensing Surveillance System (S4) is presented to efficiently provide a 24/7 and all weather security operation in crowded environments or restricted areas. Technically, the S4 consists of a number of distributed sensor nodes integrated with specific passive sensors to rapidly collect, process, and disseminate heterogeneous sensor data from near omni-directions. These distributed sensor nodes can cooperatively work to send immediate security information when new objects appear. When the new objects are detected, the S4 will smartly select the available node with a Pan- Tilt- Zoom- (PTZ) Electro-Optics EO/IR camera to track the objects and capture associated imagery. The S4 provides applicable advanced on-board digital image processing capabilities to detect and track the specific objects. The imaging detection operations include unattended object detection, human feature and behavior detection, and configurable alert triggers, etc. Other imaging processes can be updated to meet specific requirements and operations. In the S4, all the sensor nodes are connected with a robust, reconfigurable, LPI/LPD (Low Probability of Intercept/ Low Probability of Detect) wireless mesh network using Ultra-wide band (UWB) RF technology. This UWB RF technology can provide an ad-hoc, secure mesh network and capability to relay network information, communicate and pass situational awareness and messages. The Service Oriented Architecture of S4 enables remote applications to interact with the S4 network and use the specific presentation methods. In addition, the S4 is compliant with Open Geospatial Consortium - Sensor Web Enablement (OGC-SWE) standards to efficiently discover, access, use, and control heterogeneous sensors and their metadata. These S4 capabilities and technologies have great potential for both military and civilian applications, enabling highly effective security support tools for improving surveillance activities in densely crowded environments. The S4 system is directly applicable to solutions for emergency response personnel, law enforcement, and other homeland security missions, as well as in applications requiring the interoperation of sensor networks with handheld or body-worn interface devices.

Motion/imagery secure cloud enterprise architecture analysis

NASA Astrophysics Data System (ADS)

DeLay, John L.

2012-06-01

Cloud computing with storage virtualization and new service-oriented architectures brings a new perspective to the aspect of a distributed motion imagery and persistent surveillance enterprise. Our existing research is focused mainly on content management, distributed analytics, WAN distributed cloud networking performance issues of cloud based technologies. The potential of leveraging cloud based technologies for hosting motion imagery, imagery and analytics workflows for DOD and security applications is relatively unexplored. This paper will examine technologies for managing, storing, processing and disseminating motion imagery and imagery within a distributed network environment. Finally, we propose areas for future research in the area of distributed cloud content management enterprises.

Blockchain: A Path to Grid Modernization and Cyber Resiliency

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mylrea, Michael E.; Gourisetti, Sri Nikhil G.

Blockchain may help solve several complex problems related to integrity and trustworthiness of rapid, distributed, complex energy transactions and data exchanges. In a move towards resilience, blockchain commoditizes trust and enables automated smart contracts to support auditable multiparty transactions based on predefined rules between distributed energy providers and customers. Blockchain based smart contracts also help remove the need to interact with third-parties, facilitating the adoption and monetization of distributed energy transactions and exchanges, both energy flows as well as financial transactions. This may help reduce transactive energy costs and increase the security and sustainability of distributed energy resource (DER) integration,more » helping to remove barriers to a more decentralized and resilient power grid. This paper explores the application of blockchain and smart contracts to improve smart grid cyber resiliency and secure transactive energy applications.« less

Distributions of the Kullback-Leibler divergence with applications.

PubMed

Belov, Dmitry I; Armstrong, Ronald D

2011-05-01

The Kullback-Leibler divergence (KLD) is a widely used method for measuring the fit of two distributions. In general, the distribution of the KLD is unknown. Under reasonable assumptions, common in psychometrics, the distribution of the KLD is shown to be asymptotically distributed as a scaled (non-central) chi-square with one degree of freedom or a scaled (doubly non-central) F. Applications of the KLD for detecting heterogeneous response data are discussed with particular emphasis on test security. © The British Psychological Society.

The Management and Security Expert (MASE)

NASA Technical Reports Server (NTRS)

Miller, Mark D.; Barr, Stanley J.; Gryphon, Coranth D.; Keegan, Jeff; Kniker, Catherine A.; Krolak, Patrick D.

1991-01-01

The Management and Security Expert (MASE) is a distributed expert system that monitors the operating systems and applications of a network. It is capable of gleaning the information provided by the different operating systems in order to optimize hardware and software performance; recognize potential hardware and/or software failure, and either repair the problem before it becomes an emergency, or notify the systems manager of the problem; and monitor applications and known security holes for indications of an intruder or virus. MASE can eradicate much of the guess work of system management.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System.more » Selected papers were processed separately for inclusion in the Energy Science and Technology Database.« less

How to Overcome Information Anxiety: Assignment and Use of DoD Distribution Statements for Technical Documents. Volume 1. Facilitor Guide

DTIC Science & Technology

1998-05-01

distribution limitations recommended if public release is not approved. The ASD(PA) shall also process appeals when public release denial is based upon...Rules of Evidence, and all other applicable laws. An interlocutory appeal by the United States shall lie from a decision or order of a district court... limitations ; document markings; document preparation; scientific and technical information; STINFO; information security; security training

7 CFR 1718.101 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-01-01

... LOAN SECURITY DOCUMENTS FOR ELECTRIC BORROWERS Loan Contracts With Distribution Borrowers § 1718.101... that obtain a loan or loan guarantee from RUS approved on or after January 29, 1996. Distribution... 29, 1996, may be required to execute a new loan contract and new mortgage. Moreover, any distribution...

Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

PubMed

Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

2003-01-01

Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Changes to Quantum Cryptography

NASA Astrophysics Data System (ADS)

Sakai, Yasuyuki; Tanaka, Hidema

Quantum cryptography has become a subject of widespread interest. In particular, quantum key distribution, which provides a secure key agreement by using quantum systems, is believed to be the most important application of quantum cryptography. Quantum key distribution has the potential to achieve the “unconditionally” secure infrastructure. We also have many cryptographic tools that are based on “modern cryptography” at the present time. They are being used in an effort to guarantee secure communication over open networks such as the Internet. Unfortunately, their ultimate efficacy is in doubt. Quantum key distribution systems are believed to be close to practical and commercial use. In this paper, we discuss what we should do to apply quantum cryptography to our communications. We also discuss how quantum key distribution can be combined with or used to replace cryptographic tools based on modern cryptography.

20 CFR 422.527 - Private printing and modification of prescribed applications, forms, and other publications.

Code of Federal Regulations, 2010 CFR

2010-04-01

... prescribed applications, forms, and other publications. 422.527 Section 422.527 Employees' Benefits SOCIAL SECURITY ADMINISTRATION ORGANIZATION AND PROCEDURES Applications and Related Forms § 422.527 Private..., institution, or organization wishing to reproduce, reprint, or distribute any application, form, or...

Information Measures of Degree Distributions with an Application to Labeled Graphs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joslyn, Cliff A.; Purvine, Emilie AH

2016-01-11

The problem of describing the distribution of labels over a set of objects is relevant to many domains. For example: cyber security, social media, and protein interactions all care about the manner in which labels are distributed among different objects. In this paper we present three interacting statistical measures on label distributions, inspired by entropy and information theory. Labeled graphs are discussed as a specific case of labels distributed over a set of edges. We describe a use case in cyber security using a labeled directed multi-graph of IPFLOW. Finally we show how these measures respond when labels are updatedmore » in certain ways.« less

Composable security proof for continuous-variable quantum key distribution with coherent States.

PubMed

Leverrier, Anthony

2015-02-20

We give the first composable security proof for continuous-variable quantum key distribution with coherent states against collective attacks. Crucially, in the limit of large blocks the secret key rate converges to the usual value computed from the Holevo bound. Combining our proof with either the de Finetti theorem or the postselection technique then shows the security of the protocol against general attacks, thereby confirming the long-standing conjecture that Gaussian attacks are optimal asymptotically in the composable security framework. We expect that our parameter estimation procedure, which does not rely on any assumption about the quantum state being measured, will find applications elsewhere, for instance, for the reliable quantification of continuous-variable entanglement in finite-size settings.

Measuring and Inferring the State of the User via the Microsoft Kinect with Application to Cyber Security Research

DTIC Science & Technology

2018-01-16

ARL-TN-0864 ● JAN 2018 US Army Research Laboratory Measuring and Inferring the State of the User via the Microsoft Kinect with...Application to Cyber Security Research by Christopher J Garneau Approved for public release; distribution is unlimited...this report when it is no longer needed. Do not return it to the originator. ARL-TN-0864● JAN 2018 US Army Research Laboratory

Network-based reading system for lung cancer screening CT

NASA Astrophysics Data System (ADS)

Fujino, Yuichi; Fujimura, Kaori; Nomura, Shin-ichiro; Kawashima, Harumi; Tsuchikawa, Megumu; Matsumoto, Toru; Nagao, Kei-ichi; Uruma, Takahiro; Yamamoto, Shinji; Takizawa, Hotaka; Kuroda, Chikazumi; Nakayama, Tomio

2006-03-01

This research aims to support chest computed tomography (CT) medical checkups to decrease the death rate by lung cancer. We have developed a remote cooperative reading system for lung cancer screening over the Internet, a secure transmission function, and a cooperative reading environment. It is called the Network-based Reading System. A telemedicine system involves many issues, such as network costs and data security if we use it over the Internet, which is an open network. In Japan, broadband access is widespread and its cost is the lowest in the world. We developed our system considering human machine interface and security. It consists of data entry terminals, a database server, a computer aided diagnosis (CAD) system, and some reading terminals. It uses a secure Digital Imaging and Communication in Medicine (DICOM) encrypting method and Public Key Infrastructure (PKI) based secure DICOM image data distribution. We carried out an experimental trial over the Japan Gigabit Network (JGN), which is the testbed for the Japanese next-generation network, and conducted verification experiments of secure screening image distribution, some kinds of data addition, and remote cooperative reading. We found that network bandwidth of about 1.5 Mbps enabled distribution of screening images and cooperative reading and that the encryption and image distribution methods we proposed were applicable to the encryption and distribution of general DICOM images via the Internet.

Device-Enabled Authorization in the Grey System

DTIC Science & Technology

2005-02-01

proof checker. Journal of Automated Reasoning 31(3-4):231–260, 2003. [7] D. Balfanz , D. Dean, and M. Spreitzer. A security infrastructure for...distributed Java applications. In Proceedings of the 21st IEEE Symposium on Security and Privacy, May 2002. [8] D. Balfanz and E. Felten. Hand-held computers

Additional Security Considerations for Grid Management

NASA Technical Reports Server (NTRS)

Eidson, Thomas M.

2003-01-01

The use of Grid computing environments is growing in popularity. A Grid computing environment is primarily a wide area network that encompasses multiple local area networks, where some of the local area networks are managed by different organizations. A Grid computing environment also includes common interfaces for distributed computing software so that the heterogeneous set of machines that make up the Grid can be used more easily. The other key feature of a Grid is that the distributed computing software includes appropriate security technology. The focus of most Grid software is on the security involved with application execution, file transfers, and other remote computing procedures. However, there are other important security issues related to the management of a Grid and the users who use that Grid. This note discusses these additional security issues and makes several suggestions as how they can be managed.

Interoperable PKI Data Distribution in Computational Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pala, Massimiliano; Cholia, Shreyas; Rea, Scott A.

One of the most successful working examples of virtual organizations, computational grids need authentication mechanisms that inter-operate across domain boundaries. Public Key Infrastructures(PKIs) provide sufficient flexibility to allow resource managers to securely grant access to their systems in such distributed environments. However, as PKIs grow and services are added to enhance both security and usability, users and applications must struggle to discover available resources-particularly when the Certification Authority (CA) is alien to the relying party. This article presents how to overcome these limitations of the current grid authentication model by integrating the PKI Resource Query Protocol (PRQP) into the Gridmore » Security Infrastructure (GSI).« less

Security of continuous-variable quantum key distribution against general attacks.

PubMed

Leverrier, Anthony; García-Patrón, Raúl; Renner, Renato; Cerf, Nicolas J

2013-01-18

We prove the security of Gaussian continuous-variable quantum key distribution with coherent states against arbitrary attacks in the finite-size regime. In contrast to previously known proofs of principle (based on the de Finetti theorem), our result is applicable in the practically relevant finite-size regime. This is achieved using a novel proof approach, which exploits phase-space symmetries of the protocols as well as the postselection technique introduced by Christandl, Koenig, and Renner [Phys. Rev. Lett. 102, 020504 (2009)].

A Secure Multicast Framework in Large and High-Mobility Network Groups

NASA Astrophysics Data System (ADS)

Lee, Jung-San; Chang, Chin-Chen

With the widespread use of Internet applications such as Teleconference, Pay-TV, Collaborate tasks, and Message services, how to construct and distribute the group session key to all group members securely is becoming and more important. Instead of adopting the point-to-point packet delivery, these emerging applications are based upon the mechanism of multicast communication, which allows the group member to communicate with multi-party efficiently. There are two main issues in the mechanism of multicast communication: Key Distribution and Scalability. The first issue is how to distribute the group session key to all group members securely. The second one is how to maintain the high performance in large network groups. Group members in conventional multicast systems have to keep numerous secret keys in databases, which makes it very inconvenient for them. Furthermore, in case that a member joins or leaves the communication group, many involved participants have to change their own secret keys to preserve the forward secrecy and the backward secrecy. We consequently propose a novel version for providing secure multicast communication in large network groups. Our proposed framework not only preserves the forward secrecy and the backward secrecy but also possesses better performance than existing alternatives. Specifically, simulation results demonstrate that our scheme is suitable for high-mobility environments.

Partially Key Distribution with Public Key Cryptosystem Based on Error Control Codes

NASA Astrophysics Data System (ADS)

Tavallaei, Saeed Ebadi; Falahati, Abolfazl

Due to the low level of security in public key cryptosystems based on number theory, fundamental difficulties such as "key escrow" in Public Key Infrastructure (PKI) and a secure channel in ID-based cryptography, a new key distribution cryptosystem based on Error Control Codes (ECC) is proposed . This idea is done by some modification on McEliece cryptosystem. The security of ECC cryptosystem obtains from the NP-Completeness of block codes decoding. The capability of generating public keys with variable lengths which is suitable for different applications will be provided by using ECC. It seems that usage of these cryptosystems because of decreasing in the security of cryptosystems based on number theory and increasing the lengths of their keys would be unavoidable in future.

Secure and Robust Overlay Content Distribution

ERIC Educational Resources Information Center

Kang, Hun Jeong

2010-01-01

With the success of applications spurring the tremendous increase in the volume of data transfer, efficient and reliable content distribution has become a key issue. Peer-to-peer (P2P) technology has gained popularity as a promising approach to large-scale content distribution due to its benefits including self-organizing, load-balancing, and…

Drop-in Security for Distributed and Portable Computing Elements.

ERIC Educational Resources Information Center

Prevelakis, Vassilis; Keromytis, Angelos

2003-01-01

Proposes the use of a special purpose drop-in firewall/VPN gateway called Sieve, that can be inserted between the mobile workstation and the network to provide individualized security services for that particular station. Discusses features and advantages of the system and demonstrates how Sieve was used in various application areas such as at…

Authentication techniques for smart cards

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thoroughmore » understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.« less

Secure and Cost-Effective Distributed Aggregation for Mobile Sensor Networks

PubMed Central

Guo, Kehua; Zhang, Ping; Ma, Jianhua

2016-01-01

Secure data aggregation (SDA) schemes are widely used in distributed applications, such as mobile sensor networks, to reduce communication cost, prolong the network life cycle and provide security. However, most SDA are only suited for a single type of statistics (i.e., summation-based or comparison-based statistics) and are not applicable to obtaining multiple statistic results. Most SDA are also inefficient for dynamic networks. This paper presents multi-functional secure data aggregation (MFSDA), in which the mapping step and coding step are introduced to provide value-preserving and order-preserving and, later, to enable arbitrary statistics support in the same query. MFSDA is suited for dynamic networks because these active nodes can be counted directly from aggregation data. The proposed scheme is tolerant to many types of attacks. The network load of the proposed scheme is balanced, and no significant bottleneck exists. The MFSDA includes two versions: MFSDA-I and MFSDA-II. The first one can obtain accurate results, while the second one is a more generalized version that can significantly reduce network traffic at the expense of less accuracy loss. PMID:27120599

Coordinating UAV information for executing national security-oriented collaboration

NASA Astrophysics Data System (ADS)

Isenor, Anthony W.; Allard, Yannick; Lapinski, Anna-Liesa S.; Demers, Hugues; Radulescu, Dan

2014-10-01

Unmanned Aerial Vehicles (UAVs) are being used by numerous nations for defence-related missions. In some cases, the UAV is considered a cost-effective means to acquire data such as imagery over a location or object. Considering Canada's geographic expanse, UAVs are also being suggested as a potential platform for use in surveillance of remote areas, such as northern Canada. However, such activities are typically associated with security as opposed to defence. The use of a defence platform for security activities introduces the issue of information exchange between the defence and security communities and their software applications. This paper explores the flow of information from the system used by the UAVs employed by the Royal Canadian Navy. Multiple computers are setup, each with the information system used by the UAVs, including appropriate communication between the systems. Simulated data that may be expected from a typical maritime UAV mission is then fed into the information system. The information structures common to the Canadian security community are then used to store and transfer the simulated data. The resulting data flow from the defence-oriented UAV system to the security-oriented information structure is then displayed using an open source geospatial application. Use of the information structures and applications relevant to the security community avoids the distribution restrictions often associated with defence-specific applications.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit.

PubMed

Haidar, Ali N; Zasada, Stefan J; Coveney, Peter V; Abdallah, Ali E; Beckles, Bruce; Jones, Mike A S

2011-06-06

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username-password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

PubMed Central

Haidar, Ali N.; Zasada, Stefan J.; Coveney, Peter V.; Abdallah, Ali E.; Beckles, Bruce; Jones, Mike A. S.

2011-01-01

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username–password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale. PMID:22670214

Cost-Efficient and Multi-Functional Secure Aggregation in Large Scale Distributed Application

PubMed Central

Zhang, Ping; Li, Wenjun; Sun, Hua

2016-01-01

Secure aggregation is an essential component of modern distributed applications and data mining platforms. Aggregated statistical results are typically adopted in constructing a data cube for data analysis at multiple abstraction levels in data warehouse platforms. Generating different types of statistical results efficiently at the same time (or referred to as enabling multi-functional support) is a fundamental requirement in practice. However, most of the existing schemes support a very limited number of statistics. Securely obtaining typical statistical results simultaneously in the distribution system, without recovering the original data, is still an open problem. In this paper, we present SEDAR, which is a SEcure Data Aggregation scheme under the Range segmentation model. Range segmentation model is proposed to reduce the communication cost by capturing the data characteristics, and different range uses different aggregation strategy. For raw data in the dominant range, SEDAR encodes them into well defined vectors to provide value-preservation and order-preservation, and thus provides the basis for multi-functional aggregation. A homomorphic encryption scheme is used to achieve data privacy. We also present two enhanced versions. The first one is a Random based SEDAR (REDAR), and the second is a Compression based SEDAR (CEDAR). Both of them can significantly reduce communication cost with the trade-off lower security and lower accuracy, respectively. Experimental evaluations, based on six different scenes of real data, show that all of them have an excellent performance on cost and accuracy. PMID:27551747

Cost-Efficient and Multi-Functional Secure Aggregation in Large Scale Distributed Application.

PubMed

Zhang, Ping; Li, Wenjun; Sun, Hua

2016-01-01

Secure aggregation is an essential component of modern distributed applications and data mining platforms. Aggregated statistical results are typically adopted in constructing a data cube for data analysis at multiple abstraction levels in data warehouse platforms. Generating different types of statistical results efficiently at the same time (or referred to as enabling multi-functional support) is a fundamental requirement in practice. However, most of the existing schemes support a very limited number of statistics. Securely obtaining typical statistical results simultaneously in the distribution system, without recovering the original data, is still an open problem. In this paper, we present SEDAR, which is a SEcure Data Aggregation scheme under the Range segmentation model. Range segmentation model is proposed to reduce the communication cost by capturing the data characteristics, and different range uses different aggregation strategy. For raw data in the dominant range, SEDAR encodes them into well defined vectors to provide value-preservation and order-preservation, and thus provides the basis for multi-functional aggregation. A homomorphic encryption scheme is used to achieve data privacy. We also present two enhanced versions. The first one is a Random based SEDAR (REDAR), and the second is a Compression based SEDAR (CEDAR). Both of them can significantly reduce communication cost with the trade-off lower security and lower accuracy, respectively. Experimental evaluations, based on six different scenes of real data, show that all of them have an excellent performance on cost and accuracy.

78 FR 7440 - Agency Information Collection Activities: Submission for Review; Information Collection Extension...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... (DHS Form 10008); (9) Application for SAFETY Act Certification (DHS Form 10007); (10) SAFETY Act Block Designation Application (DHS Form 10005); and (11) SAFETY Act Block Certification Application (DHS Form 10004... distribution chain. The Department of Homeland Security Science & Technology Directorate (DHS S&T) currently...

Quantum key distribution with an efficient countermeasure against correlated intensity fluctuations in optical pulses

NASA Astrophysics Data System (ADS)

Yoshino, Ken-ichiro; Fujiwara, Mikio; Nakata, Kensuke; Sumiya, Tatsuya; Sasaki, Toshihiko; Takeoka, Masahiro; Sasaki, Masahide; Tajima, Akio; Koashi, Masato; Tomita, Akihisa

2018-03-01

Quantum key distribution (QKD) allows two distant parties to share secret keys with the proven security even in the presence of an eavesdropper with unbounded computational power. Recently, GHz-clock decoy QKD systems have been realized by employing ultrafast optical communication devices. However, security loopholes of high-speed systems have not been fully explored yet. Here we point out a security loophole at the transmitter of the GHz-clock QKD, which is a common problem in high-speed QKD systems using practical band-width limited devices. We experimentally observe the inter-pulse intensity correlation and modulation pattern-dependent intensity deviation in a practical high-speed QKD system. Such correlation violates the assumption of most security theories. We also provide its countermeasure which does not require significant changes of hardware and can generate keys secure over 100 km fiber transmission. Our countermeasure is simple, effective and applicable to wide range of high-speed QKD systems, and thus paves the way to realize ultrafast and security-certified commercial QKD systems.

Photonic sensor opportunities for distributed and wireless systems in security applications

NASA Astrophysics Data System (ADS)

Krohn, David

2006-10-01

There are broad ranges of homeland security sensing applications that can be facilitated by distributed fiber optic sensors and photonics integrated wireless systems. These applications include [1]: Pipeline, (Monitoring, Security); Smart structures (Bridges, Tunnels, Dams, Public spaces); Power lines (Monitoring, Security); Transportation security; Chemical/biological detection; Wide area surveillance - perimeter; and Port Security (Underwater surveillance, Cargo container). Many vital assets which cover wide areas, such as pipeline and borders, are under constant threat of being attacked or breached. There is a rapidly emerging need to be able to provide identification of intrusion threats to such vital assets. Similar problems exit for monitoring the basic infrastructure such as water supply, power utilities, communications systems as well as transportation. There is a need to develop a coordinated and integrated solution for the detection of threats. From a sensor standpoint, consideration must not be limited to detection, but how does detection lead to intervention and deterrence. Fiber optic sensor technology must be compatible with other surveillance technologies such as wireless mote technology to facilitate integration. In addition, the multi-functionality of fiber optic sensors must be expanded to include bio-chemical detection. There have been a number of barriers for the acceptance and broad use of smart fiber optic sensors. Compared to telecommunications, the volume is low. This fact coupled with proprietary and custom specifications has kept the price of fiber optic sensors high. There is a general lack of a manufacturing infrastructure and lack of standards for packaging and reliability. Also, there are several competing technologies; some photonic based and other approaches based on conventional non-photonic technologies.

Ghost imaging for three-dimensional optical security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Wen, E-mail: elechenw@nus.edu.sg; Chen, Xudong

2013-11-25

Ghost imaging has become increasingly popular in quantum and optical application fields. Here, we report three-dimensional (3D) optical security using ghost imaging. The series of random phase-only masks are sparsified, which are further converted into particle-like distributions placed in 3D space. We show that either an optical or digital approach can be employed for the encoding. The results illustrate that a larger key space can be generated due to the application of 3D space compared with previous works.

Building an authorization model for external means of protection of APCS based on the Internet of things

NASA Astrophysics Data System (ADS)

Zaharov, A. A.; Nissenbaum, O. V.; Ponomaryov, K. Y.; Nesgovorov, E. S.

2018-01-01

In this paper we study application of Internet of Thing concept and devices to secure automated process control systems. We review different approaches in IoT (Internet of Things) architecture and design and propose them for several applications in security of automated process control systems. We consider an Attribute-based encryption in context of access control mechanism implementation and promote a secret key distribution scheme between attribute authorities and end devices.

Quantum-secured blockchain

NASA Astrophysics Data System (ADS)

Kiktenko, E. O.; Pozhar, N. O.; Anufriev, M. N.; Trushechkin, A. S.; Yunusov, R. R.; Kurochkin, Y. V.; Lvovsky, A. I.; Fedorov, A. K.

2018-07-01

Blockchain is a distributed database which is cryptographically protected against malicious modifications. While promising for a wide range of applications, current blockchain platforms rely on digital signatures, which are vulnerable to attacks by means of quantum computers. The same, albeit to a lesser extent, applies to cryptographic hash functions that are used in preparing new blocks, so parties with access to quantum computation would have unfair advantage in procuring mining rewards. Here we propose a possible solution to the quantum era blockchain challenge and report an experimental realization of a quantum-safe blockchain platform that utilizes quantum key distribution across an urban fiber network for information-theoretically secure authentication. These results address important questions about realizability and scalability of quantum-safe blockchains for commercial and governmental applications.

A Study on the Security Levels of Spread-Spectrum Embedding Schemes in the WOA Framework.

PubMed

Wang, Yuan-Gen; Zhu, Guopu; Kwong, Sam; Shi, Yun-Qing

2017-08-23

Security analysis is a very important issue for digital watermarking. Several years ago, according to Kerckhoffs' principle, the famous four security levels, namely insecurity, key security, subspace security, and stego-security, were defined for spread-spectrum (SS) embedding schemes in the framework of watermarked-only attack. However, up to now there has been little application of the definition of these security levels to the theoretical analysis of the security of SS embedding schemes, due to the difficulty of the theoretical analysis. In this paper, based on the security definition, we present a theoretical analysis to evaluate the security levels of five typical SS embedding schemes, which are the classical SS, the improved SS (ISS), the circular extension of ISS, the nonrobust and robust natural watermarking, respectively. The theoretical analysis of these typical SS schemes are successfully performed by taking advantage of the convolution of probability distributions to derive the probabilistic models of watermarked signals. Moreover, simulations are conducted to illustrate and validate our theoretical analysis. We believe that the theoretical and practical analysis presented in this paper can bridge the gap between the definition of the four security levels and its application to the theoretical analysis of SS embedding schemes.

Information Acquisition, Analysis and Integration

DTIC Science & Technology

2016-08-03

of sensing and processing, theory, applications, signal processing, image and video processing, machine learning , technology transfer. 16. SECURITY... learning . 5. Solved elegantly old problems like image and video debluring, intro- ducing new revolutionary approaches. 1 DISTRIBUTION A: Distribution...Polatkan, G. Sapiro, D. Blei, D. B. Dunson, and L. Carin, “ Deep learning with hierarchical convolution factor analysis,” IEEE 6 DISTRIBUTION A

MDA-based EHR application security services.

PubMed

Blobel, Bernd; Pharow, Peter

2004-01-01

Component-oriented, distributed, virtual EHR systems have to meet enhanced security and privacy requirements. In the context of advanced architectural paradigms such as component-orientation, model-driven, and knowledge-based, standardised security services needed have to be specified and implemented in an integrated way following the same paradigm. This concerns the deployment of formal models, meta-languages, reference models such as the ISO RM-ODP, and development as well as implementation tools. International projects' results presented proceed on that streamline.

Standardization of quantum key distribution and the ETSI standardization initiative ISG-QKD

NASA Astrophysics Data System (ADS)

Länger, Thomas; Lenhart, Gaby

2009-05-01

In recent years, quantum key distribution (QKD) has been the object of intensive research activities and of rapid progress, and it is now developing into a competitive industry with commercial products. Once QKD systems are transferred from the controlled environment of physical laboratories into a real-world environment for practical use, a number of practical security, compatibility and connectivity issues need to be resolved. In particular, comprehensive security evaluation and watertight security proofs need to be addressed to increase trust in QKD. System interoperability with existing infrastructures and applications as well as conformance with specific user requirements have to be assured. Finding common solutions to these problems involving all actors can provide an advantage for the commercialization of QKD as well as for further technological development. The ETSI industry specification group for QKD (ISG-QKD) offers a forum for creating such universally accepted standards and will promote significant leverage effects on coordination, cooperation and convergence in research, technical development and business application of QKD.

Security Issues in Cross-Organizational Peer-to-Peer Applications and Some Solutions

NASA Astrophysics Data System (ADS)

Gupta, Ankur; Awasthi, Lalit K.

Peer-to-Peer networks have been widely used for sharing millions of terabytes of content, for large-scale distributed computing and for a variety of other novel applications, due to their scalability and fault-tolerance. However, the scope of P2P networks has somehow been limited to individual computers connected to the internet. P2P networks are also notorious for blatant copyright violations and facilitating several kinds of security attacks. Businesses and large organizations have thus stayed away from deploying P2P applications citing security loopholes in P2P systems as the biggest reason for non-adoption. In theory P2P applications can help fulfill many organizational requirements such as collaboration and joint projects with other organizations, access to specialized computing infrastructure and finally accessing the specialized information/content and expert human knowledge available at other organizations. These potentially beneficial interactions necessitate that the research community attempt to alleviate the security shortcomings in P2P systems and ensure their acceptance and wide deployment. This research paper therefore examines the security issues prevalent in enabling cross-organizational P2P interactions and provides some technical insights into how some of these issues can be resolved.

Web-Enabled Systems for Student Access.

ERIC Educational Resources Information Center

Harris, Chad S.; Herring, Tom

1999-01-01

California State University, Fullerton is developing a suite of server-based, Web-enabled applications that distribute the functionality of its student information system software to external customers without modifying the mainframe applications or databases. The cost-effective, secure, and rapidly deployable business solution involves using the…

Practical private database queries based on a quantum-key-distribution protocol

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jakobi, Markus; Humboldt-Universitaet zu Berlin, D-10117 Berlin; Simon, Christoph

2011-02-15

Private queries allow a user, Alice, to learn an element of a database held by a provider, Bob, without revealing which element she is interested in, while limiting her information about the other elements. We propose to implement private queries based on a quantum-key-distribution protocol, with changes only in the classical postprocessing of the key. This approach makes our scheme both easy to implement and loss tolerant. While unconditionally secure private queries are known to be impossible, we argue that an interesting degree of security can be achieved by relying on fundamental physical principles instead of unverifiable security assumptions inmore » order to protect both the user and the database. We think that the scope exists for such practical private queries to become another remarkable application of quantum information in the footsteps of quantum key distribution.« less

A security mechanism based on evolutionary game in fog computing.

PubMed

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

End-to-end security for personal telehealth.

PubMed

Koster, Paul; Asim, Muhammad; Petkovic, Milan

2011-01-01

Personal telehealth is in rapid development with innovative emerging applications like disease management. With personal telehealth people participate in their own care supported by an open distributed system with health services. This poses new end-to-end security and privacy challenges. In this paper we introduce new end-to-end security requirements and present a design for consent management in the context of the Continua Health Alliance architecture. Thus, we empower patients to control how their health information is shared and used in a personal telehealth eco-system.

Optimal service distribution in WSN service system subject to data security constraints.

PubMed

Wu, Zhao; Xiong, Naixue; Huang, Yannong; Gu, Qiong

2014-08-04

Services composition technology provides a flexible approach to building Wireless Sensor Network (WSN) Service Applications (WSA) in a service oriented tasking system for WSN. Maintaining the data security of WSA is one of the most important goals in sensor network research. In this paper, we consider a WSN service oriented tasking system in which the WSN Services Broker (WSB), as the resource management center, can map the service request from user into a set of atom-services (AS) and send them to some independent sensor nodes (SN) for parallel execution. The distribution of ASs among these SNs affects the data security as well as the reliability and performance of WSA because these SNs can be of different and independent specifications. By the optimal service partition into the ASs and their distribution among SNs, the WSB can provide the maximum possible service reliability and/or expected performance subject to data security constraints. This paper proposes an algorithm of optimal service partition and distribution based on the universal generating function (UGF) and the genetic algorithm (GA) approach. The experimental analysis is presented to demonstrate the feasibility of the suggested algorithm.

Optimal Service Distribution in WSN Service System Subject to Data Security Constraints

PubMed Central

Wu, Zhao; Xiong, Naixue; Huang, Yannong; Gu, Qiong

2014-01-01

Services composition technology provides a flexible approach to building Wireless Sensor Network (WSN) Service Applications (WSA) in a service oriented tasking system for WSN. Maintaining the data security of WSA is one of the most important goals in sensor network research. In this paper, we consider a WSN service oriented tasking system in which the WSN Services Broker (WSB), as the resource management center, can map the service request from user into a set of atom-services (AS) and send them to some independent sensor nodes (SN) for parallel execution. The distribution of ASs among these SNs affects the data security as well as the reliability and performance of WSA because these SNs can be of different and independent specifications. By the optimal service partition into the ASs and their distribution among SNs, the WSB can provide the maximum possible service reliability and/or expected performance subject to data security constraints. This paper proposes an algorithm of optimal service partition and distribution based on the universal generating function (UGF) and the genetic algorithm (GA) approach. The experimental analysis is presented to demonstrate the feasibility of the suggested algorithm. PMID:25093346

Resolving the Problem of Aligning Communities of Interest, Data Format Differences, Orthogonal Sensor Views, Intermittency, and Security - DoD Homeland Security Command and Control Advanced Concept Technology Demonstration

DTIC Science & Technology

2005-06-01

provisioning, maintaining and guaranteeing service levels for the shared services ? Although these shared, distributed services lie well within the... shared services that interact with a common object definition for transporting alerts. The system is built on top of a rapid SOA application

An eConsent-based System Architecture Supporting Cooperation in Integrated Healthcare Networks.

PubMed

Bergmann, Joachim; Bott, Oliver J; Hoffmann, Ina; Pretschner, Dietrich P

2005-01-01

The economical need for efficient healthcare leads to cooperative shared care networks. A virtual electronic health record is required, which integrates patient related information but reflects the distributed infrastructure and restricts access only to those health professionals involved into the care process. Our work aims on specification and development of a system architecture fulfilling these requirements to be used in concrete regional pilot studies. Methodical analysis and specification have been performed in a healthcare network using the formal method and modelling tool MOSAIK-M. The complexity of the application field was reduced by focusing on the scenario of thyroid disease care, which still includes various interdisciplinary cooperation. Result is an architecture for a secure distributed electronic health record for integrated care networks, specified in terms of a MOSAIK-M-based system model. The architecture proposes business processes, application services, and a sophisticated security concept, providing a platform for distributed document-based, patient-centred, and secure cooperation. A corresponding system prototype has been developed for pilot studies, using advanced application server technologies. The architecture combines a consolidated patient-centred document management with a decentralized system structure without needs for replication management. An eConsent-based approach assures, that access to the distributed health record remains under control of the patient. The proposed architecture replaces message-based communication approaches, because it implements a virtual health record providing complete and current information. Acceptance of the new communication services depends on compatibility with the clinical routine. Unique and cross-institutional identification of a patient is also a challenge, but will loose significance with establishing common patient cards.

Derived virtual devices: a secure distributed file system mechanism

NASA Technical Reports Server (NTRS)

VanMeter, Rodney; Hotz, Steve; Finn, Gregory

1996-01-01

This paper presents the design of derived virtual devices (DVDs). DVDs are the mechanism used by the Netstation Project to provide secure shared access to network-attached peripherals distributed in an untrusted network environment. DVDs improve Input/Output efficiency by allowing user processes to perform I/O operations directly from devices without intermediate transfer through the controlling operating system kernel. The security enforced at the device through the DVD mechanism includes resource boundary checking, user authentication, and restricted operations, e.g., read-only access. To illustrate the application of DVDs, we present the interactions between a network-attached disk and a file system designed to exploit the DVD abstraction. We further discuss third-party transfer as a mechanism intended to provide for efficient data transfer in a typical NAP environment. We show how DVDs facilitate third-party transfer, and provide the security required in a more open network environment.

Monitoring of continuous-variable quantum key distribution system in real environment.

PubMed

Liu, Weiqi; Peng, Jinye; Huang, Peng; Huang, Duan; Zeng, Guihua

2017-08-07

How to guarantee the practical security of continuous-variable quantum key distribution (CVQKD) system has been an important issue in the quantum cryptography applications. In contrast to the previous practical security strategies, which focus on the intercept-resend attack or the Gaussian attack, we investigate the practical security strategy based on a general attack, i.e., an arbitrated individual attack or collective attack on the system by Eve in this paper. The low bound of intensity disturbance of the local oscillator signal for eavesdropper successfully concealing herself is obtained, considering all noises can be used by Eve in the practical environment. Furthermore, we obtain an optimal monitoring condition for the practical CVQKD system so that legitimate communicators can monitor the general attack in real-time. As examples, practical security of two special systems, i.e., the Gaussian modulated coherent state CVQKD system and the middle-based CVQKD system, are investigated under the intercept-resend attacks.

CORBASec Used to Secure Distributed Aerospace Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

The NASA Glenn Research Center and its industry partners are developing a Common Object Request Broker (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines. It was developed by Glenn and is being managed by the NASA Ames Research Center as the lead center reporting directly to NASA Headquarters' Aerospace Technology Enterprise. Glenn is an active domain member of the Object Management Group: an open membership, not-for-profit consortium that produces and manages computer industry specifications (i.e., CORBA) for interoperable enterprise applications. When NPSS is deployed, it will assemble a distributed aerospace propulsion simulation scenario from proprietary analytical CORBA servers and execute them with security afforded by the CORBASec implementation. The NPSS CORBASec test bed was initially developed with the TPBroker Security Service product (Hitachi Computer Products (America), Inc., Waltham, MA) using the Object Request Broker (ORB), which is based on the TPBroker Basic Object Adaptor, and using NPSS software across different firewall products. The test bed has been migrated to the Portable Object Adaptor architecture using the Hitachi Security Service product based on the VisiBroker 4.x ORB (Borland, Scotts Valley, CA) and on the Orbix 2000 ORB (Dublin, Ireland, with U.S. headquarters in Waltham, MA). Glenn, GE Aircraft Engines, and Pratt & Whitney Aircraft are the initial industry partners contributing to the NPSS CORBASec test bed. The test bed uses Security SecurID (RSA Security Inc., Bedford, MA) two-factor token-based authentication together with Hitachi Security Service digital-certificate-based authentication to validate the various NPSS users. The test bed is expected to demonstrate NPSS CORBASec-specific policy functionality, confirm adequate performance, and validate the required Internet configuration in a distributed collaborative aerospace propulsion environment.

77 FR 22616 - Huntington Asset Advisors, Inc., et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-16

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 30032; 812-13785... the Investment Company Act of 1940 (``Act'') for an exemption from sections 2(a)(32), 5(a)(1), 22(d...''), Huntington Strategy Shares (``Trust''), and SEI Investments Distribution Co. Summary of Application...

78 FR 17235 - Global X Funds, et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-20

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 30426; 812-14079] Global X... relying on rule 12d1-2 under the 1940 Act to invest in certain financial instruments. Applicants: Global X Funds (``Trust'''), Global X Management Company LLC (``Adviser'') and SEI Investment Distribution Co...

James Reilly | NREL

Science.gov Websites

experience and expertise in energy projects ranging from 50 kW to 150 MW across distribution and transmission security for Department of Defense Transmission and distribution system design. Education B.S., Energy Working in the Engineering and Modeling Group of NREL's Integrated Applications Center under the Energy

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

DOE Office of Scientific and Technical Information (OSTI.GOV)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Gridmore » Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.« less

TeleMed: Wide-area, secure, collaborative object computing with Java and CORBA for healthcare

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forslund, D.W.; George, J.E.; Gavrilov, E.M.

1998-12-31

Distributed computing is becoming commonplace in a variety of industries with healthcare being a particularly important one for society. The authors describe the development and deployment of TeleMed in a few healthcare domains. TeleMed is a 100% Java distributed application build on CORBA and OMG standards enabling the collaboration on the treatment of chronically ill patients in a secure manner over the Internet. These standards enable other systems to work interoperably with TeleMed and provide transparent access to high performance distributed computing to the healthcare domain. The goal of wide scale integration of electronic medical records is a grand-challenge scalemore » problem of global proportions with far-reaching social benefits.« less

Public key infrastructure for DOE security research

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aiken, R.; Foster, I.; Johnston, W.E.

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-keymore » infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.« less

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

29 CFR 1926.450 - Scope, application and definitions applicable to this subpart.

Code of Federal Regulations, 2014 CFR

2014-07-01

... means a single-point adjustable suspension scaffold consisting of a seat or sling designed to support... means a design of straps which may be secured about the employee in a manner to distribute the fall... a series of interconnected braced scaffold members or supporting structures erected to form a...

29 CFR 1926.450 - Scope, application and definitions applicable to this subpart.

Code of Federal Regulations, 2012 CFR

2012-07-01

... means a single-point adjustable suspension scaffold consisting of a seat or sling designed to support... means a design of straps which may be secured about the employee in a manner to distribute the fall... a series of interconnected braced scaffold members or supporting structures erected to form a...

29 CFR 1926.450 - Scope, application and definitions applicable to this subpart.

Code of Federal Regulations, 2013 CFR

2013-07-01

... means a single-point adjustable suspension scaffold consisting of a seat or sling designed to support... means a design of straps which may be secured about the employee in a manner to distribute the fall... a series of interconnected braced scaffold members or supporting structures erected to form a...

29 CFR 1926.450 - Scope, application and definitions applicable to this subpart.

Code of Federal Regulations, 2011 CFR

2011-07-01

... means a single-point adjustable suspension scaffold consisting of a seat or sling designed to support... means a design of straps which may be secured about the employee in a manner to distribute the fall... a series of interconnected braced scaffold members or supporting structures erected to form a...

Metrinome: Continuous Monitoring and Security Validation of Distributed Systems

DTIC Science & Technology

2014-03-01

Integration into the SDLC ( Software Development Life Cycle), Retrieved Nov 06 2013, https://www.owasp.org/ images/f/f6/Integration_into_the_SDLC.ppt [2...assessment as part of the software development life cycle, current approaches suffer from a number of shortcomings that limit their application in...with assessing security and correct functionality. Second, integrated and end-to-end testing and experimentation is often postponed until software

Introduction: The SERENITY vision

NASA Astrophysics Data System (ADS)

Maña, Antonio; Spanoudakis, George; Kokolakis, Spyros

In this chapter we present an overview of the SERENITY approach. We describe the SERENITY model of secure and dependable applications and show how it addresses the challenge of developing, integrating and dynamically maintaining security and dependability mechanisms in open, dynamic, distributed and heterogeneous computing systems and in particular Ambient Intelligence scenarios. The chapter describes the basic concepts used in the approach and introduces the different processes supported by SERENITY, along with the tools provided.

High-capacity quantum key distribution via hyperentangled degrees of freedom

NASA Astrophysics Data System (ADS)

Simon, David S.; Sergienko, Alexander V.

2014-06-01

Quantum key distribution (QKD) has long been a promising area for the application of quantum effects in solving real-world problems. However, two major obstacles have stood in the way of its widespread application: low secure key generation rates and short achievable operating distances. In this paper, a new physical mechanism for dealing with the first of these problems is proposed: the interplay between different degrees of freedom in a hyperentangled system (parametric down-conversion) is used to increase the Hilbert space dimension available for key generation while maintaining security. Polarization-based Bell tests provide security checking, while orbital angular momentum (OAM) and total angular momentum (TAM) provide a higher key generation rate. Whether to measure TAM or OAM is decided randomly in each trial. The concurrent noncommutativity of TAM with OAM and polarization provides the physical basis for quantum security. TAM measurements link polarization to OAM, so that if the legitimate participants measure OAM while the eavesdropper measures TAM (or vice-versa), then polarization entanglement is lost, revealing the eavesdropper. In contrast to other OAM-based QKD methods, complex active switching between OAM bases is not required; instead, passive switching by beam splitters combined with much simpler active switching between polarization bases makes implementation at high OAM more practical.

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

Behavioral analysis of use personal service e-balance Indonesian social security

NASA Astrophysics Data System (ADS)

Wang, Gunawan; Fitriani, Novi; Nurul Fajar, Ahmad

2017-09-01

Indonesian Social Security is the one of the government agencies that is trusted to organize social security. With help of Information technology that growing these day, Indonesian Social Security is also developing E-Balance application, where previously all activities for checking balance is done by giving their slip details through the nearest branch to be distributed to each company. So far there is no research that reviewing e-Balance. Hence, the authors is interested to do research related factors that influence the behavior of the use of E-Balance Indonesian Social Security in the Jakarta area and model that can describe those factors Authors distributing questioners to 193 respondents and perform data processing. The result of this study is to know the factors that influence the behavior of use Personal Service E-Balance Indonesian Social Security and model that can describe those factors. The result shows that UTAUT 2 model is not match with this research and need to be enhanced. After enhancement, there are 3 factors that being significant. Such as Behavioral Intention, Effort Expectancy and Social Influence while the others are not supported and need to be customize.

OGC and Grid Interoperability in enviroGRIDS Project

NASA Astrophysics Data System (ADS)

Gorgan, Dorian; Rodila, Denisa; Bacu, Victor; Giuliani, Gregory; Ray, Nicolas

2010-05-01

EnviroGRIDS (Black Sea Catchment Observation and Assessment System supporting Sustainable Development) [1] is a 4-years FP7 Project aiming to address the subjects of ecologically unsustainable development and inadequate resource management. The project develops a Spatial Data Infrastructure of the Black Sea Catchment region. The geospatial technologies offer very specialized functionality for Earth Science oriented applications as well as the Grid oriented technology that is able to support distributed and parallel processing. One challenge of the enviroGRIDS project is the interoperability between geospatial and Grid infrastructures by providing the basic and the extended features of the both technologies. The geospatial interoperability technology has been promoted as a way of dealing with large volumes of geospatial data in distributed environments through the development of interoperable Web service specifications proposed by the Open Geospatial Consortium (OGC), with applications spread across multiple fields but especially in Earth observation research. Due to the huge volumes of data available in the geospatial domain and the additional introduced issues (data management, secure data transfer, data distribution and data computation), the need for an infrastructure capable to manage all those problems becomes an important aspect. The Grid promotes and facilitates the secure interoperations of geospatial heterogeneous distributed data within a distributed environment, the creation and management of large distributed computational jobs and assures a security level for communication and transfer of messages based on certificates. This presentation analysis and discusses the most significant use cases for enabling the OGC Web services interoperability with the Grid environment and focuses on the description and implementation of the most promising one. In these use cases we give a special attention to issues such as: the relations between computational grid and the OGC Web service protocols, the advantages offered by the Grid technology - such as providing a secure interoperability between the distributed geospatial resource -and the issues introduced by the integration of distributed geospatial data in a secure environment: data and service discovery, management, access and computation. enviroGRIDS project proposes a new architecture which allows a flexible and scalable approach for integrating the geospatial domain represented by the OGC Web services with the Grid domain represented by the gLite middleware. The parallelism offered by the Grid technology is discussed and explored at the data level, management level and computation level. The analysis is carried out for OGC Web service interoperability in general but specific details are emphasized for Web Map Service (WMS), Web Feature Service (WFS), Web Coverage Service (WCS), Web Processing Service (WPS) and Catalog Service for Web (CSW). Issues regarding the mapping and the interoperability between the OGC and the Grid standards and protocols are analyzed as they are the base in solving the communication problems between the two environments: grid and geospatial. The presetation mainly highlights how the Grid environment and Grid applications capabilities can be extended and utilized in geospatial interoperability. Interoperability between geospatial and Grid infrastructures provides features such as the specific geospatial complex functionality and the high power computation and security of the Grid, high spatial model resolution and geographical area covering, flexible combination and interoperability of the geographical models. According with the Service Oriented Architecture concepts and requirements of interoperability between geospatial and Grid infrastructures each of the main functionality is visible from enviroGRIDS Portal and consequently, by the end user applications such as Decision Maker/Citizen oriented Applications. The enviroGRIDS portal is the single way of the user to get into the system and the portal faces a unique style of the graphical user interface. Main reference for further information: [1] enviroGRIDS Project, http://www.envirogrids.net/

Predictive Anomaly Management for Resilient Virtualized Computing Infrastructures

DTIC Science & Technology

2015-05-27

PREC: Practical Root Exploit Containment for Android Devices, ACM Conference on Data and Application Security and Privacy (CODASPY) . 03-MAR-14...05-OCT-11, . : , Hiep Nguyen, Yongmin Tan, Xiaohui Gu. Propagation-aware Anomaly Localization for Cloud Hosted Distributed Applications , ACM...Workshop on Managing Large-Scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques (SLAML) in conjunction with SOSP

Efficient bit sifting scheme of post-processing in quantum key distribution

NASA Astrophysics Data System (ADS)

Li, Qiong; Le, Dan; Wu, Xianyan; Niu, Xiamu; Guo, Hong

2015-10-01

Bit sifting is an important step in the post-processing of quantum key distribution (QKD). Its function is to sift out the undetected original keys. The communication traffic of bit sifting has essential impact on the net secure key rate of a practical QKD system. In this paper, an efficient bit sifting scheme is presented, of which the core is a lossless source coding algorithm. Both theoretical analysis and experimental results demonstrate that the performance of the scheme is approaching the Shannon limit. The proposed scheme can greatly decrease the communication traffic of the post-processing of a QKD system, which means the proposed scheme can decrease the secure key consumption for classical channel authentication and increase the net secure key rate of the QKD system, as demonstrated by analyzing the improvement on the net secure key rate. Meanwhile, some recommendations on the application of the proposed scheme to some representative practical QKD systems are also provided.

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications.

PubMed

Fernández-Caramés, Tiago M; Fraga-Lamas, Paula; Suárez-Albela, Manuel; Castedo, Luis

2016-12-24

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol.

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications

PubMed Central

Fernández-Caramés, Tiago M.; Fraga-Lamas, Paula; Suárez-Albela, Manuel; Castedo, Luis

2016-01-01

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol. PMID:28029119

Information Security Considerations for Applications Using Apache Accumulo

DTIC Science & Technology

2014-09-01

Distributed File System INSCOM United States Army Intelligence and Security Command JPA Java Persistence API JSON JavaScript Object Notation MAC Mandatory... MySQL [13]. BigTable can process 20 petabytes per day [14]. High degree of scalability on commodity hardware. NoSQL databases do not rely on highly...manipulation in relational databases. NoSQL databases each have a unique programming interface that uses a lower level procedural language (e.g., Java

Semiquantum key distribution with secure delegated quantum computation

PubMed Central

Li, Qin; Chan, Wai Hong; Zhang, Shengyu

2016-01-01

Semiquantum key distribution allows a quantum party to share a random key with a “classical” party who only can prepare and measure qubits in the computational basis or reorder some qubits when he has access to a quantum channel. In this work, we present a protocol where a secret key can be established between a quantum user and an almost classical user who only needs the quantum ability to access quantum channels, by securely delegating quantum computation to a quantum server. We show the proposed protocol is robust even when the delegated quantum server is a powerful adversary, and is experimentally feasible with current technology. As one party of our protocol is the most quantum-resource efficient, it can be more practical and significantly widen the applicability scope of quantum key distribution. PMID:26813384

Scalable Energy Networks to Promote Energy Security

DTIC Science & Technology

2011-07-01

commodity. Consider current challenges of converting energy and synchronizing sources with loads—for example, capturing solar energy to provide hot water...distributed micro-generation1 (for example, roof-mounted solar panels) and plug-in elec- tric/hybrid vehicles. The imperative extends to our national...transformers, battery chargers ■■ distribution: pumps, pipes, switches, cables ■■ applications: lighting, automobiles, personal electronic devices

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

PubMed Central

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-01

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack. PMID:26751443

Design and Development of Layered Security: Future Enhancements and Directions in Transmission.

PubMed

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-06

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

Method for secure electronic voting system: face recognition based approach

NASA Astrophysics Data System (ADS)

Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

2017-06-01

In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

A joint signal processing and cryptographic approach to multimedia encryption.

PubMed

Mao, Yinian; Wu, Min

2006-07-01

In recent years, there has been an increasing trend for multimedia applications to use delegate service providers for content distribution, archiving, search, and retrieval. These delegate services have brought new challenges to the protection of multimedia content confidentiality. This paper discusses the importance and feasibility of applying a joint signal processing and cryptographic approach to multimedia encryption, in order to address the access control issues unique to multimedia applications. We propose two atomic encryption operations that can preserve standard compliance and are friendly to delegate processing. Quantitative analysis for these operations is presented to demonstrate that a good tradeoff can be made between security and bitrate overhead. In assisting the design and evaluation of media security systems, we also propose a set of multimedia-oriented security scores to quantify the security against approximation attacks and to complement the existing notion of generic data security. Using video as an example, we present a systematic study on how to strategically integrate different atomic operations to build a video encryption system. The resulting system can provide superior performance over both generic encryption and its simple adaptation to video in terms of a joint consideration of security, bitrate overhead, and friendliness to delegate processing.

Recent Advances in Understanding the Reactivity of Energetic Ionic Liquids in Propulsion Applications

DTIC Science & Technology

2014-08-12

vacuum ultraviolet photoionization of catalytically decomposed aerosols of EILs will be discussed. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION...45 photoionization , fragmentation: thermal decomposition, photoionization : M06/6-31+G(d,p) AE = 10.37 eV Distribution A:  Approved for public... photoionization , fragmentation: thermal decomposition, photoionization : M06/6-31+G(d,p) Distribution A:  Approved for public release; distribution

Distributed denial of service (DDoS) attack in cloud- assisted wireless body area networks: a systematic literature review.

PubMed

Latif, Rabia; Abbas, Haider; Assar, Saïd

2014-11-01

Wireless Body Area Networks (WBANs) have emerged as a promising technology that has shown enormous potential in improving the quality of healthcare, and has thus found a broad range of medical applications from ubiquitous health monitoring to emergency medical response systems. The huge amount of highly sensitive data collected and generated by WBAN nodes requires an ascendable and secure storage and processing infrastructure. Given the limited resources of WBAN nodes for storage and processing, the integration of WBANs and cloud computing may provide a powerful solution. However, despite the benefits of cloud-assisted WBAN, several security issues and challenges remain. Among these, data availability is the most nagging security issue. The most serious threat to data availability is a distributed denial of service (DDoS) attack that directly affects the all-time availability of a patient's data. The existing solutions for standalone WBANs and sensor networks are not applicable in the cloud. The purpose of this review paper is to identify the most threatening types of DDoS attacks affecting the availability of a cloud-assisted WBAN and review the state-of-the-art detection mechanisms for the identified DDoS attacks.

Secure Service Invocation in a Peer-to-Peer Environment Using JXTA-SOAP

NASA Astrophysics Data System (ADS)

Laghi, Maria Chiara; Amoretti, Michele; Conte, Gianni

The effective convergence of service-oriented architectures (SOA) and peer-to-peer (P2P) is an urgent task, with many important applications ranging from e-business to ambient intelligence. A considerable standardization effort is being carried out from both SOA and P2P communities, but a complete platform for the development of secure, distributed applications is still missing. In this context, the result of our research and development activity is JXTA-SOAP, an official extension for JXTA enabling Web Service sharing in peer-to-peer networks. Recently we focused on security aspects, providing JXTA-SOAP with a general security management system, and specialized policies that target both J2SE and J2ME versions of the component. Among others, we implemented a policy based on Multimedia Internet KEYing (MIKEY), which can be used to create a key pair and all the required parameters for encryption and decryption of service messages in consumer and provider peers running on resource-constrained devices.

The U.S. Strategic Mobility Posture -- A Critical Factor to Support National Security Objectives

DTIC Science & Technology

1992-04-01

Mobility - Does the United States Have the Strategic Lift to Get to Our Next War and Remain for the Duration? A Monograph . Fort Leavenworth: U.S. Army...Approved for public release; distribution to unlimited, U.S. Arnmy War College Carlisle Barracks, Pennsylvania 17013 UNCLASSIFIED Unclassified SECURITY...If applicable) U.S. Army War College I 6c. ADDRESS (City, State, and ZIPCode) 7b ADDRESS (City, State, and ZIPCode) Carlisle Barracks, PA 17013-5050

ONCHIT security in distributed environments: a proposed model for implantable devices.

PubMed

Lorence, Daniel; Lee, James; Richards, Michael

2010-08-01

Recent ONCHIT mandates call for increased individual health data collection efforts as well as heightened security measures. To date most healthcare organizations have been reluctant to exchange information, citing confidentiality concerns and unshared costs incurred by specific organizations. Implantable monitoring and treatment devices are rapidly emerging as data collection interface tools in response to such mandates. Proposed here is a translational, device-independent consumer-based solution, which focuses on information controlled by specific patients, and functions within a distributed (organization neutral) environment. While the conceptual applications employed in this technology set are provided by way of illustration, they may also serve as a transformative model for emerging EMR/EHR requirements.

Practical gigahertz quantum key distribution robust against channel disturbance.

PubMed

Wang, Shuang; Chen, Wei; Yin, Zhen-Qiang; He, De-Yong; Hui, Cong; Hao, Peng-Lei; Fan-Yuan, Guan-Jie; Wang, Chao; Zhang, Li-Jun; Kuang, Jie; Liu, Shu-Feng; Zhou, Zheng; Wang, Yong-Gang; Guo, Guang-Can; Han, Zheng-Fu

2018-05-01

Quantum key distribution (QKD) provides an attractive solution for secure communication. However, channel disturbance severely limits its application when a QKD system is transferred from the laboratory to the field. Here a high-speed Faraday-Sagnac-Michelson QKD system is proposed that can automatically compensate for the channel polarization disturbance, which largely avoids the intermittency limitations of environment mutation. Over a 50 km fiber channel with 30 Hz polarization scrambling, the practicality of this phase-coding QKD system was characterized with an interference fringe visibility of 99.35% over 24 h and a stable secure key rate of 306 k bits/s over seven days without active polarization alignment.

Field demonstration of a continuous-variable quantum key distribution network.

PubMed

Huang, Duan; Huang, Peng; Li, Huasheng; Wang, Tao; Zhou, Yingming; Zeng, Guihua

2016-08-01

We report on what we believe is the first field implementation of a continuous-variable quantum key distribution (CV-QKD) network with point-to-point configuration. Four QKD nodes are deployed on standard communication infrastructures connected with commercial telecom optical fiber. Reliable key exchange is achieved in the wavelength-division-multiplexing CV-QKD network. The impact of a complex and volatile field environment on the excess noise is investigated, since excess noise controlling and reduction is arguably the major issue pertaining to distance and the secure key rate. We confirm the applicability and verify the maturity of the CV-QKD network in a metropolitan area, thus paving the way for a next-generation global secure communication network.

Digital cinema video compression

NASA Astrophysics Data System (ADS)

Husak, Walter

2003-05-01

The Motion Picture Industry began a transition from film based distribution and projection to digital distribution and projection several years ago. Digital delivery and presentation offers the prospect to increase the quality of the theatrical experience for the audience, reduce distribution costs to the distributors, and create new business opportunities for the theater owners and the studios. Digital Cinema also presents an opportunity to provide increased flexibility and security of the movies for the content owners and the theater operators. Distribution of content via electronic means to theaters is unlike any of the traditional applications for video compression. The transition from film-based media to electronic media represents a paradigm shift in video compression techniques and applications that will be discussed in this paper.

Wireless Technology Infrastructures for Authentication of Patients: PKI that Rings

PubMed Central

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D.

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system. PMID:15684133

Wireless technology infrastructures for authentication of patients: PKI that rings.

PubMed

Sax, Ulrich; Kohane, Isaac; Mandl, Kenneth D

2005-01-01

As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols. The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system.

Digital watermarking for secure and adaptive teleconferencing

NASA Astrophysics Data System (ADS)

Vorbrueggen, Jan C.; Thorwirth, Niels

2002-04-01

The EC-sponsored project ANDROID aims to develop a management system for secure active networks. Active network means allowing the network's customers to execute code (Java-based so-called proxylets) on parts of the network infrastructure. Secure means that the network operator nonetheless retains full control over the network and its resources, and that proxylets use ANDROID-developed facilities to provide secure applications. Management is based on policies and allows autonomous, distributed decisions and actions to be taken. Proxylets interface with the system via policies; among actions they can take is controlling execution of other proxylets or redirection of network traffic. Secure teleconferencing is used as the application to demonstrate the approach's advantages. A way to control a teleconference's data streams is to use digital watermarking of the video, audio and/or shared-whiteboard streams, providing an imperceptible and inseparable side channel that delivers information from originating or intermediate stations to downstream stations. Depending on the information carried by the watermark, these stations can take many different actions. Examples are forwarding decisions based on security classifications (possibly time-varying) at security boundaries, set-up and tear-down of virtual private networks, intelligent and adaptive transcoding, recorder or playback control (e.g., speaking off the record), copyright protection, and sender authentication.

Network and data security design for telemedicine applications.

PubMed

Makris, L; Argiriou, N; Strintzis, M G

1997-01-01

The maturing of telecommunication technologies has ushered in a whole new era of applications and services in the health care environment. Teleworking, teleconsultation, mutlimedia conferencing and medical data distribution are rapidly becoming commonplace in clinical practice. As a result, a set of problems arises, concerning data confidentiality and integrity. Public computer networks, such as the emerging ISDN technology, are vulnerable to eavesdropping. Therefore it is important for telemedicine applications to employ end-to-end encryption mechanisms securing the data channel from unauthorized access of modification. We propose a network access and encryption system that is both economical and easily implemented for integration in developing or existing applications, using well-known and thoroughly tested encryption algorithms. Public-key cryptography is used for session-key exchange, while symmetric algorithms are used for bulk encryption. Mechanisms for session-key generation and exchange are also provided.

Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

NASA Astrophysics Data System (ADS)

Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

2017-12-01

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

Industrial application for global quantum communication

NASA Astrophysics Data System (ADS)

Mirza, A.; Petruccione, F.

2012-09-01

In the last decade the quantum communication community has witnessed great advances in photonic quantum cryptography technology with the research, development and commercialization of automated Quantum Key Distribution (QKD) devices. These first generation devices are however bottlenecked by the achievable spatial coverage. This is due to the intrinsic absorption of the quantum particle into the communication medium. As QKD is of paramount importance in the future ICT landscape, various innovative solutions have been developed and tested to expand the spatial coverage of these networks such as the Quantum City initiative in Durban, South Africa. To expand this further into a global QKD-secured network, recent efforts have focussed on high-altitude free-space techniques through the use of satellites. This couples the QKD-secured Metropolitan Area Networks (MANs) with secured ground-tosatellite links as access points to a global network. Such a solution, however, has critical limitations that reduce its commercial feasibility. As parallel step to the development of satellitebased global QKD networks, we investigate the use of the commercial aircrafts' network as secure transport mechanisms in a global QKD network. This QKD-secured global network will provide a robust infrastructure to create, distribute and manage encryption keys between the MANs of the participating cities.

Feasibility of continuous-variable quantum key distribution with noisy coherent states

DOE Office of Scientific and Technical Information (OSTI.GOV)

Usenko, Vladyslav C.; Department of Optics, Palacky University, CZ-772 07 Olomouc; Filip, Radim

2010-02-15

We address security of the quantum key distribution scheme based on the noisy modulation of coherent states and investigate how it is robust against noise in the modulation regardless of the particular technical implementation. As the trusted preparation noise is shown to be security breaking even for purely lossy channels, we reveal the essential difference between two types of trusted noise, namely sender-side preparation noise and receiver-side detection noise, the latter being security preserving. We consider the method of sender-side state purification to compensate the preparation noise and show its applicability in the realistic conditions of channel loss, untrusted channelmore » excess noise, and trusted detection noise. We show that purification makes the scheme robust to the preparation noise (i.e., even the arbitrary noisy coherent states can in principle be used for the purpose of quantum key distribution). We also take into account the effect of realistic reconciliation and show that the purification method is still efficient in this case up to a limited value of preparation noise.« less

Genomics-Based Security Protocols: From Plaintext to Cipherprotein

NASA Technical Reports Server (NTRS)

Shaw, Harry; Hussein, Sayed; Helgert, Hermann

2011-01-01

The evolving nature of the internet will require continual advances in authentication and confidentiality protocols. Nature provides some clues as to how this can be accomplished in a distributed manner through molecular biology. Cryptography and molecular biology share certain aspects and operations that allow for a set of unified principles to be applied to problems in either venue. A concept for developing security protocols that can be instantiated at the genomics level is presented. A DNA (Deoxyribonucleic acid) inspired hash code system is presented that utilizes concepts from molecular biology. It is a keyed-Hash Message Authentication Code (HMAC) capable of being used in secure mobile Ad hoc networks. It is targeted for applications without an available public key infrastructure. Mechanics of creating the HMAC are presented as well as a prototype HMAC protocol architecture. Security concepts related to the implementation differences between electronic domain security and genomics domain security are discussed.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

A Secure Key Distribution System of Quantum Cryptography Based on the Coherent State

NASA Technical Reports Server (NTRS)

Guo, Guang-Can; Zhang, Xiao-Yu

1996-01-01

The cryptographic communication has a lot of important applications, particularly in the magnificent prospects of private communication. As one knows, the security of cryptographic channel depends crucially on the secrecy of the key. The Vernam cipher is the only cipher system which has guaranteed security. In that system the key must be as long as the message and most be used only once. Quantum cryptography is a method whereby key secrecy can be guaranteed by a physical law. So it is impossible, even in principle, to eavesdrop on such channels. Quantum cryptography has been developed in recent years. Up to now, many schemes of quantum cryptography have been proposed. Now one of the main problems in this field is how to increase transmission distance. In order to use quantum nature of light, up to now proposed schemes all use very dim light pulses. The average photon number is about 0.1. Because of the loss of the optical fiber, it is difficult for the quantum cryptography based on one photon level or on dim light to realize quantum key-distribution over long distance. A quantum key distribution based on coherent state is introduced in this paper. Here we discuss the feasibility and security of this scheme.

Bitfrost: The One Laptop per Child Security Model

DTIC Science & Technology

2007-07-01

is only modifi- able by the user through a graphical interface. We plan to use social pressure to convince application de- velopers to distribute...Seymour Papert and Idit Harel. Constructionism . Ablex Publishing Corporation, 1991. [17] C. Partridge. RFC 1363: A proposed flow specification

Experimental measurement-device-independent quantum digital signatures over a metropolitan network

NASA Astrophysics Data System (ADS)

Yin, Hua-Lei; Wang, Wei-Long; Tang, Yan-Lin; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Zhang, Wei-Jun; Li, Hao; Puthoor, Ittoop Vergheese; You, Li-Xing; Andersson, Erika; Wang, Zhen; Liu, Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Curty, Marcos; Chen, Teng-Yun; Pan, Jian-Wei

2017-04-01

Quantum digital signatures (QDSs) provide a means for signing electronic communications with information-theoretic security. However, all previous demonstrations of quantum digital signatures assume trusted measurement devices. This renders them vulnerable against detector side-channel attacks, just like quantum key distribution. Here we exploit a measurement-device-independent (MDI) quantum network, over a metropolitan area, to perform a field test of a three-party MDI QDS scheme that is secure against any detector side-channel attack. In so doing, we are able to successfully sign a binary message with a security level of about 10-7. Remarkably, our work demonstrates the feasibility of MDI QDSs for practical applications.

Secure communication in fiber optic systems via transmission of broad-band optical noise.

PubMed

Buskila, O; Eyal, A; Shtaif, M

2008-03-03

We propose a new scheme for data encryption in the physical layer. Our scheme is based on the distribution of a broadband optical noise-like signal between Alice and Bob. The broadband signal is used for the establishment of a secret key that can be used for the secure transmission of information by using the one-time-pad method. We characterize the proposed scheme and study its applicability to the existing fiber-optics communications infrastructure.

Aluminum nanostructures with strong visible-range SERS activity for versatile micropatterning of molecular security labels.

PubMed

Lay, Chee Leng; Koh, Charlynn Sher Lin; Wang, Jing; Lee, Yih Hong; Jiang, Ruibin; Yang, Yijie; Yang, Zhe; Phang, In Yee; Ling, Xing Yi

2018-01-03

The application of aluminum (Al)-based nanostructures for visible-range plasmonics, especially for surface-enhanced Raman scattering (SERS), currently suffers from inconsistent local electromagnetic field distributions and/or inhomogeneous distribution of probe molecules. Herein, we lithographically fabricate structurally uniform Al nanostructures which enable homogeneous adsorption of various probe molecules. Individual Al nanostructures exhibit strong local electromagnetic field enhancements, in turn leading to intense SERS activity. The average SERS enhancement factor (EF) for individual nanostructures exceeds 10 4 for non-resonant probe molecules in the visible spectrum. These Al nanostructures also retain more than 70% of their original SERS intensities after one-month storage, displaying superb stability under ambient conditions. We further achieve tunable polarization-dependent SERS responses using anisotropic Al nanostructures, facilitating the design of sophisticated SERS-based security labels. Our micron-sized security label comprises two-tier security features, including a machine-readable hybrid quick-response (QR) code overlaid with a set of ciphertexts. Our work demonstrates the versatility of Al-based structures in low-cost modern chemical nano-analytics and forgery protection.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

Application of simulation models for the optimization of business processes

NASA Astrophysics Data System (ADS)

Jašek, Roman; Sedláček, Michal; Chramcov, Bronislav; Dvořák, Jiří

2016-06-01

The paper deals with the applications of modeling and simulation tools in the optimization of business processes, especially in solving an optimization of signal flow in security company. As a modeling tool was selected Simul8 software that is used to process modeling based on discrete event simulation and which enables the creation of a visual model of production and distribution processes.

Tracking and imaging humans on heterogeneous infrared sensor arrays for law enforcement applications

NASA Astrophysics Data System (ADS)

Feller, Steven D.; Zheng, Y.; Cull, Evan; Brady, David J.

2002-08-01

We present a plan for the integration of geometric constraints in the source, sensor and analysis levels of sensor networks. The goal of geometric analysis is to reduce the dimensionality and complexity of distributed sensor data analysis so as to achieve real-time recognition and response to significant events. Application scenarios include biometric tracking of individuals, counting and analysis of individuals in groups of humans and distributed sentient environments. We are particularly interested in using this approach to provide networks of low cost point detectors, such as infrared motion detectors, with complex imaging capabilities. By extending the capabilities of simple sensors, we expect to reduce the cost of perimeter and site security applications.

Quantum key distribution over 120 km using ultrahigh purity single-photon source and superconducting single-photon detectors.

PubMed

Takemoto, Kazuya; Nambu, Yoshihiro; Miyazawa, Toshiyuki; Sakuma, Yoshiki; Yamamoto, Tsuyoshi; Yorozu, Shinichi; Arakawa, Yasuhiko

2015-09-25

Advances in single-photon sources (SPSs) and single-photon detectors (SPDs) promise unique applications in the field of quantum information technology. In this paper, we report long-distance quantum key distribution (QKD) by using state-of-the-art devices: a quantum-dot SPS (QD SPS) emitting a photon in the telecom band of 1.5 μm and a superconducting nanowire SPD (SNSPD). At the distance of 100 km, we obtained the maximal secure key rate of 27.6 bps without using decoy states, which is at least threefold larger than the rate obtained in the previously reported 50-km-long QKD experiment. We also succeeded in transmitting secure keys at the rate of 0.307 bps over 120 km. This is the longest QKD distance yet reported by using known true SPSs. The ultralow multiphoton emissions of our SPS and ultralow dark count of the SNSPD contributed to this result. The experimental results demonstrate the potential applicability of QD SPSs to practical telecom QKD networks.

A Hybrid Key Management Scheme for WSNs Based on PPBR and a Tree-Based Path Key Establishment Method

PubMed Central

Zhang, Ying; Liang, Jixing; Zheng, Bingxin; Chen, Wei

2016-01-01

With the development of wireless sensor networks (WSNs), in most application scenarios traditional WSNs with static sink nodes will be gradually replaced by Mobile Sinks (MSs), and the corresponding application requires a secure communication environment. Current key management researches pay less attention to the security of sensor networks with MS. This paper proposes a hybrid key management schemes based on a Polynomial Pool-based key pre-distribution and Basic Random key pre-distribution (PPBR) to be used in WSNs with MS. The scheme takes full advantages of these two kinds of methods to improve the cracking difficulty of the key system. The storage effectiveness and the network resilience can be significantly enhanced as well. The tree-based path key establishment method is introduced to effectively solve the problem of communication link connectivity. Simulation clearly shows that the proposed scheme performs better in terms of network resilience, connectivity and storage effectiveness compared to other widely used schemes. PMID:27070624

Towards an Approach of Semantic Access Control for Cloud Computing

NASA Astrophysics Data System (ADS)

Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

Smart sensing surveillance system

NASA Astrophysics Data System (ADS)

Hsu, Charles; Chu, Kai-Dee; O'Looney, James; Blake, Michael; Rutar, Colleen

2010-04-01

Unattended ground sensor (UGS) networks have been widely used in remote battlefield and other tactical applications over the last few decades due to the advances of the digital signal processing. The UGS network can be applied in a variety of areas including border surveillance, special force operations, perimeter and building protection, target acquisition, situational awareness, and force protection. In this paper, a highly-distributed, fault-tolerant, and energyefficient Smart Sensing Surveillance System (S4) is presented to efficiently provide 24/7 and all weather security operation in a situation management environment. The S4 is composed of a number of distributed nodes to collect, process, and disseminate heterogeneous sensor data. Nearly all S4 nodes have passive sensors to provide rapid omnidirectional detection. In addition, Pan- Tilt- Zoom- (PTZ) Electro-Optics EO/IR cameras are integrated to selected nodes to track the objects and capture associated imagery. These S4 camera-connected nodes will provide applicable advanced on-board digital image processing capabilities to detect and track the specific objects. The imaging detection operations include unattended object detection, human feature and behavior detection, and configurable alert triggers, etc. In the S4, all the nodes are connected with a robust, reconfigurable, LPI/LPD (Low Probability of Intercept/ Low Probability of Detect) wireless mesh network using Ultra-wide band (UWB) RF technology, which can provide an ad-hoc, secure mesh network and capability to relay network information, communicate and pass situational awareness and messages. The S4 utilizes a Service Oriented Architecture such that remote applications can interact with the S4 network and use the specific presentation methods. The S4 capabilities and technologies have great potential for both military and civilian applications, enabling highly effective security support tools for improving surveillance activities in densely crowded environments and near perimeters and borders. The S4 is compliant with Open Geospatial Consortium - Sensor Web Enablement (OGC-SWE®) standards. It would be directly applicable to solutions for emergency response personnel, law enforcement, and other homeland security missions, as well as in applications requiring the interoperation of sensor networks with handheld or body-worn interface devices.

Security for decentralized health information systems.

PubMed

Bleumer, G

1994-02-01

Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

Design and implementation of a high performance network security processor

NASA Astrophysics Data System (ADS)

Wang, Haixin; Bai, Guoqiang; Chen, Hongyi

2010-03-01

The last few years have seen many significant progresses in the field of application-specific processors. One example is network security processors (NSPs) that perform various cryptographic operations specified by network security protocols and help to offload the computation intensive burdens from network processors (NPs). This article presents a high performance NSP system architecture implementation intended for both internet protocol security (IPSec) and secure socket layer (SSL) protocol acceleration, which are widely employed in virtual private network (VPN) and e-commerce applications. The efficient dual one-way pipelined data transfer skeleton and optimised integration scheme of the heterogenous parallel crypto engine arrays lead to a Gbps rate NSP, which is programmable with domain specific descriptor-based instructions. The descriptor-based control flow fragments large data packets and distributes them to the crypto engine arrays, which fully utilises the parallel computation resources and improves the overall system data throughput. A prototyping platform for this NSP design is implemented with a Xilinx XC3S5000 based FPGA chip set. Results show that the design gives a peak throughput for the IPSec ESP tunnel mode of 2.85 Gbps with over 2100 full SSL handshakes per second at a clock rate of 95 MHz.

17 CFR 240.16a-7 - Transactions effected in connection with a distribution.

Code of Federal Regulations, 2010 CFR

2010-04-01

... good faith in the distribution of such block of securities; or (ii) A security purchased in good faith... the transaction is engaged in the business of distributing securities and is participating in good faith, in the ordinary course of such business, in the distribution of such block of securities; and (2...

Security Standards and Best Practice Considerations for Quantum Key Distribution (QKD)

DTIC Science & Technology

2012-03-01

SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD) THESIS...protection in the United States. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD...FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY

Exponential Arithmetic Based Self-Healing Group Key Distribution Scheme with Backward Secrecy under the Resource-Constrained Wireless Networks

PubMed Central

Guo, Hua; Zheng, Yandong; Zhang, Xiyong; Li, Zhoujun

2016-01-01

In resource-constrained wireless networks, resources such as storage space and communication bandwidth are limited. To guarantee secure communication in resource-constrained wireless networks, group keys should be distributed to users. The self-healing group key distribution (SGKD) scheme is a promising cryptographic tool, which can be used to distribute and update the group key for the secure group communication over unreliable wireless networks. Among all known SGKD schemes, exponential arithmetic based SGKD (E-SGKD) schemes reduce the storage overhead to constant, thus is suitable for the the resource-constrained wireless networks. In this paper, we provide a new mechanism to achieve E-SGKD schemes with backward secrecy. We first propose a basic E-SGKD scheme based on a known polynomial-based SGKD, where it has optimal storage overhead while having no backward secrecy. To obtain the backward secrecy and reduce the communication overhead, we introduce a novel approach for message broadcasting and self-healing. Compared with other E-SGKD schemes, our new E-SGKD scheme has the optimal storage overhead, high communication efficiency and satisfactory security. The simulation results in Zigbee-based networks show that the proposed scheme is suitable for the resource-restrained wireless networks. Finally, we show the application of our proposed scheme. PMID:27136550

Secure free-space optical communication system based on data fragmentation multipath transmission technology.

PubMed

Huang, Qingchao; Liu, Dachang; Chen, Yinfang; Wang, Yuehui; Tan, Jun; Chen, Wei; Liu, Jianguo; Zhu, Ninghua

2018-05-14

A secure free-space optical (S-FSO) communication system based on data fragmentation multipath transmission (DFMT) scheme is proposed and demonstrated for enhancing the security of FSO communications. By fragmenting the transmitted data and simultaneously distributing data fragments into different atmospheric channels, the S-FSO communication system can protect confidential messages from being eavesdropped effectively. A field experiment of S-FSO communication between two buildings has been successfully undertaken, and the experiment results demonstrate the feasibility of the scheme. The transmission distance is 50m and the maximum throughput is 1 Gb/s. We also established a theoretical model to analysis the security performance of the S-FSO communication system. To the best of our knowledge, this is the first application of DFMT scheme in FSO communication system.

17 CFR 270.22c-1 - Pricing of redeemable securities for distribution, redemption and repurchase.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Pricing of redeemable securities for distribution, redemption and repurchase. 270.22c-1 Section 270.22c-1 Commodity and Securities... 1940 § 270.22c-1 Pricing of redeemable securities for distribution, redemption and repurchase. (a) No...

Secure Multi-party Computation Protocol for Defense Applications in Military Operations Using Virtual Cryptography

NASA Astrophysics Data System (ADS)

Pathak, Rohit; Joshi, Satyadhar

With the advent into the 20th century whole world has been facing the common dilemma of Terrorism. The suicide attacks on US twin towers 11 Sept. 2001, Train bombings in Madrid Spain 11 Mar. 2004, London bombings 7 Jul. 2005 and Mumbai attack 26 Nov. 2008 were some of the most disturbing, destructive and evil acts by terrorists in the last decade which has clearly shown their evil intent that they can go to any extent to accomplish their goals. Many terrorist organizations such as al Quaida, Harakat ul-Mujahidin, Hezbollah, Jaish-e-Mohammed, Lashkar-e-Toiba, etc. are carrying out training camps and terrorist operations which are accompanied with latest technology and high tech arsenal. To counter such terrorism our military is in need of advanced defense technology. One of the major issues of concern is secure communication. It has to be made sure that communication between different military forces is secure so that critical information is not leaked to the adversary. Military forces need secure communication to shield their confidential data from terrorist forces. Leakage of concerned data can prove hazardous, thus preservation and security is of prime importance. There may be a need to perform computations that require data from many military forces, but in some cases the associated forces would not want to reveal their data to other forces. In such situations Secure Multi-party Computations find their application. In this paper, we propose a new highly scalable Secure Multi-party Computation (SMC) protocol and algorithm for Defense applications which can be used to perform computation on encrypted data. Every party encrypts their data in accordance with a particular scheme. This encrypted data is distributed among some created virtual parties. These Virtual parties send their data to the TTP through an Anonymizer layer. TTP performs computation on encrypted data and announces the result. As the data sent was encrypted its actual value can’t be known by TTP and with the use of Anonymizers we have covered the identity of true source of data. Modifier tokens are generated along encryption of data which are distributed among virtual parties, then sent to TTP and finally used in the computation. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have also given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved.

New Information Dispersal Techniques for Trustworthy Computing

ERIC Educational Resources Information Center

Parakh, Abhishek

2011-01-01

Information dispersal algorithms (IDA) are used for distributed data storage because they simultaneously provide security, reliability and space efficiency, constituting a trustworthy computing framework for many critical applications, such as cloud computing, in the information society. In the most general sense, this is achieved by dividing data…

Experiments with Sensor Motes and Java-DSP

ERIC Educational Resources Information Center

Kwon, Homin; Berisha, V.; Atti, V.; Spanias, A.

2009-01-01

Distributed wireless sensor networks (WSNs) are being proposed for various applications including defense, security, and smart stages. The introduction of hardware wireless sensors in a signal processing education setting can serve as a paradigm for data acquisition, collaborative signal processing, or simply as a platform for obtaining,…

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy

PubMed Central

Goryczka, Slawomir; Xiong, Li

2016-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir’s secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy. PMID:28919841

A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy.

PubMed

Goryczka, Slawomir; Xiong, Li

2017-01-01

This paper considers the problem of secure data aggregation (mainly summation) in a distributed setting, while ensuring differential privacy of the result. We study secure multiparty addition protocols using well known security schemes: Shamir's secret sharing, perturbation-based, and various encryptions. We supplement our study with our new enhanced encryption scheme EFT, which is efficient and fault tolerant. Differential privacy of the final result is achieved by either distributed Laplace or Geometric mechanism (respectively DLPA or DGPA), while approximated differential privacy is achieved by diluted mechanisms. Distributed random noise is generated collectively by all participants, which draw random variables from one of several distributions: Gamma, Gauss, Geometric, or their diluted versions. We introduce a new distributed privacy mechanism with noise drawn from the Laplace distribution, which achieves smaller redundant noise with efficiency. We compare complexity and security characteristics of the protocols with different differential privacy mechanisms and security schemes. More importantly, we implemented all protocols and present an experimental comparison on their performance and scalability in a real distributed environment. Based on the evaluations, we identify our security scheme and Laplace DLPA as the most efficient for secure distributed data aggregation with privacy.

Design of Provider-Provisioned Website Protection Scheme against Malware Distribution

NASA Astrophysics Data System (ADS)

Yagi, Takeshi; Tanimoto, Naoto; Hariu, Takeo; Itoh, Mitsutaka

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

Applicability of Tenets of Operational Art in Low Intensity Conflict Operations (LICO) in India

DTIC Science & Technology

2013-04-04

Major, Indian Army N/A N/A N/A USMC Command and Staff College Marine Corps University 2076 South Street Quantico, VA 22134-5068 N/A N/A N/A N/A...Approved for public release; distribution is unlimited N/A The identification and application of the tenets of operational art in LICO in the Indian ...and the security forces in particular. A thorough and deep understanding of the tenets of operational art as applicable to LICO in the Indian context

Smartphone Application Enabling Global Graph Exploitation and Proactive Dissemination Service (DSPro) Integration (Revised Fiscal Year 2015)

DTIC Science & Technology

2015-09-01

interface. 15. SUBJECT TERMS smartphone, HDPT, global graph, DSPro, ozone widget framework, distributed common ground system, web service 16. SECURITY...Lee M. Lessons learned with a global graph and ozone widget framework (OWF) testbed. Aberdeen Proving Ground (MD): Army Research Laboratory (US); 2013

78 FR 79712 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-31

... (generally, fixed-income securities), provided that: (i) The capital gains distribution falls within one of... Commission pursuant to the Act and rules thereunder. Commission staff estimates that zero funds will file an... estimates that, each year, zero funds will file an application pursuant to rule 19b- 1(e), the total burden...

78 FR 17240 - Krane Funds Advisors LLC., et al.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-20

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 30425; 812-13989] Krane... Investment Company Act of 1940 (``Act'') for an exemption from sections 2(a)(32), 5(a)(1), 22(d) and 22(e) of... Trust (``Trust'') and SEI Investments Distribution Company (``Distributor''). SUMMARY: Summary of...

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

13 CFR 107.1580 - Special rules for In-Kind Distributions by Licensees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... security as of the declaration date of the Distribution (if you are a Corporate Licensee) or the...) Participating Securities Leverage § 107.1580 Special rules for In-Kind Distributions by Licensees. (a) In-Kind Distributions while Licensee has outstanding Participating Securities. A Distribution under §§ 107.1540, 107...

13 CFR 107.1580 - Special rules for In-Kind Distributions by Licensees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security as of the declaration date of the Distribution (if you are a Corporate Licensee) or the...) Participating Securities Leverage § 107.1580 Special rules for In-Kind Distributions by Licensees. (a) In-Kind Distributions while Licensee has outstanding Participating Securities. A Distribution under §§ 107.1540, 107...

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

PubMed Central

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-01-01

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully. PMID:27873956

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge.

PubMed

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-12-03

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODE plus . It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODE plus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme.

PubMed

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.'s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks.

Authenticated IGMP for Controlling Access to Multicast Distribution Tree

NASA Astrophysics Data System (ADS)

Park, Chang-Seop; Kang, Hyun-Sun

A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

Geospatial Applications on Different Parallel and Distributed Systems in enviroGRIDS Project

NASA Astrophysics Data System (ADS)

Rodila, D.; Bacu, V.; Gorgan, D.

2012-04-01

The execution of Earth Science applications and services on parallel and distributed systems has become a necessity especially due to the large amounts of Geospatial data these applications require and the large geographical areas they cover. The parallelization of these applications comes to solve important performance issues and can spread from task parallelism to data parallelism as well. Parallel and distributed architectures such as Grid, Cloud, Multicore, etc. seem to offer the necessary functionalities to solve important problems in the Earth Science domain: storing, distribution, management, processing and security of Geospatial data, execution of complex processing through task and data parallelism, etc. A main goal of the FP7-funded project enviroGRIDS (Black Sea Catchment Observation and Assessment System supporting Sustainable Development) [1] is the development of a Spatial Data Infrastructure targeting this catchment region but also the development of standardized and specialized tools for storing, analyzing, processing and visualizing the Geospatial data concerning this area. For achieving these objectives, the enviroGRIDS deals with the execution of different Earth Science applications, such as hydrological models, Geospatial Web services standardized by the Open Geospatial Consortium (OGC) and others, on parallel and distributed architecture to maximize the obtained performance. This presentation analysis the integration and execution of Geospatial applications on different parallel and distributed architectures and the possibility of choosing among these architectures based on application characteristics and user requirements through a specialized component. Versions of the proposed platform have been used in enviroGRIDS project on different use cases such as: the execution of Geospatial Web services both on Web and Grid infrastructures [2] and the execution of SWAT hydrological models both on Grid and Multicore architectures [3]. The current focus is to integrate in the proposed platform the Cloud infrastructure, which is still a paradigm with critical problems to be solved despite the great efforts and investments. Cloud computing comes as a new way of delivering resources while using a large set of old as well as new technologies and tools for providing the necessary functionalities. The main challenges in the Cloud computing, most of them identified also in the Open Cloud Manifesto 2009, address resource management and monitoring, data and application interoperability and portability, security, scalability, software licensing, etc. We propose a platform able to execute different Geospatial applications on different parallel and distributed architectures such as Grid, Cloud, Multicore, etc. with the possibility of choosing among these architectures based on application characteristics and complexity, user requirements, necessary performances, cost support, etc. The execution redirection on a selected architecture is realized through a specialized component and has the purpose of offering a flexible way in achieving the best performances considering the existing restrictions.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Guest Editor's introduction: Selected papers from the 4th USENIX Conference on Object-Oriented Technologies and Systems

NASA Astrophysics Data System (ADS)

Sventek, Joe

1998-12-01

Hewlett-Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA 94304, USA Introduction The USENIX Conference on Object-Oriented Technologies and Systems (COOTS) is held annually in the late spring. The conference evolved from a set of C++ workshops that were held under the auspices of USENIX, the first of which met in 1989. Given the growing diverse interest in object-oriented technologies, the C++ focus of the workshop eventually became too narrow, with the result that the scope was widened in 1995 to include object-oriented technologies and systems. COOTS is intended to showcase advanced R&D efforts in object-oriented technologies and software systems. The conference emphasizes experimental research and experience gained by using object-oriented techniques and languages to build complex software systems that meet real-world needs. COOTS solicits papers in the following general areas: application of, and experiences with, object-oriented technologies in particular domains (e.g. financial, medical, telecommunication); the architecture and implementation of distributed object systems (e.g. CORBA, DCOM, RMI); object-oriented programming and specification languages; object-oriented design and analysis. The 4th meeting of COOTS was held 27 - 30 April 1998 at the El Dorado Hotel, Santa Fe, New Mexico, USA. Several tutorials were given. The technical program proper consisted of a single track of six sessions, with three paper presentations per session. A keynote address and a provocative panel session rounded out the technical program. The program committee reviewed 56 papers, selecting the best 18 for presentation in the technical sessions. While we solicit papers across the spectrum of applications of object-oriented technologies, this year there was a predominance of distributed, object-oriented papers. The accepted papers reflected this asymmetry, with 15 papers on distributed objects and 3 papers on object-oriented languages. The papers in this special issue are the six best distributed object papers (in the opinion of the program committee). They represent the diversity of research in this particular area, and should give the reader a good idea of the types of papers presented at COOTS as well as the calibre of the work so presented. The papers The paper by Jain, Widoff and Schmidt explores the suitability of Java for writing performance-sensitive distributed applications. Despite the popularity of Java, there are many concerns about its efficiency; in particular, networking and computation performance are key concerns when considering the use of Java to develop performance-sensitive distributed applications. This paper makes three contributions to the study of Java for these applications: it describes an architecture using Java and the Web to develop MedJava, which is a distributed electronic medical imaging system with stringent networking and computation requirements; it presents benchmarks of MedJava image processing and compares the results to the performance of xv, which is an equivalent image processing application written in C; it presents performance benchmarks using Java as a transport interface to exchange large medical images over high-speed ATM networks. The paper by Little and Shrivastava covers the integration of several important topics: transactions, distributed systems, Java, the Internet and security. The usefulness of this paper lies in the synthesis of an effective solution applying work in different areas of computing to the Java environment. Securing applications constructed from distributed objects is important if these applications are to be used in mission-critical situations. Delegation is one aspect of distributed system security that is necessary for such applications. The paper by Nagaratnam and Lea describes a secure delegation model for Java-based, distributed object environments. The paper by Frølund and Koistinen addresses the topical issue of providing a common way for describing Quality-of-Service (QoS) features in distributed, object-oriented systems. They present a general QoS language, QML, that can be used to capture QoS properties as part of a design. They also show how to extend UML to support QML concepts. The paper by Szymaszek, Uszok and Zielinski discusses the important issue of efficient implementation and usage of fine-grained objects in CORBA-based applications. Fine-grained objects can have serious ramifications on overall application performance and scalability, and the paper suggests that such objects should not be treated as first-class CORBA objects, proposing instead the use of collections and smart proxies for efficient implementation. The paper by Milojicic, LaForge and Chauhan describes a mobile objects and agents infrastructure. Their particular research has focused on communication support across agent migration and extensive resource control. The paper also discusses issues regarding interoperation between agent systems. Acknowledgments The editor wishes to thank all of the authors, reviewers and publishers. Without their excellent work, and the contribution of their valuable time, this special issue would not have been possible.

System and method for secure group transactions

DOEpatents

Goldsmith, Steven Y [Rochester, MN

2006-04-25

A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

Towards secure quantum key distribution protocol for wireless LANs: a hybrid approach

NASA Astrophysics Data System (ADS)

Naik, R. Lalu; Reddy, P. Chenna

2015-12-01

The primary goals of security such as authentication, confidentiality, integrity and non-repudiation in communication networks can be achieved with secure key distribution. Quantum mechanisms are highly secure means of distributing secret keys as they are unconditionally secure. Quantum key distribution protocols can effectively prevent various attacks in the quantum channel, while classical cryptography is efficient in authentication and verification of secret keys. By combining both quantum cryptography and classical cryptography, security of communications over networks can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic paradigms for provably secure communications to prevent replay, man-in-the-middle, and passive attacks. In this paper, we propose a new scheme with the combination of quantum cryptography and classical cryptography for 802.11i wireless LANs. Since quantum cryptography is premature in wireless networks, our work is a significant step forward toward securing communications in wireless networks. Our scheme is known as hybrid quantum key distribution protocol. Our analytical results revealed that the proposed scheme is provably secure for wireless networks.

17 CFR 230.138 - Publications or distributions of research reports by brokers or dealers about securities other...

Code of Federal Regulations, 2011 CFR

2011-04-01

... of research reports by brokers or dealers about securities other than those they are distributing... research reports by brokers or dealers about securities other than those they are distributing. (a... research reports about securities of an issuer shall be deemed for purposes of sections 2(a)(10) and 5(c...

VoIP attacks detection engine based on neural network

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Slachta, Jiri

2015-05-01

The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

Simple proof of security of the BB84 quantum key distribution protocol

PubMed

Shor; Preskill

2000-07-10

We prove that the 1984 protocol of Bennett and Brassard (BB84) for quantum key distribution is secure. We first give a key distribution protocol based on entanglement purification, which can be proven secure using methods from Lo and Chau's proof of security for a similar protocol. We then show that the security of this protocol implies the security of BB84. The entanglement purification based protocol uses Calderbank-Shor-Steane codes, and properties of these codes are used to remove the use of quantum computation from the Lo-Chau protocol.

De Finetti representation theorem for infinite-dimensional quantum systems and applications to quantum cryptography.

PubMed

Renner, R; Cirac, J I

2009-03-20

We show that the quantum de Finetti theorem holds for states on infinite-dimensional systems, provided they satisfy certain experimentally verifiable conditions. This result can be applied to prove the security of quantum key distribution based on weak coherent states or other continuous variable states against general attacks.

Quantum key distribution over 120 km using ultrahigh purity single-photon source and superconducting single-photon detectors

PubMed Central

Takemoto, Kazuya; Nambu, Yoshihiro; Miyazawa, Toshiyuki; Sakuma, Yoshiki; Yamamoto, Tsuyoshi; Yorozu, Shinichi; Arakawa, Yasuhiko

2015-01-01

Advances in single-photon sources (SPSs) and single-photon detectors (SPDs) promise unique applications in the field of quantum information technology. In this paper, we report long-distance quantum key distribution (QKD) by using state-of-the-art devices: a quantum-dot SPS (QD SPS) emitting a photon in the telecom band of 1.5 μm and a superconducting nanowire SPD (SNSPD). At the distance of 100 km, we obtained the maximal secure key rate of 27.6 bps without using decoy states, which is at least threefold larger than the rate obtained in the previously reported 50-km-long QKD experiment. We also succeeded in transmitting secure keys at the rate of 0.307 bps over 120 km. This is the longest QKD distance yet reported by using known true SPSs. The ultralow multiphoton emissions of our SPS and ultralow dark count of the SNSPD contributed to this result. The experimental results demonstrate the potential applicability of QD SPSs to practical telecom QKD networks. PMID:26404010

An object-based storage model for distributed remote sensing images

NASA Astrophysics Data System (ADS)

Yu, Zhanwu; Li, Zhongmin; Zheng, Sheng

2006-10-01

It is very difficult to design an integrated storage solution for distributed remote sensing images to offer high performance network storage services and secure data sharing across platforms using current network storage models such as direct attached storage, network attached storage and storage area network. Object-based storage, as new generation network storage technology emerged recently, separates the data path, the control path and the management path, which solves the bottleneck problem of metadata existed in traditional storage models, and has the characteristics of parallel data access, data sharing across platforms, intelligence of storage devices and security of data access. We use the object-based storage in the storage management of remote sensing images to construct an object-based storage model for distributed remote sensing images. In the storage model, remote sensing images are organized as remote sensing objects stored in the object-based storage devices. According to the storage model, we present the architecture of a distributed remote sensing images application system based on object-based storage, and give some test results about the write performance comparison of traditional network storage model and object-based storage model.

A free market in telescope time?

NASA Astrophysics Data System (ADS)

Etherton, Jason; Steele, Iain A.; Mottram, Christopher J.

2004-09-01

As distributed systems are becoming more and more diverse in application there is a growing need for more intelligent resource scheduling. eSTAR Is a geographically distributed network of Grid-enabled telescopes, using grid middleware to provide telescope users with an authentication and authorisation method, allowing secure, remote access to such resources. The eSTAR paradigm is based upon this secure, single sign-on, giving astronomers or their agent proxies direct access to these telescopes. This concept, however, involves the complex issue of how to schedule observations stored within physically distributed media, on geographically distributed resources. This matter is complicated further by the varying degrees of constraints placed upon observations such as timeliness, atmospheric and meteorological conditions, and sky brightness to name a few. This paper discusses a free market approach to this scheduling problem, where astronomers are given credit, instead of time, from their respective TAGs to spend on telescopes as they see fit. This approach will ultimately provide a community-driven schedule, genuine indicators of the worth of specific telescope time and promote a more efficient use of that time, as well as demonstrating a 'survival of the fittest' type selection.

A Latency-Tolerant Partitioner for Distributed Computing on the Information Power Grid

NASA Technical Reports Server (NTRS)

Das, Sajal K.; Harvey, Daniel J.; Biwas, Rupak; Kwak, Dochan (Technical Monitor)

2001-01-01

NASA's Information Power Grid (IPG) is an infrastructure designed to harness the power of graphically distributed computers, databases, and human expertise, in order to solve large-scale realistic computational problems. This type of a meta-computing environment is necessary to present a unified virtual machine to application developers that hides the intricacies of a highly heterogeneous environment and yet maintains adequate security. In this paper, we present a novel partitioning scheme. called MinEX, that dynamically balances processor workloads while minimizing data movement and runtime communication, for applications that are executed in a parallel distributed fashion on the IPG. We also analyze the conditions that are required for the IPG to be an effective tool for such distributed computations. Our results show that MinEX is a viable load balancer provided the nodes of the IPG are connected by a high-speed asynchronous interconnection network.

Generating the Local Oscillator "Locally" in Continuous-Variable Quantum Key Distribution Based on Coherent Detection

NASA Astrophysics Data System (ADS)

Qi, Bing; Lougovski, Pavel; Pooser, Raphael; Grice, Warren; Bobrek, Miljko

2015-10-01

Continuous-variable quantum key distribution (CV-QKD) protocols based on coherent detection have been studied extensively in both theory and experiment. In all the existing implementations of CV-QKD, both the quantum signal and the local oscillator (LO) are generated from the same laser and propagate through the insecure quantum channel. This arrangement may open security loopholes and limit the potential applications of CV-QKD. In this paper, we propose and demonstrate a pilot-aided feedforward data recovery scheme that enables reliable coherent detection using a "locally" generated LO. Using two independent commercial laser sources and a spool of 25-km optical fiber, we construct a coherent communication system. The variance of the phase noise introduced by the proposed scheme is measured to be 0.04 (rad2 ), which is small enough to enable secure key distribution. This technology also opens the door for other quantum communication protocols, such as the recently proposed measurement-device-independent CV-QKD, where independent light sources are employed by different users.

An Open Source Extensible Smart Energy Framework

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rankin, Linda

Aggregated distributed energy resources are the subject of much interest in the energy industry and are expected to play an important role in meeting our future energy needs by changing how we use, distribute and generate electricity. This energy future includes an increased amount of energy from renewable resources, load management techniques to improve resiliency and reliability, and distributed energy storage and generation capabilities that can be managed to meet the needs of the grid as well as individual customers. These energy assets are commonly referred to as Distributed Energy Resources (DER). DERs rely on a means to communicate informationmore » between an energy provider and multitudes of devices. Today DER control systems are typically vendor-specific, using custom hardware and software solutions. As a result, customers are locked into communication transport protocols, applications, tools, and data formats. Today’s systems are often difficult to extend to meet new application requirements, resulting in stranded assets when business requirements or energy management models evolve. By partnering with industry advisors and researchers, an implementation DER research platform was developed called the Smart Energy Framework (SEF). The hypothesis of this research was that an open source Internet of Things (IoT) framework could play a role in creating a commodity-based eco-system for DER assets that would reduce costs and provide interoperable products. SEF is based on the AllJoynTM IoT open source framework. The demonstration system incorporated DER assets, specifically batteries and smart water heaters. To verify the behavior of the distributed system, models of water heaters and batteries were also developed. An IoT interface for communicating between the assets and a control server was defined. This interface supports a series of “events” and telemetry reporting, similar to those defined by current smart grid communication standards. The results of this effort demonstrated the feasibility and application potential of using IoT frameworks for the creation of commodity-based DER systems. All of the identified commodity-based system requirements were met by the AllJoyn framework. By having commodity solutions, small vendors can enter the market and the cost of implementation for all parties is reduced. Utilities and aggregators can choose from multiple interoperable products reducing the risk of stranded assets. Based on this research it is recommended that interfaces based on existing smart grid communication protocol standards be created for these emerging IoT frameworks. These interfaces should be standardized as part of the IoT framework allowing for interoperability testing and certification. Similarly, IoT frameworks are introducing application level security. This type of security is needed for protecting application and platforms and will be important moving forward. Recommendations are that along with DER-based data model interfaces, platform and application security requirements also be prescribed when IoT devices support DER applications.« less

Design of real-time encryption module for secure data protection of wearable healthcare devices.

PubMed

Kim, Jungchae; Lee, Byuck Jin; Yoo, Sun K

2013-01-01

Wearable devices for biomedical instrumentation could generate the medical data and transmit to a repository on cloud service through wireless networks. In this process, the private medical data will be disclosed by man in the middle attack. Thus, the archived data for healthcare services would be protected by non-standardized security policy by healthcare service provider (HSP) because HIPAA only defines the security rules. In this paper, we adopted the Advanced Encryption Standard (AES) for security framework on wearable devices, so healthcare applications using this framework could support the confidentiality easily. The framework developed as dynamic loadable module targeted for lightweight microcontroller such as msp430 within embedded operating system. The performance was shown that the module can support the real-time encryption using electrocardiogram and photoplethysmogram. In this regard, the processing load for enabling security is distributed to wearable devices, and the customized data protection method could be composed by HSP for a trusted healthcare service.

Realization of Quantum Digital Signatures without the Requirement of Quantum Memory

NASA Astrophysics Data System (ADS)

Collins, Robert J.; Donaldson, Ross J.; Dunjko, Vedran; Wallden, Petros; Clarke, Patrick J.; Andersson, Erika; Jeffers, John; Buller, Gerald S.

2014-07-01

Digital signatures are widely used to provide security for electronic communications, for example, in financial transactions and electronic mail. Currently used classical digital signature schemes, however, only offer security relying on unproven computational assumptions. In contrast, quantum digital signatures offer information-theoretic security based on laws of quantum mechanics. Here, security against forging relies on the impossibility of perfectly distinguishing between nonorthogonal quantum states. A serious drawback of previous quantum digital signature schemes is that they require long-term quantum memory, making them impractical at present. We present the first realization of a scheme that does not need quantum memory and which also uses only standard linear optical components and photodetectors. In our realization, the recipients measure the distributed quantum signature states using a new type of quantum measurement, quantum state elimination. This significantly advances quantum digital signatures as a quantum technology with potential for real applications.

Realization of quantum digital signatures without the requirement of quantum memory.

PubMed

Collins, Robert J; Donaldson, Ross J; Dunjko, Vedran; Wallden, Petros; Clarke, Patrick J; Andersson, Erika; Jeffers, John; Buller, Gerald S

2014-07-25

Digital signatures are widely used to provide security for electronic communications, for example, in financial transactions and electronic mail. Currently used classical digital signature schemes, however, only offer security relying on unproven computational assumptions. In contrast, quantum digital signatures offer information-theoretic security based on laws of quantum mechanics. Here, security against forging relies on the impossibility of perfectly distinguishing between nonorthogonal quantum states. A serious drawback of previous quantum digital signature schemes is that they require long-term quantum memory, making them impractical at present. We present the first realization of a scheme that does not need quantum memory and which also uses only standard linear optical components and photodetectors. In our realization, the recipients measure the distributed quantum signature states using a new type of quantum measurement, quantum state elimination. This significantly advances quantum digital signatures as a quantum technology with potential for real applications.

Security-Oriented and Load-Balancing Wireless Data Routing Game in the Integration of Advanced Metering Infrastructure Network in Smart Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

He, Fulin; Cao, Yang; Zhang, Jun Jason

Ensuring flexible and reliable data routing is indispensable for the integration of Advanced Metering Infrastructure (AMI) networks, we propose a secure-oriented and load-balancing wireless data routing scheme. A novel utility function is designed based on security routing scheme. Then, we model the interactive security-oriented routing strategy among meter data concentrators or smart grid meters as a mixed-strategy network formation game. Finally, such problem results in a stable probabilistic routing scheme with proposed distributed learning algorithm. One contributions is that we studied that different types of applications affect the routing selection strategy and the strategy tendency. Another contributions is that themore » chosen strategy of our mixed routing can adaptively to converge to a new mixed strategy Nash equilibrium (MSNE) during the learning process in the smart grid.« less

Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme

PubMed Central

Wang, Chengqi; Zhang, Xiao; Zheng, Zhiming

2016-01-01

With the security requirements of networks, biometrics authenticated schemes which are applied in the multi-server environment come to be more crucial and widely deployed. In this paper, we propose a novel biometric-based multi-server authentication and key agreement scheme which is based on the cryptanalysis of Mishra et al.’s scheme. The informal and formal security analysis of our scheme are given, which demonstrate that our scheme satisfies the desirable security requirements. The presented scheme provides a variety of significant functionalities, in which some features are not considered in the most of existing authentication schemes, such as, user revocation or re-registration and biometric information protection. Compared with several related schemes, our scheme has more secure properties and lower computation cost. It is obviously more appropriate for practical applications in the remote distributed networks. PMID:26866606

Controlling multiple security robots in a warehouse environment

NASA Technical Reports Server (NTRS)

Everett, H. R.; Gilbreath, G. A.; Heath-Pastore, T. A.; Laird, R. T.

1994-01-01

The Naval Command Control and Ocean Surveillance Center (NCCOSC) has developed an architecture to provide coordinated control of multiple autonomous vehicles from a single host console. The multiple robot host architecture (MRHA) is a distributed multiprocessing system that can be expanded to accommodate as many as 32 robots. The initial application will employ eight Cybermotion K2A Navmaster robots configured as remote security platforms in support of the Mobile Detection Assessment and Response System (MDARS) Program. This paper discusses developmental testing of the MRHA in an operational warehouse environment, with two actual and four simulated robotic platforms.

Development of a COTS-Based Computing Environment Blueprint Application at KSC

NASA Technical Reports Server (NTRS)

Ghansah, Isaac; Boatright, Bryan

1996-01-01

This paper describes a blueprint that can be used for developing a distributed computing environment (DCE) for NASA in general, and the Kennedy Space Center (KSC) in particular. A comprehensive, open, secure, integrated, and multi-vendor DCE such as OSF DCE has been suggested. Design issues, as well as recommendations for each component have been given. Where necessary, modifications were suggested to fit the needs of KSC. This was done in the areas of security and directory services. Readers requiring a more comprehensive coverage are encouraged to refer to the eight-chapter document prepared for this work.

Internetting tactical security sensor systems

NASA Astrophysics Data System (ADS)

Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

1998-08-01

The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control stations.

Quantum tagging for tags containing secret classical data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kent, Adrian

Various authors have considered schemes for quantum tagging, that is, authenticating the classical location of a classical tagging device by sending and receiving quantum signals from suitably located distant sites, in an environment controlled by an adversary whose quantum information processing and transmitting power is potentially unbounded. All of the schemes proposed elsewhere in the literature assume that the adversary is able to inspect the interior of the tagging device. All of these schemes have been shown to be breakable if the adversary has unbounded predistributed entanglement. We consider here the case in which the tagging device contains a finitemore » key string shared with distant sites but kept secret from the adversary, and show this allows the location of the tagging device to be authenticated securely and indefinitely. Our protocol relies on quantum key distribution between the tagging device and at least one distant site, and demonstrates a new practical application of quantum key distribution. It also illustrates that the attainable security in position-based cryptography can depend crucially on apparently subtle details in the security scenario considered.« less

Distributed Fiber-Optic Sensors for Vibration Detection

PubMed Central

Liu, Xin; Jin, Baoquan; Bai, Qing; Wang, Yu; Wang, Dong; Wang, Yuncai

2016-01-01

Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. Optical parameters such as light intensity, phase, polarization state, or light frequency will change when external vibration is applied on the sensing fiber. In this paper, various technologies of distributed fiber-optic vibration sensing are reviewed, from interferometric sensing technology, such as Sagnac, Mach–Zehnder, and Michelson, to backscattering-based sensing technology, such as phase-sensitive optical time domain reflectometer, polarization-optical time domain reflectometer, optical frequency domain reflectometer, as well as some combinations of interferometric and backscattering-based techniques. Their operation principles are presented and recent research efforts are also included. Finally, the applications of distributed fiber-optic vibration sensors are summarized, which mainly include structural health monitoring and perimeter security, etc. Overall, distributed fiber-optic vibration sensors possess the advantages of large-scale monitoring, good concealment, excellent flexibility, and immunity to electromagnetic interference, and thus show considerable potential for a variety of practical applications. PMID:27472334

Distributed Fiber-Optic Sensors for Vibration Detection.

PubMed

Liu, Xin; Jin, Baoquan; Bai, Qing; Wang, Yu; Wang, Dong; Wang, Yuncai

2016-07-26

Distributed fiber-optic vibration sensors receive extensive investigation and play a significant role in the sensor panorama. Optical parameters such as light intensity, phase, polarization state, or light frequency will change when external vibration is applied on the sensing fiber. In this paper, various technologies of distributed fiber-optic vibration sensing are reviewed, from interferometric sensing technology, such as Sagnac, Mach-Zehnder, and Michelson, to backscattering-based sensing technology, such as phase-sensitive optical time domain reflectometer, polarization-optical time domain reflectometer, optical frequency domain reflectometer, as well as some combinations of interferometric and backscattering-based techniques. Their operation principles are presented and recent research efforts are also included. Finally, the applications of distributed fiber-optic vibration sensors are summarized, which mainly include structural health monitoring and perimeter security, etc. Overall, distributed fiber-optic vibration sensors possess the advantages of large-scale monitoring, good concealment, excellent flexibility, and immunity to electromagnetic interference, and thus show considerable potential for a variety of practical applications.

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

17 CFR 242.101 - Activities by distribution participants.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Activities by distribution participants. 242.101 Section 242.101 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES...

Integrating machine learning to achieve an automatic parameter prediction for practical continuous-variable quantum key distribution

NASA Astrophysics Data System (ADS)

Liu, Weiqi; Huang, Peng; Peng, Jinye; Fan, Jianping; Zeng, Guihua

2018-02-01

For supporting practical quantum key distribution (QKD), it is critical to stabilize the physical parameters of signals, e.g., the intensity, phase, and polarization of the laser signals, so that such QKD systems can achieve better performance and practical security. In this paper, an approach is developed by integrating a support vector regression (SVR) model to optimize the performance and practical security of the QKD system. First, a SVR model is learned to precisely predict the time-along evolutions of the physical parameters of signals. Second, such predicted time-along evolutions are employed as feedback to control the QKD system for achieving the optimal performance and practical security. Finally, our proposed approach is exemplified by using the intensity evolution of laser light and a local oscillator pulse in the Gaussian modulated coherent state QKD system. Our experimental results have demonstrated three significant benefits of our SVR-based approach: (1) it can allow the QKD system to achieve optimal performance and practical security, (2) it does not require any additional resources and any real-time monitoring module to support automatic prediction of the time-along evolutions of the physical parameters of signals, and (3) it is applicable to any measurable physical parameter of signals in the practical QKD system.

WaveJava: Wavelet-based network computing

NASA Astrophysics Data System (ADS)

Ma, Kun; Jiao, Licheng; Shi, Zhuoer

1997-04-01

Wavelet is a powerful theory, but its successful application still needs suitable programming tools. Java is a simple, object-oriented, distributed, interpreted, robust, secure, architecture-neutral, portable, high-performance, multi- threaded, dynamic language. This paper addresses the design and development of a cross-platform software environment for experimenting and applying wavelet theory. WaveJava, a wavelet class library designed by the object-orient programming, is developed to take advantage of the wavelets features, such as multi-resolution analysis and parallel processing in the networking computing. A new application architecture is designed for the net-wide distributed client-server environment. The data are transmitted with multi-resolution packets. At the distributed sites around the net, these data packets are done the matching or recognition processing in parallel. The results are fed back to determine the next operation. So, the more robust results can be arrived quickly. The WaveJava is easy to use and expand for special application. This paper gives a solution for the distributed fingerprint information processing system. It also fits for some other net-base multimedia information processing, such as network library, remote teaching and filmless picture archiving and communications.

The developing one door licensing service system based on RESTful oriented services and MVC framework

NASA Astrophysics Data System (ADS)

Widiyanto, Sigit; Setyawan, Aris Budi; Tarigan, Avinanta; Sussanto, Herry

2016-02-01

The increase of the number of business impact on the increasing service requirements for companies and Small Medium Enterprises (SMEs) in submitting their license request. The service system that is needed must be able to accommodate a large number of documents, various institutions, and time limitations of applicant. In addition, it is also required distributed applications which is able to be integrated each other. Service oriented application fits perfectly developed along client-server application which has been developed by the Government to digitalize submitted data. RESTful architecture and MVC framework are embedded in developing application. As a result, the application proves its capability in solving security, transaction speed, and data accuracy issues.

Optical image security using Stokes polarimetry of spatially variant polarized beam

NASA Astrophysics Data System (ADS)

Fatima, Areeba; Nishchal, Naveen K.

2018-06-01

We propose a novel security scheme that uses vector beam characterized by the spatially variant polarization distribution. A vector beam is so generated that its helical components carry tailored phases corresponding to the image/images that is/are to be encrypted. The tailoring of phase has been done by employing the modified Gerchberg-Saxton algorithm for phase retrieval. Stokes parameters for the final vector beam is evaluated and is used to construct the ciphertext and one of the keys. The advantage of the proposed scheme is that it generates real ciphertext and keys which are easier to transmit and store than complex quantities. Moreover, the known plaintext attack is not applicable to this system. As a proof-of-concept, simulation results have been presented for securing single and double gray-scale images.

A secure distributed logistic regression protocol for the detection of rare adverse drug events

PubMed Central

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-01-01

Background There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. Objective To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. Methods We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. Results The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. Conclusion The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models. PMID:22871397

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

PubMed

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.

A component-based, distributed object services architecture for a clinical workstation.

PubMed

Chueh, H C; Raila, W F; Pappas, J J; Ford, M; Zatsman, P; Tu, J; Barnett, G O

1996-01-01

Attention to an architectural framework in the development of clinical applications can promote reusability of both legacy systems as well as newly designed software. We describe one approach to an architecture for a clinical workstation application which is based on a critical middle tier of distributed object-oriented services. This tier of network-based services provides flexibility in the creation of both the user interface and the database tiers. We developed a clinical workstation for ambulatory care using this architecture, defining a number of core services including those for vocabulary, patient index, documents, charting, security, and encounter management. These services can be implemented through proprietary or more standard distributed object interfaces such as CORBA and OLE. Services are accessed over the network by a collection of user interface components which can be mixed and matched to form a variety of interface styles. These services have also been reused with several applications based on World Wide Web browser interfaces.

A component-based, distributed object services architecture for a clinical workstation.

PubMed Central

Chueh, H. C.; Raila, W. F.; Pappas, J. J.; Ford, M.; Zatsman, P.; Tu, J.; Barnett, G. O.

1996-01-01

Attention to an architectural framework in the development of clinical applications can promote reusability of both legacy systems as well as newly designed software. We describe one approach to an architecture for a clinical workstation application which is based on a critical middle tier of distributed object-oriented services. This tier of network-based services provides flexibility in the creation of both the user interface and the database tiers. We developed a clinical workstation for ambulatory care using this architecture, defining a number of core services including those for vocabulary, patient index, documents, charting, security, and encounter management. These services can be implemented through proprietary or more standard distributed object interfaces such as CORBA and OLE. Services are accessed over the network by a collection of user interface components which can be mixed and matched to form a variety of interface styles. These services have also been reused with several applications based on World Wide Web browser interfaces. PMID:8947744

Quantum Hash function and its application to privacy amplification in quantum key distribution, pseudo-random number generation and image encryption

NASA Astrophysics Data System (ADS)

Yang, Yu-Guang; Xu, Peng; Yang, Rui; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

Quantum information and quantum computation have achieved a huge success during the last years. In this paper, we investigate the capability of quantum Hash function, which can be constructed by subtly modifying quantum walks, a famous quantum computation model. It is found that quantum Hash function can act as a hash function for the privacy amplification process of quantum key distribution systems with higher security. As a byproduct, quantum Hash function can also be used for pseudo-random number generation due to its inherent chaotic dynamics. Further we discuss the application of quantum Hash function to image encryption and propose a novel image encryption algorithm. Numerical simulations and performance comparisons show that quantum Hash function is eligible for privacy amplification in quantum key distribution, pseudo-random number generation and image encryption in terms of various hash tests and randomness tests. It extends the scope of application of quantum computation and quantum information.

Quantum Hash function and its application to privacy amplification in quantum key distribution, pseudo-random number generation and image encryption

PubMed Central

Yang, Yu-Guang; Xu, Peng; Yang, Rui; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

Quantum information and quantum computation have achieved a huge success during the last years. In this paper, we investigate the capability of quantum Hash function, which can be constructed by subtly modifying quantum walks, a famous quantum computation model. It is found that quantum Hash function can act as a hash function for the privacy amplification process of quantum key distribution systems with higher security. As a byproduct, quantum Hash function can also be used for pseudo-random number generation due to its inherent chaotic dynamics. Further we discuss the application of quantum Hash function to image encryption and propose a novel image encryption algorithm. Numerical simulations and performance comparisons show that quantum Hash function is eligible for privacy amplification in quantum key distribution, pseudo-random number generation and image encryption in terms of various hash tests and randomness tests. It extends the scope of application of quantum computation and quantum information. PMID:26823196

Quantum Hash function and its application to privacy amplification in quantum key distribution, pseudo-random number generation and image encryption.

PubMed

Yang, Yu-Guang; Xu, Peng; Yang, Rui; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-29

Quantum information and quantum computation have achieved a huge success during the last years. In this paper, we investigate the capability of quantum Hash function, which can be constructed by subtly modifying quantum walks, a famous quantum computation model. It is found that quantum Hash function can act as a hash function for the privacy amplification process of quantum key distribution systems with higher security. As a byproduct, quantum Hash function can also be used for pseudo-random number generation due to its inherent chaotic dynamics. Further we discuss the application of quantum Hash function to image encryption and propose a novel image encryption algorithm. Numerical simulations and performance comparisons show that quantum Hash function is eligible for privacy amplification in quantum key distribution, pseudo-random number generation and image encryption in terms of various hash tests and randomness tests. It extends the scope of application of quantum computation and quantum information.

7 CFR 1717.857 - Refinancing of existing secured debt-distribution and power supply borrowers.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 11 2011-01-01 2011-01-01 false Refinancing of existing secured debt-distribution and power supply borrowers. 1717.857 Section 1717.857 Agriculture Regulations of the Department of... Private Financing § 1717.857 Refinancing of existing secured debt—distribution and power supply borrowers...

Advanced and secure architectural EHR approaches.

PubMed

Blobel, Bernd

2006-01-01

Electronic Health Records (EHRs) provided as a lifelong patient record advance towards core applications of distributed and co-operating health information systems and health networks. For meeting the challenge of scalable, flexible, portable, secure EHR systems, the underlying EHR architecture must be based on the component paradigm and model driven, separating platform-independent and platform-specific models. Allowing manageable models, real systems must be decomposed and simplified. The resulting modelling approach has to follow the ISO Reference Model - Open Distributing Processing (RM-ODP). The ISO RM-ODP describes any system component from different perspectives. Platform-independent perspectives contain the enterprise view (business process, policies, scenarios, use cases), the information view (classes and associations) and the computational view (composition and decomposition), whereas platform-specific perspectives concern the engineering view (physical distribution and realisation) and the technology view (implementation details from protocols up to education and training) on system components. Those views have to be established for components reflecting aspects of all domains involved in healthcare environments including administrative, legal, medical, technical, etc. Thus, security-related component models reflecting all view mentioned have to be established for enabling both application and communication security services as integral part of the system's architecture. Beside decomposition and simplification of system regarding the different viewpoint on their components, different levels of systems' granularity can be defined hiding internals or focusing on properties of basic components to form a more complex structure. The resulting models describe both structure and behaviour of component-based systems. The described approach has been deployed in different projects defining EHR systems and their underlying architectural principles. In that context, the Australian GEHR project, the openEHR initiative, the revision of CEN ENV 13606 "Electronic Health Record communication", all based on Archetypes, but also the HL7 version 3 activities are discussed in some detail. The latter include the HL7 RIM, the HL7 Development Framework, the HL7's clinical document architecture (CDA) as well as the set of models from use cases, activity diagrams, sequence diagrams up to Domain Information Models (DMIMs) and their building blocks Common Message Element Types (CMET) Constraining Models to their underlying concepts. The future-proof EHR architecture as open, user-centric, user-friendly, flexible, scalable, portable core application in health information systems and health networks has to follow advanced architectural paradigms.

Advanced Optical Burst Switched Network Concepts

NASA Astrophysics Data System (ADS)

Nejabati, Reza; Aracil, Javier; Castoldi, Piero; de Leenheer, Marc; Simeonidou, Dimitra; Valcarenghi, Luca; Zervas, Georgios; Wu, Jian

In recent years, as the bandwidth and the speed of networks have increased significantly, a new generation of network-based applications using the concept of distributed computing and collaborative services is emerging (e.g., Grid computing applications). The use of the available fiber and DWDM infrastructure for these applications is a logical choice offering huge amounts of cheap bandwidth and ensuring global reach of computing resources [230]. Currently, there is a great deal of interest in deploying optical circuit (wavelength) switched network infrastructure for distributed computing applications that require long-lived wavelength paths and address the specific needs of a small number of well-known users. Typical users are particle physicists who, due to their international collaborations and experiments, generate enormous amounts of data (Petabytes per year). These users require a network infrastructures that can support processing and analysis of large datasets through globally distributed computing resources [230]. However, providing wavelength granularity bandwidth services is not an efficient and scalable solution for applications and services that address a wider base of user communities with different traffic profiles and connectivity requirements. Examples of such applications may be: scientific collaboration in smaller scale (e.g., bioinformatics, environmental research), distributed virtual laboratories (e.g., remote instrumentation), e-health, national security and defense, personalized learning environments and digital libraries, evolving broadband user services (i.e., high resolution home video editing, real-time rendering, high definition interactive TV). As a specific example, in e-health services and in particular mammography applications due to the size and quantity of images produced by remote mammography, stringent network requirements are necessary. Initial calculations have shown that for 100 patients to be screened remotely, the network would have to securely transport 1.2 GB of data every 30 s [230]. According to the above explanation it is clear that these types of applications need a new network infrastructure and transport technology that makes large amounts of bandwidth at subwavelength granularity, storage, computation, and visualization resources potentially available to a wide user base for specified time durations. As these types of collaborative and network-based applications evolve addressing a wide range and large number of users, it is infeasible to build dedicated networks for each application type or category. Consequently, there should be an adaptive network infrastructure able to support all application types, each with their own access, network, and resource usage patterns. This infrastructure should offer flexible and intelligent network elements and control mechanism able to deploy new applications quickly and efficiently.

Aviation Security: Biometric Technology and Risk Based Security Aviation Passenger Screening Program

DTIC Science & Technology

2012-12-01

distribution is unlimited 12b. DISTRIBUTION CODE A 13. ABSTRACT (maximum 200 words ) Since 9/11, the Transportation Security Administration (TSA...Council POE Point Of Entry RBS Risk-Based Security SENTRI Secure Electronic Network for Travelers Rapid Inspection SFPD Secure Flight Passenger...Committee on Biometrics provides the origins of biometrics; the term “biometrics” is derived from the Greek words “bio” (life) and “metrics” (to measure

Secure multi-party communication with quantum key distribution managed by trusted authority

DOEpatents

Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

2013-07-09

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Secure multi-party communication with quantum key distribution managed by trusted authority

DOEpatents

Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

2015-01-06

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States.

PubMed

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-09

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Experimental measurement-device-independent quantum key distribution with uncharacterized encoding.

PubMed

Wang, Chao; Wang, Shuang; Yin, Zhen-Qiang; Chen, Wei; Li, Hong-Wei; Zhang, Chun-Mei; Ding, Yu-Yang; Guo, Guang-Can; Han, Zheng-Fu

2016-12-01

Measurement-device-independent quantum key distribution (MDI QKD) is an efficient way to share secrets using untrusted measurement devices. However, the assumption on the characterizations of encoding states is still necessary in this promising protocol, which may lead to unnecessary complexity and potential loopholes in realistic implementations. Here, by using the mismatched-basis statistics, we present the first proof-of-principle experiment of MDI QKD with uncharacterized encoding sources. In this demonstration, the encoded states are only required to be constrained in a two-dimensional Hilbert space, and two distant parties (Alice and Bob) are resistant to state preparation flaws even if they have no idea about the detailed information of their encoding states. The positive final secure key rates of our system exhibit the feasibility of this novel protocol, and demonstrate its value for the application of secure communication with uncharacterized devices.

Demonstration of Monogamy Relations for Einstein-Podolsky-Rosen Steering in Gaussian Cluster States

NASA Astrophysics Data System (ADS)

Deng, Xiaowei; Xiang, Yu; Tian, Caixing; Adesso, Gerardo; He, Qiongyi; Gong, Qihuang; Su, Xiaolong; Xie, Changde; Peng, Kunchi

2017-06-01

Understanding how quantum resources can be quantified and distributed over many parties has profound applications in quantum communication. As one of the most intriguing features of quantum mechanics, Einstein-Podolsky-Rosen (EPR) steering is a useful resource for secure quantum networks. By reconstructing the covariance matrix of a continuous variable four-mode square Gaussian cluster state subject to asymmetric loss, we quantify the amount of bipartite steering with a variable number of modes per party, and verify recently introduced monogamy relations for Gaussian steerability, which establish quantitative constraints on the security of information shared among different parties. We observe a very rich structure for the steering distribution, and demonstrate one-way EPR steering of the cluster state under Gaussian measurements, as well as one-to-multimode steering. Our experiment paves the way for exploiting EPR steering in Gaussian cluster states as a valuable resource for multiparty quantum information tasks.

Latency Hiding in Dynamic Partitioning and Load Balancing of Grid Computing Applications

NASA Technical Reports Server (NTRS)

Das, Sajal K.; Harvey, Daniel J.; Biswas, Rupak

2001-01-01

The Information Power Grid (IPG) concept developed by NASA is aimed to provide a metacomputing platform for large-scale distributed computations, by hiding the intricacies of highly heterogeneous environment and yet maintaining adequate security. In this paper, we propose a latency-tolerant partitioning scheme that dynamically balances processor workloads on the.IPG, and minimizes data movement and runtime communication. By simulating an unsteady adaptive mesh application on a wide area network, we study the performance of our load balancer under the Globus environment. The number of IPG nodes, the number of processors per node, and the interconnected speeds are parameterized to derive conditions under which the IPG would be suitable for parallel distributed processing of such applications. Experimental results demonstrate that effective solution are achieved when the IPG nodes are connected by a high-speed asynchronous interconnection network.

An improved scheme on decoy-state method for measurement-device-independent quantum key distribution.

PubMed

Wang, Dong; Li, Mo; Guo, Guang-Can; Wang, Qin

2015-10-14

Quantum key distribution involving decoy-states is a significant application of quantum information. By using three-intensity decoy-states of single-photon-added coherent sources, we propose a practically realizable scheme on quantum key distribution which approaches very closely the ideal asymptotic case of an infinite number of decoy-states. We make a comparative study between this scheme and two other existing ones, i.e., two-intensity decoy-states with single-photon-added coherent sources, and three-intensity decoy-states with weak coherent sources. Through numerical analysis, we demonstrate the advantages of our scheme in secure transmission distance and the final key generation rate.

Randomness determines practical security of BB84 quantum key distribution.

PubMed

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-10

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Randomness determines practical security of BB84 quantum key distribution

PubMed Central

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-01-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system. PMID:26552359

Randomness determines practical security of BB84 quantum key distribution

NASA Astrophysics Data System (ADS)

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Optical fiber sensors: Systems and applications. Volume 2

NASA Astrophysics Data System (ADS)

Culshaw, Brian; Dakin, John

State-of-the-art fiber-optic (FO) sensors and their applications are described in chapters contributed by leading experts. Consideration is given to interferometers, FO gyros, intensity- and wavelength-based sensors and optical actuators, Si in FO sensors, point-sensor multiplexing principles, and distributed FO sensor systems. Also examined are chemical, biochemical, and medical sensors; physical and chemical sensors for process control; FO-sensor applications in the marine and aerospace industries; FO-sensor monitoring systems for security and safety, structural integrity, NDE, and the electric-power industry; and the market situation for FO-sensor technology. Diagrams, drawings, graphs, and photographs are provided.

Fiber-optic security monitoring sensor

NASA Astrophysics Data System (ADS)

Englund, Marja; Ipatti, Ari; Karioja, Pentti

1997-09-01

In security monitoring, fiber-optic sensors are advantageous because strong and rugged optical fibers are thin, light, flexible and immune to electromagnetic interference. Optical fibers packaged into cables, such as, building and underground cables, can be used to detect even slightest disturbances, movements, vibrations, pressure changes and impacts along their entire length. When running an optical cable around a structure, and when using speckle pattern recognition technique for alarm monitoring, the distributed monitoring of the structure is possible. The sensing cable can be strung along fences, buried underground, embedded into concrete, mounted on walls, floors and ceilings, or wrapped around the specific components. In this paper, a fiber-optic security monitoring sensor based on speckle pattern monitoring is described. The description of the measuring method and the results of the experimental fiber installations are given. The applicability of embedded and surface mounted fibers to monitor the pressure and impact induced vibrations of fences and concrete structures as well as the loosening of critical parts in a power plant machinery were demonstrated in field and laboratory conditions. The experiences related to the applications and optical cable types are also discussed.

Fiber optic security monitoring sensor

NASA Astrophysics Data System (ADS)

Englund, Marja; Ipatti, Ari; Karioja, Pentti

1997-09-01

In security monitoring, fiber-optic sensors are advantageous because strong and rugged optical fibers are thin, light, flexible and immune to electromagnetic interference. Optical fibers packaged into cables, such as, building and underground cables, can be used to detect even slightest disturbances, movements, vibrations, pressure changes and impacts along their entire length. When running an optical cable around a structure, and when using speckle pattern recognition technique for alarm monitoring, the distributed monitoring of the structure is possible. The sensing cable can be strung along fences, buried underground, embedded into concrete, mounted on walls, floors and ceilings, or wrapped around the specific components. In this paper, a fiber-optic security monitoring sensor based on speckle pattern monitoring is described. The description of the measuring method and the results of the experimental fiber installations are given. The applicability of embedded and surface mounted fibers to monitor the pressure and impact induced vibrations of fences and concrete structures as well as the loosening of critical parts in a power plant machinery were demonstrated in field and laboratory conditions. The experiences related to the applications and optical cable types are also discussed.

Quantum cryptography and applications in the optical fiber network

NASA Astrophysics Data System (ADS)

Luo, Yuhui

2005-09-01

Quantum cryptography, as part of quantum information and communications, can provide absolute security for information transmission because it is established on the fundamental laws of quantum theory, such as the principle of uncertainty, No-cloning theorem and quantum entanglement. In this thesis research, a novel scheme to implement quantum key distribution based on multiphoton entanglement with a new protocol is proposed. Its advantages are: a larger information capacity can be obtained with a longer transmission distance and the detection of multiple photons is easier than that of a single photon. The security and attacks pertaining to such a system are also studied. Next, a quantum key distribution over wavelength division multiplexed (WDM) optical fiber networks is realized. Quantum key distribution in networks is a long-standing problem for practical applications. Here we combine quantum cryptography and WDM to solve this problem because WDM technology is universally deployed in the current and next generation fiber networks. The ultimate target is to deploy quantum key distribution over commercial networks. The problems arising from the networks are also studied in this part. Then quantum key distribution in multi-access networks using wavelength routing technology is investigated in this research. For the first time, quantum cryptography for multiple individually targeted users has been successfully implemented in sharp contrast to that using the indiscriminating broadcasting structure. It overcomes the shortcoming that every user in the network can acquire the quantum key signals intended to be exchanged between only two users. Furthermore, a more efficient scheme of quantum key distribution is adopted, hence resulting in a higher key rate. Lastly, a quantum random number generator based on quantum optics has been experimentally demonstrated. This device is a key component for quantum key distribution as it can create truly random numbers, which is an essential requirement to perform quantum key distribution. This new generator is composed of a single optical fiber coupler with fiber pigtails, which can be easily used in optical fiber communications.

Introduction

NASA Astrophysics Data System (ADS)

Zhao, Ben; Garbacki, Paweł; Gkantsidis, Christos; Iamnitchi, Adriana; Voulgaris, Spyros

After a decade of intensive investigation, peer-to-peer computing has established itself as an accepted research eld in the general area of distributed systems. Peer-to- peer computing can be seen as the democratization of computing over throwing traditional hierarchical designs favored in client-server systems largely brought about by last-mile network improvements which have made individual PCs rst-class citizens in the network community. Much of the early focus in peer-to-peer systems was on best-effort le sharing applications. In recent years, however, research has focused on peer-to-peer systems that provide operational properties and functionality similar to those shown by more traditional distributed systems. These properties include stronger consistency, reliability, and security guarantees suitable to supporting traditional applications such as databases.

Security for Multimedia Space Data Distribution over the Internet

NASA Technical Reports Server (NTRS)

Stone, Thom; Picinich, Lou; Givens, John J. (Technical Monitor)

1995-01-01

Distribution of interactive multimedia to remote investigators will be required for high quality science on the International Space Station (ISS). The Internet with the World Wide Web (WWW) and the JAVA environment are a good match for distribution of data, video and voice to remote science centers. Utilizing the "open" Internet in a secure manner is the major hurdle in making use of this cost effective, off-the-shelf, universal resource. This paper examines the major security threats to an Internet distribution system for payload data and the mitigation of these threats. A proposed security environment for the Space Station Biological Research Facility (SSBRP) is presented with a short description of the tools that have been implemented or planned. Formulating and implementing a security policy, firewalls, host hardware and software security are also discussed in this paper. Security is a vast topic and this paper can only give an overview of important issues. This paper postulates that a structured approach is required and stresses that security must be built into a network from the start. Ignoring security issues or putting them off until late in the development cycle can be disastrous.

Secure multi-party communication with quantum key distribution managed by trusted authority

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore » extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.« less

Experimental integration of quantum key distribution and gigabit-capable passive optical network

NASA Astrophysics Data System (ADS)

Sun, Wei; Wang, Liu-Jun; Sun, Xiang-Xiang; Mao, Yingqiu; Yin, Hua-Lei; Wang, Bi-Xiao; Chen, Teng-Yun; Pan, Jian-Wei

2018-01-01

Quantum key distribution (QKD) ensures information-theoretic security for the distribution of random bits between two remote parties. To extend QKD applications to fiber-to-the-home optical communications, such as gigabit-capable passive optical networks (GPONs), an effective method is the use of wavelength-division multiplexing. However, the Raman scattering noise from intensive classical traffic and the huge loss introduced by the beam splitter in a GPON severely limits the performance of QKD. Here, we demonstrate the integration of QKD and a commercial GPON system with fiber lengths up to 14 km, in which the maximum splitting ratio of the beam splitter reaches 1:64. By placing the QKD transmitter on the optical line terminal side, we reduce the Raman noise collected at the QKD receiver. Using a bypass structure, the loss of the beam splitter is circumvented effectively. Our results pave the way to extending the applications of QKD to last-mile communications.

Optimizing Security of Cloud Computing within the DoD

DTIC Science & Technology

2010-12-01

information security governance and risk management; application security; cryptography; security architecture and design; operations security; business ...governance and risk management; application security; cryptography; security architecture and design; operations security; business continuity...20 7. Operational Security (OPSEC).........................................................20 8. Business Continuity Planning (BCP) and Disaster

Generating the local oscillator "locally" in continuous-variable quantum key distribution based on coherent detection

DOE PAGES

Qi, Bing; Lougovski, Pavel; Pooser, Raphael C.; ...

2015-10-21

Continuous-variable quantum key distribution (CV-QKD) protocols based on coherent detection have been studied extensively in both theory and experiment. In all the existing implementations of CV-QKD, both the quantum signal and the local oscillator (LO) are generated from the same laser and propagate through the insecure quantum channel. This arrangement may open security loopholes and limit the potential applications of CV-QKD. In our paper, we propose and demonstrate a pilot-aided feedforward data recovery scheme that enables reliable coherent detection using a “locally” generated LO. Using two independent commercial laser sources and a spool of 25-km optical fiber, we construct amore » coherent communication system. The variance of the phase noise introduced by the proposed scheme is measured to be 0.04 (rad 2), which is small enough to enable secure key distribution. This technology opens the door for other quantum communication protocols, such as the recently proposed measurement-device-independent CV-QKD, where independent light sources are employed by different users.« less

Online catalog access and distribution of remotely sensed information

NASA Astrophysics Data System (ADS)

Lutton, Stephen M.

1997-09-01

Remote sensing is providing voluminous data and value added information products. Electronic sensors, communication electronics, computer software, hardware, and network communications technology have matured to the point where a distributed infrastructure for remotely sensed information is a reality. The amount of remotely sensed data and information is making distributed infrastructure almost a necessity. This infrastructure provides data collection, archiving, cataloging, browsing, processing, and viewing for applications from scientific research to economic, legal, and national security decision making. The remote sensing field is entering a new exciting stage of commercial growth and expansion into the mainstream of government and business decision making. This paper overviews this new distributed infrastructure and then focuses on describing a software system for on-line catalog access and distribution of remotely sensed information.

Survey of holographic security systems

NASA Astrophysics Data System (ADS)

Kontnik, Lewis T.; Lancaster, Ian M.

1990-04-01

The counterfeiting of products and financial instruments is a major problem throughout the world today. The dimensions of the problem are growing, accelerated by the expanding availability of production technologies to sophisticated counterfeiters and the increasing capabilities of these technologies. Various optical techniques, including holography, are beingused in efforts to mark authentic products and to distinguish them from copies. Industry is recognizing that the effectiveness of these techniques depends on such factors as the economics of the counterfeiting process and the distribution channels for the products involved, in addition to the performance of the particular optical security technologies used. This paper surveys the nature of the growing counterfeit market place and reviews the utility of holographic optical security systems. In particular, we review the use of holograms on credit cards and other products; and outline certain steps the holography industry should take to promote these application.

A Geant4 model of backscatter security imaging systems

NASA Astrophysics Data System (ADS)

Leboffe, Eric Matthew

The operating characteristics of x ray security scanner systems that utilize backscatter signal in order to distinguish person borne threats have never been made fully available to the general public. By designing a model using Geant4, studies can be performed which will shed light on systems such as security scanners and allow for analysis of the performance and safety of the system without access to any system data. Despite the fact that the systems are no longer in use at airports in the United States, the ability to design and validate detector models and phenomena is an important capability that can be applied to many current real world applications. The model presented provides estimates for absorbed dose, effective dose and dose depth distribution that are comparable to previously published work and explores imaging capabilities for the system embodiment modeled.

Security of Distributed-Phase-Reference Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Moroder, Tobias; Curty, Marcos; Lim, Charles Ci Wen; Thinh, Le Phuc; Zbinden, Hugo; Gisin, Nicolas

2012-12-01

Distributed-phase-reference quantum key distribution stands out for its easy implementation with present day technology. For many years, a full security proof of these schemes in a realistic setting has been elusive. We solve this long-standing problem and present a generic method to prove the security of such protocols against general attacks. To illustrate our result, we provide lower bounds on the key generation rate of a variant of the coherent-one-way quantum key distribution protocol. In contrast to standard predictions, it appears to scale quadratically with the system transmittance.

17 CFR 230.144 - Persons deemed not to be engaged in a distribution and therefore not underwriters.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Persons deemed not to be engaged in a distribution and therefore not underwriters. 230.144 Section 230.144 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION GENERAL RULES AND REGULATIONS, SECURITIES ACT OF 1933 General...

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.

PubMed

Park, Woo-Sung; Seo, Sun-Won; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-06-01

The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Software To Secure Distributed Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

IPv6 Security

NASA Astrophysics Data System (ADS)

Babik, M.; Chudoba, J.; Dewhurst, A.; Finnern, T.; Froy, T.; Grigoras, C.; Hafeez, K.; Hoeft, B.; Idiculla, T.; Kelsey, D. P.; López Muñoz, F.; Martelli, E.; Nandakumar, R.; Ohrenberg, K.; Prelz, F.; Rand, D.; Sciabà, A.; Tigerstedt, U.; Traynor, D.; Wartel, R.

2017-10-01

IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.

Distributed network management in the flat structured mobile communities

NASA Astrophysics Data System (ADS)

Balandina, Elena

2005-10-01

Delivering proper management into the flat structured mobile communities is crucial for improving users experience and increase applications diversity in mobile networks. The available P2P applications do application-centric management, but it cannot replace network-wide management, especially when a number of different applications are used simultaneously in the network. The network-wide management is the key element required for a smooth transition from standalone P2P applications to the self-organizing mobile communities that maintain various services with quality and security guaranties. The classical centralized network management solutions are not applicable in the flat structured mobile communities due to the decentralized nature and high mobility of the underlying networks. Also the basic network management tasks have to be revised taking into account specialties of the flat structured mobile communities. The network performance management becomes more dependent on the current nodes' context, which also requires extension of the configuration management functionality. The fault management has to take into account high mobility of the network nodes. The performance and accounting managements are mainly targeted in maintain an efficient and fair access to the resources within the community, however they also allow unbalanced resource use of the nodes that explicitly permit it, e.g. as a voluntary donation to the community or due to the profession (commercial) reasons. The security management must implement the new trust models, which are based on the community feedback, professional authorization, and a mix of both. For fulfilling these and another specialties of the flat structured mobile communities, a new network management solution is demanded. The paper presents a distributed network management solution for flat structured mobile communities. Also the paper points out possible network management roles for the different parties (e.g. operators, service providing hubs/super nodes, etc.) involved in a service providing chain.

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

Security of BB84 with weak randomness and imperfect qubit encoding

NASA Astrophysics Data System (ADS)

Zhao, Liang-Yuan; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Fang, Xi; Han, Zheng-Fu; Huang, Wei

2018-03-01

The main threats for the well-known Bennett-Brassard 1984 (BB84) practical quantum key distribution (QKD) systems are that its encoding is inaccurate and measurement device may be vulnerable to particular attacks. Thus, a general physical model or security proof to tackle these loopholes simultaneously and quantitatively is highly desired. Here we give a framework on the security of BB84 when imperfect qubit encoding and vulnerability of measurement device are both considered. In our analysis, the potential attacks to measurement device are generalized by the recently proposed weak randomness model which assumes the input random numbers are partially biased depending on a hidden variable planted by an eavesdropper. And the inevitable encoding inaccuracy is also introduced here. From a fundamental view, our work reveals the potential information leakage due to encoding inaccuracy and weak randomness input. For applications, our result can be viewed as a useful tool to quantitatively evaluate the security of a practical QKD system.

Fast optical source for quantum key distribution based on semiconductor optical amplifiers.

PubMed

Jofre, M; Gardelein, A; Anzolin, G; Amaya, W; Capmany, J; Ursin, R; Peñate, L; Lopez, D; San Juan, J L; Carrasco, J A; Garcia, F; Torcal-Milla, F J; Sanchez-Brea, L M; Bernabeu, E; Perdigues, J M; Jennewein, T; Torres, J P; Mitchell, M W; Pruneri, V

2011-02-28

A novel integrated optical source capable of emitting faint pulses with different polarization states and with different intensity levels at 100 MHz has been developed. The source relies on a single laser diode followed by four semiconductor optical amplifiers and thin film polarizers, connected through a fiber network. The use of a single laser ensures high level of indistinguishability in time and spectrum of the pulses for the four different polarizations and three different levels of intensity. The applicability of the source is demonstrated in the lab through a free space quantum key distribution experiment which makes use of the decoy state BB84 protocol. We achieved a lower bound secure key rate of the order of 3.64 Mbps and a quantum bit error ratio as low as 1.14×10⁻² while the lower bound secure key rate became 187 bps for an equivalent attenuation of 35 dB. To our knowledge, this is the fastest polarization encoded QKD system which has been reported so far. The performance, reduced size, low power consumption and the fact that the components used can be space qualified make the source particularly suitable for secure satellite communication.

High-Performance Secure Database Access Technologies for HEP Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Matthew Vranicar; John Weicher

2006-04-17

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysismore » capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure authorization is pushed into the database engine will eliminate inefficient data transfer bottlenecks. Furthermore, traditionally separated database and security layers provide an extra vulnerability, leaving a weak clear-text password authorization as the only protection on the database core systems. Due to the legacy limitations of the systems’ security models, the allowed passwords often can not even comply with the DOE password guideline requirements. We see an opportunity for the tight integration of the secure authorization layer with the database server engine resulting in both improved performance and improved security. Phase I has focused on the development of a proof-of-concept prototype using Argonne National Laboratory’s (ANL) Argonne Tandem-Linac Accelerator System (ATLAS) project as a test scenario. By developing a grid-security enabled version of the ATLAS project’s current relation database solution, MySQL, PIOCON Technologies aims to offer a more efficient solution to secure database access.« less

The INDIGO-Datacloud Authentication and Authorization Infrastructure

NASA Astrophysics Data System (ADS)

Ceccanti, A.; Hardt, M.; Wegh, B.; Millar, AP; Caberletti, M.; Vianello, E.; Licehammer, S.

2017-10-01

Contemporary distributed computing infrastructures (DCIs) are not easily and securely accessible by scientists. These computing environments are typically hard to integrate due to interoperability problems resulting from the use of different authentication mechanisms, identity negotiation protocols and access control policies. Such limitations have a big impact on the user experience making it hard for user communities to port and run their scientific applications on resources aggregated from multiple providers. The INDIGO-DataCloud project wants to provide the services and tools needed to enable a secure composition of resources from multiple providers in support of scientific applications. In order to do so, a common AAI architecture has to be defined that supports multiple authentication mechanisms, support delegated authorization across services and can be easily integrated in off-the-shelf software. In this contribution we introduce the INDIGO Authentication and Authorization Infrastructure, describing its main components and their status and how authentication, delegation and authorization flows are implemented across services.

Feasibility of Using Distributed Wireless Mesh Networks for Medical Emergency Response

PubMed Central

Braunstein, Brian; Trimble, Troy; Mishra, Rajesh; Manoj, B. S.; Rao, Ramesh; Lenert, Leslie

2006-01-01

Achieving reliable, efficient data communications networks at a disaster site is a difficult task. Network paradigms, such as Wireless Mesh Network (WMN) architectures, form one exemplar for providing high-bandwidth, scalable data communication for medical emergency response activity. WMNs are created by self-organized wireless nodes that use multi-hop wireless relaying for data transfer. In this paper, we describe our experience using a mesh network architecture we developed for homeland security and medical emergency applications. We briefly discuss the architecture and present the traffic behavioral observations made by a client-server medical emergency application tested during a large-scale homeland security drill. We present our traffic measurements, describe lessons learned, and offer functional requirements (based on field testing) for practical 802.11 mesh medical emergency response networks. With certain caveats, the results suggest that 802.11 mesh networks are feasible and scalable systems for field communications in disaster settings. PMID:17238308

A real-time early warning system for pathogens in water

NASA Astrophysics Data System (ADS)

Adams, John A.; McCarty, David; Crousore, Kristina

2006-05-01

The events of September 11, 2001 represented an escalation in the means and effects of terrorist attacks and raised awareness of the vulnerability of major infrastructures such as transportation, finance, power and energy, communications, food, and water. A re-examination of the security of critical assets was initiated. Actions were taken in the United States to protect our drinking water. Anti-terrorism monitoring systems that allow us to take action before contaminated water can reach the consumer have been under development since then. This presentation will discuss the current performance of a laser-based, multi-angle light scattering (MALS) technology for continuous, real-time detection and classification of microorganisms for security applications in all drinking and process water applications inclusive of protection of major assets, potable and distributed water. Field test data for a number of waterborne pathogens will also be presented.

ScyFlow: An Environment for the Visual Specification and Execution of Scientific Workflows

NASA Technical Reports Server (NTRS)

McCann, Karen M.; Yarrow, Maurice; DeVivo, Adrian; Mehrotra, Piyush

2004-01-01

With the advent of grid technologies, scientists and engineers are building more and more complex applications to utilize distributed grid resources. The core grid services provide a path for accessing and utilizing these resources in a secure and seamless fashion. However what the scientists need is an environment that will allow them to specify their application runs at a high organizational level, and then support efficient execution across any given set or sets of resources. We have been designing and implementing ScyFlow, a dual-interface architecture (both GUT and APT) that addresses this problem. The scientist/user specifies the application tasks along with the necessary control and data flow, and monitors and manages the execution of the resulting workflow across the distributed resources. In this paper, we utilize two scenarios to provide the details of the two modules of the project, the visual editor and the runtime workflow engine.

Secure data exchange between intelligent devices and computing centers

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

Ad-Hoc Networks and the Mobile Application Security System (MASS)

DTIC Science & Technology

2006-01-01

solution to this problem that addresses critical aspects of security in ad-hoc mobile application networks. This approach involves preventing unauthorized...modification of a mobile application , both by other applications and by hosts, and ensuring that mobile code is authentic and authorized. These...capabilities constitute the Mobile Application Security System (MASS). The MASS applies effective, robust security to mobile application -based systems

Modeling Precheck Parallel Screening Process in the Face of Strategic Applicants with Incomplete Information and Screening Errors.

PubMed

Song, Cen; Zhuang, Jun

2018-01-01

In security check systems, tighter screening processes increase the security level, but also cause more congestion, which could cause longer wait times. Having to deal with more congestion in lines could also cause issues for the screeners. The Transportation Security Administration (TSA) Precheck Program was introduced to create fast lanes in airports with the goal of expediting passengers who the TSA does not deem to be threats. In this lane, the TSA allows passengers to enjoy fewer restrictions in order to speed up the screening time. Motivated by the TSA Precheck Program, we study parallel queueing imperfect screening systems, where the potential normal and adversary participants/applicants decide whether to apply to the Precheck Program or not. The approved participants would be assigned to a faster screening channel based on a screening policy determined by an approver, who balances the concerns of safety of the passengers and congestion of the lines. There exist three types of optimal normal applicant's application strategy, which depend on whether the marginal payoff is negative or positive, or whether the marginal benefit equals the marginal cost. An adversary applicant would not apply when the screening policy is sufficiently large or the number of utilized benefits is sufficiently small. The basic model is extended by considering (1) applicants' parameters to follow different distributions and (2) applicants to have risk levels, where the approver determines the threshold value needed to qualify for Precheck. This article integrates game theory and queueing theory to study the optimal screening policy and provides some insights to imperfect parallel queueing screening systems. © 2017 Society for Risk Analysis.

Rapid Characterization of Spider Silk Genes via Exon Capture

DTIC Science & Technology

2015-03-28

SECURITY CLASSIFICATION OF: Spider silks are high-performance materials with an array of potential military and civilian applications. As such, there...is persistent demand for the mass production of silks, which requires knowledge of the underlying silk gene sequences. Spidroins ( spider fibroins...2015 1-May-2014 31-Jan-2015 Approved for Public Release; Distribution Unlimited Final Report: Rapid Characterization of Spider Silk Genes via Exon

Globus | Informatics Technology for Cancer Research (ITCR)

Cancer.gov

Globus software services provide secure cancer research data transfer, synchronization, and sharing in distributed environments at large scale. These services can be integrated into applications and research data gateways, leveraging Globus identity management, single sign-on, search, and authorization capabilities. Globus Genomics integrates Globus with the Galaxy genomics workflow engine and Amazon Web Services to enable cancer genomics analysis that can elastically scale compute resources with demand.

Networking and Information Technology Research and Development. Supplement to the President’s Budget for FY 2002

DTIC Science & Technology

2001-07-01

Web-based applications to improve health data systems and quality of care; innovative strategies for data collection in clinical settings; approaches...research to increase interoperability and integration of software in distributed systems ; protocols and tools for data annotation and management; and...Generation National Defense and National Security Systems .......................... 27 Improved Health Care Systems for All Citizens

A Security Proof of Measurement Device Independent Quantum Key Distribution: From the View of Information Theory

NASA Astrophysics Data System (ADS)

Li, Fang-Yi; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Wen, Hao; Zhao, Yi-Bo; Han, Zheng-Fu

2014-07-01

Although some ideal quantum key distribution protocols have been proved to be secure, there have been some demonstrations that practical quantum key distribution implementations were hacked due to some real-life imperfections. Among these attacks, detector side channel attacks may be the most serious. Recently, a measurement device independent quantum key distribution protocol [Phys. Rev. Lett. 108 (2012) 130503] was proposed and all detector side channel attacks are removed in this scheme. Here a new security proof based on quantum information theory is given. The eavesdropper's information of the sifted key bits is bounded. Then with this bound, the final secure key bit rate can be obtained.

An improved scheme on decoy-state method for measurement-device-independent quantum key distribution

PubMed Central

Wang, Dong; Li, Mo; Guo, Guang-Can; Wang, Qin

2015-01-01

Quantum key distribution involving decoy-states is a significant application of quantum information. By using three-intensity decoy-states of single-photon-added coherent sources, we propose a practically realizable scheme on quantum key distribution which approaches very closely the ideal asymptotic case of an infinite number of decoy-states. We make a comparative study between this scheme and two other existing ones, i.e., two-intensity decoy-states with single-photon-added coherent sources, and three-intensity decoy-states with weak coherent sources. Through numerical analysis, we demonstrate the advantages of our scheme in secure transmission distance and the final key generation rate. PMID:26463580

Distributed Large Data-Object Environments: End-to-End Performance Analysis of High Speed Distributed Storage Systems in Wide Area ATM Networks

NASA Technical Reports Server (NTRS)

Johnston, William; Tierney, Brian; Lee, Jason; Hoo, Gary; Thompson, Mary

1996-01-01

We have developed and deployed a distributed-parallel storage system (DPSS) in several high speed asynchronous transfer mode (ATM) wide area networks (WAN) testbeds to support several different types of data-intensive applications. Architecturally, the DPSS is a network striped disk array, but is fairly unique in that its implementation allows applications complete freedom to determine optimal data layout, replication and/or coding redundancy strategy, security policy, and dynamic reconfiguration. In conjunction with the DPSS, we have developed a 'top-to-bottom, end-to-end' performance monitoring and analysis methodology that has allowed us to characterize all aspects of the DPSS operating in high speed ATM networks. In particular, we have run a variety of performance monitoring experiments involving the DPSS in the MAGIC testbed, which is a large scale, high speed, ATM network and we describe our experience using the monitoring methodology to identify and correct problems that limit the performance of high speed distributed applications. Finally, the DPSS is part of an overall architecture for using high speed, WAN's for enabling the routine, location independent use of large data-objects. Since this is part of the motivation for a distributed storage system, we describe this architecture.

A network-based distributed, media-rich computing and information environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Phillips, R.L.

1995-12-31

Sunrise is a Los Alamos National Laboratory (LANL) project started in October 1993. It is intended to be a prototype National Information Infrastructure development project. A main focus of Sunrise is to tie together enabling technologies (networking, object-oriented distributed computing, graphical interfaces, security, multi-media technologies, and data-mining technologies) with several specific applications. A diverse set of application areas was chosen to ensure that the solutions developed in the project are as generic as possible. Some of the application areas are materials modeling, medical records and image analysis, transportation simulations, and K-12 education. This paper provides a description of Sunrise andmore » a view of the architecture and objectives of this evolving project. The primary objectives of Sunrise are three-fold: (1) To develop common information-enabling tools for advanced scientific research and its applications to industry; (2) To enhance the capabilities of important research programs at the Laboratory; (3) To define a new way of collaboration between computer science and industrially-relevant research.« less

Conflict Containment in the Balkans: Testing Extended Deterrence.

DTIC Science & Technology

1995-03-01

STATEMENT 12b. DISTRIBUTION CODE Approved for public release; distribution is unlimited. 13. ABSTRACT This thesis critically analyzes a prominent theoretical...Containment 15. NUMBER OF in the Balkans; Deterrence; Coercive Diplomacy; Balance of Forces. PAGES: 161 16. PRICE CODE 17. SECURITY CLASSIFI- 18. SECURITY...Department of National Security Affai sAccesion For NTIS CRA&I DTtC TAB Unannounced Justifca ........... By- Distribution Availability Codes Avail and/or Dist

Security issues in healthcare applications using wireless medical sensor networks: a survey.

PubMed

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

PubMed Central

Kumar, Pardeep; Lee, Hoon-Jae

2012-01-01

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs. PMID:22368458

Ensuring Data Storage Security in Tree cast Routing Architecture for Sensor Networks

NASA Astrophysics Data System (ADS)

Kumar, K. E. Naresh; Sagar, U. Vidya; Waheed, Mohd. Abdul

2010-10-01

In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, this routing architecture moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, however, poses many new security challenges which have not been well understood. In this paper, we focus on data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users' data in this architecture, we propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.

17 CFR 230.139 - Publications or distributions of research reports by brokers or dealers distributing securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... of research reports by brokers or dealers distributing securities. 230.139 Section 230.139 Commodity... ACT OF 1933 General § 230.139 Publications or distributions of research reports by brokers or dealers... section, a broker's or dealer's publication or distribution of a research report about an issuer or any of...

17 CFR 230.139 - Publications or distributions of research reports by brokers or dealers distributing securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... of research reports by brokers or dealers distributing securities. 230.139 Section 230.139 Commodity... ACT OF 1933 General § 230.139 Publications or distributions of research reports by brokers or dealers... section, a broker's or dealer's publication or distribution of a research report about an issuer or any of...

Grid Technology as a Cyberinfrastructure for Delivering High-End Services to the Earth and Space Science Community

NASA Technical Reports Server (NTRS)

Hinke, Thomas H.

2004-01-01

Grid technology consists of middleware that permits distributed computations, data and sensors to be seamlessly integrated into a secure, single-sign-on processing environment. In &is environment, a user has to identify and authenticate himself once to the grid middleware, and then can utilize any of the distributed resources to which he has been,panted access. Grid technology allows resources that exist in enterprises that are under different administrative control to be securely integrated into a single processing environment The grid community has adopted commercial web services technology as a means for implementing persistent, re-usable grid services that sit on top of the basic distributed processing environment that grids provide. These grid services can then form building blocks for even more complex grid services. Each grid service is characterized using the Web Service Description Language, which provides a description of the interface and how other applications can access it. The emerging Semantic grid work seeks to associates sufficient semantic information with each grid service such that applications wii1 he able to automatically select, compose and if necessary substitute available equivalent services in order to assemble collections of services that are most appropriate for a particular application. Grid technology has been used to provide limited support to various Earth and space science applications. Looking to the future, this emerging grid service technology can provide a cyberinfrastructures for both the Earth and space science communities. Groups within these communities could transform those applications that have community-wide applicability into persistent grid services that are made widely available to their respective communities. In concert with grid-enabled data archives, users could easily create complex workflows that extract desired data from one or more archives and process it though an appropriate set of widely distributed grid services discovered using semantic grid technology. As required, high-end computational resources could be drawn from available grid resource pools. Using grid technology, this confluence of data, services and computational resources could easily be harnessed to transform data from many different sources into a desired product that is delivered to a user's workstation or to a web portal though which it could be accessed by its intended audience.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

PubMed

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

PubMed Central

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components. PMID:26514280

Secure and Efficient k-NN Queries⋆

PubMed Central

Asif, Hafiz; Vaidya, Jaideep; Shafiq, Basit; Adam, Nabil

2017-01-01

Given the morass of available data, ranking and best match queries are often used to find records of interest. As such, k-NN queries, which give the k closest matches to a query point, are of particular interest, and have many applications. We study this problem in the context of the financial sector, wherein an investment portfolio database is queried for matching portfolios. Given the sensitivity of the information involved, our key contribution is to develop a secure k-NN computation protocol that can enable the computation k-NN queries in a distributed multi-party environment while taking domain semantics into account. The experimental results show that the proposed protocols are extremely efficient. PMID:29218333

IT Data Mining Tool Uses in Aerospace

NASA Technical Reports Server (NTRS)

Monroe, Gilena A.; Freeman, Kenneth; Jones, Kevin L.

2012-01-01

Data mining has a broad spectrum of uses throughout the realms of aerospace and information technology. Each of these areas has useful methods for processing, distributing, and storing its corresponding data. This paper focuses on ways to leverage the data mining tools and resources used in NASA's information technology area to meet the similar data mining needs of aviation and aerospace domains. This paper details the searching, alerting, reporting, and application functionalities of the Splunk system, used by NASA's Security Operations Center (SOC), and their potential shared solutions to address aircraft and spacecraft flight and ground systems data mining requirements. This paper also touches on capacity and security requirements when addressing sizeable amounts of data across a large data infrastructure.

Experimental temporal quantum steering

PubMed Central

Bartkiewicz, Karol; Černoch, Antonín; Lemr, Karel; Miranowicz, Adam; Nori, Franco

2016-01-01

Temporal steering is a form of temporal correlation between the initial and final state of a quantum system. It is a temporal analogue of the famous Einstein-Podolsky-Rosen (spatial) steering. We demonstrate, by measuring the photon polarization, that temporal steering allows two parties to verify if they have been interacting with the same particle, even if they have no information about what happened with the particle in between the measurements. This is the first experimental study of temporal steering. We also performed experimental tests, based on the violation of temporal steering inequalities, of the security of two quantum key distribution protocols against individual attacks. Thus, these results can lead to applications for secure quantum communications and quantum engineering. PMID:27901121

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Finite-key analysis for measurement-device-independent quantum key distribution.

PubMed

Curty, Marcos; Xu, Feihu; Cui, Wei; Lim, Charles Ci Wen; Tamaki, Kiyoshi; Lo, Hoi-Kwong

2014-04-29

Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach--measurement-device-independent quantum key distribution--has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time frame of signal transmission.

17 CFR 200.602 - Application.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Application. 200.602 Section 200.602 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT... Programs or Activities Conducted by the Securities and Exchange Commission § 200.602 Application. This...

Postselection technique for quantum channels with applications to quantum cryptography.

PubMed

Christandl, Matthias; König, Robert; Renner, Renato

2009-01-16

We propose a general method for studying properties of quantum channels acting on an n-partite system, whose action is invariant under permutations of the subsystems. Our main result is that, in order to prove that a certain property holds for an arbitrary input, it is sufficient to consider the case where the input is a particular de Finetti-type state, i.e., a state which consists of n identical and independent copies of an (unknown) state on a single subsystem. Our technique can be applied to the analysis of information-theoretic problems. For example, in quantum cryptography, we get a simple proof for the fact that security of a discrete-variable quantum key distribution protocol against collective attacks implies security of the protocol against the most general attacks. The resulting security bounds are tighter than previously known bounds obtained with help of the exponential de Finetti theorem.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

New security infrastructure model for distributed computing systems

NASA Astrophysics Data System (ADS)

Dubenskaya, J.; Kryukov, A.; Demichev, A.; Prikhodko, N.

2016-02-01

At the paper we propose a new approach to setting up a user-friendly and yet secure authentication and authorization procedure in a distributed computing system. The security concept of the most heterogeneous distributed computing systems is based on the public key infrastructure along with proxy certificates which are used for rights delegation. In practice a contradiction between the limited lifetime of the proxy certificates and the unpredictable time of the request processing is a big issue for the end users of the system. We propose to use unlimited in time hashes which are individual for each request instead of proxy certificate. Our approach allows to avoid using of the proxy certificates. Thus the security infrastructure of distributed computing system becomes easier for development, support and use.

Frontiers of the food-energy-water trilemma: Sri Lanka as a microcosm of tradeoffs

NASA Astrophysics Data System (ADS)

Perrone, Debra; Hornberger, George

2016-01-01

Food, energy, and water are three critical resources for humanity. As climate variability, population growth, and lifestyle changes amplify the stress placed on each of the resources, the interrelationships among food, energy, and water systems become more pronounced. Political conflict, social and cultural norms, and spatial and temporal distribution of the resources add additional layers of complexity. It is in this context that the significance of understanding the impacts of water scarcity on the decisions around food and energy productions has emerged. Our work establishes tradeoff frontiers (TFs) as a method useful in illustrating the system-level tradeoffs between allocating water for food and water for energy. This paper illustrates how TFs can be used to (1) show how scarcity in water resources affects the tradeoffs between food and energy and (2) explore the political and social constraints that can move production away from what is feasible technically. We use Sri Lanka, a country where water resources are variable both in space and time and a country with relatively self-contained energy and agricultural sectors, as a microcosm of the food security, energy security, and water security trilemma. Nevertheless, our application of tradeoff frontiers is applicable widely to other systems.

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

PubMed Central

Park, Woo-Sung; Son, Seung-Sik; Lee, Mee-Jeong; Kim, Shin-Hyo; Choi, Eun-Mi; Bang, Ji-Eon; Kim, Yea-Eun; Kim, Ok-Nam

2010-01-01

Objectives The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. Methods The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. Results With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. Conclusions The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS. PMID:21818429

Information-Pooling Bias in Collaborative Security Incident Correlation Analysis.

PubMed

Rajivan, Prashanth; Cooke, Nancy J

2018-03-01

Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

Unclonable Security Codes Designed from Multicolor Luminescent Lanthanide-Doped Y2O3 Nanorods for Anticounterfeiting.

PubMed

Kumar, Pawan; Nagpal, Kanika; Gupta, Bipin Kumar

2017-04-26

The duplicity of important documents has emerged as a serious problem worldwide. Therefore, many efforts have been devoted to developing easy and fast anticounterfeiting techniques with multicolor emission. Herein, we report the synthesis of multicolor luminescent lanthanide-doped Y 2 O 3 nanorods by hydrothermal method and their usability in designing of unclonable security codes for anticounterfeiting applications. The spectroscopic features of nanorods are probed by photoluminescence spectroscopy. The Y 2 O 3 :Eu 3+ , Y 2 O 3 :Tb 3+ , and Y 2 O 3 :Ce 3+ nanorods emit hypersensitive red (at 611 nm), strong green (at 541 nm), and bright blue (at 438 nm) emissions at 254, 305, and 381 nm, respectively. The SEM and TEM/HRTEM results reveal that these nanorods have diameter and length in the range of 80-120 nm and ∼2-5 μm, respectively. The two-dimensional spatially resolved photoluminescence intensity distribution in nanorods is also investigated by using confocal photoluminescence microscopic technique. Further, highly luminescent unclonable security codes are printed by a simple screen printing technique using luminescent ink fabricated from admixing of lanthanide doped multicolor nanorods in PVC medium. The prospective use of these multicolor luminescent nanorods provide a new opportunity for easily printable, highly stable, and unclonable multicolor luminescent security codes for anti-counterfeiting applications.

17 CFR 201.193 - Applications by barred individuals for consent to associate.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Applications by barred individuals for consent to associate. 201.193 Section 201.193 Commodity and Securities Exchanges SECURITIES... securities dealers, government securities brokers, government securities dealers, investment advisers...

A Ubiquitous NFC Solution for the Development of Tailored Marketing Strategies Based on Discount Vouchers and Loyalty Cards

PubMed Central

Borrego-Jaraba, Francisco; Garrido, Pilar Castro; García, Gonzalo Cerruela; Ruiz, Irene Luque; Gómez-Nieto, Miguel Ángel

2013-01-01

Because of the global economic turmoil, nowadays a lot of companies are adopting a “deal of the day” business model, some of them with great success. Generally, they try to attract and retain customers through discount coupons and gift cards, using, generally, traditional distribution media. This paper describes a framework, which integrates intelligent environments by using NFC, oriented to the full management of this kind of businesses. The system is responsible for diffusion, distribution, sourcing, validation, redemption and managing of vouchers, loyalty cards and all kind of mobile coupons using NFC, as well as QR codes. WingBonus can be fully adapted to the requirements of marketing campaigns, voucher providers, shop or retailer infrastructures and mobile devices and purchasing habits. Security of the voucher is granted by the system by synchronizing procedures using secure encriptation algorithms. The WingBonus website and mobile applications can be adapted to any requirement of the system actors. PMID:23673675

A ubiquitous NFC solution for the development of tailored marketing strategies based on discount vouchers and loyalty cards.

PubMed

Borrego-Jaraba, Francisco; Garrido, Pilar Castro; García, Gonzalo Cerruela; Ruiz, Irene Luque; Gómez-Nieto, Miguel Angel

2013-05-14

Because of the global economic turmoil, nowadays a lot of companies are adopting a "deal of the day" business model, some of them with great success. Generally, they try to attract and retain customers through discount coupons and gift cards, using, generally, traditional distribution media. This paper describes a framework, which integrates intelligent environments by using NFC, oriented to the full management of this kind of businesses. The system is responsible for diffusion, distribution, sourcing, validation, redemption and managing of vouchers, loyalty cards and all kind of mobile coupons using NFC, as well as QR codes. WingBonus can be fully adapted to the requirements of marketing campaigns, voucher providers, shop or retailer infrastructures and mobile devices and purchasing habits. Security of the voucher is granted by the system by synchronizing procedures using secure encriptation algorithms. The WingBonus website and mobile applications can be adapted to any requirement of the system actors.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qi, Bing; Lougovski, Pavel; Pooser, Raphael C.

Continuous-variable quantum key distribution (CV-QKD) protocols based on coherent detection have been studied extensively in both theory and experiment. In all the existing implementations of CV-QKD, both the quantum signal and the local oscillator (LO) are generated from the same laser and propagate through the insecure quantum channel. This arrangement may open security loopholes and limit the potential applications of CV-QKD. In our paper, we propose and demonstrate a pilot-aided feedforward data recovery scheme that enables reliable coherent detection using a “locally” generated LO. Using two independent commercial laser sources and a spool of 25-km optical fiber, we construct amore » coherent communication system. The variance of the phase noise introduced by the proposed scheme is measured to be 0.04 (rad 2), which is small enough to enable secure key distribution. This technology opens the door for other quantum communication protocols, such as the recently proposed measurement-device-independent CV-QKD, where independent light sources are employed by different users.« less

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... threat assessment. 1572.9 Section 1572.9 Transportation Other Regulations Relating to Transportation... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information...

Ontology for Life-Cycle Modeling of Electrical Distribution Systems: Application of Model View Definition Attributes

DTIC Science & Technology

2013-06-01

Building in- formation exchange (COBie), Building Information Modeling ( BIM ) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF...to develop a life-cycle building model have resulted in the definition of a “core” building information model that contains general information de...develop an information -exchange Model View Definition (MVD) for building electrical systems. The objective of the current work was to document the

Trusted Computing Management Server Making Trusted Computing User Friendly

NASA Astrophysics Data System (ADS)

Sothmann, Sönke; Chaudhuri, Sumanta

Personal Computers (PC) with build in Trusted Computing (TC) technology are already well known and widely distributed. Nearly every new business notebook contains now a Trusted Platform Module (TPM) and could be used with increased trust and security features in daily application and use scenarios. However in real life the number of notebooks and PCs where the TPM is really activated and used is still very small.

Development and Application of Skill Standards for Security Practitioners

DTIC Science & Technology

2006-07-01

Development and Application of Skill Standards for Security Practitioners Henry K. Simpson Northrop Grumman Technical Services Lynn F. Fischer...and Application of Skill Standards for Security Practitioners Henry K. Simpson, Northrop Grumman Technical Services Lynn F. Fischer, Defense...described in the present report was driven by a JSTC tasking to develop skill standards for security practitioners in seven different security

Analysis of security of optical encryption with spatially incoherent illumination technique

NASA Astrophysics Data System (ADS)

Cheremkhin, Pavel A.; Evtikhiev, Nikolay N.; Krasnov, Vitaly V.; Rodin, Vladislav G.; Shifrina, Anna V.

2017-03-01

Applications of optical methods for encryption purposes have been attracting interest of researchers for decades. The first and the most popular is double random phase encoding (DRPE) technique. There are many optical encryption techniques based on DRPE. Main advantage of DRPE based techniques is high security due to transformation of spectrum of image to be encrypted into white spectrum via use of first phase random mask which allows for encrypted images with white spectra. Downsides are necessity of using holographic registration scheme in order to register not only light intensity distribution but also its phase distribution, and speckle noise occurring due to coherent illumination. Elimination of these disadvantages is possible via usage of incoherent illumination instead of coherent one. In this case, phase registration no longer matters, which means that there is no need for holographic setup, and speckle noise is gone. This technique does not have drawbacks inherent to coherent methods, however, as only light intensity distribution is considered, mean value of image to be encrypted is always above zero which leads to intensive zero spatial frequency peak in image spectrum. Consequently, in case of spatially incoherent illumination, image spectrum, as well as encryption key spectrum, cannot be white. This might be used to crack encryption system. If encryption key is very sparse, encrypted image might contain parts or even whole unhidden original image. Therefore, in this paper analysis of security of optical encryption with spatially incoherent illumination depending on encryption key size and density is conducted.

Implementing a High-Assurance Smart-Card OS

NASA Astrophysics Data System (ADS)

Karger, Paul A.; Toll, David C.; Palmer, Elaine R.; McIntosh, Suzanne K.; Weber, Samuel; Edwards, Jonathan W.

Building a high-assurance, secure operating system for memory constrained systems, such as smart cards, introduces many challenges. The increasing power of smart cards has made their use feasible in applications such as electronic passports, military and public sector identification cards, and cell-phone based financial and entertainment applications. Such applications require a secure environment, which can only be provided with sufficient hardware and a secure operating system. We argue that smart cards pose additional security challenges when compared to traditional computer platforms. We discuss our design for a secure smart card operating system, named Caernarvon, and show that it addresses these challenges, which include secure application download, protection of cryptographic functions from malicious applications, resolution of covert channels, and assurance of both security and data integrity in the face of arbitrary power losses.

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing

PubMed Central

Fujiwara, M.; Waseda, A.; Nojima, R.; Moriai, S.; Ogata, W.; Sasaki, M.

2016-01-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir’s (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km). PMID:27363566

Unbreakable distributed storage with quantum key distribution network and password-authenticated secret sharing.

PubMed

Fujiwara, M; Waseda, A; Nojima, R; Moriai, S; Ogata, W; Sasaki, M

2016-07-01

Distributed storage plays an essential role in realizing robust and secure data storage in a network over long periods of time. A distributed storage system consists of a data owner machine, multiple storage servers and channels to link them. In such a system, secret sharing scheme is widely adopted, in which secret data are split into multiple pieces and stored in each server. To reconstruct them, the data owner should gather plural pieces. Shamir's (k, n)-threshold scheme, in which the data are split into n pieces (shares) for storage and at least k pieces of them must be gathered for reconstruction, furnishes information theoretic security, that is, even if attackers could collect shares of less than the threshold k, they cannot get any information about the data, even with unlimited computing power. Behind this scenario, however, assumed is that data transmission and authentication must be perfectly secure, which is not trivial in practice. Here we propose a totally information theoretically secure distributed storage system based on a user-friendly single-password-authenticated secret sharing scheme and secure transmission using quantum key distribution, and demonstrate it in the Tokyo metropolitan area (≤90 km).

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

Video performance for high security applications.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Connell, Jack C.; Norman, Bradley C.

2010-06-01

The complexity of physical protection systems has increased to address modern threats to national security and emerging commercial technologies. A key element of modern physical protection systems is the data presented to the human operator used for rapid determination of the cause of an alarm, whether false (e.g., caused by an animal, debris, etc.) or real (e.g., a human adversary). Alarm assessment, the human validation of a sensor alarm, primarily relies on imaging technologies and video systems. Developing measures of effectiveness (MOE) that drive the design or evaluation of a video system or technology becomes a challenge, given the subjectivitymore » of the application (e.g., alarm assessment). Sandia National Laboratories has conducted empirical analysis using field test data and mathematical models such as binomial distribution and Johnson target transfer functions to develop MOEs for video system technologies. Depending on the technology, the task of the security operator and the distance to the target, the Probability of Assessment (PAs) can be determined as a function of a variety of conditions or assumptions. PAs used as an MOE allows the systems engineer to conduct trade studies, make informed design decisions, or evaluate new higher-risk technologies. This paper outlines general video system design trade-offs, discusses ways video can be used to increase system performance and lists MOEs for video systems used in subjective applications such as alarm assessment.« less

17 CFR 240.14c-2 - Distribution of information statement.

Code of Federal Regulations, 2010 CFR

2010-04-01

... that has made a public offering of securities, including the taking of corporate action by the written... authorizations of security holders, at least 20 calendar days prior to the earliest date on which the corporate... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Distribution of information...

17 CFR 240.14c-2 - Distribution of information statement.

Code of Federal Regulations, 2011 CFR

2011-04-01

... that has made a public offering of securities, including the taking of corporate action by the written... authorizations of security holders, at least 20 calendar days prior to the earliest date on which the corporate... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Distribution of information...

17 CFR 240.14c-2 - Distribution of information statement.

Code of Federal Regulations, 2014 CFR

2014-04-01

... that has made a public offering of securities, including the taking of corporate action by the written... authorizations of security holders, at least 20 calendar days prior to the earliest date on which the corporate... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Distribution of information...

17 CFR 240.14c-2 - Distribution of information statement.

Code of Federal Regulations, 2013 CFR

2013-04-01

... that has made a public offering of securities, including the taking of corporate action by the written... authorizations of security holders, at least 20 calendar days prior to the earliest date on which the corporate... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Distribution of information...

17 CFR 240.14c-2 - Distribution of information statement.

Code of Federal Regulations, 2012 CFR

2012-04-01

... that has made a public offering of securities, including the taking of corporate action by the written... authorizations of security holders, at least 20 calendar days prior to the earliest date on which the corporate... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Distribution of information...

20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 4 2012-04-01 2012-04-01 false Application for security deposit...' COMPENSATION ACT AND RELATED STATUTES INSURANCE REGULATIONS Insurance Carrier Security Deposit Requirements § 703.203 Application for security deposit determination; information to be submitted; other...

20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 3 2011-04-01 2011-04-01 false Application for security deposit...' COMPENSATION ACT AND RELATED STATUTES INSURANCE REGULATIONS Insurance Carrier Security Deposit Requirements § 703.203 Application for security deposit determination; information to be submitted; other...

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

NASA Astrophysics Data System (ADS)

Bui, Francis Minhthang; Hatzinakos, Dimitrios

2007-12-01

As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Distributed Maritime Capability: Optimized U.S. Navy-U.S. Coast Guard Interoperability, a Case in the South China Sea

DTIC Science & Technology

2017-12-01

poses a threat to regional security and economic stability—major U.S. national interests. Distributed maritime capability is demonstrated by applying...regional security, economic stability, fisheries enforcement 15. NUMBER OF PAGES 95 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT...a dominant aggressor in the South China Sea that poses a threat to regional security and economic stability—major U.S. national interests

Lightweight and confidential data discovery and dissemination for wireless body area networks.

PubMed

He, Daojing; Chan, Sammy; Zhang, Yan; Yang, Haomiao

2014-03-01

As a special sensor network, a wireless body area network (WBAN) provides an economical solution to real-time monitoring and reporting of patients' physiological data. After a WBAN is deployed, it is sometimes necessary to disseminate data into the network through wireless links to adjust configuration parameters of body sensors or distribute management commands and queries to sensors. A number of such protocols have been proposed recently, but they all focus on how to ensure reliability and overlook security vulnerabilities. Taking into account the unique features and application requirements of a WBAN, this paper presents the design, implementation, and evaluation of a secure, lightweight, confidential, and denial-of-service-resistant data discovery and dissemination protocol for WBANs to ensure the data items disseminated are not altered or tampered. Based on multiple one-way key hash chains, our protocol provides instantaneous authentication and can tolerate node compromise. Besides the theoretical analysis that demonstrates the security and performance of the proposed protocol, this paper also reports the experimental evaluation of our protocol in a network of resource-limited sensor nodes, which shows its efficiency in practice. In particular, extensive security analysis shows that our protocol is provably secure.

OpenID Connect as a security service in cloud-based medical imaging systems.

PubMed

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-04-01

The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

Solving data-at-rest for the storage and retrieval of files in ad hoc networks

NASA Astrophysics Data System (ADS)

Knobler, Ron; Scheffel, Peter; Williams, Jonathan; Gaj, Kris; Kaps, Jens-Peter

2013-05-01

Based on current trends for both military and commercial applications, the use of mobile devices (e.g. smartphones and tablets) is greatly increasing. Several military applications consist of secure peer to peer file sharing without a centralized authority. For these military applications, if one or more of these mobile devices are lost or compromised, sensitive files can be compromised by adversaries, since COTS devices and operating systems are used. Complete system files cannot be stored on a device, since after compromising a device, an adversary can attack the data at rest, and eventually obtain the original file. Also after a device is compromised, the existing peer to peer system devices must still be able to access all system files. McQ has teamed with the Cryptographic Engineering Research Group at George Mason University to develop a custom distributed file sharing system to provide a complete solution to the data at rest problem for resource constrained embedded systems and mobile devices. This innovative approach scales very well to a large number of network devices, without a single point of failure. We have implemented the approach on representative mobile devices as well as developed an extensive system simulator to benchmark expected system performance based on detailed modeling of the network/radio characteristics, CONOPS, and secure distributed file system functionality. The simulator is highly customizable for the purpose of determining expected system performance for other network topologies and CONOPS.

Unconditional security of quantum key distribution over arbitrarily long distances

PubMed

Lo; Chau

1999-03-26

Quantum key distribution is widely thought to offer unconditional security in communication between two users. Unfortunately, a widely accepted proof of its security in the presence of source, device, and channel noises has been missing. This long-standing problem is solved here by showing that, given fault-tolerant quantum computers, quantum key distribution over an arbitrarily long distance of a realistic noisy channel can be made unconditionally secure. The proof is reduced from a noisy quantum scheme to a noiseless quantum scheme and then from a noiseless quantum scheme to a noiseless classical scheme, which can then be tackled by classical probability theory.

Unconditional security of time-energy entanglement quantum key distribution using dual-basis interferometry.

PubMed

Zhang, Zheshen; Mower, Jacob; Englund, Dirk; Wong, Franco N C; Shapiro, Jeffrey H

2014-03-28

High-dimensional quantum key distribution (HDQKD) offers the possibility of high secure-key rate with high photon-information efficiency. We consider HDQKD based on the time-energy entanglement produced by spontaneous parametric down-conversion and show that it is secure against collective attacks. Its security rests upon visibility data-obtained from Franson and conjugate-Franson interferometers-that probe photon-pair frequency correlations and arrival-time correlations. From these measurements, an upper bound can be established on the eavesdropper's Holevo information by translating the Gaussian-state security analysis for continuous-variable quantum key distribution so that it applies to our protocol. We show that visibility data from just the Franson interferometer provides a weaker, but nonetheless useful, secure-key rate lower bound. To handle multiple-pair emissions, we incorporate the decoy-state approach into our protocol. Our results show that over a 200-km transmission distance in optical fiber, time-energy entanglement HDQKD could permit a 700-bit/sec secure-key rate and a photon information efficiency of 2 secure-key bits per photon coincidence in the key-generation phase using receivers with a 15% system efficiency.

Security of a single-state semi-quantum key distribution protocol

NASA Astrophysics Data System (ADS)

Zhang, Wei; Qiu, Daowen; Mateus, Paulo

2018-06-01

Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some "classical" or "semi-quantum" operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Application for security deposit... AND RELATED STATUTES INSURANCE REGULATIONS Insurance Carrier Security Deposit Requirements § 703.203 Application for security deposit determination; information to be submitted; other requirements. (a) Each...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

20 CFR 422.501 - Applications and other forms used in Social Security Administration programs.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Applications and other forms used in Social Security Administration programs. 422.501 Section 422.501 Employees' Benefits SOCIAL SECURITY... used in Social Security Administration programs. This subpart lists the applications and some of the...

Technologies for distributed defense

NASA Astrophysics Data System (ADS)

Seiders, Barbara; Rybka, Anthony

2002-07-01

For Americans, the nature of warfare changed on September 11, 2001. Our national security henceforth will require distributed defense. One extreme of distributed defense is represented by fully deployed military troops responding to a threat from a hostile nation state. At the other extreme is a country of 'citizen soldiers', with families and communities securing their common defense through heightened awareness, engagement as good neighbors, and local support of and cooperation with local law enforcement, emergency and health care providers. Technologies - for information exploitation, biological agent detection, health care surveillance, and security - will be critical to ensuring success in distributed defense.

Fingerprint multicast in secure video streaming.

PubMed

Zhao, H Vicky; Liu, K J Ray

2006-01-01

Digital fingerprinting is an emerging technology to protect multimedia content from illegal redistribution, where each distributed copy is labeled with unique identification information. In video streaming, huge amount of data have to be transmitted to a large number of users under stringent latency constraints, so the bandwidth-efficient distribution of uniquely fingerprinted copies is crucial. This paper investigates the secure multicast of anticollusion fingerprinted video in streaming applications and analyzes their performance. We first propose a general fingerprint multicast scheme that can be used with most spread spectrum embedding-based multimedia fingerprinting systems. To further improve the bandwidth efficiency, we explore the special structure of the fingerprint design and propose a joint fingerprint design and distribution scheme. From our simulations, the two proposed schemes can reduce the bandwidth requirement by 48% to 87%, depending on the number of users, the characteristics of video sequences, and the network and computation constraints. We also show that under the constraint that all colluders have the same probability of detection, the embedded fingerprints in the two schemes have approximately the same collusion resistance. Finally, we propose a fingerprint drift compensation scheme to improve the quality of the reconstructed sequences at the decoder's side without introducing extra communication overhead.

17 CFR 249.1 - Form 1, for application for, and amendments to applications for, registration as a national...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Form 1, for application for, and amendments to applications for, registration as a national securities exchange or exemption from registration pursuant to Section 5 of the Exchange Act. 249.1 Section 249.1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ...

17 CFR 249.1 - Form 1, for application for, and amendments to applications for, registration as a national...

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Form 1, for application for, and amendments to applications for, registration as a national securities exchange or exemption from registration pursuant to Section 5 of the Exchange Act. 249.1 Section 249.1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ...

17 CFR 249.1 - Form 1, for application for, and amendments to applications for, registration as a national...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form 1, for application for, and amendments to applications for, registration as a national securities exchange or exemption from registration pursuant to Section 5 of the Exchange Act. 249.1 Section 249.1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ...

17 CFR 249.1 - Form 1, for application for, and amendments to applications for, registration as a national...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Form 1, for application for, and amendments to applications for, registration as a national securities exchange or exemption from registration pursuant to Section 5 of the Exchange Act. 249.1 Section 249.1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ...

17 CFR 249.1 - Form 1, for application for, and amendments to applications for, registration as a national...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Form 1, for application for, and amendments to applications for, registration as a national securities exchange or exemption from registration pursuant to Section 5 of the Exchange Act. 249.1 Section 249.1 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ...

Classification of cognitive systems dedicated to data sharing

NASA Astrophysics Data System (ADS)

Ogiela, Lidia; Ogiela, Marek R.

2017-08-01

In this paper will be presented classification of new cognitive information systems dedicated to cryptographic data splitting and sharing processes. Cognitive processes of semantic data analysis and interpretation, will be used to describe new classes of intelligent information and vision systems. In addition, cryptographic data splitting algorithms and cryptographic threshold schemes will be used to improve processes of secure and efficient information management with application of such cognitive systems. The utility of the proposed cognitive sharing procedures and distributed data sharing algorithms will be also presented. A few possible application of cognitive approaches for visual information management and encryption will be also described.

Integration of Dynamic Models in Range Operations

NASA Technical Reports Server (NTRS)

Bardina, Jorge; Thirumalainambi, Rajkumar

2004-01-01

This work addresses the various model interactions in real-time to make an efficient internet based decision making tool for Shuttle launch. The decision making tool depends on the launch commit criteria coupled with physical models. Dynamic interaction between a wide variety of simulation applications and techniques, embedded algorithms, and data visualizations are needed to exploit the full potential of modeling and simulation. This paper also discusses in depth details of web based 3-D graphics and applications to range safety. The advantages of this dynamic model integration are secure accessibility and distribution of real time information to other NASA centers.

A Study of United States Air Force Medical Central Processing and Distribution Systems.

DTIC Science & Technology

1981-06-01

5 M t2-8 13. IILL .i 2 5 I C. N SECURITY CLASSIFICATION OF THIS PAGE N,. LC, t,7EPORT DOCUMENTATION P AD-A 195 485 o Is. REPORT SECURITY...CLASSIFICATION lb. RlI𔃺KILIIV MAKKINib Unc lassif led 2a. SECURITY CLASSIFICATION AUTHORITY 3 DISTRIBUTION /AVAILABILITY OF REPORT Approved for public release...8217b, DECLASSIFICATION I DOWNGRADING SCHEDULE Distribution unlimited 4. PERFORMING ORGANIZATION REPORT NUMBER(S) 5. MONITORING ORGANIZATION REPORT NUMBER

SERENITY Aware System Development Process

NASA Astrophysics Data System (ADS)

Serrano, Daniel; Maña, Antonio; Llarena, Rafael; Crespo, Beatriz Gallego-Nicasio; Li, Keqin

Traditionally, security patterns have successfully been used to describe security and dependability. In the SERENITY Project the notion of security and dependability (S&D) pattern has been extended to exact specifications of re-usable security mechanisms for Ambient Intelligence (AmI) systems. These S&D Patterns include information on the security properties satisfied by the solution and on the context conditions to be fulfilled. This chapter presents the development of applications supported by SERENITY. In the context of SERENITY we refer to these applications as Serenity-aware applications. Firstly, this chapter presents the Serenity-aware application design using S&D Artefacts. Secondly, it proposes a Java Application Programming Interface (API) to be used in the application development. And, finally, it introduces the development of an example Serenity-aware application.

Quantum key distribution with prepare-and-measure Bell test

PubMed Central

Tan, Yong-gang

2016-01-01

The prepare-and-measure quantum key distribution (QKD) has the merits of fast speed, high key generation rate, and easy implementation. However, the detector side channel attacks greatly undermine the security of the key bits. The eavesdropper, Eve, exploits the flaws of the detectors to obtain illegal information without violating quantum principles. It means that she can intervene in the communication without being detected. A prepare-and-measure Bell test protocol will be proposed. By randomly carrying out Bell test at the side of the information receiver, Bob, Eve’s illegal information gain within the detector side channel attack can be well bounded. This protocol does not require any improvement on the detectors used in available prepare-and-measure QKD. Though we only illustrate its application in the BB84 protocol, it is applicable for any prepare-and-measure QKD. PMID:27733771

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

Approximation in Optimal Control and Identification of Large Space Structures.

DTIC Science & Technology

1985-01-01

I ease I Cr ’. ’. -4 . r*_...1- UN(D aSIFIED SECURITY CLAS.’ICATION OF fHIS P^.GE REPORT DOCUMENTATION PAGE 1 REPORT SECURITY CLASSIFICATION 1...RESTRICTIVE MARKINGS UNCLASSIFIED 2 SECURITY CLASSIFICATION AUTHORITY 3. DISTRIBUTION/AVAILABILITY OF REPORT Approved for public release; distribution 2b...NOS. PROGRAM PROJECT TASK WORK UNIT ELEMENT NO. NO. NO. NO Bolling AFB DC 20332-6448 61102F 2304 Al 11. TITLE IlnRCiude Security Claas.ifcation

Limitations on quantum key repeaters.

PubMed

Bäuml, Stefan; Christandl, Matthias; Horodecki, Karol; Winter, Andreas

2015-04-23

A major application of quantum communication is the distribution of entangled particles for use in quantum key distribution. Owing to noise in the communication line, quantum key distribution is, in practice, limited to a distance of a few hundred kilometres, and can only be extended to longer distances by use of a quantum repeater, a device that performs entanglement distillation and quantum teleportation. The existence of noisy entangled states that are undistillable but nevertheless useful for quantum key distribution raises the question of the feasibility of a quantum key repeater, which would work beyond the limits of entanglement distillation, hence possibly tolerating higher noise levels than existing protocols. Here we exhibit fundamental limits on such a device in the form of bounds on the rate at which it may extract secure key. As a consequence, we give examples of states suitable for quantum key distribution but unsuitable for the most general quantum key repeater protocol.

17 CFR Appendix B to Part 190 - Special Bankruptcy Distributions

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Special Bankruptcy Distributions B Appendix B to Part 190 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION... purposes of this distributional rule, XM accounts will be deemed to be commodity interest accounts and...

Practical comparison of distributed ledger technologies for IoT

NASA Astrophysics Data System (ADS)

Red, Val A.

2017-05-01

Existing distributed ledger implementations - specifically, several blockchain implementations - embody a cacophony of divergent capabilities augmenting innovations of cryptographic hashes, consensus mechanisms, and asymmetric cryptography in a wide variety of applications. Whether specifically designed for cryptocurrency or otherwise, several distributed ledgers rely upon modular mechanisms such as consensus or smart contracts. These components, however, can vary substantially among implementations; differences involving proof-of-work, practical byzantine fault tolerance, and other consensus approaches exemplify distinct distributed ledger variations. Such divergence results in unique combinations of modules, performance, latency, and fault tolerance. As implementations continue to develop rapidly due to the emerging nature of blockchain technologies, this paper encapsulates a snapshot of sensor and internet of things (IoT) specific implementations of blockchain as of the end of 2016. Several technical risks and divergent approaches preclude standardization of a blockchain for sensors and IoT in the foreseeable future; such issues will be assessed alongside the practicality of IoT applications among Hyperledger, Iota, and Ethereum distributed ledger implementations suggested for IoT. This paper contributes a comparison of existing distributed ledger implementations intended for practical sensor and IoT utilization. A baseline for characterizing distributed ledger implementations in the context of IoT and sensors is proposed. Technical approaches and performance are compared considering IoT size, weight, and power limitations. Consensus and smart contracts, if applied, are also analyzed for the respective implementations' practicality and security. Overall, the maturity of distributed ledgers with respect to sensor and IoT applicability will be analyzed for enterprise interoperability.

49 CFR 1542.1 - Applicability of this part.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY General § 1542.1 Applicability of this part. This part describes aviation security rules governing: (a) The operation of airports.... (c) Each airport operator that receives a Security Directive or Information Circular and each person...

49 CFR 1542.1 - Applicability of this part.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY General § 1542.1 Applicability of this part. This part describes aviation security rules governing: (a) The operation of airports.... (c) Each airport operator that receives a Security Directive or Information Circular and each person...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2013 CFR

2013-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1542.1 - Applicability of this part.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY General § 1542.1 Applicability of this part. This part describes aviation security rules governing: (a) The operation of airports.... (c) Each airport operator that receives a Security Directive or Information Circular and each person...

49 CFR 1542.1 - Applicability of this part.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY General § 1542.1 Applicability of this part. This part describes aviation security rules governing: (a) The operation of airports.... (c) Each airport operator that receives a Security Directive or Information Circular and each person...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2014 CFR

2014-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1542.1 - Applicability of this part.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY General § 1542.1 Applicability of this part. This part describes aviation security rules governing: (a) The operation of airports.... (c) Each airport operator that receives a Security Directive or Information Circular and each person...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2012 CFR

2012-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

49 CFR 1548.11 - Training and knowledge for individuals with security-related duties.

Code of Federal Regulations, 2011 CFR

2011-10-01

...; (2) Applicable Security Directives and Information Circulars; (3) The approved airport security... Directives and Information Circulars; (4) The approved airport security program(s) applicable to their... security-related duties. 1548.11 Section 1548.11 Transportation Other Regulations Relating to...

Usability of Security Management:Defining the Permissions of Guests

NASA Astrophysics Data System (ADS)

Johnson, Matthew; Stajano, Frank

Within the scenario of a Smart Home, we discuss the issues involved in allowing limited interaction with the environment for unidentified principals, or guests. The challenges include identifying and authenticating guests on one hand and delegating authorization to them on the other. While the technical mechanisms for doing so in generic distributed systems have been around for decades, existing solutions are in general not applicable to the smart home because they are too complex to manage. We focus on providing both security and usability; we therefore seek simple and easy to understand approaches that can be used by a normal computer-illiterate home owner, not just by a trained system administrator. This position paper describes ongoing research and does not claim to have all the answers.

Proof of Concept Integration of a Single-Level Service-Oriented Architecture into a Multi-Domain Secure Environment

DTIC Science & Technology

2008-03-01

Machine [29]. OC4J applications support Java Servlets , Web services, and the following J2EE specific standards: Extensible Markup Language (XML...IMAP Internet Message Access Protocol IP Internet Protocol IT Information Technology xviii J2EE Java Enterprise Environment JSR 168 Java ...LDAP), World Wide Web Distributed Authoring and Versioning (WebDav), Java Specification Request 168 (JSR 168), and Web Services for Remote

NASA's Microgravity Science Research Program

NASA Technical Reports Server (NTRS)

1996-01-01

The ongoing challenge faced by NASA's Microgravity Science Research Program is to work with the scientific and engineering communities to secure the maximum return from our Nation's investments by: assuring that the best possible science emerges from the science community for microgravity investigations; ensuring the maximum scientific return from each investigation in the most timely and cost-effective manner; and enhancing the distribution of data and applications of results acquired through completed investigations to maximize their benefits.

Camouflage Traffic: Minimizing Message Delay for Smart Grid Applications Under Jamming

DTIC Science & Technology

2015-01-16

Conf. Wireless Netw. Security, 2011, pp. 47–52. [26] M. Strasser, B. Danev, and S. Capkun, “Detection of reactive jam- ming in sensor networks,” ACM...Evaluation of two anti-islanding schemes for a radial distribution system equipped with self-excited induction generator wind turbines ,” IEEE Trans...technologies. To facilitate efficient information exchange, wireless networks have been proposed to be widely used in the smart grid. However, the jamming

76 FR 17158 - Assumption Buster Workshop: Distributed Data Schemes Provide Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-28

... Schemes Provide Security''. Distributed data architectures, such as cloud computing, offer very attractive... locating your data in the cloud, and by breaking it up and replicating different segments throughout the...

From Secure Memories to Smart Card Security

NASA Astrophysics Data System (ADS)

Handschuh, Helena; Trichina, Elena

Non-volatile memory is essential in most embedded security applications. It will store the key and other sensitive materials for cryptographic and security applications. In this chapter, first an overview is given of current flash memory architectures. Next the standard security features which form the basis of so-called secure memories are described in more detail. Smart cards are a typical embedded application that is very vulnerable to attacks and that at the same time has a high need for secure non-volatile memory. In the next part of this chapter, the secure memories of so-called flash-based high-density smart cards are described. It is followed by a detailed analysis of what the new security challenges for such objects are.

Design and implementation of distributed multimedia surveillance system based on object-oriented middleware

NASA Astrophysics Data System (ADS)

Cao, Xuesong; Jiang, Ling; Hu, Ruimin

2006-10-01

Currently, the applications of surveillance system have been increasingly widespread. But there are few surveillance platforms that can meet the requirement of large-scale, cross-regional, and flexible surveillance business. In the paper, we present a distributed surveillance system platform to improve safety and security of the society. The system is constructed by an object-oriented middleware called as Internet Communications Engine (ICE). This middleware helps our platform to integrate a lot of surveillance resource of the society and accommodate diverse range of surveillance industry requirements. In the follow sections, we will describe in detail the design concepts of system and introduce traits of ICE.

17 CFR 229.1122 - (Item 1122) Compliance with applicable servicing criteria.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false (Item 1122) Compliance with applicable servicing criteria. 229.1122 Section 229.1122 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES...

17 CFR 229.1122 - (Item 1122) Compliance with applicable servicing criteria.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false (Item 1122) Compliance with applicable servicing criteria. 229.1122 Section 229.1122 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES ACT OF 1933, SECURITIES...

20 CFR 404.611 - How do I file an application for Social Security benefits?

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false How do I file an application for Social Security benefits? 404.611 Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD... § 404.611 How do I file an application for Social Security benefits? (a) General rule. You must apply...

20 CFR 404.611 - How do I file an application for Social Security benefits?

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 2 2012-04-01 2012-04-01 false How do I file an application for Social Security benefits? 404.611 Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD... § 404.611 How do I file an application for Social Security benefits? (a) General rule. You must apply...

20 CFR 404.611 - How do I file an application for Social Security benefits?

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 2 2014-04-01 2014-04-01 false How do I file an application for Social Security benefits? 404.611 Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD... § 404.611 How do I file an application for Social Security benefits? (a) General rule. You must apply...

20 CFR 404.611 - How do I file an application for Social Security benefits?

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 2 2013-04-01 2013-04-01 false How do I file an application for Social Security benefits? 404.611 Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD... § 404.611 How do I file an application for Social Security benefits? (a) General rule. You must apply...

20 CFR 404.611 - How do I file an application for Social Security benefits?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false How do I file an application for Social Security benefits? 404.611 Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION FEDERAL OLD... § 404.611 How do I file an application for Social Security benefits? (a) General rule. You must apply...

Security in the CernVM File System and the Frontier Distributed Database Caching System

NASA Astrophysics Data System (ADS)

Dykstra, D.; Blomer, J.

2014-06-01

Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

Information Theoretically Secure, Enhanced Johnson Noise Based Key Distribution over the Smart Grid with Switched Filters

PubMed Central

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions. PMID:23936164

Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters.

PubMed

Gonzalez, Elias; Kish, Laszlo B; Balog, Robert S; Enjeti, Prasad

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions.

Sports Venue Security: Public Policy Options for Sear 4-5 Events

DTIC Science & Technology

2014-06-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release; distribution is unlimited SPORTS VENUE...Thesis 4. TITLE AND SUBTITLE SPORTS VENUE SECURITY: PUBLIC POLICY OPTIONS FOR SEAR 4–5 EVENTS 5. FUNDING NUMBERS 6. AUTHOR(S) James M. Gehring...DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) Although the United States made considerable advances in improving sport venue security

17 CFR 200.80c - Appendix C-Rules and miscellaneous publications available from the Government Printing Office.

Code of Federal Regulations, 2013 CFR

2013-04-01

... securities, block distributions, securities registrations and offerings, net change in corporate securities... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Appendix C-Rules and... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND...

17 CFR 200.80c - Appendix C-Rules and miscellaneous publications available from the Government Printing Office.

Code of Federal Regulations, 2012 CFR

2012-04-01

... securities, block distributions, securities registrations and offerings, net change in corporate securities... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Appendix C-Rules and... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND...

17 CFR 200.80c - Appendix C-Rules and miscellaneous publications available from the Government Printing Office.

Code of Federal Regulations, 2014 CFR

2014-04-01

... securities, block distributions, securities registrations and offerings, net change in corporate securities... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Appendix C-Rules and... Securities Exchanges SECURITIES AND EXCHANGE COMMISSION ORGANIZATION; CONDUCT AND ETHICS; AND INFORMATION AND...

6 CFR 11.1 - General application.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false General application. 11.1 Section 11.1 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLAIMS § 11.1 General application. (a) Application of Debt Collection Standards. The provisions of 31 CFR parts 285, 900-904, as amended by the...

76 FR 8755 - Privacy Act of 1974; Department of Homeland Security/ALL-032 Official Passport Application and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-15

... 1974; Department of Homeland Security/ALL--032 Official Passport Application and Maintenance Records.../ ALL--032 Official Passport Application and Maintenance Records System of Records.'' This system of... passport application or maintenance record on Department of Homeland Security employees and former...

6 CFR 25.9 - Procedures for certification of approved products for Homeland Security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Procedures for certification of approved products for Homeland Security. (a) Application Procedure. An applicant seeking a Certification of anti-terrorism Technology as an Approved Product for Homeland Security... application for renewal must be made using the “Application for Certification of an Approved Product for...

National Security Technology Incubation Strategic Plan

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

This strategic plan contains information on the vision, mission, business and technology environment, goals, objectives, and incubation process of the National Security Technology Incubation Program (NSTI) at Arrowhead Center. The development of the NSTI is a key goal of the National Security Preparedness Project (NSPP). Objectives to achieve this goal include developing incubator plans (strategic, business, action, and operations), creating an incubator environment, creating a support and mentor network for companies in the incubator program, attracting security technology businesses to the region, encouraging existing business to expand, initiating business start-ups, evaluating products and processes of the incubator program, and achievingmore » sustainability of the incubator program. With the events of 9/11, the global community faces ever increasing and emerging threats from hostile groups determined to rule by terror. According to the National Nuclear Security Administration (NNSA) Strategic Plan, the United States must be able to quickly respond and adapt to unanticipated situations as they relate to protection of our homeland and national security. Technology plays a key role in a strong national security position, and the private business community, along with the national laboratories, academia, defense and homeland security organizations, provide this technology. Fostering innovative ideas, translated into relevant technologies answering the needs of NNSA, is the purpose of the NSTI. Arrowhead Center of New Mexico State University is the operator and manager of the NSTI. To develop the NSTI, Arrowhead Center must meet the planning, development, execution, evaluation, and sustainability activities for the program and identify and incubate new technologies to assist the NNSA in meeting its mission and goals. Technology alone does not give a competitive advantage to the country, but the creativity and speed with which it is employed does. For a company to succeed, it must have sustainable competitive advantages in seven key areas: geography, products and businesses, distribution, sales and service culture, efficiency, brand, and most important, people. The four strategic goals of the plan are to: 1. Identify and recruit small businesses with technology applications for national security. 2. Design and implement a national security incubator program that provides incubator services and physical space for the targeted businesses. 3. Provide business assistance and technical leadership to NSTI clients to assist in bringing their products to market. 4. Construct a new multi-tenant facility with dedicated physical space for businesses with technology applications for national security.« less

17 CFR 5.5 - Distribution of “Risk Disclosure Statement” by retail foreign exchange dealers, futures...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 1 2011-04-01 2011-04-01 false Distribution of âRisk... brokers regarding retail forex transactions. 5.5 Section 5.5 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION OFF-EXCHANGE FOREIGN CURRENCY TRANSACTIONS § 5.5 Distribution of “Risk...

Unconditional security proof of long-distance continuous-variable quantum key distribution with discrete modulation.

PubMed

Leverrier, Anthony; Grangier, Philippe

2009-05-08

We present a continuous-variable quantum key distribution protocol combining a discrete modulation and reverse reconciliation. This protocol is proven unconditionally secure and allows the distribution of secret keys over long distances, thanks to a reverse reconciliation scheme efficient at very low signal-to-noise ratio.

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

26 CFR 1.731-2 - Partnership distributions of marketable securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... allocated to Security X under section 732(a) plus $25 gain recognized under section 737). (k) Effective date... the excess, if any, of— (i) The distributee partner's distributive share of the net gain, if any...; over (ii) The distributee partner's distributive share of the net gain, if any, which is attributable...

Restricted access processor - An application of computer security technology

NASA Technical Reports Server (NTRS)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Smart Cards and remote entrusting

NASA Astrophysics Data System (ADS)

Aussel, Jean-Daniel; D'Annoville, Jerome; Castillo, Laurent; Durand, Stephane; Fabre, Thierry; Lu, Karen; Ali, Asad

Smart cards are widely used to provide security in end-to-end communication involving servers and a variety of terminals, including mobile handsets or payment terminals. Sometime, end-to-end server to smart card security is not applicable, and smart cards must communicate directly with an application executing on a terminal, like a personal computer, without communicating with a server. In this case, the smart card must somehow trust the terminal application before performing some secure operation it was designed for. This paper presents a novel method to remotely trust a terminal application from the smart card. For terminals such as personal computers, this method is based on an advanced secure device connected through the USB and consisting of a smart card bundled with flash memory. This device, or USB dongle, can be used in the context of remote untrusting to secure portable applications conveyed in the dongle flash memory. White-box cryptography is used to set the secure channel and a mechanism based on thumbprint is described to provide external authentication when session keys need to be renewed. Although not as secure as end-to-end server to smart card security, remote entrusting with smart cards is easy to deploy for mass-market applications and can provide a reasonable level of security.

The design and implementation of multi-source application middleware based on service bus

NASA Astrophysics Data System (ADS)

Li, Yichun; Jiang, Ningkang

2017-06-01

With the rapid development of the Internet of Things(IoT), the real-time monitoring data are increasing with different types and large amounts. Aiming at taking full advantages of the data, we designed and implemented an application middleware, which not only supports the three-layer architecture of IoT information system but also enables the flexible configuration of multiple resources access and other accessional modules. The middleware platform shows the characteristics of lightness, security, AoP (aspect-oriented programming), distribution and real-time, which can let application developers construct the information processing systems on related areas in a short period. It focuses not limited to these functions: pre-processing of data format, the definition of data entity, the callings and handlings of distributed service and massive data process. The result of experiment shows that the performance of middleware is more excellent than some message queue construction to some degree and its throughput grows better as the number of distributed nodes increases while the code is not complex. Currently, the middleware is applied to the system of Shanghai Pudong environmental protection agency and achieved a great success.

Temporal and Spatial Distribution of Ecological Security in Arid Region Based on GIS: A Case Study in Xinjiang

NASA Astrophysics Data System (ADS)

Zhang, Q.; Song, W.; Yang, J.

2017-12-01

Ecological security is close related to the people's survival and development. In the context of the global warming, with the increasingly frequent human activities, ecological and environmental problems have become increasingly prominent. Ecological security has aroused widespread concern, especially in the arid region. It has an important role in national security as well as political security, military security, economic security, social security. Taken Xinjiang as the research area, which is a typical arid region in China, this study establishes an ecological safety assessment indicator system from perspective of the generic process and the formation mechanism of the ecosystem. The framework is based on natural resources dimensions, natural environment dimensions and human disturbance dimensions. Water is the restrictive factor for the development of arid region, so the water resources carrying capacity is the main natural resource of the study area. The natural environment includes SPI(standardized precipitation index), dryness index, landscape vulnerability, NDVI. Human disturbance includes urbanization rate, population density, afforestation area, per capita GDP, water-saving irrigation area, fertilizer and pesticide application, agriculture Mechanical power, energy consumption. The expert scoring method and the coefficient of variation method are used to determine the weight of each indicator, and finally a comprehensive index is constructed to evaluate the ecological security of Xinjiang, that is, the ecological security index. The results indicate that the ecological security of Xinjiang is 0.43, which is in the critical area. The ecological security of Hami, Turpan and Karamay is the lowest, and the ecological security of the Arabian and Yili is the highest. The ecological security of the south in the Xinjiang is higher than that in the north. In short, ecological environment of Xinjiang is in a sensitive period. Effective ecological protection policy will ameliorate the ecological environment, on the contrary, high-intensity human activities will make it tends to deteriorate. This research would provide scientific guidance and suggestions for the ecological environment protection and sustainable development of Xinjiang.

A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may helpmore » address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.« less

Template protection and its implementation in 3D face recognition systems

NASA Astrophysics Data System (ADS)

Zhou, Xuebing

2007-04-01

As biometric recognition systems are widely applied in various application areas, security and privacy risks have recently attracted the attention of the biometric community. Template protection techniques prevent stored reference data from revealing private biometric information and enhance the security of biometrics systems against attacks such as identity theft and cross matching. This paper concentrates on a template protection algorithm that merges methods from cryptography, error correction coding and biometrics. The key component of the algorithm is to convert biometric templates into binary vectors. It is shown that the binary vectors should be robust, uniformly distributed, statistically independent and collision-free so that authentication performance can be optimized and information leakage can be avoided. Depending on statistical character of the biometric template, different approaches for transforming biometric templates into compact binary vectors are presented. The proposed methods are integrated into a 3D face recognition system and tested on the 3D facial images of the FRGC database. It is shown that the resulting binary vectors provide an authentication performance that is similar to the original 3D face templates. A high security level is achieved with reasonable false acceptance and false rejection rates of the system, based on an efficient statistical analysis. The algorithm estimates the statistical character of biometric templates from a number of biometric samples in the enrollment database. For the FRGC 3D face database, the small distinction of robustness and discriminative power between the classification results under the assumption of uniquely distributed templates and the ones under the assumption of Gaussian distributed templates is shown in our tests.

Scalable Trust of Next-Generation Management (STRONGMAN)

DTIC Science & Technology

2004-10-01

remote logins might be policy controlled to allow only strongly encrypted IPSec tunnels to log in remotely, to access selected files, etc. The...and Angelos D. Keromytis. Drop-in Security for Distributed and Portable Computing Elements. Emerald Journal of Internet Research. Electronic...Security and Privacy, pp. 17-31, May 1999. [2] S. M. Bellovin. Distributed Firewalls. ; login : magazine, special issue on security, November 1999. [3] M

Study of Software Tools to Support Systems Engineering Management

DTIC Science & Technology

2015-06-01

Management 15. NUMBER OF PAGES 137 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS...AVAILABILITY STATEMENT Approved for public release; distribution is unlimited 12b. DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) According to a...PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UU NSN 7540–01–280–5500 Standard Form 298

Secure detection in quantum key distribution by real-time calibration of receiver

NASA Astrophysics Data System (ADS)

Marøy, Øystein; Makarov, Vadim; Skaar, Johannes

2017-12-01

The single-photon detectionefficiency of the detector unit is crucial for the security of common quantum key distribution protocols like Bennett-Brassard 1984 (BB84). A low value for the efficiency indicates a possible eavesdropping attack that exploits the photon receiver’s imperfections. We present a method for estimating the detection efficiency, and calculate the corresponding secure key generation rate. The estimation is done by testing gated detectors using a randomly activated photon source inside the receiver unit. This estimate gives a secure rate for any detector with non-unity single-photon detection efficiency, both inherit or due to blinding. By adding extra optical components to the receiver, we make sure that the key is extracted from photon states for which our estimate is valid. The result is a quantum key distribution scheme that is secure against any attack that exploits detector imperfections.

High speed and adaptable error correction for megabit/s rate quantum key distribution.

PubMed

Dixon, A R; Sato, H

2014-12-02

Quantum Key Distribution is moving from its theoretical foundation of unconditional security to rapidly approaching real world installations. A significant part of this move is the orders of magnitude increases in the rate at which secure key bits are distributed. However, these advances have mostly been confined to the physical hardware stage of QKD, with software post-processing often being unable to support the high raw bit rates. In a complete implementation this leads to a bottleneck limiting the final secure key rate of the system unnecessarily. Here we report details of equally high rate error correction which is further adaptable to maximise the secure key rate under a range of different operating conditions. The error correction is implemented both in CPU and GPU using a bi-directional LDPC approach and can provide 90-94% of the ideal secure key rate over all fibre distances from 0-80 km.

High speed and adaptable error correction for megabit/s rate quantum key distribution

PubMed Central

Dixon, A. R.; Sato, H.

2014-01-01

Quantum Key Distribution is moving from its theoretical foundation of unconditional security to rapidly approaching real world installations. A significant part of this move is the orders of magnitude increases in the rate at which secure key bits are distributed. However, these advances have mostly been confined to the physical hardware stage of QKD, with software post-processing often being unable to support the high raw bit rates. In a complete implementation this leads to a bottleneck limiting the final secure key rate of the system unnecessarily. Here we report details of equally high rate error correction which is further adaptable to maximise the secure key rate under a range of different operating conditions. The error correction is implemented both in CPU and GPU using a bi-directional LDPC approach and can provide 90–94% of the ideal secure key rate over all fibre distances from 0–80 km. PMID:25450416

Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

PubMed

Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

2017-05-01

This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

Fundamental quantitative security in quantum key generation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yuen, Horace P.

2010-12-15

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographicmore » context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.« less

A covert authentication and security solution for GMOs.

PubMed

Mueller, Siguna; Jafari, Farhad; Roth, Don

2016-09-21

Proliferation and expansion of security risks necessitates new measures to ensure authenticity and validation of GMOs. Watermarking and other cryptographic methods are available which conceal and recover the original signature, but in the process reveal the authentication information. In many scenarios watermarking and standard cryptographic methods are necessary but not sufficient and new, more advanced, cryptographic protocols are necessary. Herein, we present a new crypto protocol, that is applicable in broader settings, and embeds the authentication string indistinguishably from a random element in the signature space and the string is verified or denied without disclosing the actual signature. Results show that in a nucleotide string of 1000, the algorithm gives a correlation of 0.98 or higher between the distribution of the codon and that of E. coli, making the signature virtually invisible. This algorithm may be used to securely authenticate and validate GMOs without disclosing the actual signature. While this protocol uses watermarking, its novelty is in use of more complex cryptographic techniques based on zero knowledge proofs to encode information.

Education, Inequality and Life Chances: A Report on the Netherlands [and] Discussion Paper.

ERIC Educational Resources Information Center

Tinbergen, Jan

Six chapters compose this report on the Netherlands: (1) some general characteristics of the Netherlands; (2) some notes on the history of income distribution and social security; (3) income distribution and social security around 1973; (4) opinions on income distribution, opportunities, and equality in Holland; (5) some forecasts on future income…

Semantic encoding of relational databases in wireless networks

NASA Astrophysics Data System (ADS)

Benjamin, David P.; Walker, Adrian

2005-03-01

Semantic Encoding is a new, patented technology that greatly increases the speed of transmission of distributed databases over networks, especially over ad hoc wireless networks, while providing a novel method of data security. It reduces bandwidth consumption and storage requirements, while speeding up query processing, encryption and computation of digital signatures. We describe the application of Semantic Encoding in a wireless setting and provide an example of its operation in which a compression of 290:1 would be achieved.

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

49 CFR 1522.107 - Application.

Code of Federal Regulations, 2010 CFR

2010-10-01

... security threat assessments. (8) A statement acknowledging that all personnel of the applicant who must successfully complete a security threat assessment under the requirements of this part must do so before the... the Security Coordinator successfully completes a security threat assessment, TSA will provide to the...

OpenID Connect as a security service in cloud-based medical imaging systems

PubMed Central

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-01-01

Abstract. The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as “Kerberos of cloud.” We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model. PMID:27340682

Device independence for two-party cryptography and position verification with memoryless devices

NASA Astrophysics Data System (ADS)

Ribeiro, Jérémy; Thinh, Le Phuc; Kaniewski, Jedrzej; Helsen, Jonas; Wehner, Stephanie

2018-06-01

Quantum communication has demonstrated its usefulness for quantum cryptography far beyond quantum key distribution. One domain is two-party cryptography, whose goal is to allow two parties who may not trust each other to solve joint tasks. Another interesting application is position-based cryptography whose goal is to use the geographical location of an entity as its only identifying credential. Unfortunately, security of these protocols is not possible against an all powerful adversary. However, if we impose some realistic physical constraints on the adversary, there exist protocols for which security can be proven, but these so far relied on the knowledge of the quantum operations performed during the protocols. In this work we improve the device-independent security proofs of Kaniewski and Wehner [New J. Phys. 18, 055004 (2016), 10.1088/1367-2630/18/5/055004] for two-party cryptography (with memoryless devices) and we add a security proof for device-independent position verification (also memoryless devices) under different physical constraints on the adversary. We assess the quality of the devices by observing a Bell violation, and, as for Kaniewski and Wehner [New J. Phys. 18, 055004 (2016), 10.1088/1367-2630/18/5/055004], security can be attained for any violation of the Clauser-Holt-Shimony-Horne inequality.

A secure cluster-based multipath routing protocol for WMSNs.

PubMed

Almalkawi, Islam T; Zapata, Manel Guerrero; Al-Karaki, Jamal N

2011-01-01

The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

A Secure Cluster-Based Multipath Routing Protocol for WMSNs

PubMed Central

Almalkawi, Islam T.; Zapata, Manel Guerrero; Al-Karaki, Jamal N.

2011-01-01

The new characteristics of Wireless Multimedia Sensor Network (WMSN) and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images) as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature) in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption. PMID:22163854

3VSR: Three Valued Secure Routing for Vehicular Ad Hoc Networks using Sensing Logic in Adversarial Environment

PubMed Central

Wang, Liangmin

2018-01-01

Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular networks, which are considered to be challenging due to its high speed and network dynamics. The goal of future vehicular networks is to improve road safety, promote commercial or infotainment products and to reduce the traffic accidents. All these applications are based on the information exchange among nodes, so not only reliable data delivery but also the authenticity and credibility of the data itself are prerequisite. To cope with the aforementioned problem, trust management come up as promising candidate to conduct node’s transaction and interaction management, which requires distributed mobile nodes cooperation for achieving design goals. In this paper, we propose a trust-based routing protocol i.e., 3VSR (Three Valued Secure Routing), which extends the widely used AODV (Ad hoc On-demand Distance Vector) routing protocol and employs the idea of Sensing Logic-based trust model to enhance the security solution of VANET (Vehicular Ad-Hoc Network). The existing routing protocol are mostly based on key or signature-based schemes, which off course increases computation overhead. In our proposed 3VSR, trust among entities is updated frequently by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior uncertainty of the said event. Also by using trust recommendation message exchange, nodes are able to reduce computation and routing overhead. The simulated results shows that the proposed scheme is secure and practical. PMID:29538314

3VSR: Three Valued Secure Routing for Vehicular Ad Hoc Networks using Sensing Logic in Adversarial Environment.

PubMed

Sohail, Muhammad; Wang, Liangmin

2018-03-14

Today IoT integrate thousands of inter networks and sensing devices e.g., vehicular networks, which are considered to be challenging due to its high speed and network dynamics. The goal of future vehicular networks is to improve road safety, promote commercial or infotainment products and to reduce the traffic accidents. All these applications are based on the information exchange among nodes, so not only reliable data delivery but also the authenticity and credibility of the data itself are prerequisite. To cope with the aforementioned problem, trust management come up as promising candidate to conduct node's transaction and interaction management, which requires distributed mobile nodes cooperation for achieving design goals. In this paper, we propose a trust-based routing protocol i.e., 3VSR (Three Valued Secure Routing), which extends the widely used AODV (Ad hoc On-demand Distance Vector) routing protocol and employs the idea of Sensing Logic-based trust model to enhance the security solution of VANET (Vehicular Ad-Hoc Network). The existing routing protocol are mostly based on key or signature-based schemes, which off course increases computation overhead. In our proposed 3VSR, trust among entities is updated frequently by means of opinion derived from sensing logic due to vehicles random topologies. In 3VSR the theoretical capabilities are based on Dirichlet distribution by considering prior and posterior uncertainty of the said event. Also by using trust recommendation message exchange, nodes are able to reduce computation and routing overhead. The simulated results shows that the proposed scheme is secure and practical.

Security Verification of Secure MANET Routing Protocols

DTIC Science & Technology

2012-03-22

SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Matthew F. Steele, Captain, USAF AFIT/GCS/ ENG /12-03 DEPARTMENT OF THE AIR FORCE AIR...States AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS THESIS Presented to the Faculty Department of Electrical and Computer...DISTRIBUTION UNLIMITED AFIT/GCS/ ENG /12-03 SECURITY VERIFICATION OF SECURE MANET ROUTING PROTOCOLS Matthew F. Steele, B.S.E.E. Captain, USAF

Einstein-Podolsky-Rosen-steering swapping between two Gaussian multipartite entangled states

NASA Astrophysics Data System (ADS)

Wang, Meihong; Qin, Zhongzhong; Wang, Yu; Su, Xiaolong

2017-08-01

Multipartite Einstein-Podolsky-Rosen (EPR) steering is a useful quantum resource for quantum communication in quantum networks. It has potential applications in secure quantum communication, such as one-sided device-independent quantum key distribution and quantum secret sharing. By distributing optical modes of a multipartite entangled state to space-separated quantum nodes, a local quantum network can be established. Based on the existing multipartite EPR steering in a local quantum network, secure quantum communication protocol can be accomplished. In this manuscript, we present swapping schemes for EPR steering between two space-separated Gaussian multipartite entangled states, which can be used to connect two space-separated quantum networks. Two swapping schemes, including the swapping between a tripartite Greenberger-Horne-Zeilinger (GHZ) entangled state and an EPR entangled state and that between two tripartite GHZ entangled states, are analyzed. Various types of EPR steering are presented after the swapping of two space-separated independent multipartite entanglement states without direct interaction, which can be used to implement quantum communication between two quantum networks. The presented schemes provide technical reference for more complicated quantum networks with EPR steering.

Efficient and universal quantum key distribution based on chaos and middleware

NASA Astrophysics Data System (ADS)

Jiang, Dong; Chen, Yuanyuan; Gu, Xuemei; Xie, Ling; Chen, Lijun

2017-01-01

Quantum key distribution (QKD) promises unconditionally secure communications, however, the low bit rate of QKD cannot meet the requirements of high-speed applications. Despite the many solutions that have been proposed in recent years, they are neither efficient to generate the secret keys nor compatible with other QKD systems. This paper, based on chaotic cryptography and middleware technology, proposes an efficient and universal QKD protocol that can be directly deployed on top of any existing QKD system without modifying the underlying QKD protocol and optical platform. It initially takes the bit string generated by the QKD system as input, periodically updates the chaotic system, and efficiently outputs the bit sequences. Theoretical analysis and simulation results demonstrate that our protocol can efficiently increase the bit rate of the QKD system as well as securely generate bit sequences with perfect statistical properties. Compared with the existing methods, our protocol is more efficient and universal, it can be rapidly deployed on the QKD system to increase the bit rate when the QKD system becomes the bottleneck of its communication system.

Integrating quantum key distribution with classical communications in backbone fiber network.

PubMed

Mao, Yingqiu; Wang, Bi-Xiao; Zhao, Chunxu; Wang, Guangquan; Wang, Ruichun; Wang, Honghai; Zhou, Fei; Nie, Jimin; Chen, Qing; Zhao, Yong; Zhang, Qiang; Zhang, Jun; Chen, Teng-Yun; Pan, Jian-Wei

2018-03-05

Quantum key distribution (QKD) provides information-theoretic security based on the laws of quantum mechanics. The desire to reduce costs and increase robustness in real-world applications has motivated the study of coexistence between QKD and intense classical data traffic in a single fiber. Previous works on coexistence in metropolitan areas have used wavelength-division multiplexing, however, coexistence in backbone fiber networks remains a great experimental challenge, as Tbps data of up to 20 dBm optical power is transferred, and much more noise is generated for QKD. Here we present for the first time, to the best of our knowledge, the integration of QKD with a commercial backbone network of 3.6 Tbps classical data at 21 dBm launch power over 66 km fiber. With 20 GHz pass-band filtering and large effective core area fibers, real-time secure key rates can reach 4.5 kbps and 5.1 kbps for co-propagation and counter-propagation at the maximum launch power, respectively. This demonstrates feasibility and represents an important step towards building a quantum network that coexists with the current backbone fiber infrastructure of classical communications.

Anomaly-based intrusion detection for SCADA systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, D.; Usynin, A.; Hines, J. W.

2006-07-01

Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA. These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number of internet related computer attacks, there is evidence that our critical infrastructure may also be vulnerable. Researchers estimate that malicious online actions may cause $75 billion at 2007. One of the interesting countermeasures for enhancing information system security is called intrusion detection. This paper willmore » briefly discuss the history of research in intrusion detection techniques and introduce the two basic detection approaches: signature detection and anomaly detection. Finally, it presents the application of techniques developed for monitoring critical process systems, such as nuclear power plants, to anomaly intrusion detection. The method uses an auto-associative kernel regression (AAKR) model coupled with the statistical probability ratio test (SPRT) and applied to a simulated SCADA system. The results show that these methods can be generally used to detect a variety of common attacks. (authors)« less

5 CFR 844.201 - General requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... withdrawal of an application for social security disability benefits. (c) An agency may consider the... the Social Security Act; or (ii) An official statement from the Social Security Administration that... Social Security Act. (2) A disability retirement application under this part will be dismissed when OPM...

RF tomography of metallic objects in free space: preliminary results

NASA Astrophysics Data System (ADS)

Li, Jia; Ewing, Robert L.; Berdanier, Charles; Baker, Christopher

2015-05-01

RF tomography has great potential in defense and homeland security applications. A distributed sensing research facility is under development at Air Force Research Lab. To develop a RF tomographic imaging system for the facility, preliminary experiments have been performed in an indoor range with 12 radar sensors distributed on a circle of 3m radius. Ultra-wideband pulses are used to illuminate single and multiple metallic targets. The echoes received by distributed sensors were processed and combined for tomography reconstruction. Traditional matched filter algorithm and truncated singular value decomposition (SVD) algorithm are compared in terms of their complexity, accuracy, and suitability for distributed processing. A new algorithm is proposed for shape reconstruction, which jointly estimates the object boundary and scatter points on the waveform's propagation path. The results show that the new algorithm allows accurate reconstruction of object shape, which is not available through the matched filter and truncated SVD algorithms.

Distributed Wind Market Applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forsyth, T.; Baring-Gould, I.

2007-11-01

Distributed wind energy systems provide clean, renewable power for on-site use and help relieve pressure on the power grid while providing jobs and contributing to energy security for homes, farms, schools, factories, private and public facilities, distribution utilities, and remote locations. America pioneered small wind technology in the 1920s, and it is the only renewable energy industry segment that the United States still dominates in technology, manufacturing, and world market share. The series of analyses covered by this report were conducted to assess some of the most likely ways that advanced wind turbines could be utilized apart from large, centralmore » station power systems. Each chapter represents a final report on specific market segments written by leading experts in this field. As such, this document does not speak with one voice but rather a compendium of different perspectives, which are documented from a variety of people in the U.S. distributed wind field.« less

Semantic message oriented middleware for publish/subscribe networks

NASA Astrophysics Data System (ADS)

Li, Han; Jiang, Guofei

2004-09-01

The publish/subscribe paradigm of Message Oriented Middleware provides a loosely coupled communication model between distributed applications. Traditional publish/subscribe middleware uses keywords to match advertisements and subscriptions and does not support deep semantic matching. To this end, we designed and implemented a Semantic Message Oriented Middleware system to provide such capabilities for semantic description and matching. We adopted the DARPA Agent Markup Language and Ontology Inference Layer, a formal knowledge representation language for expressing sophisticated classifications and enabling automated inference, as the topic description language in our middleware system. A simple description logic inference system was implemented to handle the matching process between the subscriptions of subscribers and the advertisements of publishers. Moreover our middleware system also has a security architecture to support secure communication and user privilege control.

Organisational Pattern Driven Recovery Mechanisms

NASA Astrophysics Data System (ADS)

Giacomo, Valentina Di; Presenza, Domenico; Riccucci, Carlo

The process of reaction to system failures and security attacks is strongly influenced by its infrastructural, procedural and organisational settings. Analysis of reaction procedures and practices from different domains (Air Traffic Management, Response to Computer Security Incident, Response to emergencies, recovery in Chemical Process Industry) highlight three key requirements for this activity: smooth collaboration and coordination among responders, accurate monitoring and management of resources and ability to adapt pre-established reaction plans to the actual context. The SERENITY Reaction Mechanisms (SRM) is the subsystem of the SERENITY Run-time Framework aimed to provide SERENITY aware AmI settings (i.e. socio-technical systems with highly distributed dynamic services) with functionalities to implement applications specific reaction strategies. The SRM uses SERENITY Organisational S&D Patterns as run-time models to drive these three key functionalities.

Securing mobile code.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas

2004-10-01

If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware ismore » necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called 'white-boxing'. We put forth some new attacks and improvements on this method as well as demonstrating its implementation for various algorithms. We also examine cryptographic techniques to achieve obfuscation including encrypted functions and offer a new application to digital signature algorithms. To better understand the lack of security proofs for obfuscation techniques, we examine in detail general theoretical models of obfuscation. We explain the need for formal models in order to obtain provable security and the progress made in this direction thus far. Finally we tackle the problem of verifying remote execution. We introduce some methods of verifying remote exponentiation computations and some insight into generic computation checking.« less

Flexible session management in a distributed environment

NASA Astrophysics Data System (ADS)

Miller, Zach; Bradley, Dan; Tannenbaum, Todd; Sfiligoi, Igor

2010-04-01

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2014 CFR

2014-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2010 CFR

2010-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2012 CFR

2012-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2011 CFR

2011-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

12 CFR 19.121 - Application for exemption.

Code of Federal Regulations, 2013 CFR

2013-01-01

... application for an exemption order to the Securities and Corporate Practices Division, Office of the... the public interest or the protection of investors. The Securities and Corporate Practices Division... PROCEDURE Exemption Hearings Under Section 12(h) of the Securities Exchange Act of 1934 § 19.121 Application...

Quantum key distribution with hacking countermeasures and long term field trial.

PubMed

Dixon, A R; Dynes, J F; Lucamarini, M; Fröhlich, B; Sharpe, A W; Plews, A; Tam, W; Yuan, Z L; Tanizawa, Y; Sato, H; Kawamura, S; Fujiwara, M; Sasaki, M; Shields, A J

2017-05-16

Quantum key distribution's (QKD's) central and unique claim is information theoretic security. However there is an increasing understanding that the security of a QKD system relies not only on theoretical security proofs, but also on how closely the physical system matches the theoretical models and prevents attacks due to discrepancies. These side channel or hacking attacks exploit physical devices which do not necessarily behave precisely as the theory expects. As such there is a need for QKD systems to be demonstrated to provide security both in the theoretical and physical implementation. We report here a QKD system designed with this goal in mind, providing a more resilient target against possible hacking attacks including Trojan horse, detector blinding, phase randomisation and photon number splitting attacks. The QKD system was installed into a 45 km link of a metropolitan telecom network for a 2.5 month period, during which time the system operated continuously and distributed 1.33 Tbits of secure key data with a stable secure key rate over 200 kbit/s. In addition security is demonstrated against coherent attacks that are more general than the collective class of attacks usually considered.

Secure and scalable deduplication of horizontally partitioned health data for privacy-preserving distributed statistical computation.

PubMed

Yigzaw, Kassaye Yitbarek; Michalas, Antonis; Bellika, Johan Gustav

2017-01-03

Techniques have been developed to compute statistics on distributed datasets without revealing private information except the statistical results. However, duplicate records in a distributed dataset may lead to incorrect statistical results. Therefore, to increase the accuracy of the statistical analysis of a distributed dataset, secure deduplication is an important preprocessing step. We designed a secure protocol for the deduplication of horizontally partitioned datasets with deterministic record linkage algorithms. We provided a formal security analysis of the protocol in the presence of semi-honest adversaries. The protocol was implemented and deployed across three microbiology laboratories located in Norway, and we ran experiments on the datasets in which the number of records for each laboratory varied. Experiments were also performed on simulated microbiology datasets and data custodians connected through a local area network. The security analysis demonstrated that the protocol protects the privacy of individuals and data custodians under a semi-honest adversarial model. More precisely, the protocol remains secure with the collusion of up to N - 2 corrupt data custodians. The total runtime for the protocol scales linearly with the addition of data custodians and records. One million simulated records distributed across 20 data custodians were deduplicated within 45 s. The experimental results showed that the protocol is more efficient and scalable than previous protocols for the same problem. The proposed deduplication protocol is efficient and scalable for practical uses while protecting the privacy of patients and data custodians.

Multi-user quantum key distribution with entangled photons from an AlGaAs chip

NASA Astrophysics Data System (ADS)

Autebert, C.; Trapateau, J.; Orieux, A.; Lemaître, A.; Gomez-Carbonell, C.; Diamanti, E.; Zaquine, I.; Ducci, S.

2016-12-01

In view of real-world applications of quantum information technologies, the combination of miniature quantum resources with existing fibre networks is a crucial issue. Among such resources, on-chip entangled photon sources play a central role for applications spanning quantum communications, computing and metrology. Here, we use a semiconductor source of entangled photons operating at room temperature in conjunction with standard telecom components to demonstrate multi-user quantum key distribution, a core protocol for securing communications in quantum networks. The source consists of an AlGaAs chip-emitting polarisation entangled photon pairs over a large bandwidth in the main telecom band around 1550 nm without the use of any off-chip compensation or interferometric scheme; the photon pairs are directly launched into a dense wavelength division multiplexer (DWDM) and secret keys are distributed between several pairs of users communicating through different channels. We achieve a visibility measured after the DWDM of 87% and show long-distance key distribution using a 50-km standard telecom fibre link between two network users. These results illustrate a promising route to practical, resource-efficient implementations adapted to quantum network infrastructures.

a Discussion about Effective Ways of Basic Resident Register on GIS

NASA Astrophysics Data System (ADS)

Oku, Naoya; Nonaka, Yasuaki; Ito, Yutaka

2016-06-01

In Japan, each municipality keeps a database of every resident's name, address, gender and date of birth called the Basic Resident Register. If the address information in the register is converted into coordinates by geocoding, it can be plotted as point data on a map. This would enable prompt evacuation from disaster, analysis of distribution of residents, integrating statistics and so on. Further, it can be used for not only analysis of the current situation but also future planning. However, the geographic information system (GIS) incorporating the Basic Resident Register is not widely used in Japan because of the following problems: - Geocoding In order to plot address point data, it is necessary to match the Basic Resident Register and the address dictionary by using the address as a key. The information in the Basic Resident Register does not always match the actual addresses. As the register is based on applications made by residents, the information is prone to errors, such as incorrect Kanji characters. - Security policy on personal information In the register, the address of a resident is linked with his/her name and date of birth. If the information in the Basic Resident Register were to be leaked, it could be used for malicious purposes. This paper proposes solutions to the above problems. The suitable solutions for the problems depend on the purpose of use, thus it is important that the purpose should be defined and a suitable way of the application for each purpose should be chosen. In this paper, we mainly focus on the specific purpose of use: to analyse the distribution of the residents. We provide two solutions to improve the matching rate in geocoding. First, regarding errors in Kanji characters, a correction list of possible errors should be compiled in advance. Second, some sort of analyses such as distribution of residents may not require exactly correct position for the address point. Therefore we set the matching level in order: prefecture, city, town, city-block, house-code, house, and decided to accept up to city-block level for the matching. Moreover, in terms of security policy on personal information, some part of information may not be needed for the distribution analysis. For example, the personal information like resident's name should be excluded from the attribute of address point in order to secure the safety operation of the system.

Teaching Web Security Using Portable Virtual Labs

ERIC Educational Resources Information Center

Chen, Li-Chiou; Tao, Lixin

2012-01-01

We have developed a tool called Secure WEb dEvelopment Teaching (SWEET) to introduce security concepts and practices for web application development. This tool provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web application security. In addition, the tool provides pre-configured…

29 CFR 14.2 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... Labor SECURITY REGULATIONS Introduction to Security Regulations § 14.2 Policy. The interests of the...) Safeguarding national security information. Some official information within the Federal Government is directly..., therefore, be subject to security constraints, and limited in term of its distribution. (b) Exemption from...

Randomized Prediction Games for Adversarial Machine Learning.

PubMed

Rota Bulo, Samuel; Biggio, Battista; Pillai, Ignazio; Pelillo, Marcello; Roli, Fabio

In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation

PubMed Central

Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-01-01

Background Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Objective Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Methods Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Results Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. Conclusions To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. PMID:29506966

Secure and Efficient Regression Analysis Using a Hybrid Cryptographic Framework: Development and Evaluation.

PubMed

Sadat, Md Nazmus; Jiang, Xiaoqian; Aziz, Md Momin Al; Wang, Shuang; Mohammed, Noman

2018-03-05

Machine learning is an effective data-driven tool that is being widely used to extract valuable patterns and insights from data. Specifically, predictive machine learning models are very important in health care for clinical data analysis. The machine learning algorithms that generate predictive models often require pooling data from different sources to discover statistical patterns or correlations among different attributes of the input data. The primary challenge is to fulfill one major objective: preserving the privacy of individuals while discovering knowledge from data. Our objective was to develop a hybrid cryptographic framework for performing regression analysis over distributed data in a secure and efficient way. Existing secure computation schemes are not suitable for processing the large-scale data that are used in cutting-edge machine learning applications. We designed, developed, and evaluated a hybrid cryptographic framework, which can securely perform regression analysis, a fundamental machine learning algorithm using somewhat homomorphic encryption and a newly introduced secure hardware component of Intel Software Guard Extensions (Intel SGX) to ensure both privacy and efficiency at the same time. Experimental results demonstrate that our proposed method provides a better trade-off in terms of security and efficiency than solely secure hardware-based methods. Besides, there is no approximation error. Computed model parameters are exactly similar to plaintext results. To the best of our knowledge, this kind of secure computation model using a hybrid cryptographic framework, which leverages both somewhat homomorphic encryption and Intel SGX, is not proposed or evaluated to this date. Our proposed framework ensures data security and computational efficiency at the same time. ©Md Nazmus Sadat, Xiaoqian Jiang, Md Momin Al Aziz, Shuang Wang, Noman Mohammed. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 05.03.2018.

Development of a Secure Mobile GPS Tracking and Management System

ERIC Educational Resources Information Center

Liu, Anyi

2012-01-01

With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. …

17 CFR 201.510 - Temporary cease-and-desist orders: Application process.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Temporary cease-and-desist orders: Application process. 201.510 Section 201.510 Commodity and Securities Exchanges SECURITIES AND... § 201.510 Temporary cease-and-desist orders: Application process. (a) Procedure. A request for entry of...

17 CFR 201.510 - Temporary cease-and-desist orders: Application process.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Temporary cease-and-desist orders: Application process. 201.510 Section 201.510 Commodity and Securities Exchanges SECURITIES AND... § 201.510 Temporary cease-and-desist orders: Application process. (a) Procedure. A request for entry of...

17 CFR 201.510 - Temporary cease-and-desist orders: Application process.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Temporary cease-and-desist orders: Application process. 201.510 Section 201.510 Commodity and Securities Exchanges SECURITIES AND... § 201.510 Temporary cease-and-desist orders: Application process. (a) Procedure. A request for entry of...

Coupled ridge waveguide distributed feedback quantum cascade laser arrays

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Ying-Hui; Zhang, Jin-Chuan, E-mail: zhangjinchuan@semi.ac.cn; Yan, Fang-Liang

2015-04-06

A coupled ridge waveguide quantum cascade laser (QCL) array consisting of fifteen elements with parallel integration was presented. In-phase fundamental mode operation in each element is secured by both the index-guided nature of the ridge and delicate loss management by properly designed geometries of the ridges and interspaces. Single-lobe lateral far-field with a nearly diffraction limited beam pattern was obtained. By incorporating a one-dimensional buried distributed feedback grating, the in-phase-operating coupled ridge waveguide QCL design provides an efficient solution to obtaining high output power and stable single longitudinal mode emission. The simplicity of this structure and fabrication process makes thismore » approach attractive to many practical applications.« less

Nearest private query based on quantum oblivious key distribution

NASA Astrophysics Data System (ADS)

Xu, Min; Shi, Run-hua; Luo, Zhen-yu; Peng, Zhen-wan

2017-12-01

Nearest private query is a special private query which involves two parties, a user and a data owner, where the user has a private input (e.g., an integer) and the data owner has a private data set, and the user wants to query which element in the owner's private data set is the nearest to his input without revealing their respective private information. In this paper, we first present a quantum protocol for nearest private query, which is based on quantum oblivious key distribution (QOKD). Compared to the classical related protocols, our protocol has the advantages of the higher security and the better feasibility, so it has a better prospect of applications.

A Grid Infrastructure for Supporting Space-based Science Operations

NASA Technical Reports Server (NTRS)

Bradford, Robert N.; Redman, Sandra H.; McNair, Ann R. (Technical Monitor)

2002-01-01

Emerging technologies for computational grid infrastructures have the potential for revolutionizing the way computers are used in all aspects of our lives. Computational grids are currently being implemented to provide a large-scale, dynamic, and secure research and engineering environments based on standards and next-generation reusable software, enabling greater science and engineering productivity through shared resources and distributed computing for less cost than traditional architectures. Combined with the emerging technologies of high-performance networks, grids provide researchers, scientists and engineers the first real opportunity for an effective distributed collaborative environment with access to resources such as computational and storage systems, instruments, and software tools and services for the most computationally challenging applications.

Access control and privacy in large distributed systems

NASA Technical Reports Server (NTRS)

Leiner, B. M.; Bishop, M.

1986-01-01

Large scale distributed systems consists of workstations, mainframe computers, supercomputers and other types of servers, all connected by a computer network. These systems are being used in a variety of applications including the support of collaborative scientific research. In such an environment, issues of access control and privacy arise. Access control is required for several reasons, including the protection of sensitive resources and cost control. Privacy is also required for similar reasons, including the protection of a researcher's proprietary results. A possible architecture for integrating available computer and communications security technologies into a system that meet these requirements is described. This architecture is meant as a starting point for discussion, rather that the final answer.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

High Data Rate Quantum Cryptography

NASA Astrophysics Data System (ADS)

Kwiat, Paul; Christensen, Bradley; McCusker, Kevin; Kumor, Daniel; Gauthier, Daniel

2015-05-01

While quantum key distribution (QKD) systems are now commercially available, the data rate is a limiting factor for some desired applications (e.g., secure video transmission). Most QKD systems receive at most a single random bit per detection event, causing the data rate to be limited by the saturation of the single-photon detectors. Recent experiments have begun to explore using larger degree of freedoms, i.e., temporal or spatial qubits, to optimize the data rate. Here, we continue this exploration using entanglement in multiple degrees of freedom. That is, we use simultaneous temporal and polarization entanglement to reach up to 8.3 bits of randomness per coincident detection. Due to current technology, we are unable to fully secure the temporal degree of freedom against all possible future attacks; however, by assuming a technologically-limited eavesdropper, we are able to obtain 23.4 MB/s secure key rate across an optical table, after error reconciliation and privacy amplification. In this talk, we will describe our high-rate QKD experiment, with a short discussion on our work towards extending this system to ship-to-ship and ship-to-shore communication, aiming to secure the temporal degree of freedom and to implement a 30-km free-space link over a marine environment.

Meeting EHR security requirements: SeAAS approach.

PubMed

Katt, Basel; Trojer, Thomas; Breu, Ruth; Schabetsberger, Thomas; Wozak, Florian

2010-01-01

In the last few years, Electronic Health Record (EHR) systems have received a great attention in the literature, as well as in the industry. They are expected to lead to health care savings, increase health care quality and reduce medical errors. This interest has been accompanied by the development of different standards and frameworks to meet EHR challenges. One of the most important initiatives that was developed to solve problems of EHR is IHE (Integrating the Healthcare Enterprise), which adapts the distributed approach to store and manage healthcare data. IHE aims at standardizing the way healthcare systems exchange information in distributed environments. For this purpose it defines several so called Integration Profiles that specify the interactions and the interfaces (Transactions) between various healthcare systems (Actors) or entities. Security was considered also in few profiles that tackled the main security requirements, mainly authentication and audit trails. The security profiles of IHE currently suffer two drawbacks. First, they apply end point security methodology, which has been proven recently to be insufficient and cumbersome in distributed and heterogeneous environment. Second, the current security profiles for more complex security requirements are oversimplified, vague and do not consider architectural design. This recently changed to some extend e.g., with the introduction of newly published white papers regarding privacy [5] and access control [9]. In order to solve the first problem we utilize results of previous studies conducted in the area of security-aware IHE-based systems and the state-of-the-art Security-as-a-Service approach as a convenient methodology to group domain-wide security needs and overcome the end point security shortcomings.

Next generation tools for genomic data generation, distribution, and visualization

PubMed Central

2010-01-01

Background With the rapidly falling cost and availability of high throughput sequencing and microarray technologies, the bottleneck for effectively using genomic analysis in the laboratory and clinic is shifting to one of effectively managing, analyzing, and sharing genomic data. Results Here we present three open-source, platform independent, software tools for generating, analyzing, distributing, and visualizing genomic data. These include a next generation sequencing/microarray LIMS and analysis project center (GNomEx); an application for annotating and programmatically distributing genomic data using the community vetted DAS/2 data exchange protocol (GenoPub); and a standalone Java Swing application (GWrap) that makes cutting edge command line analysis tools available to those who prefer graphical user interfaces. Both GNomEx and GenoPub use the rich client Flex/Flash web browser interface to interact with Java classes and a relational database on a remote server. Both employ a public-private user-group security model enabling controlled distribution of patient and unpublished data alongside public resources. As such, they function as genomic data repositories that can be accessed manually or programmatically through DAS/2-enabled client applications such as the Integrated Genome Browser. Conclusions These tools have gained wide use in our core facilities, research laboratories and clinics and are freely available for non-profit use. See http://sourceforge.net/projects/gnomex/, http://sourceforge.net/projects/genoviz/, and http://sourceforge.net/projects/useq. PMID:20828407

17 CFR 240.6a-2 - Amendments to application.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Amendments to application. 240.6a-2 Section 240.6a-2 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...

17 CFR 240.6a-2 - Amendments to application.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Amendments to application. 240.6a-2 Section 240.6a-2 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...

17 CFR 240.6a-2 - Amendments to application.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Amendments to application. 240.6a-2 Section 240.6a-2 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION (CONTINUED) GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934 Rules and Regulations Under the...

77 FR 42017 - AmericaFirst Quantitative Trust and AmericaFirst Securities, Inc.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-17

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 30134; 812-14005] AmericaFirst Quantitative Trust and AmericaFirst Securities, Inc.; Notice of Application July 10, 2012. AGENCY...: AmericaFirst Quantitative Trust (the ``AmericaFirst Trust'') and AmericaFirst Securities, Inc. (``AFSI...

49 CFR 1515.3 - Terms used in this part.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... Applicant means an individual who has applied for one of the security threat assessments identified in 49... for the security threat assessment but TSA later determined that the individual poses a security.... Security threat assessment means the threat assessment for which the applicant has applied, as described in...

Multimedia Security System for Security and Medical Applications

ERIC Educational Resources Information Center

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

75 FR 2896 - Self-Regulatory Organizations; NYSE Arca, Inc.; Order Approving Proposed Rule Change Relating to...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-19

... and Annual Fee Applicable to Derivative Securities Products January 12, 2010. On November 24, 2009... Services (``Fee Schedule'') to revise the listing and annual fees applicable to Derivative Securities... Schedule, the term ``Derivative Securities Products'' includes securities described in NYSE Arca Equities...

The President Has No Clothes: The Case for Broader Application of Red Teaming within Homeland Security

DTIC Science & Technology

2010-06-01

CLOTHES: THE CASE FOR BROADER APPLICATION OF RED TEAMING WITHIN HOMELAND SECURITY by A. Bentley Nettles June 2010 Thesis Advisor...Red Teaming Within Homeland Security 6. AUTHOR(S) A. Bentley Nettles 5. FUNDING NUMBERS 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES...APPLICATION OF RED TEAMING WITHIN HOMELAND SECURITY A. Bentley Nettles Colonel, United States Army B.A., Texas A&M University, 1985 J.D. South

100 km differential phase shift quantum key distribution experiment with low jitter up-conversion detectors

NASA Astrophysics Data System (ADS)

Diamanti, Eleni; Takesue, Hiroki; Langrock, Carsten; Fejer, M. M.; Yamamoto, Yoshihisa

2006-12-01

We present a quantum key distribution experiment in which keys that were secure against all individual eavesdropping attacks allowed by quantum mechanics were distributed over 100 km of optical fiber. We implemented the differential phase shift quantum key distribution protocol and used low timing jitter 1.55 µm single-photon detectors based on frequency up-conversion in periodically poled lithium niobate waveguides and silicon avalanche photodiodes. Based on the security analysis of the protocol against general individual attacks, we generated secure keys at a practical rate of 166 bit/s over 100 km of fiber. The use of the low jitter detectors also increased the sifted key generation rate to 2 Mbit/s over 10 km of fiber.

Research Support for the Laboratory for Lightwave Technology

DTIC Science & Technology

1992-12-31

34 .. . ."/ 12a. DISTRIBUTION AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE UNLIMITED 13. ABSTRACT (Mawimum 200words) 4 SEE ATTACHED ABSTRACT DT I 14. SUBJECT...8217TERMS 15. NUMBER OF PAGES 16. PRICE CODE 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT...temperature ceramic nano- phase single crystal oxides that may be produced at a high rate . The synthesis of both glasses and ceramics using novel techniques

Economy Over Security: Why Crises Fail to Impact Economic Behavior in East Asia

DTIC Science & Technology

2017-12-01

SECURITY: WHY CRISES FAIL TO IMPACT ECONOMIC BEHAVIOR IN EAST ASIA by Aaron R. Sipos December 2017 Thesis Advisor: Michael Glosny Second...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE ECONOMY OVER SECURITY: WHY CRISES FAIL TO IMPACT ECONOMIC BEHAVIOR IN EAST...release. Distribution is unlimited. 12b. DISTRIBUTION CODE 13. ABSTRACT (maximum 200 words) This study examines changes in economic behavior in

Planning Considerations for Secure Network Protocols

DTIC Science & Technology

1999-03-01

distribution / management ) requirements needed to support network security services are examined. The thesis concludes by identifying tactical user network requirements and suggests security issues to be considered in concert with network

Cryptography for Big Data Security

DTIC Science & Technology

2015-07-13

Cryptography for Big Data Security Book Chapter for Big Data: Storage, Sharing, and Security (3S) Distribution A: Public Release Ariel Hamlin1 Nabil...Email: arkady@ll.mit.edu ii Contents 1 Cryptography for Big Data Security 1 1.1 Introduction...48 Chapter 1 Cryptography for Big Data Security 1.1 Introduction With the amount

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2014 CFR

2014-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2013 CFR

2013-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2011 CFR

2011-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Activities by issuers and...

17 CFR 242.102 - Activities by issuers and selling security holders during a distribution.

Code of Federal Regulations, 2010 CFR

2010-04-01

... communications network; or (4) Exercises of securities. The exercise of any option, warrant, right, or any... communications network; or (7) Transactions in Rule 144A securities. Transactions in securities eligible for... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Activities by issuers and...

The GENIUS Grid Portal and robot certificates: a new tool for e-Science

PubMed Central

Barbera, Roberto; Donvito, Giacinto; Falzone, Alberto; La Rocca, Giuseppe; Milanesi, Luciano; Maggi, Giorgio Pietro; Vicario, Saverio

2009-01-01

Background Grid technology is the computing model which allows users to share a wide pletora of distributed computational resources regardless of their geographical location. Up to now, the high security policy requested in order to access distributed computing resources has been a rather big limiting factor when trying to broaden the usage of Grids into a wide community of users. Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to get and manage those certificates is unfortunately not straightforward. A first step to make Grids more appealing for new users has recently been achieved with the adoption of robot certificates. Methods Robot certificates have recently been introduced to perform automated tasks on Grids on behalf of users. They are extremely useful for instance to automate grid service monitoring, data processing production, distributed data collection systems. Basically these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server. Robot certificates can be installed on a smart card and used behind a portal by everyone interested in running the related applications in a Grid environment using a user-friendly graphic interface. In this work, the GENIUS Grid Portal, powered by EnginFrame, has been extended in order to support the new authentication based on the adoption of these robot certificates. Results The work carried out and reported in this manuscript is particularly relevant for all users who are not familiar with personal digital certificates and the technical aspects of the Grid Security Infrastructure (GSI). The valuable benefits introduced by robot certificates in e-Science can so be extended to users belonging to several scientific domains, providing an asset in raising Grid awareness to a wide number of potential users. Conclusion The adoption of Grid portals extended with robot certificates, can really contribute to creating transparent access to computational resources of Grid Infrastructures, enhancing the spread of this new paradigm in researchers' working life to address new global scientific challenges. The evaluated solution can of course be extended to other portals, applications and scientific communities. PMID:19534747

The GENIUS Grid Portal and robot certificates: a new tool for e-Science.

PubMed

Barbera, Roberto; Donvito, Giacinto; Falzone, Alberto; La Rocca, Giuseppe; Milanesi, Luciano; Maggi, Giorgio Pietro; Vicario, Saverio

2009-06-16

Grid technology is the computing model which allows users to share a wide pletora of distributed computational resources regardless of their geographical location. Up to now, the high security policy requested in order to access distributed computing resources has been a rather big limiting factor when trying to broaden the usage of Grids into a wide community of users. Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to get and manage those certificates is unfortunately not straightforward. A first step to make Grids more appealing for new users has recently been achieved with the adoption of robot certificates. Robot certificates have recently been introduced to perform automated tasks on Grids on behalf of users. They are extremely useful for instance to automate grid service monitoring, data processing production, distributed data collection systems. Basically these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server. Robot certificates can be installed on a smart card and used behind a portal by everyone interested in running the related applications in a Grid environment using a user-friendly graphic interface. In this work, the GENIUS Grid Portal, powered by EnginFrame, has been extended in order to support the new authentication based on the adoption of these robot certificates. The work carried out and reported in this manuscript is particularly relevant for all users who are not familiar with personal digital certificates and the technical aspects of the Grid Security Infrastructure (GSI). The valuable benefits introduced by robot certificates in e-Science can so be extended to users belonging to several scientific domains, providing an asset in raising Grid awareness to a wide number of potential users. The adoption of Grid portals extended with robot certificates, can really contribute to creating transparent access to computational resources of Grid Infrastructures, enhancing the spread of this new paradigm in researchers' working life to address new global scientific challenges. The evaluated solution can of course be extended to other portals, applications and scientific communities.

Distributed electrochemical sensors: recent advances and barriers to market adoption.

PubMed

Hoekstra, Rafael; Blondeau, Pascal; Andrade, Francisco J

2018-07-01

Despite predictions of their widespread application in healthcare and environmental monitoring, electrochemical sensors are yet to be distributed at scale, instead remaining largely confined to R&D labs. This contrasts sharply with the situation for physical sensors, which are now ubiquitous and seamlessly embedded in the mature ecosystem provided by electronics and connectivity protocols. Although chemical sensors could be integrated into the same ecosystem, there are fundamental issues with these sensors in the three key areas of analytical performance, usability, and affordability. Nevertheless, advances are being made in each of these fields, leading to hope that the deployment of automated and user-friendly low-cost electrochemical sensors is on the horizon. Here, we present a brief survey of key challenges and advances in the development of distributed electrochemical sensors for liquid samples, geared towards applications in healthcare and wellbeing, environmental monitoring, and homeland security. As will be seen, in many cases the analytical performance of the sensor is acceptable; it is usability that is the major barrier to commercial viability at this moment. Were this to be overcome, the issue of affordability could be addressed. Graphical Abstract ᅟ.

Experimental observation of spatially resolved photo-luminescence intensity distribution in dual mode upconverting nanorod bundles

PubMed Central

Kumar, Pawan; Singh, Satbir; Singh, V. N.; Singh, Nidhi; Gupta, R. K.; Gupta, Bipin Kumar

2017-01-01

A novel method for demonstration of photoluminescence intensity distribution in upconverting nanorod bundles using confocal microscopy is reported. Herein, a strategy for the synthesis of highly luminescent dual mode upconverting/downshift Y1.94O3:Ho3+0.02/Yb3+0.04 nanorod bundles by a facile hydrothermal route has been introduced. These luminescent nanorod bundles exhibit strong green emission at 549 nm upon excitations at 449 nm and 980 nm with quantum efficiencies of ~6.3% and ~1.1%, respectively. The TEM/HRTEM results confirm that these bundles are composed of several individual nanorods with diameter of ~100 nm and length in the range of 1–3 μm. Furthermore, two dimensional spatially resolved photoluminescence intensity distribution study has been carried out using confocal photoluminescence microscope throughout the nanorod bundles. This study provides a new direction for the potential use of such emerging dual mode nanorod bundles as photon sources for next generation flat panel optical display devices, bio-medical applications, luminescent security ink and enhanced energy harvesting in photovoltaic applications. PMID:28211891

Security evaluation of the quantum key distribution system with two-mode squeezed states

DOE Office of Scientific and Technical Information (OSTI.GOV)

Osaki, M.; Ban, M.

2003-08-01

The quantum key distribution (QKD) system with two-mode squeezed states has been demonstrated by Pereira et al. [Phys. Rev. A 62, 042311 (2000)]. They evaluate the security of the system based on the signal to noise ratio attained by a homodyne detector. In this paper, we discuss its security based on the error probability individually attacked by eavesdropper with the unambiguous or the error optimum detection. The influence of the energy loss at transmission channels is also taken into account. It will be shown that the QKD system is secure under these conditions.

Application of the A.C. Admittance Technique to Double Layer Studies on Polycrystalline Gold Electrodes

DTIC Science & Technology

1992-02-24

AVAiLABILITY STATEMENT 12b. DISTRIBUTION CODE Unclassified 1 . %Bsr’RACT , 3’ um . Crl) A detailed examination of the dependence of the a.c. admittance...NUMBER OF PAGES double layer at gold/solution interface, a.c. admittance techniques, constant phase element model 1 . PRCE CODE 17. SECURITY...Chemistry University of California Davis, CA 95616 U.S.A. tOn leave from the Instituto de Fisica e Quimica de Sao Carlos, USP, Sao Carlos, SP 13560

17 CFR 249.1100 - Form MSD, application for registration as a municipal securities dealer pursuant to rule 15Ba2-1...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Form MSD, application for... of Municipal Securities Dealers § 249.1100 Form MSD, application for registration as a municipal... Exchange Act of 1934 (the “Act”), or to amend such application. Note: Copies of Form MSD have been filed...

17 CFR 230.138 - Publications or distributions of research reports by brokers or dealers about securities other...

Code of Federal Regulations, 2010 CFR

2010-04-01

... dealer publishes or distributes research reports on the types of securities in question in the regular course of its business; and (4) The issuer is not, and during the past three years neither the issuer nor...

Cloud Surprises Discovered in Moving NASA EOSDIS Applications into Amazon Web Services… and #6 Will Shock You!

NASA Astrophysics Data System (ADS)

McLaughlin, B. D.; Pawloski, A. W.

2017-12-01

NASA ESDIS has been moving a variety of data ingest, distribution, and science data processing applications into a cloud environment over the last 2 years. As expected, there have been a number of challenges in migrating primarily on-premises applications into a cloud-based environment, related to architecture and taking advantage of cloud-based services. What was not expected is a number of issues that were beyond purely technical application re-architectures. From surprising network policy limitations, billing challenges in a government-based cost model, and obtaining certificates in an NASA security-compliant manner to working with multiple applications in a shared and resource-constrained AWS account, these have been the relevant challenges in taking advantage of a cloud model. And most surprising of all… well, you'll just have to wait and see the "gotcha" that caught our entire team off guard!

12 CFR 350.12 - Disclosure required by applicable banking or securities law or regulations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Disclosure required by applicable banking or securities law or regulations. 350.12 Section 350.12 Banks and Banking FEDERAL DEPOSIT INSURANCE CORPORATION... STATE NONMEMBER BANKS § 350.12 Disclosure required by applicable banking or securities law or...

Quantum key distribution for composite dimensional finite systems

NASA Astrophysics Data System (ADS)

Shalaby, Mohamed; Kamal, Yasser

2017-06-01

The application of quantum mechanics contributes to the field of cryptography with very important advantage as it offers a mechanism for detecting the eavesdropper. The pioneering work of quantum key distribution uses mutually unbiased bases (MUBs) to prepare and measure qubits (or qudits). Weak mutually unbiased bases (WMUBs) have weaker properties than MUBs properties, however, unlike MUBs, a complete set of WMUBs can be constructed for systems with composite dimensions. In this paper, we study the use of weak mutually unbiased bases (WMUBs) in quantum key distribution for composite dimensional finite systems. We prove that the security analysis of using a complete set of WMUBs to prepare and measure the quantum states in the generalized BB84 protocol, gives better results than using the maximum number of MUBs that can be constructed, when they are analyzed against the intercept and resend attack.

Use of CdS quantum dot-functionalized cellulose nanocrystal films for anti-counterfeiting applications

NASA Astrophysics Data System (ADS)

Chen, L.; Lai, C.; Marchewka, R.; Berry, R. M.; Tam, K. C.

2016-07-01

Structural colors and photoluminescence have been widely used for anti-counterfeiting and security applications. We report for the first time the use of CdS quantum dot (QD)-functionalized cellulose nanocrystals (CNCs) as building blocks to fabricate nanothin films via layer-by-layer (LBL) self-assembly for anti-counterfeiting applications. Both negatively- and positively-charged CNC/QD nanohybrids with a high colloidal stability and a narrow particle size distribution were prepared. The controllable LBL coating process was characterized by scanning electron microscopy and ellipsometry. The rigid structure of CNCs leads to nanoporous structured films on poly(ethylene terephthalate) (PET) substrates with high transmittance (above 70%) over the entire range of visible light and also resulted in increased hydrophilicity (contact angles of ~40 degrees). Nanothin films on PET substrates showed good flexibility and enhanced stability in both water and ethanol. The modified PET films with structural colors from thin-film interference and photoluminescence from QDs can be used in anti-counterfeiting applications.Structural colors and photoluminescence have been widely used for anti-counterfeiting and security applications. We report for the first time the use of CdS quantum dot (QD)-functionalized cellulose nanocrystals (CNCs) as building blocks to fabricate nanothin films via layer-by-layer (LBL) self-assembly for anti-counterfeiting applications. Both negatively- and positively-charged CNC/QD nanohybrids with a high colloidal stability and a narrow particle size distribution were prepared. The controllable LBL coating process was characterized by scanning electron microscopy and ellipsometry. The rigid structure of CNCs leads to nanoporous structured films on poly(ethylene terephthalate) (PET) substrates with high transmittance (above 70%) over the entire range of visible light and also resulted in increased hydrophilicity (contact angles of ~40 degrees). Nanothin films on PET substrates showed good flexibility and enhanced stability in both water and ethanol. The modified PET films with structural colors from thin-film interference and photoluminescence from QDs can be used in anti-counterfeiting applications. Electronic supplementary information (ESI) available. See DOI: 10.1039/c6nr03039d

Role of Epidermal Growth Factor Receptors and Their Ligands in Normal Mammary Epithelial and Breast Cancer Cells

DTIC Science & Technology

1996-07-01

UNCLASSIFIED AD NUMBER ADB216343 NEW LIMITATION CHANGE TO Approved for public release, distribution unlimited FROM Distribution authorized to U.S...PRICE CODE 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT OF REPORT OF THIS PAGE OF...ABSTRACT ,Unclassified Unclassified Unclassified Limited NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. Z39-1 8 DISCLAIMER

17 CFR 400.5 - Amendments to application for registration and to notice of status as a government securities...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Amendments to application for registration and to notice of status as a government securities broker or dealer. 400.5 Section 400.5 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 RULES OF GENERAL...

17 CFR 400.5 - Amendments to application for registration and to notice of status as a government securities...

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Amendments to application for registration and to notice of status as a government securities broker or dealer. 400.5 Section 400.5 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 RULES OF GENERAL...

17 CFR 400.5 - Amendments to application for registration and to notice of status as a government securities...

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Amendments to application for registration and to notice of status as a government securities broker or dealer. 400.5 Section 400.5 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 RULES OF GENERAL...

17 CFR 400.5 - Amendments to application for registration and to notice of status as a government securities...

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Amendments to application for registration and to notice of status as a government securities broker or dealer. 400.5 Section 400.5 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 RULES OF GENERAL...

17 CFR 400.5 - Amendments to application for registration and to notice of status as a government securities...

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Amendments to application for registration and to notice of status as a government securities broker or dealer. 400.5 Section 400.5 Commodity and Securities Exchanges DEPARTMENT OF THE TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 RULES OF GENERAL...

Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice.

PubMed

Javed, Muhammad Awais; Ben Hamida, Elyes; Znaidi, Wassim

2016-06-15

Connecting vehicles securely and reliably is pivotal to the implementation of next generation ITS applications of smart cities. With continuously growing security threats, vehicles could be exposed to a number of service attacks that could put their safety at stake. To address this concern, both US and European ITS standards have selected Elliptic Curve Cryptography (ECC) algorithms to secure vehicular communications. However, there is still a lack of benchmarking studies on existing security standards in real-world settings. In this paper, we first analyze the security architecture of the ETSI ITS standard. We then implement the ECC based digital signature and encryption procedures using an experimental test-bed and conduct an extensive benchmark study to assess their performance which depends on factors such as payload size, processor speed and security levels. Using network simulation models, we further evaluate the impact of standard compliant security procedures in dense and realistic smart cities scenarios. Obtained results suggest that existing security solutions directly impact the achieved quality of service (QoS) and safety awareness of vehicular applications, in terms of increased packet inter-arrival delays, packet and cryptographic losses, and reduced safety awareness in safety applications. Finally, we summarize the insights gained from the simulation results and discuss open research challenges for efficient working of security in ITS applications of smart cities.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

33 CFR 106.265 - Security measures for restricted areas.

Code of Federal Regulations, 2010 CFR

2010-07-01

...) Telecommunications; (iii) Power distribution system; (iv) Access points for ventilation and air-conditioning systems... security areas within the OCS facility; (6) Protect security and surveillance equipment and systems; and (7... security and surveillance equipment and systems and their controls, and lighting system controls; and (3...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2014 CFR

2014-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Section 339.7102 Federal Acquisition Regulations System HEALTH AND HUMAN SERVICES SPECIAL CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability... Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

PubMed

Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

2017-11-01

A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

Comparison of secure messaging application (WhatsApp) and standard telephone usage for consultations on Length of Stay in the ED. A prospective randomized controlled study.

PubMed

Gulacti, Umut; Lok, Ugur

2017-07-19

Consultation, the process of an Emergency Physician seeking an opinion from other specialties, occurs frequently in the Emergency Department (ED). The aim of this study was to determine the effect of secure messaging application (WhatsApp) usage for medical consultations on Emergency Department Length of Stay (ED LOS) and consult time. We conducted a prospective, randomized controlled trial in the ED using allocation concealment over three months. Consultations requested in the ED were allocated into two groups: consultations requested via the secure messaging application and consultations requested by telephone as verbal. A total of 439 consultations requested in the ED were assessed for eligibility and 345 were included in the final analysis: 173 consultations were conducted using secure messaging application and 172 consultations were conducted using standard telephone communications. The median ED LOS was 240 minutes (IQR:230-270, 95% CI:240 to 255.2) for patients in the secure messaging application group and 277 minutes (IQR:270-287.8, 95% CI:277 to 279) for patients in the telephone group. The median total ED LOS was significantly lower among consults conducted using Secure messaging application relative to consults conducted by telephone (median dif: -30, 95%CI:-37to-25, p<0.0001). The median consult time was 158 minutes (IQR:133 to 177.25, 95% CI:150 to 169) for patients in the Secure messaging application group and 170 minutes (IQR:165 to 188.5, 95% CI:170-171) for patients in the Telephone group (median dif: -12, 95%CI:-19 to-7,p<0.0001). Consultations completed without ED arrival was 61.8% in the secure messaging group and 33.1% in the Telephone group (dif: 28.7, 95% CI:48.3 to 66, p<0.001). Use of secure messaging application for consultations in the ED reduces the total ED LOS and consultation time. Consultation with secure messaging application eliminated more than half of in-person ED consultation visits.

Securing Provenance of Distributed Processes in an Untrusted Environment

NASA Astrophysics Data System (ADS)

Syalim, Amril; Nishide, Takashi; Sakurai, Kouichi

Recently, there is much concern about the provenance of distributed processes, that is about the documentation of the origin and the processes to produce an object in a distributed system. The provenance has many applications in the forms of medical records, documentation of processes in the computer systems, recording the origin of data in the cloud, and also documentation of human-executed processes. The provenance of distributed processes can be modeled by a directed acyclic graph (DAG) where each node represents an entity, and an edge represents the origin and causal relationship between entities. Without sufficient security mechanisms, the provenance graph suffers from integrity and confidentiality problems, for example changes or deletions of the correct nodes, additions of fake nodes and edges, and unauthorized accesses to the sensitive nodes and edges. In this paper, we propose an integrity mechanism for provenance graph using the digital signature involving three parties: the process executors who are responsible in the nodes' creation, a provenance owner that records the nodes to the provenance store, and a trusted party that we call the Trusted Counter Server (TCS) that records the number of nodes stored by the provenance owner. We show that the mechanism can detect the integrity problem in the provenance graph, namely unauthorized and malicious “authorized” updates even if all the parties, except the TCS, collude to update the provenance. In this scheme, the TCS only needs a very minimal storage (linear with the number of the provenance owners). To protect the confidentiality and for an efficient access control administration, we propose a method to encrypt the provenance graph that allows access by paths and compartments in the provenance graph. We argue that encryption is important as a mechanism to protect the provenance data stored in an untrusted environment. We analyze the security of the integrity mechanism, and perform experiments to measure the performance of both mechanisms.

An E-Hospital Security Architecture

NASA Astrophysics Data System (ADS)

Tian, Fang; Adams, Carlisle

In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

Applications of spatially offset Raman spectroscopy to defense and security

NASA Astrophysics Data System (ADS)

Guicheteau, Jason; Hopkins, Rebecca

2016-05-01

Spatially offset Raman spectroscopy (SORS) allows for sub-surface and through barrier detection and has applications in drug analysis, cancer detection, forensic science, as well as defense and security. This paper reviews previous efforts in SORS and other through barrier Raman techniques and presents a discussion on current research in defense and security applications.

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 1 2011-04-01 2011-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 20 Employees' Benefits 1 2012-04-01 2012-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 20 Employees' Benefits 1 2013-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 20 Employees' Benefits 1 2014-04-01 2012-04-01 true Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

20 CFR 217.7 - Claim filed with the Social Security Administration.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 1 2010-04-01 2010-04-01 false Claim filed with the Social Security... RETIREMENT ACT APPLICATION FOR ANNUITY OR LUMP SUM Applications § 217.7 Claim filed with the Social Security Administration. (a) Claim is for life benefits. An application for life benefits under title II of the Social...

Injection of Contaminants into a Simulated Water Distribution System Equipped with Continuous Multi-Parameter Water Monitors

EPA Science Inventory

The U.S. EPA’s Technology Testing and Evaluation Program has been charged by EPA to evaluate the performance of commercially available water security-related technologies. Multi-parameter water monitors for distributions systems have been evaluated as such a water security techn...

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

NASA Astrophysics Data System (ADS)

Aguado, Alejandro; Hugues-Salas, Emilio; Haigh, Paul Anthony; Marhuenda, Jaume; Price, Alasdair B.; Sibson, Philip; Kennard, Jake E.; Erven, Chris; Rarity, John G.; Thompson, Mark Gerard; Lord, Andrew; Nejabati, Reza; Simeonidou, Dimitra

2017-04-01

We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.

13 CFR 107.1400 - Dividends or partnership distributions on 4 percent Preferred Securities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Dividends or partnership distributions on 4 percent Preferred Securities. 107.1400 Section 107.1400 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES SBA Financial Assistance for Licensees...

17 CFR 240.15Ba2-2 - Application for registration of non-bank municipal securities dealers whose business is...

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Application for registration of non-bank municipal securities dealers whose business is exclusively intrastate. 240.15Ba2-2... registration of non-bank municipal securities dealers whose business is exclusively intrastate. (a) An...

10 CFR 52.79 - Contents of applications; technical information in final safety analysis report.

Code of Federal Regulations, 2012 CFR

2012-01-01

... B to 10 CFR part 73. (iii) A cyber security plan in accordance with the criteria set forth in § 73..., training and qualification plan, and cyber security plan; and (v) Each applicant who prepares a physical security plan, a safeguards contingency plan, a training and qualification plan, or a cyber security plan...

10 CFR 52.79 - Contents of applications; technical information in final safety analysis report.

Code of Federal Regulations, 2013 CFR

2013-01-01

... B to 10 CFR part 73. (iii) A cyber security plan in accordance with the criteria set forth in § 73..., training and qualification plan, and cyber security plan; and (v) Each applicant who prepares a physical security plan, a safeguards contingency plan, a training and qualification plan, or a cyber security plan...

10 CFR 52.79 - Contents of applications; technical information in final safety analysis report.

Code of Federal Regulations, 2011 CFR

2011-01-01

...) A cyber security plan in accordance with the criteria set forth in § 73.54 of this chapter; (iv) A... cyber security plan; and (v) Each applicant who prepares a physical security plan, a safeguards contingency plan, a training and qualification plan, or a cyber security plan, shall protect the plans and...

10 CFR 52.79 - Contents of applications; technical information in final safety analysis report.

Code of Federal Regulations, 2014 CFR

2014-01-01

... B to 10 CFR part 73. (iii) A cyber security plan in accordance with the criteria set forth in § 73..., training and qualification plan, and cyber security plan; and (v) Each applicant who prepares a physical security plan, a safeguards contingency plan, a training and qualification plan, or a cyber security plan...

17 CFR 240.6a-1 - Application for registration as a national securities exchange or exemption from registration...

Code of Federal Regulations, 2010 CFR

2010-04-01

... as a national securities exchange or exemption from registration based on limited volume. 240.6a-1... national securities exchange or exemption from registration based on limited volume. (a) An application for registration as a national securities exchange, or for exemption from such registration based on limited volume...

17 CFR 240.6a-1 - Application for registration as a national securities exchange or exemption from registration...

Code of Federal Regulations, 2011 CFR

2011-04-01

... as a national securities exchange or exemption from registration based on limited volume. 240.6a-1... national securities exchange or exemption from registration based on limited volume. (a) An application for registration as a national securities exchange, or for exemption from such registration based on limited volume...

A Component-Based Approach for Securing Indoor Home Care Applications

PubMed Central

Estévez, Elisabet

2017-01-01

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home. PMID:29278370