The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs...
The shift from mere service-oriented architectures (SOA) to semantically enriched approaches is especially being forced in multi-domain environments that the public sector in the European Union is an example for. The security aspect is lagging behind its possibilities, and new access control approaches native to the semantic environment need to be applied. Based on architectural research work conducted...
A zone based systems design framework is described and utilized in the implementation of a message authentication code (MAC) algorithm based on symmetric key block ciphers. The resulting block cipher based MAC algorithm may be used to provide assurance of the authenticity and, hence, the integrity of binary data. Using software simulation to benchmark against the de facto cipher block chaining MAC(CBC-MAC)...
Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based administrative models fall into the category of administrator based decentralized approach. In such an approach,...
We present a threat and risk-driven methodology to security requirements engineering. Our approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. This security-relevant knowledge is used to assess the adequacy of security mechanisms, which are selected...
Ad-hoc networks establish communication in improvised environments without requiring any fixed infrastructure. These networks are inherently prone to security attacks, with node mobility being the primary cause in allowing security breaches. Therefore secure routing is a must for such networks. A number of secure routing protocols based on trust have recently been proposed. However, all these protocols...
Effectively and efficiently performing business processes is a key success factor for achieving economic entrepreneurial goals. Amongst others, the argument of more stringent cost pressure lead companies to enforce outsourcing activities. Thus, the management of services - both, from the service requester and provider point of view - gained importance. However, considering only economic aspects is...
Social Networking Sites (SNS), such as Facebook and LinkedIn, have become the established place for keeping contact with old friends and meeting new acquaintances. As a result, a user leaves a big trail of personal information about him and his friends on the SNS, sometimes even without being aware of it. This information can lead to privacy drifts such as damaging his reputation and credibility,...
This paper presents a stream cipher named eLoBa - ''enhanced Lorenz Based'', for Wireless Sensor Networks. eLoBa presents considerable improvements to a recently proposed PRNG based on Chaos, that increases its performance and security namely against algebraic attacks. We describe the eLoBa architecture and evaluate its security and performance comparing eLoBa with AES in counter mode. We show that...
Collaborations by the use of inter-organizational business processes can help companies to achieve a competitive edge over competing businesses. Typically, these collaborations require an efficient identity management (IdM) that ensures the authorized access to services in different security domains. The successful implementation of an IdM in distributed systems requires to cope with a diversity of...
In this paper we study the information security investment model proposed by Gordon and Loeb. We argue that the original model is missing at least one important restriction concerning monotonicity of the remaining vulnerability viewed as a function of original vulnerability level, and propose adding the respective condition. We present a new family of remaining vulnerability functions satisfying all...
The use of Internet based communication technologies has become more prevalent in recent years. Technologies such as Skype provide a highly secure and decentralised method of communication. These technologies may also leave little evidence on static media causing conventional digital forensic processes to be ineffective. This research looks at exploiting physical memory to recover evidence from Internet...
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular run-time environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees...
Establishing effective and novel techniques that are able to represent digital evidence in an efficient and understandable manner to investigators is a significant challenge within the digital forensics domain. Current tools and techniques do not scale well with the increasing volumes of evidence required for analysis. This paper defines a high-level conceptual framework to address issues surrounding...
In this paper, we propose a new blind steganalytic method to detect the presence of secret messages embedded in black and white images using the steganographic techniques. We start by extracting several sets of matrix, such as run length matrix, gap length matrix and pixel difference. We also apply characteristic function on these matrices to enhance their discriminative capabilities. Then we calculate...
We numerically evaluate the wavelength division multiplexing (WDM) data transmission of coherent phase-shift keying (PSK) and quadrature amplitude modulation (QAM) signals in optical fiber communication and deep-space communication channels with conventional homodyne-based(dyne-type) detections and various quantum detection strategies. We show the quantitative gap between these detection strategies...
Computer forensics investigations are based on the evidence search process to determine the intruder techniques and activities. Current tools are mainly focused in gathering evidence from the target system however its analysis is a highly complicated task. In this paper, we present an Automated Forensic Diagnosis System composed by a Knowledge Attack Base and a series of log analysis processes working...
The discrete logarithm problem (DLP) is one of the familiar problem on which cryptographic schemes rely. In 2006, Cheon proposed an algorithm for solving DLP with auxiliary input which works better than conventional algorithms. This paper firstly reports experimental results on Cheon's algorithm for DLP on a super singular elliptic curve defined over GF(3127), which is used for efficient pairing computation...
The growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly forensic i.e. capable of meeting the requirements of the trier of fact. In this work, we present a function oriented testing framework for validation and verification of computer forensic tools. This framework consists of...
We have applied the generalized and universal distance measure NCD-Normalized Compression Distance-to the problem of determining the types of file fragments via example. A corpus of files that can be redistributed to other researchers in the field was developed and the NCD algorithm using k-nearest-neighbor as a classification algorithm was applied to a random selection of file fragments. The experiment...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.