Earticle

SCADA system is a computer system that monitors and controls the national infrastructure or industrial process including transportation facilities, water treatment and distribution, electrical power transmission and distribution, and gas pipelines. If a SCADA system is infected by a malicious worm, such as the Stuxnet, disaster is inevitable. Since the appearance of Stuxnet, researchers focused on detecting this intrusion in SCADA networks. As a result, various methods have been presented by researchers. One of them is to monitor traffic and detect anomalous patterns. However, it is not able to detecting a spoofed packet. This study present three cases of system anomaly by example of pattern based on real data of PROFINET/DCP protocol. And propose protection method using the authentication.

VANETs (Vehicular Ad-hoc Networks) are a next-generation networking technology that provides communication between vehicles or between a vehicle and an RSU (Road Side Unit) using wireless communication. A vehicle accident is likely to cause a serious disaster. Therefore, the VANET system provides an essential information exchange protocol for communication between vehicles. However, a key exchange scheme based on the proposed general network for a high-speed communication environment is not suitable for vehicles. In this paper, the first communication from the RSU passes only group keys. Then it updates the key value in the communication with the vehicle using Bloom filters to verify the proposed method. In the proposed scheme in VANET, dispersed operations are carried out in the RSU. By reducing to a minimum the number of keys exchanged, more secure group communication can be realized. In this paper, we proposed a message batch verification scheme using Bloom Filter that can verify multiple messages and handover authentication efficiently even for multiple communications with many vehicles.

Wireless sensor networks (WSNs) have been deployed for several applications that use M2M communications. Malicious code propagation is considered a serious threat on WSNs. In this paper, we considere a simple, distributed remote attestation method for a WSN that does not require secret information, precise timing measurement, or a tamper-resistant device. Each node holds a value for the attestation of other nodes, and sensor nodes check the validity of each other's data. A sensor node terminates itself to prevent propagation of malicious code, when the sensor node nds a unexpected changes in stored program and data. We analyzed the probability of success in protecting the WSN against malicious code under random network models. The analyses conrmed the feasibility of the attestation scheme and we obtained a fundamental approach to nding an appropriate frequency for attestation.

A various types of cryptographic modules are utilized within a security system protecting sensitive information in computer and telecommunication systems. The approved authorities as like KCMVP, CMVP, JCMVP validate various types of cryptographic modules and assure the security of the module. When the cryptographic module is utilized in a diversity of application environments, it needs the professional technology to choice the cryptographic module which is proper to the application environments. Therefor if the information system owner acquires the cryptographic module to operate the information system safely, it is necessary to authorize the module through the authorization process. This paper proposes accreditation process to authorize cryptographic module when information system owner acquires a cryptographic module which was validated by the approved authority. The cryptographic module is claimed by ISO/IEC 19790 and ISO/IEC 247859. The authorization process and accreditation method which is proposed by this paper is useful when the system owner approves the cryptographic module to operate in the information system

Subsea blowout preventer is an important tool for ensuring safety of drilling activities and rig personal. In case of faults, it might cause severe damages to the environment and oil companies. This paper presents the method to perform fault diagnosis of subsea blowout preventer (BOP) based on artificial neural network (ANN).BP ANN of the BOP are proposed on the basis of the typical faults of the BOP in the process of opening and closing. In order to obtain higher training speed and precision, BP ANN are improved with gradient descent with momentum and adaptive LR gradient descent methods. Besides, RBF network is also presented for getting a better model for diagnosis. Compared with BP network, RBF network has better performance concerning training speed and precision in this case. However, BP network will show stronger flexibility in the complex model with plenty of fault types.

This paper presents the implementation of high-speed block, cipher, HIGHT. The proposed architecture employs parallel architecture to enhance throughput. In addition, it shares key scheduling block for encryption and decryption to reduce hardware complexity. It also introduces an efficient protocol applicable to RFID systems, implementing the HIGHT block cipher algorithm. The new HIGHT structure yields a size small enough to afford tag applications and twice as high performance with respect to conventional HIGHT implementation. The proposed protocol overcomes the security vulnerability of RFID tags, and reduces energy consumption per transaction by sharing key generation.

As the Internet has been growing, WWW(World Wide Web) based services were popularized and users using the service were increased excessively. Web service is a software system designed to support interoperable machine-to-machine interaction over a network. Currently, it has been emphasized quality and security of web services. Therefore, in this paper, we described standard trends such as SOAP, WSDL, UDDI for web services and the security policies to protect user information. Eventually, we described a mechanism to use bio information for protection of user information.

This paper deals with detecting an anomalous traffic area based on its distribution and distance measurements. On detecting anomalous traffic such as flooding attack traffic we should consider the packet attribute of the traffic. In order to identify that traffic, we compute entropy of selected packet attribute and Mahalanobis distance between normal and abnormal traffics. Chi-square test is used to evaluate the proposed method. Detection accuracy and performance are analyzed using real network traffic trace which consists the mostly backscatter of SYN flooding attack from LANDER project. The result of our proposed method indicates that it can show and offer significantly an accurate result.

This paper considers a condition-based maintenance (i.e. CBM) model for the hydro generating unit in the deregulated power system. As the generating loss varies according to the time-varying inflows, the economic dependence among the critical component of the generating unit is dynamic. To reduce the maintenance cost effectively, we propose an inflow-dependent control-limit policy instead of the constant control-limit policy for CBM optimization. An example for the hydro generating unit is presented to verify the effectiveness of the proposed policy.

Recently, there has been increasing researches on computing environment caused by changes in computing paradigm of security aspects with respect to big data issues and eco-system of cloud computing. Because the cloud computing is operated on a variety of devices, there is a demand for the security aspects corresponding to various cloud computing devices. In this sense, this paper is proposed the concept design of a testbed for security research and described the cases studies of cyber-quarantine and cyber-criminal investigation using SRTB (Security Research TestBed based on cloud computing) for various computing application.

In the paper we proposed advanced methods of USB security software using file system recomposition and unassigned arbitary disk area. It provides data confidentiality of the USB storage device in the Windows OS using forced disk partition division by offering the real time data password in secure area. The confidentiality is also served by using user login verification and saving encoded the hash value at the unassigned arbiraty disk partition.

This paper presents a network intrusion detection system, which is categorized as a type of signature-based detection method. A domain specific language, called isDSL, is developed as a means of declaring intrusion signatures. The isDSL rule syntax is defined based on the structure of TCP/ IP stack, and the sign of attack is prescribed as a combination of properties and values that could span across the packets or TCP/IP layers. The prototype of intrusion detection system has been implemented. It consists of three major components: 1) isDSL par-ser, 2) Traffic monitor, and 3) Network intrusion detector. The isDSL parser supports the parsing of the intrusion conditions prescribed in a rule script into a set of rule structures used for matching with the network intrusion packets. Traffic monitor is the engine responsible for capturing the network packets and storing them in the buffer for further inspection. The Net-work intrusion detector applies the genetic algorithm for searching malicious states on net-work traffics. Preliminary experiments were conducted to study the performance of the pre-sented approach. The findings reported that the application of genetic algorithm for search-ing the signs of security breaches against declarative rules would be efficient and promising.

Data availability service is now ubiquitously practical from the high-end systems such as routers, gateways, firewalls, and web servers to the low-end systems such as smart phone, tablet, etc…with the emerging growth of the embedded systems, there is parallel rapid increase in the amount of information flowing across intranets and the Internet. Hence, security has become an essential part of today’s computing world. This promise of universal connectivity for embedded systems creates increased possibilities for malicious users to gain unauthorized access to sensitive information. This paper presents a framework for HNS in which an embedded encryption protocol scheme enables negotiation between entities to specify authorization requirements that must be met before accessing the network and data.

As many users of electronic devices have demanded security functions for their devices, many security products have been recently developed and released. Only a few products, unfortunately, are selected by users and most of products are disappeared. The kinds and demand-side market of electronic devices have been dramatically increased. And potential users consider various factors when they purchase security products. However, until now, security products have been developed in no consideration of user’s selection features with effective evident criteria and that’s the reason why most of products are disappeared. Thus this study explores the key factors and preference tendencies that are essentially deliberated when users choose security products. This study provides a decision-making model for software developers, users and market strategist. Also this paper proposes the assessment matrix for measuring the factor level to form the criteria which can be utilized in a security product market.

Although there are many studies on the adoption intentions for smartphone-based mobile banking, there is no apparent effect on the popularity of it. This is because the smartphone users have a resistance to innovation on mobile banking. The purpose of this study is to identify and analyze the relationship between user resistance and different factors from innovation and user’s characteristics. Thereafter, important factors are identified which mainly affect/determine user resistance to mobile banking. Survey research of this study was conducted around university undergraduates, graduate students, and employees in Henan of China. The results of this study are as follows. Social Influence and Perceived Complexity have positive effect on Perceived Risk, and Trust has negative effect on Perceived Risk, Perceived Security and Perceived Protection of Private information have no effect on Perceived Risk. Perceived Risk has positive effect on User Resistance.

Smart phone became the generalized device now and tends to be used much even for business with escaping from an individual’s taste. Smart-phone users are enough to reach about 400 million people worldwide. This trend is continuously growing. Owing to the generalization of smart device, even a plan of increasing corporate competitiveness is being considered by many enterprises. There is the biggest merit available for increasing efficiency of business by getting access to network anytime and anywhere and for maximizing power and agility by integrating it into specific business. However, there are many matters to be considered for this. The most important problem among those things is the biggest concern about information protection. Smart phone is high in a risk of being lost as excellent as mobility is. Due to this, the possibility of information leakage exists always. The purpose of this study is to supplement the existing demerit of MDM and MAM in the above and to solve fundamental problem, and to solve this by integrating traffic and suggesting MTM through strengthening and grouping security on the integrated traffic. Especially, it suggested fundamental security by definitely dividing information of business and an individual through analyzing network traffic, and proposes even a plan of utilizing dual USIM.

On the basis of analyzing the existing intrusion detection system (IDS) based on agent, this paper proposed a multi-agent distributed IDS(DIDS) model based on BP neural network. This model adopted the modes of distributed detection and distributed response. Each Agent was independence relatively. And this model analyzed the functional design of each agent and central console. Meanwhile, to improve the performance of the system, an improved error back-propagation algorithm was designed, which could improve the detection accuracy of the system by using its good learning ability. In addition, the dynamic election algorithm and collaborative algorithm were analyzed preliminarily. Experiments proved that the system could complete the intrusion detection tasks by making full use of various resources collaboratively, and thus the detection speed and accuracy of the system could be improved.

This paper is intended to solve the problem of high capacity of streaming media and data access privilege management in a broadcasting environment. For this, an access privilege sharing management technique that enables a safe streaming media service is designed by using AONT-based XOR threshold Secret Sharing on the basis of cloud computing. Specifically, encryption in protocol is composed of the first encryption that maintains the confidentiality of data by performing the AES encryption of streaming media data, and the second encryption that makes an access privilege management function carried out and satisfies variability and redundancy by the distribution storage of AES key. The proposed scheme assures security against a collusion attack between the malicious users and cloud servers due to the decryption privilege sharing because the first encryption and the second encryption output (header, body) is stored and shared through other channels (Privilege Manager Group, Media Service Provider) respectively.

By analyzing the present applying situation and influential factors of the information security technology, considering technological utility, cognitive cost, social impact, individual innovation, computer self-efficacy and other external variables, this paper constructs a model of user behavior of information security technology based on TAM. Through questionnaire to collect data and SPSS to perform reliability analysis, validity analysis, correlation analysis and regression analysis, the model in this paper is verified to be effective. Finally, some relative recommendations for the development of Chinese information security technology are put forward.

A scrambling approach is a method which is employed on almost all commercially manufactured system including image and video systems. In this paper, we proposed a new scrambling approach which uses random process. We first separate blocks into certain size, and relocated them randomly. This is block shuffling which is proposed for the purpose of randomizing the block location. The relocated blocks have three channels, R, G, and B, and each color channel’s luminance values are complemented. Experimental results show that the proposed method well-protect contents.

Anomaly traffic detecting using Netflow data is one of important problems in the field of network security. In this paper, we proposed an approach using MapReduce model, which was realized by means of the entropy observation and DFN (Distinct feature number) distribution deviations of traffic features under anomalies at small time scales. The MapReduce was used to deal with huge amounts of data with the aid of computer cluster processing. Experimental results show the effectiveness of the proposed approach.

Information over Internet needs to be communicated secure and prompt. But every cryptographic algorithm of the information requires extra time and memory space for execution in the systems such as PC or smart device. In this paper, an actual cost of speed and memory for a popular smart device environment such as ARM9 with Linux is presented so that the performance is enough to serve wired or wireless data transmission from DCU for smart grid systems or Full HD CCTV cameras.

It is a tough problem to pretect computer data in the public environment. In order to prevent hard disk data from virus infection, malice destory and deleting by mistake, this paper illustrates the design and implementation of a disk immunity system based WDM filtered driver. This system can effectively protect hard disk data. Benchmark results show that this system has a few effects for the disk I/O performance.

Side channel attacks are attacks that are based on “Side Channel Information”. Side channel information is information that can be retrieved from the encryption device that is neither the plaintext to be encrypted nor the cipher text resulting from the encryption process. Side-channel attacks are easy-to-implement whilst powerful attacks against cryptographic implementations and their targets range from primitives, protocols, modules, and devices to even systems. These attacks pose a serious threat to the security of cryptographic modules. In consequence, cryptographic implementations have to be evaluated for their resistivity against such attacks and the incorporation of different countermeasures has to be considered. In this paper, we explain about the correlation power analysis attack, which is the most dangerous type of side channel attack. Also, we implemented and experiment this attack using ATmega cryptographic module for configuration and the oscilloscope to obtain the experimental result, and MATLAB program for the verification process and design technology to analyze countermeasures.

This paper refers important issues regarding how to evaluate the security threats of the online banking effectively, a system threat analysis method combining STRIDE threat model and threat tree analysis is proposed, which improves the efficiency of the threat analysis greatly and also has good practicability. By applying this method to the online banking system threat analysis, we construct STRIDE threat model on the analysis of the key business data, and then we construct threat tree on the security threat by layer-by-layer decomposition. Thus it gives a detailed threat analysis of the online banking system. This security threat analysis has important significance for the online banking system security analysis and for revealing the threats that the online banking facing.

In the age of e-commerce, the issue of information leakage of internet users is a wide concern. The e-commerce enterprises should be prepared to deal with network data processing security, and to avoid various inconveniences led by the loss of data information. In this study, the "business to customer" (B2C) cloud data processing model is taken as an example to propose a security countermeasure for network data processing based on cloud computing platform. The cloud network computing model is adopted for the automated processing on B2C network data. Based on the network overlapping relationship and model settings, the security workflow of the cloud data computing processing is built. Moreover, the overlapping network plan and flow network technique are considered as the basis of the model, and a diversified security control platform is created by combining with modeling tools.

Seeing the actual condition of cyber terror that is happening these days, a situation on cyber security is being emerged as serious social issue beyond damage of an individual or enterprise. Above all, it is a situation of being difficult to guess damage, which may occur due to the leakage of personal information or to the leakage of secret information in enterprise or institution. To prevent this hacking damage, a system or solution is being developed diversely. However, it is difficult to perform security in the perfect form. The real situation is that requires the technology available for perceiving hacking incident in advance ahead of this, as well as the technology of detecting and coping with hacking incident in the shortest time in the aspect of range or scale in damage, which is created by hacking incident. The purpose of this study is to suggest solution on the whole defense of system through network by grasping the whole situation on this cyber terror. For the objective dubbed the internal data loss prevention, the mechanism is needed that can preferentially analyze and monitor suspicious behavior and also that can closely analyze data of being doubtful about malicious link. The aim is to propose mechanism available for preparing for potential attack by expanding the subjects of this analysis even into the internal network and separately-divided network without setting limits to the external network.