Computer Security

Current trend in health-care industry is to shift its data on the cloud, to increase availability of Electronic Health Records (EHR) e.g. Patient’s medical history in real time, which will allow sharing of EHR with ease. However, this conventional cloud-based data sharing environment has data security and privacy issues. This paper proposes a distributed solution based on blockchain technology for trusted Health Information Exchange (HIE). In addition to exchange of EHR between patient and doctor, the proposed system is also used in other aspects of healthcare such as improving the insurance claim and making data available for research organizations. Medical data is very sensitive, in both social as well as legal aspects, so permissioned block-chain such as Hyperledger Fabric is used to retain the necessary privacy required in the proposed system. As, this is highly permissioned network where the owner of the network i.e. patient holds all the access rights, so in case of emergency ...

Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user's computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organizati...

In Industrial environments, huge amount of data is being generated which in turn collected indatabase anddata warehouses from all involved areas such as planning, process design, materials, assembly, production, quality, process control, scheduling, fault detection,shutdown, customer relation management, and so on. Data Mining has become auseful tool for knowledge acquisition for industrial process of Iron and steel making. Due to the rapid growth in Data Mining, various industries started using data mining technology to search the hidden patterns, which might further be used to the system with the new knowledge which might design new models to enhance the production quality, productivity optimum cost and maintenance etc. The continuous improvement of all steel production process regarding the avoidance of quality deficiencies and the related improvement of production yield is an essential task of steel producer. Therefore, zero defect strategy is popular today and to maintain it several quality assurance techniques areused. The present report explains the methods of data mining and describes its application in the industrial environment and especially, in the steel industry.

Internet of Things provides truly ubiquitous and smart environment. The multilayer distributed architecture with a variety of different components together with end devices, applications and the association with its framework poses challenge. Internet of Things middleware actions as a joining link between the heterogeneous areas that communicate across heterogeneous edges. In this work, we study the interoperability issue between heterogeneous devices. We presented guidelines to handle the interoperability issue in Internet of Things. Furthermore, we have proposed architectural framework for Home Area Network.

Self-healing concretes are being widely recognized as a remedial technique to improve the durability o f concrete. Although, few review papers on self-healing concret e were published, a strong review on all aspects of self-healing concrete cannot be found. In this paper, natural, chemical a nd biological processes of self-healing concrete te chnologies were completely reviewed. The main focus of the study is for the biological processes. The review presents a new insight into the research for the treatment of unexpected cracking o f concrete. The information presented in this paper can be considered significant for biotechnologists and bioprocess eng ineers to have comprehensive updates on the current status-quo of self- healing concrete.

La présente analyse a pour but d'établir le niveau de risque que représente l'utilisation système de gestion de production SCADA dans l'ABC Energie Portée (scope) : La portée de cette analyse est sur le système de gestion de production (usines) (SCADA PLC) traditionnelle dans l'ABC Energie à Montréal .l'analyse se porte sur l'utilisation de (SCADA PLC), capteurs et actionneurs, RTU.PLC, protocole de communication, les serveurs de SCADA, les applications SCADA, les clients SCADA, l'accès physique aux salle de serveurs et salle de contrôle Hors portée (out of scope): La configuration de (SCADA PLC et les applications qui a une relation avec le SCADA et leur code de sources), les outils de développement tous qui es mécanique est ne font pas partie de cette analyse de risque. Classification des informations : Dans le monde industriel, les critères liés à la sûreté de fonctionnement (disponibilité et intégrité en premier lieu) sont prioritaires par rapport aux critères de confidentialité ou de traçabilité. Mais Le stockage de données Quelle que soit la nature peut être à relativiser en fonction des processus métiers concernés et des obligations règlementaires, Des clients et des fournisseurs de service ainsi que des informations financières, des plans d'acquisition, des documents légaux et médicaux et des recettes à propriété intellectuelle, les automates les le code source et les licences. La classification des informations contenues dans les médias de sauvegarde est « Confidentielle ». Niveau de Criticité du système : Critique, période d'intolérance immédiat. Sommaire Exécutif : Il est reconnu dans l'industrie qu'une grande quantité d'incidents majeurs de sécurité informatique se sont produits dans des environnements ayant moins de surveillance telle que les logiciels de gestion. L'analyse de cet exercice nous porte à croire que le niveau de risque que représentent les le système de gestion de production SCADA chez ABC Energie est considéré élevé en raison des anomalies suivantes qui ont été observées :

The world of internet today has become a parallel form of life and living. Public are now capable of doing things which were not imaginable few years ago. The Internet is fast becoming a way of life for millions of people and also a way of living because of growing dependence and reliance of the mankind on these machines. Internet has enabled the use of website communication, email and a lot of anytime anywhere IT solutions for the betterment of human kind. Cyber crime is emerging as a serious threat. Worldwide governments, police departments and intelligence units have started to react. Initiatives to curb cross border cyber threats are taking shape. Indian police has initiated special cyber cells across the country and have started educating the personnel. This article is an attempt to provide a glimpse on cyber crime in society. This article is based on various reports from news media and news portal.

ࡗ Sponsors high-level conferences and symposia around the world. ࡗ Offers as an open standard (www.isaca.org/cobit) Control Objectives for Information and related Technology (COBIT ® ), a breakthrough IT governance tool that uses nontechnical language to help organizations focus their information technology in support of overall business objectives. ࡗ Conducts original research and publishes guidance to help boards of directors, executives and management understand their changing roles and implement effective IT governance. ࡗ Offers case studies on how leading global organizations are implementing IT governance programs and activities. ࡗ Offers the IT Governance Business Game, a day-long training session. ࡗ Hosts the IT governance listserv for professionals to share experience.

This presentation captures the historical adaptation of medieval warriors’ methods for security and thwarts toward adversarial attacks on fortifications for protective areas. History can often be a good teacher for modern day designers for security protection because the evolution of human beings has not changed since the beginning of time. Applicable lessons are applied to all aspects of security to include physical, technical, personnel, information and operational security. The article provides examples of the original concept of access controls, vaulted areas, chemical warfare, and the origins of physical security.

Software Defined Wide Area Network (SD-WAN or SDWAN) is a modern conception and an attractive trend in network technologies. SD-WAN is defined as a specific application of software-defined networking (SDN) to WAN connections. There is growing recognition that SDN and SD-WAN technologies not only expand features, but also expose new vulnerabilities. Unfortunately, at the present time, most vendors say that SD-WAN are perfectly safe, hardened, and fully protected. The goal of this paper is to understand SD-WAN threats using practical approach. We describe basic SD-WAN features and components, investigate an attack surface, explore various vendor features and their security, explain threats and vulnerabilities found in SD-WAN products. We also extend existing SDN threat models by describing new potential threats and attack vectors, provide examples, and consider high-level approaches for their mitigations. The provided results may be used by SD-WAN developers as a part of Secure Software Development Life Cycle (SSDLC), security researchers for penetration testing and vulnerability assessment, system integrators for secure design of SD-WAN solutions, and finally customers for secure deployment operations and configurations of SD-WAN enabled network. The main idea of this work is that SD-WAN threat model involves all traditional network and SDN threats, as well as new product-specific threats, appended by vendors which reinvent or introduce proprietary technologies immature from a security perspective.

Despite a growing amount of scholarly and policy attention to cyber threats, little progress seems to have been made in building effective deterrence against them. State and non-state actors continue to act with an unacceptable level of impunity in using the internet for malicious purposes. This paper by Dr Joe Burton, Visiting Researcher at NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) and Senior Lecturer, New Zealand Institute for Security and Crime Science, University of Waikato, addresses these issues by posing two related questions: given the diversity of actors, threats and motivations involved, is deterrence against cyber-attacks possible? And if it is, how can effective cyber deterrence be built and sustained? These questions are important to both academic and policy debates. If progress is not made on deterring malicious activity online, the costs and consequences of cyber-attacks will continue to grow and continue to cause instability within the international system. The academic debate on cyber deterrence also appears to be unresolved, with some analysts advocating the view that the deterrence concept should be stretched,  some that it should be ditched altogether,  and others that cyber deterrence should be a limited approach applicable only to state actors and high-level strategic threats.

The overarching argument of this paper is that cyber deterrence is possible if the concept is conceived more broadly. To enhance cyber security, cyber deterrence should be a comprehensive strategy that considers the full spectrum of cyber threats and moves beyond narrow conceptions of national and military security. This is not an argument that a blanket approach to cyber deterrence should be applied to all cyber security threats across all sectors, or that military-strategic cyber deterrence is redundant. Instead, deterring diverse cyber threats requires that deterrence be tailored and customised to different actors across the societal, state and international spectrum. Traditional conceptions of deterrence may still have utility in deterring high-level strategic threats (and are arguably already doing so) but will likely not have an impact in an increasingly diverse and complex cyber security landscape

The rise of machine-to-machine (M2M) communications (hardware and software) in internet of things (IoT), let local/overseas organizations such as information systems, schools, hospitals/healthcare, libraries, environment, transportation systems, power plants, water supply, waste management, regulations enforcement, and community services shall be connected. The sharing of data and information are becoming very common among multiplatform environments. This is becoming a basic requirement in any platform to save individual data. So,authentication and regulations requirement play a vital role in safeguarding data breaches. ADANCO 2.0.1 software is used for developing structural equation modelling and testing hypothesis to conclude as follows: There are few independent variables, like hardware and software, regulatory and guidelines, attack and hacking, and authentication that effect implementing a smart solution. The hypothesis testing conducted in the research demonstrates the high st...

The use of bacteriorhodopsin (BR) as an active layer in write-once-read-many optical storage is presented. This novel feature of BR materials may be used on a wide variety of substrates, among them transparent substrates but also paper and plastics. The physical basis of the recording process is polarization-sensitive two-photon absorption. As an example for this new BR application, an identification card equipped with an optical recording strip is presented, which has a capacity of about 1 MB of data. The recording density currently used is 125 kB/cm 2 , which is far from the optical limits but allows operation with cheap terminals using plastic optics. In the examples given, data are stored in blocks of 10 kB each. A special optical encryption procedure allows the stored data to be protected from unauthorized reading. The molecular basis of this property is again the polarization-sensitive recording mechanism. The unique combination of optical storage, photochromism, and traceability of the BR material is combined on the single-molecule level. BR introduces a new quality of storage capability for applications with increased security and anticounterfeiting requirements.

Pattern classification systems based on machine learning algorithms are commonly used in securityrelated applications like biometric authentication, network intrusion detection, and spam filtering, to discriminate between a "legitimate" and a "malicious" pattern class., in which data can be purposely manipulated by humans to undermine their operation. As this adversarial scenario is not taken into account by classical design methods, pattern classification systems may exhibit vulnerabilities, whose exploitation may severely affect their performance, and consequently limit their practical utility. Pattern classification theory and design methods to adversarial settings. Here, propose a framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and give examples of its use in real applications. Reported results show that security evaluation can provide a more complete understanding of the classifier's behaviour in adversarial environments, and lead to better design choices. This framework can be applied to different classifiers on one of the application from the spam filtering, biometric authentication and network intrusion detection. So in this propose an algorithm for the generation of training and testing sets to be used for security evaluation. Now result shows providing security to system using application as blogger for this applying spam filtering, biometric authentication methods. That shows pattern classification for detecting spam comments which easy to detect spam. Multimodal System means that using different inputs system will stored the data for testing and training generation for provide highly security.

Information security in the banking sector is heavily controlled as banks store and manage their clients' private information. Information security has always been the responsibility of the information technology (IT) department in organizations. Banks have become a component of the internet and daily lives. Libyan banks facade limited cash due to the part up political circumstance since 2014, as a result of limited cash individuals incapable to get their salaries. To solve this problem, most of Libyan banks are set up online electronic installment arrangements to assist individuals in buying their day by day needs. However, Cyber-attacks increasing day by day, and this is the challenge facing by banking where data is critical. These incidents could be prevented by implementing adaptable countermeasures promptly and minimizing risk. In this paper, a framework is proposed to assess the information security issue in Libyan banks. The study aimed at the assessment of security strategy in Libyan banks to identify security gaps. To achieve the aim of this study data collected by interview information security staff to evaluate the current security strategy in Libyan banks.

This paper proposes coronavirus disease tracing system acts as a portal for the health center to update and track their patients' contacts and collect data for further analysis. All of the contents are handpicked, filtered, and selected to the best of our ability by assigned individuals (mostly medical staff) to ensure that sources are credible and free of hoaxes for the public's benefit. This application likewise means to assemble information for the top to the bottom investigation (for example, time arrangement to screen the development, in-house patients) and synchronization with a contact following application, for instance, MySejahtera app that was created and set up by the Malaysian government and utilized from one side of the country to the other it assumes that all patients have internet access and smartphone, to handle such delinquent, SMS driven application with ability to update status through using patient credentials through system website, and to add simplicity for clients' understanding using graphic visualizations and dashboards are incorporated.

Research in the broader IT context highlights that there are two main sources for vulnerabilities in IT systems. Firstly, there are technical flaws and architectural vulnerabilities that open back-doors into otherwise safe systems. Secondly, users can also use an IT system in a way that open that system for security issues, despite being technically sound otherwise. Responding to a discussion of this second source of system vulnerabilities, this project will explore how tool support for systems development engineers can be improved to allow for the development of safer systems.

With the quick advancement of flexible cloud administrations, it turns out to be progressively helpless to utilize cloud administrations to share information in a companion hover in the distributed computing condition. Since it is not practical to actualize full lifecycle protection security, get to control turns into a testing errand, particularly when we share delicate information on cloud servers. Keeping in mind the end goal to handle this issue, we propose a key-approach trait based encryption with time-indicated characteristics (KP-TSABE), a novel secure information self-destructing plan in distributed computing. In the KP-TSABE plot, each figure content is marked with a period interim while private key is related with a period moment. The delicate information will be safely self-destructed after a client indicated termination time. Far reaching correlations of the security properties demonstrate that the KP-TSABE conspire proposed by us fulfills the security prerequisites and is better than other existing plans.

The security mechanism are not used directly in wireless sensor networks compare to wired networks, there is no user control and insufficient energy resources. In wireless environment, proposing the scheme of detection of distributed sensor cloning attacks and Zero knowledge protocols (ZKP) are used to verifying authenticity of the sender sensor nodes. Cloning attack is concentrate on by attaching fingerprint which is unique that depends on the set of neighboring nodes and itself. Every message contains a finger print which sensor node sends.ZKP is used to avoid man in the middle attack and reply attacks from the important cryptographic information in wireless networks. Keywords-clone attack, man in middle attack, replay attack, zero knowledge protocol, WSN.

In any organization that operates in cyberspace, it is necessary to understand the information battlespace. Defensive information battlespace knowledge can be provided by detailed analysis of carefully selected metrics using automated analysis, data mining, and data calls. Gathering data for metrics involves many of the same pitfalls as collecting data in research but also incurs the intra-organizational communication problems inherent in organizations. These factors make it difficult to turn data and metrics into decision-ready knowledge. This paper explores data gathering in an organization as a research program and a knowledge transfer activity.

The new information technology is becoming an important factor in the future development of financial services industry, and especially banking industry. Growing international trading and problems in transferring money have motivated researchers to introduce a new structure. Online banking is the newest delivery channel for retail banking services. Online banking facilitated by various Electronic Commerce technologies, has helped commercial banks to stay competitive through productivity gains, transaction cost reduction and customer service improvement. Security for online banking has changed considerably during the relatively short period that online banking has been in use. In particular, authentication in the early implementations was, and sometimes still is, vulnerable to various attacks such as phishing. It is known that the quantum cryptography protocols are able to detect immediately any attempt to attack the key exchange and the authentication process. This paper presents an introduction of online banking and quantum cryptography. In this paper we are proposing a model for authentication in online banking system with quantum cryptography.

This report focuses on vulnerabilities on web-applications and web-sites from Cross-Site Scripting attacks (XSS). The different types of XSS attacks are examined: DOM-based, active and passive attacks. The spread of XSS attacks across platforms government and financial institutions, transportation companies, hospitality and entertainment has been analyzed. Research and analysis of the security of corporate websites and their resistance to XSS attacks have been carried out. The basic guidelines for preventing valuable data theft and unauthorized access to websites and applications from XSS attacks are reviewed and systematized.

NoSQL databases have become more popular and preferable in modern data architecture. It has become a powerful way to store data in a specialized format that yields fast performance for a large amount of data. NoSQL databases are designed for modern web-scale databases. Although, nowadays, it is used to handle big data and many real-time web applications. They can handle enormous amount of unstructured data and structured data. As a result, developers will be able to be more nimble. NoSQL database developers, for example, may deploy code updates more quickly than relational database developers. However, security remains a very difficult issue even with NoSQL databases, as the security concerns inherent in previous databases have not been resolved in NoSQL. The most common example is that their password storage mechanism is weak, meaning it can be decrypted easily. This means that NoSQL databases have weaknesses and one of them is authentication weakness. This paper evaluates how strong the authentication aspect towards different kinds of attacks on a NoSQL database.

Data integration is the technique of merging data residing at different sources at different locations, and providing users with an integrated, reconciled view of these data. Such unified view is called global or mediated schema. It represents the intentional level of the integrated and reconciled data. In the data integration system, our area of interest in this paper is characterized by an architecture based on a global schema and a set of sources or source schemas. The objective of this paper is to provide a study on the theoretical aspects of data integration systems and to present a comprehensive review of the applications of data integration in various fields including biomedicine, environment, and social networks. It also discusses a privacy framework for protecting user’s privacy with privacy views and privacy policies.

The necessity of the companies and organizations to adapt the technological and computer science change takes to formulated key questions: What type of Computer science Security needs my company, financial organization, or government? My financial organization counts with aspects of computer science security in the correct areas? What new tools of computer science security exist? What strategies of security we must follow? In this paper we show a methodology for strategic planning for the computer science security of Banks, Companies and Government, cradle in the concepts of strategic administration of enterprise politics, which tries to give answers to the questions before mentioned.

Malware is one of the major security threats that can break computer operation. However, commercial antivirus or anti-spyware that used signature-based matching to detects malware cannot solve that kind of threats. Nowadays malware writers try to avoid detection by using several techniques such as polymorphic, metamorphic and also hiding technique. In order to overcome that issue, we proposed a new framework for malware behavior identification and classification that apply dynamic approach. This framework consists of two major processes such as behavior identification and malware classification. These two major processes will integrate together as interrelated process in our proposed framework. Result from this study is a new framework that able to identify and classify malware based on it behaviors.

— Today’s growing number of security threats to computers and networks also increase the importance of log inspections to support the detection of possible breaches. The investigation and assessment of security incidents becomes more and more a dai-ly business. Further, the manual log analysis is essentially in the context of developing signatures for intrusion detection systems (IDS), which allow for an automated defense against security attacks or incidents. But the analysis of log data in the context of fo-rensic investigations and IDS signature development is a tedious and time-consuming task, due to the large amount of textual data. Moreover, this task requires a skilled knowledge to differentiate between the important and the non-relevant information. In this paper, we propose an approach for log resp. audit data representation, which aims at simplifying the analysis process for the secu-rity officer. For this purpose audit data and existing relations between audit events are ...

Automatic voice recognition system aims to limit fraudulent access to sensitive areas as labs. Our primary objective of this paper is to increase the accuracy of the voice recognition in noisy environment of the Microsoft Research (MSR) identity toolbox. The proposed system enabled the user to speak into the microphone then it will match unknown voice with other human voices existing in the database using a statistical model, in order to grant or deny access to the system. The voice recognition was done in two steps: training and testing. During the training a Universal Background Model as well as a Gaussian Mixtures Model: GMM-UBM models are calculated based on different sentences pronounced by the human voice (s) used to record the training data. Then the testing of voice signal in noisy environment calculated the Log-Likelihood Ratio of the GMM-UBM models in order to classify user's voice. However, before testing noise and de-noise methods were applied, we investigated different MFCC features of the voice to determine the best feature possible as well as noise filter algorithm that subsequently improved the performance of the automatic voice recognition system. Keywords: Automatic voice recognition (AVR) Gaussian mixture model (GMM) Mel frequency cepstral confections (MFCC's) Microsoft research (MSR) identity toolbox Universal background model (UBM)

Prezentowany tekst jest zapisem wykładu, jaki wygłosił autor w trakcie uroczystości nadania mu godności doktora honoris causa Uniwersytetu Ekonomicznego w Krakowie (26.05.2008). W wykładzie najpierw zdefiniowano zagrożenia, jakie mogą wiązać się z użytkowaniem systemów informatycznych, narażonych na awarie techniczne, ala także na kradzieże danych i ataki hakerów. Następnie omówiono metody przeciwdziałania tym zagrożeniom.

Our Security Agencies to provide the most professional security services available in and around Chennai.Prior to placing our security personnel we ensure he/she is well prepared to handle with real world challenges.

visit @ https://goo.gl/lheKir

Although awareness is constantly rising, that industrial computer networks (in a very broad sense) can be exposed to serious cyber threats, many people still think that the same countermeasures, developed to protect general-purpose computer networks, can be effectively adopted also in those situations where a physical system is managed/controlled through some distributed Information and Communication Technology (ICT) infrastructure. Unfortunately, this is not the case, as several examples of successful attacks carried out in the last decade, and more frequently in the very recent past, have dramatically shown. Experts in this area know very well that often the peculiarities of industrial networks prevent the adoption of classical approaches to their security and, in particular, of those popular solutions that are mainly based on a detect and patch philosophy. This paper is a contribution, from the security point of view, to the assessment of the current situation of a wide class of industrial distributed computing systems. In particular, the analysis presented in this paper takes into account the process of ensuring a satisfactory degree of security for a distributed industrial system, with respect to some key elements such as the system characteristics, the current state of the art of standardization and the adoption of suitable controls (countermeasures) that can help in lowering the security risks below a predefined, acceptable threshold.

previous sections, are: scalability with respect to the number of nodes in the network, self-organization, self-healing, energy efficiency, a sufficient degree of connectivity among nodes, low-complexity, low cost and size of nodes. Those protocol architectures and technical solutions providing such features can be considered as a potential framework for the creation of these networks, but, unfortunately, the definition of such a protocol architecture and technical solution is not simple, and the research still needs to work on it.