Information Security

Information Security

  • Patrick Kamongi added an answer:
    Is there any systematic way to identify assets during threat modeling and risk analysis?

     Identifying assets is the primary, and most critical step in threat modeling, because assets are essentially threat targets. 
    So, How we could determine that the list of assets is complete and be sure that we have not overlooked relevant assets? 

    Patrick Kamongi

    In addition to the above great feedbacks, you should also take in consideration all dependencies(1st, 2nd, etc... Order Levels) that each asset leverages and how many assets may share common dependencies. 

  • Ryan Heartfield added an answer:
    Are there any new Social Engineering detection techniques?
    It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
    Ryan Heartfield


    I have recently had a  journal paper approved for publication in ACM Computing Surveys titled "A taxonomy of attacks and survey of defence mechanisms for semantic social engineering attacks".

    The taxonomy proposed  provides a generic, linear classification structure for technically classifying any semantic attack. It is designed to inform developers/researchers of the key technical concepts that should be considered when implementing SE defence mechanisms. The paper also includes a literature on current defenses mechanisms for semantic attacks, contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix.

    For the pre-publication copy of the journal paper please see: 

    I expect it to be available in ACM CSUR early next year. I hope it helps!

  • Nils Ulltveit-Moe added an answer:
    Has single/dual n-back training any lasting effects?

    Does single or dual-n-back training have any lasting, transferable effects on other cognitive skills, apart from improving the performance in running the dual-n-back game? Some research studies indicate that it may have some effect for some people with some conditions (e.g. older people, people with dysphoria etc.), however larger meta-studies indicate no or very small effect in general as well as methodological problems in the underlying studies. The research therefore seems inconclusive.

    What is your research experience with this? Are there any groups or conditions where such training has been shown to have transferable, lasting effects?

    Nils Ulltveit-Moe

    Thank you, Luke.

    Tiina's work looks very interesting.

  • Majid Bakhtiari added an answer:
    What are the encryption schemes used in SMS?

    I would like to know about the encryption systems used in SMS coding (both for the purpose of transmission data security) in mobile modern phones.

    Majid Bakhtiari

    1- SMS does not encrypt in GSM . 

    Related to key management in GSM, this is why they using from IV.

  • Zakir Khan added an answer:
    What are the main parameters used to measure the strength of an information security algorithm?
    To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
    Zakir Khan

    for signals processing

    Noise addition
    Low pass filtering


    another aspects parameters


  • Natalia G. Miloslavskaya added an answer:
    Do we need Information Security Theory?
    Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
    Natalia G. Miloslavskaya

    I would like to add we should ensure also availability, confidentiality, autenticity, non-repudiation etc. All these qualities of information and IT infrastructure assets are very important, not only integrity.

  • Mel Griffiths added an answer:
    What are the dangers and benefits of "mass" surveillance systems and data profiling?
    I would like to know the impact on both sides: people's privacy and government security.
    Mel Griffiths

    Hi Oussama,

    In terms of mass surveillance, use of metadata and the security versus privacy implications, have a look at the following papers. All are very recent and offer some insight into the dangers and benefits of mass surveillance and big data. 

    Lyon, D. (2014). Surveillance, snowden, and big data: capacities, consequences, critique. Big Data & Society, 1(2), 2053951714541861.

    Schneier, B. (2014). Metadata= Surveillance. IEEE Security & Privacy, (2), 84-84.

    Miller, K. (2014). Total Surveillance, Big Data, and Predictive Crime Technology: Privacy's Perfect Storm. J. Tech. L. & Pol'y, 19, 105.

  • Quist-Aphetsi Kester added an answer:
    How can I process data loss when applying steganography using DCT?

    when hide some bits of secret message in DCT coefficients ,we note some lossy in extracting message(sorry for bad English)

    Quist-Aphetsi Kester

    Gusharanjeet Singh Kalra is right in his explanation

  • Mehdi Kargar added an answer:
    What is penetration testing? How it is implemented in information security?
    I need information on penetration testing to find out the vulnerabilities in the network.
    Mehdi Kargar

    The action is to find security holes in a company or an organization to protect and secure sensitive information

  • Abdullah A. Mohamed added an answer:
    I aim to design on-line IDS by using nsl-kDD data set. is there any way to extract the features of NSL-KDD from a real packet?
    NSL-KDD features consist of 42 features, divided into three classes TCP header, domain and 2-Minette connection. The first type is extracted easily, but the last tow type i can't seem to get. Is there any tool, program language lib. or other that could be of help?
    The feature is shown below.
    10 hot no. of hot indicators
    11 number failed logins no. of failed logins
    12 logged in (discrete)
    13 number compromised no. of compromised conditions
    14 root shell
    15 su attempted
    16 num root no. of root accesses
    17 num file creations no. of file creation operations
    18 num shells no. of shell prompts
    19 num access files no. of operations on access control files
    20 num outbound cmds no. of outbound commands in an ftp sessionc
    21 is host login (if the login belongs to the hot List)
    22 is guest login
    23 count no. of connections to the same host as the current connection in
    24 srv count no. of connections to the same service as the current connection in the past two seconds
    25 Serror rate % of connections that have SYN errors
    26 srv Serror rate % of connections that have SYN errors
    27 rerror rate % of connections that have REJ errors
    28 srv rerror rate % of connections that have REJ errors
    29 same srv rate % of connections to the same ser-vice
    30 diff srv rate % of connections to different service
    31 srv diff host rate
    32 dst host count
    33 dst host srv count
    Abdullah A. Mohamed

    thanks Mr. Mahdy. I will.

  • Sirapat Boonkrong added an answer:
    Is there any way to perform manual assocation of random MAC addresses with the access point in a wireless environment?

    I wanted to know if an attacker can do manual associations of random MAC addresses with the access point.

    Can it be done in case of WPA2 encrypted networks too, i mean the complete four way handshaking involved during authentication?

    Sirapat Boonkrong

    It depends what type of authentication you are doing.

    If you do "open authentication", it is possible for any attacker to fake a MAC address.

    If you do "shared-key authentication", then it becomes more difficult because authentication is done using the pre-shared secret key, rather than a MAC address.

    Bear in mind that if your wireless network uses DHCP, it is very likely that you will need to have an additional authentication layer to stop DHCP from giving out IP address automatically.

  • Nils Ulltveit-Moe added an answer:
    What steps should be considered before implementing ISMS in an organization?

    Hey all

    I am providing the scope of ISMS for an organization who has contract with us. We are going to test the feasibility before implementing ISMS. Does anyone have any idea about such an issue?

    Thank you so much.

    Nils Ulltveit-Moe

    We have now released a set of resources from the PRECYSE EU project that are useful for implementing an Information Security Management System:

    I have released a course on using the Verinice ISMS:

    The YouTube playlist "PRECYSE Verinice Course" with screencast videos is here:

    The arftoverinice import filter for importing OpenVAS scans into Verinice is here:

    The Magerit control catalogue and OCIL test suite is here:

  • Nils Ulltveit-Moe added an answer:
    How can we authenticate a remote program?

    Suppose we have a set of API hosted on a local server. I only want legal remote programs to invoke those APIs. If the remote program is, let's say the original program that I uploaded to the remote machine, then I allow the invoke. If the remote program is a version tampered by the attacker, then I disallow it. How can I bind the program's identity to the function invocation to determine whether the remote program is not tampered?

    Nils Ulltveit-Moe

    Remote attestation based on trusted computing supports detecting changes of the remote software.

  • Priti Puri added an answer:
    What is the most appropriate classification method to classify qualitative parameters of bank's risk (i.e. reputation, legal and compliance) ?

    Regarding to Basel II Pillar 2, they spelled out that bank should notice other inherent risk such as compliance, reputation, legal and strategic risk. These are qualitative (as far as I know, except there is a way to quantify them).

    I was thinking about Fuzzy Inference System, but looking at the high dynamic economic condition, this method is no longer applicable or not proper enough to cover the possibilities.

    Any answer and discussion are welcome, it will be my pleasure to catch your answer/ideas.


  • Louis Brassard added an answer:
    Do you support Tom Leinster's call not to help intelligence services through mathematics?
    "Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"

    New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.

    What are your thoughts on this?
    Louis Brassard

    I recommend the 2014 documentary film (can be freely seen on the internet) : Citizenfour ; it shows the behind the scene of the Edward Snowden and the NSA spying scandal.  It was shot during the events. It  won the Academy Award for Best Documentary Feature at the 2015 Oscars.

  • Xavier Bonnaire added an answer:
    Can anyone help me to find research in using encryption algorithms to secure Peer to peer network?

    I try to find some research papers for securing Peer to peer network, 


    Xavier Bonnaire

    You can have a look to the following publication. This is a particular case about certification, but you may find useful ideas.

    • Source
      [Show abstract] [Hide abstract]
      ABSTRACT: Building a certification authority (CA) that is both decentralized and fully reliable is impossible. However, the limitation thus imposed on scalability is unacceptable for many types of information systems, such as e-government services. This paper proposes a solution to build a highly reliable CA, based on a DHT and a dedicated protocol ensuring a very low probability of arbitrary failure. Thus, in practice, false positives should never occur.
      Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on; 07/2013
  • Muhammad Imran Tariq added an answer:
    How can I simulate SLA based Information Security metrics for Cloud Computing?

    I have made SLA based Information Security Metrics for Cloud Computing and desired to simulate on any simulator..

    Would you please suggest me appropriate simulator and the way to simulate it 

    Muhammad Imran Tariq

    Thanks Hamza Kheddar, It is really a good material for initial study.....

    I installed CloudSim and now working on this.... if you have any other material relates to my request then please send and oblige.


  • Muhammad Imran Tariq added an answer:
    Which Information Security framework / standard/certification/guide is best for cloud organizations to maintain their security?
    There are several Information Security frameworks, standards, certifications and guides to maintain security in an organization.
    Would you share which one is best for said purpose?
    Muhammad Imran Tariq

    Thanks Vito for your appreciation and Acknowledge. It is Book not paper. I will find out ISO 27001:20013 on internet :) 

    Warm Regards

    Muhammad Imran Tariq

  • Quist-Aphetsi Kester added an answer:
    How to provide better security in our online communication?
    If it is on internet it is not private!!!
    Quist-Aphetsi Kester

    by using the state of the arts cryptographic methods like post quantum cryptography

  • Ahmad T Siddiqui added an answer:
    Is there any article which discussed case study / application of privacy in distributed data mining?

    I want to know about real case study of privacy threat cause of association rule mining (Distributed or centralized database).

    Ahmad T Siddiqui


    try these links:

    Hope it helps...

  • Vanessa Ayala-Rivera asked a question:
    Hi, could someone please point me to a numerical example showing how Mantaras distance is used to compare two partitions?

    As additional context, I am planning to use this metric in clustering evaluation to calculate the distance between two partitions (each one with a set of clusters). However, I am always getting a distance of 1 (regardless of the input clusters). This issue leads me to believe that I might be interpreting incorrectly a part of the equation: Dist(Pa,Pb) = 2 - (I(Pa) + I(Pb)/I(Pa ∩ Pb)). Unfortunately, all the references I have found only show the involved equations without a detailed example.

  • Per M. Gustavsson added an answer:
    Can anyone help me with main principles and models usually used for visualization of information security events and incidents?
    For information security managers in SIEM systems
    Per M. Gustavsson

    Look at the start-ups that showed their products at CyberTech2014 as an example (  - there you have both common and innovative methods.

    Is it real-time monitoring or is it to reconstruct an event chain?

    Should it be used for informed decision making? Purpose ?

    Real-time monitoring then the process views etc. in ITIL CORBIT may be to complicated. Often different gauge meters dashboards, network views are used, which do not provide with insightin whats happening (compare to balanced score card dashboards or lean dashboards...)  In a reconstruction analysis phase ITIL, CORBIT or rather the business process view will add value for visualization.

  • Devi Thiyagarajan added an answer:
    Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?
    I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
    Thank you
    Devi Thiyagarajan

    I would like to implement ECC algorithm in for securing files in CLoud.. Wat kind of implementation i can do...

  • Mojtaba Alizadeh added an answer:
    Is this statement correct: "Mobile devices such as laptops, mobile phones, USB memories, and PDAs do not posses tamper-resistant characteristics"?

    The problem is that most of authentication methods that use smart card in authentication procedures, are vulnerable against theft. Is it correct?

    Ref: "Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems” (Khan and Kumari, 2014)

    Mojtaba Alizadeh

    Dear Muhamed,

    Thank you so much for your comprehensive answer, and for your time to answer this question. Your answer is completely helpful.


  • Marcin Piekarczyk added an answer:
    What is an efficient algorithm for arithmetic encoding of biometric data?

    Encoding of biometric data to arithmetic for use in cryptography

  • Mohamed Amine Ferrag added an answer:
    Could anyone present some information, survey about the public key encryption with keyword search applied to cloud computing ?

    Traditional searchable encryption has been widely studied in the context of cryptography. Could anyone present some information, survey about the public key encryption with keyword search applied to cloud computing?


    Mohamed Amine Ferrag

    Dear Sashank,

    Thnaks for the link.


  • A. Frolov added an answer:
    How can we automate penetration testing in order to improve network security?
    Penetration testing is a very difficult and complex task in network security testing. How can we automate this process? Which tools or demo and test versions are available?
    A. Frolov

    Alexander Frolov, Alexander Vinnikov. FSM Simulation of Cryptographic Protocols Using Algebraic Pr0cessor. In Proceedings of the Ninth International Conference on Dependability and Complex systems DepCoS-RELCOMEX, June 30-Juy 4,2014. P.189-198.


    We study FSM model of cryptographic protocols that reflects both the system functionality and strategy of attacks and explored the fact that all data are divided into two classes: public transactions available to all parties and private data available to only party that inputted or originated them. In terms of this model the protocols FSM composition property and operation of composition of protocols FSM models are determined. This approach is supported by created software called algebraic processor that allows computer experiments to identify and demonstrate the leaks. We describe the structure and functionality of algebraic processor and some examples of attacked cryptographic protocols simulations.

  • David Arroyo added an answer:
    Are there any practical application of prediction algorithms to encrypted data?

    I am doing a research on prediction analysis of encrypted data. And would like to find out what latest developments (algorithms, tools, methods, practical applications etc.) have been done in this area.

    David Arroyo

    The first scenario determines a less demanding trust model. Therefore, the client achieved better protection against a non-trusted cloud server. Take into account that nowadays the role of the client is more a more relevante, it is advisable to go for solutions focused on the client. In this regard, it is very interesting the SPION project:

    Also, you could consider the Websand european project:

  • Adil AL-Rammahi added an answer:
    Can someone please share reviews on security measurements of Line mobile Messaging Application?

    I have a project of analyzing the security level of Line mobile Messaging Application by sniffing the packet and see whether or not I can read it's messages being exchanged between user and the server.
    So far, I could not find reviews in the security side expect one review on the application structure and nothing is says about security aspects.

    Could someone please share here any relevant reviews on the security measurements being implemented by Line (i.e cryptography implementations) ?

    Adil AL-Rammahi

    see affine cryptography.

Topic followers (5,008) See all