- Nicolae Constantinescu added an answer:What is the method of security provision in core network (home environment) in 3G mobile communication networks - Encryption or Encoding?In order to security provision in radio access network of mobile communication networks we use encryption methods, I was wondering what method is used to keep confidentiality in core network.
according with standards, is encryptionFollowing
- Abdulmunem Khudhair added an answer:Real security protocols analyzed by YAPA، AVISPA ، Scyther and athina?Hell everybody, i'm searching for real security protocols have been analyzed by YAPA، AVISPA ، Scyther، athina and others. Can you help me??
Just download the tools support these protocols to get real protection .
- Alireza Jolfaei added an answer:What are the available cryptanalysis tools for state of the art algorithms?I'd like to research on the available cryptanalysis tools for algorithms such as AES, DES, RSA, RC4, Blowfish and the like.
This question is very broad, and for the mentioned algorithms, it takes a significant amount of time to acquire a full understanding of different attack procedures. As a good starting point, I suggest you refer to the websites of CRYPTOREC, NESSIE, eSTREAM and CAESAR.Following
- Mario Stipčević added an answer:What approach would you take to implement a (true) random number generator?
One that is both useful for cryptography and yet reasonable for a master thesis. What physical phenomena would you consider as entropy sources? Any with minimum (preferably no) hardware engineering? What about humans or any other sources?
To what extent can I then pursue the goal of true randomness?
P.S. If you do not want to engage in generating true random numbers yourself there are quantum random number generators connected to the web from where you can download superb quality randomness, like for example: https://qrng.physik.hu-berlin.de/Following
- Natalia G. Miloslavskaya added an answer:Can anyone help me with main principles and models usually used for visualization of information security events and incidents?For information security managers in SIEM systems
Thanks a lot, Lia! I know these documents very well. But I did not think about them as a basis for visualization. It is an interesting idea, I hope.Following
- Natalia G. Miloslavskaya added an answer:Do we need Information Security Theory?Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
Thanks a lot, Nicolae. I completely agree with you. But some basic things should be explained and listed out. You should give your students basic instrument - like LEGO, with which they construct whatever they need.Following
- Ramil Agliamzanov added an answer:Could anyone present some information on securing embedded systems: cyber attacks, countermeasures, and challenges?
The security is now a major issue in our economy, hence the need to revisit the concepts and terms related to safety in order to protect themselves effectively against malicious adversaries. In embedded systems, the security covers many issues related to protection of circuits and data that they handle.Following
- Fatty Salem added an answer:Could anyone present some information on securing cloud using fog computing?
The security is now major issue.
These will help you
- Nils Ulltveit-Moe added an answer:How could the disciplines of information security and data analytics be synergistic?
I am wondering how the disciplines of Information Security and Data Analytics could be synergistic
Are there any other rationale other than the following two reasons:
1. Analytics can be used as a tool for improving security (especially with intrusion detection etc.,)
2. One can use protecting analytical IT systems as a test bed for securing other operational IT systems.
Big data analytics is very useful for performing digital forensics, retrospective IDS identifying attacks after the fact as well as for identifying and correlating suspicious patterns in data that otherwise would be impossible to do due to the lack of historic network data. Areas of use goes far beyond traditional IDS. PacketPig is one tool that uses this technique:
- Mehdi Dadkhah added an answer:Does anyone have data on a phishing site?
I need data about phishing website in excel format or other for data mining. please help me.
thank you, this report only have a number of phishing site i need the attribute of this site tooFollowing
- Ana-Maria Ciobotaru added an answer:i need 2 free refer for my paper.i want publish my paper at the journal and need 2 free refers for reviewing my paper. who can help me? my paper is about XSS vulnerability
Ismail, O. ; Graduate Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Japan ; Etoh, M. ; Kadobayashi, Y. ; Yamaguchi, S. , A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability, Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on (Volume:1 ), 2004
Paul Ritchie, The security risks of AJAX/web 2.0 applicationsFollowing
- Mike Bonnes added an answer:How can we automate penetration testing in order to improve network security?Penetration testing is a very difficult and complex task in network security testing. How can we automate this process? Which tools or demo and test versions are available?
If you are going to invest in a pentest tool IBM or HP, it could get very expensive. If this research has a restricted budget, I would build an API for automating. I Use OWASP Zap since we build web portals. I have an API built that automates my attacks as I need it and generatates report. and on occasions test with IONCANNON for simulated denial service attack for testing my load balancers. kali is great for manual testing,Samuri in conjunction with OWASP ZAP. Hope that helpsFollowing
- Peter T Breuer added an answer:What is the difference between Information Security, Computer Security and Cyber Security?
- It appears to me that commercial folk are misusing these terms and their meaning. While they mean the same thing to me, It is impacting the way we understand security. Please share your thoughts on what they mean to you when you hear these terms.
You seem to have mixed up Cybersecurity and Network Security - but nice try at a hierarchy! Too bad it also ended up as "interlinked layers" (which means absolutely nothing - technobabble).
I'm often told that Cybersecurity is about the security of physical systems that are controlled by computers or networks. I said "robots" in my answer, but think also of trains, cars, power stations, routers, uranium purification centrifuges ...Following
- Francois Mouton added an answer:Are there any new Social Engineering detection techniques?It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
Thank you Belai for linking my conference paper. I am currently busy doing new work within the field of Social Engineering detection. I have recently published two new papers which first of all better defines the field of Social Engineering and Social Engineering Attacks. https://www.researchgate.net/publication/263588276_Towards_an_Ontological_Model_Defining_the_Social_Engineering_Domain and https://www.researchgate.net/publication/263588935_Social_Engineering_Attack_Framework . I also have a student whom is currently investigating voice stress analysis and layered voice analysis for Social Engineering detection.Following
- Jiwan Ninglekhu added an answer:What are the main parameters used to measure the strength of an information security algorithm?To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
Key Size of course.
But you wouldn't know the strength until it is broken. The breaking can be done in ways no one can define and you wouldn't know until you break it. But the strength of a key is measured in time in relation to brute force attack. The more time it takes more strong it is. All the keys can be broken but it is just a matter of time. For example, a 256 bits AES key takes 3×10^51 years to break by brute force.Following
- Are there any useful security policies or standards to protect the user privacy on the cyberspace ? Like a protocol for encrypting information on the server-side so the service providers cannot access their clients dataThere was an attempt from W3C to protect privacy of users. It is called P3P: http://www.w3.org/P3P/ Unfortunately it has not been widely used due to usability issues.Following
- Syh-Yuan Tan added an answer:What measures does evaluating the security (complexity) level of the designed encryption depend on?tools which help to measure the complexity (level of security) to encryption design,
to other type of time complexity.Not sure if your problem has been solved. Just sharing my thoughts.
In cryptography, asymmetric key cryptosystems can mathematically proven, namely, provable security. The security levels/notions depend on the primitive you are dealing with: encryption, signature, key exchange, identification etc. For encryption, the highest security notion is (adaptive) IND-CCA.
i am not sure for symmetric key cryptosystems as that is not my area, but if I recall correctly, they don't have provably security for that; they become more and more secure or trusted when time goes by :)Following
- Janina Wiertlewska added an answer:Do you support Tom Leinster's call not to help intelligence services through mathematics?"Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"
New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.
What are your thoughts on this?Kevin, I understand what you mean. That's what we all observe in our countries in the last two decades. Many Questions prpbably will need to be answered and a lot willl remain unexplained. That's what I really think of the changes.Regards.Following
- What are the information security challenges in developing countries? How are developing countries dealing with cyber security?You can check the national cyber security strategies of many countries from the ENISA web page: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-worldFollowing
- Does anyone know why we get the username and password of HTTPS websites while sniffing, especially through wireshark? see aboveBtw, the exchanged data is NOT encrypted with publick key. Public key crypto is used to create shared symetric keys by the handshake process in the beginning.Following
- Magdalena Sitek asked a question:Calls for Contributors: Safety of the Information – challenges for economics and public administration Innov@tion -AdministrationConference will examine the following topics, among others:
1. Standards of information security in the light of polish
and eu law.
2. Information security and transparency in public life.
3. The efficiency of information security systems in the
sphere of economics and public administration.
4. Threats to information security.
5. International cooperation in the sphere of information
6. The digitization of public administration and safety
7. Audit and assessment of information security systems.
8. Consumers' right to information.Following
- Sashank Dara added an answer:Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
Thank youQuestion is too vague , be more specific when asking help , CC Simulator what does that mean at all ? Supports crypto algorithms ? what does that mean again ? which algorithm ? what is that you are trying to do ? If you want to install a private cloud , try OpenStack or similar , if you want a suite of crypto try OpenSSL .Following
- Reeta Sony added an answer:How to provide better security in our online communication?If it is on internet it is not private!!!I feel you have to read bout the concept of "Privacy by design" by European Union.Following
- Nikhil Tripathi asked a question:What are the recent advances in research based on the web application security?Regarding the updated information about the topicFollowing
- Manish Shailani asked a question:Anyone aware of pattern based encoding schemes?I need an example of the same.Following
- Surbhi Agrawal asked a question:What is digital watermarking or video watermarking?Can this be a topic for computer science scholar?Following
- What is penetration testing? How it is implemented in information security? I need information on penetration testing to find out the vulnerabilities in the network.You must see OWASP Testing Guide if you are interested in penetration testing. Here is the link: https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdfFollowing