Information Security

Information Security

  • Vanessa Ayala-Rivera asked a question:
    Hi, could someone please point me to a numerical example showing how Mantaras distance is used to compare two partitions?

    As additional context, I am planning to use this metric in clustering evaluation to calculate the distance between two partitions (each one with a set of clusters). However, I am always getting a distance of 1 (regardless of the input clusters). This issue leads me to believe that I might be interpreting incorrectly a part of the equation: Dist(Pa,Pb) = 2 - (I(Pa) + I(Pb)/I(Pa ∩ Pb)). Unfortunately, all the references I have found only show the involved equations without a detailed example.

  • Per M. Gustavsson added an answer:
    Can anyone help me with main principles and models usually used for visualization of information security events and incidents?
    For information security managers in SIEM systems
    Per M. Gustavsson · Swedish National Defence College Stockholm

    Look at the start-ups that showed their products at CyberTech2014 as an example (https://www.cybertechisrael.com/)  - there you have both common and innovative methods.

    Is it real-time monitoring or is it to reconstruct an event chain?

    Should it be used for informed decision making? Purpose ?

    Real-time monitoring then the process views etc. in ITIL CORBIT may be to complicated. Often different gauge meters dashboards, network views are used, which do not provide with insightin whats happening (compare to balanced score card dashboards or lean dashboards...)  In a reconstruction analysis phase ITIL, CORBIT or rather the business process view will add value for visualization.

  • How can I process data loss when applying steganography using DCT?

    when hide some bits of secret message in DCT coefficients ,we note some lossy in extracting message(sorry for bad English)

    Abdul kadhem Abdul kareem Abdul kadhem · University of Babylon

    dear Nilanjan Dey
    thank you for your interactive

  • Devi Thiyagarajan added an answer:
    Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?
    I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
    Thank you
    Devi Thiyagarajan · VIT University

    I would like to implement ECC algorithm in for securing files in CLoud.. Wat kind of implementation i can do...

  • Michael Brückner added an answer:
    Do you support Tom Leinster's call not to help intelligence services through mathematics?
    "Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"

    New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.

    What are your thoughts on this?
    Michael Brückner · Naresuan University

    @Louis, thanks so much for your last post with the link to the Tolkien/Orwell debate, of whom I know only the latter in terms of reading. I've regarded Tolkien as trivial (elves?, but the post you've linked to shows some deeper thoughts that may be associated with Tolkien's Ring (we both know the other one, the Nibelungen one, having a very different background). 

    With the recently published details on US security agencies' mismanagement, to say the least, it seems to be more and more embarrassing to support them, e.g. the CIA. Where can the experts move from there? Follow Edward?

  • Mojtaba Alizadeh added an answer:
    Is this statement correct: "Mobile devices such as laptops, mobile phones, USB memories, and PDAs do not posses tamper-resistant characteristics"?

    The problem is that most of authentication methods that use smart card in authentication procedures, are vulnerable against theft. Is it correct?

    Ref: "Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems” (Khan and Kumari, 2014)

    Mojtaba Alizadeh · Kyushu University

    Dear Muhamed,

    Thank you so much for your comprehensive answer, and for your time to answer this question. Your answer is completely helpful.

    Regards,

  • Marcin Piekarczyk added an answer:
    What is an efficient algorithm for arithmetic encoding of biometric data?

    Encoding of biometric data to arithmetic for use in cryptography

  • Mohamed Amine Ferrag added an answer:
    Could anyone present some information, survey about the public key encryption with keyword search applied to cloud computing ?

    Traditional searchable encryption has been widely studied in the context of cryptography. Could anyone present some information, survey about the public key encryption with keyword search applied to cloud computing?

    Thanks

    Mohamed Amine Ferrag · Université 8 mai 1945 - Guelma

    Dear Sashank,

    Thnaks for the link.

    Regards

  • Natalia G. Miloslavskaya added an answer:
    Do we need Information Security Theory?
    Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
    Natalia G. Miloslavskaya · National Research Nuclear University MEPHI

    I am not agree that it is needed only for academic purpose. No build an effective protection for a real infosystem you should follow some obligatory steps, which you cannot fulfill without knowing the basics of IS theory 

  • A. Frolov added an answer:
    How can we automate penetration testing in order to improve network security?
    Penetration testing is a very difficult and complex task in network security testing. How can we automate this process? Which tools or demo and test versions are available?
    A. Frolov · Moscow Power Engineering Institute (Technical University)

    Alexander Frolov, Alexander Vinnikov. FSM Simulation of Cryptographic Protocols Using Algebraic Pr0cessor. In Proceedings of the Ninth International Conference on Dependability and Complex systems DepCoS-RELCOMEX, June 30-Juy 4,2014. P.189-198.

    Abstract

    We study FSM model of cryptographic protocols that reflects both the system functionality and strategy of attacks and explored the fact that all data are divided into two classes: public transactions available to all parties and private data available to only party that inputted or originated them. In terms of this model the protocols FSM composition property and operation of composition of protocols FSM models are determined. This approach is supported by created software called algebraic processor that allows computer experiments to identify and demonstrate the leaks. We describe the structure and functionality of algebraic processor and some examples of attacked cryptographic protocols simulations.

  • David Arroyo added an answer:
    Are there any practical application of prediction algorithms to encrypted data?

    I am doing a research on prediction analysis of encrypted data. And would like to find out what latest developments (algorithms, tools, methods, practical applications etc.) have been done in this area.

    David Arroyo · Universidad Autónoma de Madrid

    The first scenario determines a less demanding trust model. Therefore, the client achieved better protection against a non-trusted cloud server. Take into account that nowadays the role of the client is more a more relevante, it is advisable to go for solutions focused on the client. In this regard, it is very interesting the SPION project:

    http://www.cosic.esat.kuleuven.be/spion/

    Also, you could consider the Websand european project:

    https://www.websand.eu/

  • Adil AL-Rammahi added an answer:
    Can someone please share reviews on security measurements of Line mobile Messaging Application?

    I have a project of analyzing the security level of Line mobile Messaging Application by sniffing the packet and see whether or not I can read it's messages being exchanged between user and the server.
    So far, I could not find reviews in the security side expect one review on the application structure and nothing is says about security aspects.

    Could someone please share here any relevant reviews on the security measurements being implemented by Line (i.e cryptography implementations) ?

    Adil AL-Rammahi · University Of Kufa

    see affine cryptography.

  • Santosh Kumar Sahu added an answer:
    Is there any alternative for wordfield to brute force cap file?

    I am brute forcing cap file captured by adapter using wordfield in Kali Linux and it is testing keys with a very slow rate of 750k/s. Is there any other efficient tool available for the same?

    Santosh Kumar Sahu · National Institute of Technology Rourkela

    You try to use caploader which decode the pcap files into connections. Anther tool is commview. It is also converts the pcap files as per sessions. I hope it will useful to you.

  • Mirella Méndez Robaina added an answer:
    How to provide better security in our online communication?
    If it is on internet it is not private!!!
    Mirella Méndez Robaina · Maternity Hospital Dr. Angel Arturo Aballí

    We security better communication when we are able to take care of our  privacy: as we experience: A firewall prevents anyone from entering our computer, an antivirus that detects spyware is possible, use an alternative browser, or keep it updated, keep your  operating system updated, we avoided entering suspicious websites, when we send emails electronic multiple contacts using the B CC "Hidden Run"  , and finally stop using commercial transactions in unsafe website, secure have a "S" after HTTP. 

  • Nirmal Singh added an answer:
    What benefits can we get from the behaviour analysis of Malware?

    Studying malwares behaviour might be complicated but after we do behaviour analysis of malware, what advantages can we get?

    Nirmal Singh · Desh Bhagat University, Mandi Gobindgarh

    These all are widely used tools. if you still want to test then setup your own system (Cuckoo Sandbox- http://www.cuckoosandbox.org/ )and compare both results :)

  • Mohamed Amine Ferrag added an answer:
    Could anyone present some information on securing embedded systems: cyber attacks, countermeasures, and challenges?

    The security is now a major issue in our economy, hence the need to revisit the concepts and terms related to safety in order to protect themselves effectively against malicious adversaries. In embedded systems, the security covers many issues related to protection of circuits and data that they handle.

    Mohamed Amine Ferrag · Université 8 mai 1945 - Guelma

    Many thanks for your answers.

  • Dan Eigeles added an answer:
    What approach would you take to implement a (true) random number generator?

    One that is both useful for cryptography and yet reasonable for a master thesis. What physical phenomena would you consider as entropy sources? Any with minimum (preferably no) hardware engineering? What about humans or any other sources?
    To what extent can I then pursue the goal of true randomness?

    Dan Eigeles · Defense & security system, academic lecturer, independent high-tech entrepreneur, management and training senior consultant

    This is an example of what may solve your need http://www.random.org/integers/ In fact you can use any source of random phenomena which can be converted to an electrical signal, then digitized by an A2D converter and use the output values as random numbers. 

    As a paraphrase, nothing in the Nature is random. Even what we call "chaos" has its deterministic rules. The truth is that the human kind is still far away from really understanding the rules of Nature. So we, the humans, "blame" Nature for so many phenomena which we are unable yet to understand in full their rules (human cognitive dissonance).  

  • Randhir Bhandari added an answer:
    What is the method of security provision in core network (home environment) in 3G mobile communication networks - Encryption or Encoding?
    In order to security provision in radio access network of mobile communication networks we use encryption methods, I was wondering what method is used to keep confidentiality in core network.
    Randhir Bhandari · Shoolini University

    security protocols like AKA for 3G networks provides security/authentication

  • Sdiwc Publications added an answer:
    Is anyone using PacketFence? If so, I need some tips regarding installation and deployment.
    PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution.
  • Sdiwc Publications added an answer:
    How can a scenario be formed using Indirect Trust Computation in MANET?
    How can I define an application based scenario in MANET using Indirect Trust Computation Approach given in attached publication?
  • Sdiwc Publications added an answer:
    Are there formal methods to determine a sequence of compliance of controls in standard Information Security?
    My research focuses on proposing a quantitative method to establish an optimal sequence for compliance with the standard controls, according to the conditions of each organization. For this, we adapt methods from the field of Operations Research. However, I wonder if other methods are known to perform this task.
  • Abdulmunem Khudhair added an answer:
    Real security protocols analyzed by YAPA، AVISPA ، Scyther and athina?
    Hell everybody, i'm searching for real security protocols have been analyzed by YAPA، AVISPA ، Scyther، athina and others. Can you help me??
    Abdulmunem Khudhair · Dijlah University College

    Just download the tools support these protocols to get real protection .

    Good Luck...

  • Alireza Jolfaei added an answer:
    What are the available cryptanalysis tools for state of the art algorithms?
    I'd like to research on the available cryptanalysis tools for algorithms such as AES, DES, RSA, RC4, Blowfish and the like.
    Alireza Jolfaei · Griffith University

    This question is very broad, and for the mentioned algorithms, it takes a significant amount of time to acquire a full understanding of different attack procedures. As a good starting point, I suggest you refer to the websites of CRYPTOREC, NESSIE, eSTREAM and CAESAR.

  • Nils Ulltveit-Moe added an answer:
    How could the disciplines of information security and data analytics be synergistic?

    I am wondering how the disciplines of Information Security and Data Analytics could be synergistic

    Are there any other rationale other than the following two reasons:
    1. Analytics can be used as a tool for improving security (especially with intrusion detection etc.,)
    2. One can use protecting analytical IT systems as a test bed for securing other operational IT systems.

    Nils Ulltveit-Moe · Universitetet i Agder

    Big data analytics is very useful for performing digital forensics, retrospective IDS identifying attacks after the fact as well as for identifying and correlating suspicious patterns in data that otherwise would be impossible to do due to the lack of historic network data. Areas of use goes far beyond traditional IDS. PacketPig is one tool that uses this technique:

    https://github.com/packetloop/packetpig

  • Francois Mouton added an answer:
    Are there any new Social Engineering detection techniques?
    It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
    Francois Mouton · Council for Scientific and Industrial Research, South Africa

    Thank you Belai for linking my conference paper. I am currently busy doing new work within the field of Social Engineering detection. I have recently published two new papers which first of all better defines the field of Social Engineering and Social Engineering Attacks. https://www.researchgate.net/publication/263588276_Towards_an_Ontological_Model_Defining_the_Social_Engineering_Domain and https://www.researchgate.net/publication/263588935_Social_Engineering_Attack_Framework . I also have a student whom is currently investigating voice stress analysis and layered voice analysis for Social Engineering detection.

  • Jiwan Ninglekhu added an answer:
    What are the main parameters used to measure the strength of an information security algorithm?
    To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
    Jiwan Ninglekhu · University of Texas at San Antonio

    Key Size of course. 

    But you wouldn't know the strength until it is broken. The breaking can be done in ways no one can define and you wouldn't know until you break it. But the strength of a key is measured in time in relation to brute force attack. The more time it takes more strong it is. All the keys can be broken but it is just a matter of time. For example, a 256 bits AES  key takes 3×10^51 years to break by brute force.

  • Emin İslam Tatlı added an answer:
    Are there any useful security policies or standards to protect the user privacy on the cyberspace ?
    Like a protocol for encrypting information on the server-side so the service providers cannot access their clients data
    Emin İslam Tatlı · Istanbul Medipol University
    There was an attempt from W3C to protect privacy of users. It is called P3P: http://www.w3.org/P3P/ Unfortunately it has not been widely used due to usability issues.

Topic Followers (4925) See all