Science topic

IT Security - Science topic

Explore the latest questions and answers in IT Security, and find IT Security experts.
Questions related to IT Security
  • asked a question related to IT Security
Question
20 answers
Does the development and implementation of new information technologies for banking affect the processes of improving the security of online banking systems?
Improvement of online banking security systems can currently be significantly determined, among others, by the implementation of new information technologies for banking.
Are the processes of improving internet banking security systems currently determined by the implementation of new information technologies, i.e. by implementing banking data processing technologies in Big Data database systems, Business Intelligence based analytics, implementation of Blockchain technology and artificial intelligence.
Do you think that the processes of improving internet banking security systems are currently determined by the implementation of new information technologies for banking?
Please reply
Best wishes
Relevant answer
Answer
Zhu, R. (2015). An Initial Study of Customer Internet Banking Security Awareness and Behaviour in China. In PACIS (p. 87).
  • asked a question related to IT Security
Question
20 answers
In my opinion, the information posted on social media portals are not 100 percent. safe.
There have been cases of hacking and stealing information from thousands of records, user profiles of these portals.
In addition, there are developed techniques for building programs that read information from commentators entered into thousands of profiles of social media portals.
Then this information is a research material for the sentiment analyzes carried out, i.e. analyzes of opinions prevailing among users of these portals on specific companies, brands, products and services.
Do you agree with my opinion?
Please reply
Best wishes
Relevant answer
Answer
The level of cybersecurity of data collected on social media is constantly being raised. However, there is still no full 100 percent. cybersecurity on this issue.
I invite you to the discussion,
Regards,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
8 answers
In my opinion, sensitive personal data concerning individual users who set up profiles, collected on social media portals, are not fully secure. This is confirmed by the occurrence of data leaks, data theft by cybercriminals.
In connection with the above, the issue of information security on the Internet is becoming an increasingly global problem and therefore, in the global approach, institutions and security systems for the transfer of information on the Internet should be developed. The security of information on the Internet can refer to many aspects of data security both at the level of central state institutions and international organizations as well as the security of personal data of individual citizens, sensitive data of citizens collected on various websites, including social media portals.
The improvement of risk management and information security systems at the supranational level is also a key issue. Technological companies managing social media portals on the one hand try to improve data security systems about users setting up accounts on social media portals. On the other hand, it is also important to cooperate with key, central data security institutions on the Internet that operate transnational. This is important from the point of view of improving information security systems on the Internet in order to limit the possibility of using social media portals by cybercriminals operating transnational, using various social engineering techniques.
Please, answer, comments.
I invite you to the discussion.
Best wishes
Relevant answer
Answer
In recent months, there have been cybercriminal attacks on public institutions and large enterprises as well as technology companies based on data stolen by cybercriminals from social networks and by sending fake e-mails containing malware and hidden ransomware viruses.
Regards,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
28 answers
In some countries, rumors of cybercriminals with Ransomware are reportedly again being reported again. These viruses spread via e-mails, which automatically send themselves out from infected e-mail accounts and send out infected e-mails to all e-mail contacts of a virus mailbox infected with the virus. The virus is very dangerous because after opening a fake e-mail, the virus installs deeply into the computer and encrypts access to the disks by blocking access to the contents of the disks. I wrote scientific publications on this subject.
In view of the above, I am asking you the following question: Are cybercriminals now attacking personal and corporate computers using Ransomware viruses again?
Please reply. I invite you to the discussion
Relevant answer
Answer
Yes, in recent months there have been new, spectacular and effective cybercriminal attacks targeting selected large technology companies, companies from the energy sector, fuel sector, food production and other companies operating in strategic sectors of the economy as well as public institutions, including selected local government institutions and central public administration institutions countries. Cybercriminal attacks were carried out on the basis of cybercriminal techniques and solutions that have been known for years, i.e. through spamming containing malware, infecting computers with ransomware viruses encrypting access to disks containing important company data, through various variants of the cybercriminal technique known as phishing, by hijacking data to log in to specific accounts of various websites, to log in to e-mail, data downloaded from social networks and other places where Internet users enter personal and sensitive data and do not maintain high cybersecurity standards.
Greetings,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
28 answers
What kind of scientific research dominate in the field of Cybercrime and the security of online banking?
Please, provide your suggestions for a question, problem or research thesis in the issues: Cybercrime and the security of online banking.
Please reply.
I invite you to the discussion
Best wishes
Relevant answer
Answer
In the area of ​​cybersecurity of online banking, I propose the following research topic: Analysis of the use of Industry 4.0 technology in the field of improving cybersecurity of online banking, including mobile banking. This topic may also take into account the scale of application of cybersecurity rules and recommendations by bank customers and the level of cybersecurity of operating systems used by bank customers, web browsers and other Internet applications installed on laptops and smartphones, through which bank customers use online banking.
Best regards,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
5 answers
In connection with the development of cybercrime, should the surveillance of citizens by national security services be developed, expanded, increased?
To what extent can the developed range of citizens' surveillance be improved as part of the improvement of national cyber security systems?
As part of the improvement of cyber security systems, should the services for combating cybercrime be able to surveillance the entire activity of citizens on the Internet?
Are legal norms regulating the issues of cyber security, services for combating cybercrime and data security gathered in Big Data database systems of large online technology companies fully adapted to the rapidly growing ICT and Internet technology?
Please reply
Best wishes
Relevant answer
Answer
Most citizens are unaware of how much information about Internet users is possessed by Internet technology companies that offer certain information services on the Internet.
Best regards,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
13 answers
What currently dominate and are the standards and instruments for ensuring the security of data transfer and analysis in Big Data database systems developed?
Please reply
Best wishes
Relevant answer
Answer
Since Big Data and / or Data Science resources in the databases of many Internet technology companies are constantly growing, is the importance of cyber security of the information systems of these companies and the data stored in these databases growing analogically?
Thank you, Regards,
Dariusz Prokopowicz
  • asked a question related to IT Security
Question
15 answers
Is the security of information collected in social media portals databases currently one of the key determinants of the development of new online media?
Security of social media portals is currently one of the most important topics of social media portals and other new internet media and information services. Therefore, scientists at various universities are involved in researching this issue. Therefore, security tools for information collected in social media portals databases and data security systems on the Internet are being developed. In companies and key public institutions, systems for risk management of information systems and information transfer on the Internet are also developed.
Do you agree with me on the above matter?
In the context of the above issues, the following question is valid:
Is the security of information collected in social media portals databases currently one of the key determinants of the development of new online media?
Please reply
I invite you to the discussion
Thank you very much
I also conduct research in this matter. I am researching the security of social media portals in connection with Big Data database technology. Below are links to my publications:
I invite you to discussion and cooperation.
Thank you very much
Best wishes
Relevant answer
Answer
Social media, in recent times, has with eased an explosion of data with so many social media platforms available to interact and express opinions freely. This has led to easy access to the privacy of social media users which raise broader security concerns … Sharma, S., & Jain, A. (2020). Role of sentiment analysis in social media security and analytics. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, e1366.
  • asked a question related to IT Security
Question
15 answers
Considering the specifics of the increasingly common IT systems and computerized advanced data processing in Internet information systems, connected to the internet database systems, data processing in the cloud, the increasingly common use of the Internet of Things etc., the following question arises:
What do you think about the security of information processing in Big Data database systems?
Please reply
Best wishes
Relevant answer
Answer
The risk could be in tow form - one you already have mentioned is Security, a vital risk - needs to addressed by collective efforts on a war footing.
Secondly, the size of data itself, how integration takes place among hardware, software, latest internet serervice providers, cloud, etc. across the globe is also a risk.
  • asked a question related to IT Security
Question
14 answers
Are fishing, malware (spyware, trojans, ransomware, keyloggers, ...) sending cybercriminals false e-mails with links to fake websites or viruses reading passwords for online banking accounts or other techniques used by cybercriminals as the most dangerous?
Please reply
Best wishes
Relevant answer
At times like this, where a large part of the population is isolated, the use of digital means of payment is increasing, and therefore, the risk of being scammed as well. Therefore, in times of pandemic, I consider this as a fundamental question, on which the population should be informed in order to seek to prevent these types of fraud.
Strategies should be sought to prevent people from committing economic crimes such as theft or corruption, as described in the following manuscript
  • asked a question related to IT Security
Question
11 answers
Hello everybody.
Is gns3 simulator support internet of things? if I want do architectural protocols, energy consumption, security?
thanks
Relevant answer
Answer
Contiki cooja is Best...
  • asked a question related to IT Security
Question
4 answers
What do you think about the following questions:
Please kindly share your ideas.
Thank you.
  1. How will Japan train displaced workers for a new type of society?
  2. How will Society 5.0 provide care for an aging population?
  3. How will Japan get people to completely rethink the meaning of work?
  4. How will Japan create a framework for Big Data sharing and security?
Relevant answer
Answer
Hello
Japanese society:
( scientificو Organizerو sincerelyو developedو they work hard, Committed to not cheat, But he has no religion.
Good Nigth
  • asked a question related to IT Security
Question
26 answers
- What are the pros and cons of Smart contracts?
- What are the latest technologies and tools?
- What do you like and/or dislike about smart contracts?
It's an open discussion to help improve our understand of future technologies. You are welcome to share your opinions and experience.
Relevant answer
Answer
Dear Nguyen ,
Currently, I'm working on enhancing the security of the smart contract, which focuses on :
1- Design patterns
2- coding and development of smart contract
  • asked a question related to IT Security
Question
7 answers
This title might not be very clear, let me elaborate :
Let's say, you're a computer scientist on your browser. You innocently browse the web, looking for a new book about procrastination (or anything else). Suddenly, a click lead you to the homepage of EvilCorpWorld, a (fictional) company incarnating the opposite of your ethical views.
EvilCorpWorld isn't a "common evildoer", they blatantly make the world a worst place. According to your ethical views, they could be enslaving children, selling weapons to warlords, practicing tax fraud at country scale, they support network promoting racism and sexism...
On the homepage of EvilCorpWorld, you inadvertently notice a big security flaw. Something like "click here for rootshell (Admin only!)". For the sake of simplicity, let's say it's an actual flaw, not a honeypot or anything else.
Now you have three possibility :
  • to tell : email EvilCorpWorld to warn them about the huge flaw.
  • to poke : like with a stick, poke the flaw, trying to see how far you can get. Poking does not mix with wrongdoing on purpose or for benefit. It's more a playful activity.
  • to delegate : unsure of what to do, asking someone more versed in infosec what they think
What would be the most ethical-wise thing to do (maybe something other than three options)?
Relevant answer
Answer
Item 4 in a previous post, identity, is fundamental and at a certain level, un- provable as a absolute. We assume identity (this IS this) given evidence, but evidence too, is a form of identity (this PROVES this). The links "is" and "proves" are human judgement, and it's turtles all the way down. https://en.m.wikipedia.org/wiki/Turtles_all_the_way_down
Other than that, you have offered a lot of good ideas (and good questions and good comments) to unpack in your reply. Not sure what else I could add.
  • asked a question related to IT Security
Question
26 answers
Will the use of Blockchain technology improve the security of information transfer on the Internet? Will the development of Blockchain technologies reduce the scale of cybercrime on the Internet?
Please, answer, comments.
I invite you to the discussion.
Best wishes
Relevant answer
Answer
Blockchain technology & security system - Interesting - Following .
  • asked a question related to IT Security
Question
3 answers
I try to connect a Bluetooth device to several android apps. I want to use the same long term key(LTK) for all apps (AES256) and derive session keys from that LTK in each app to establish a secure communication tunnel. I use shared preference in private mode which allows the apps with the same bundle ID to access the same data, but unfortunately, the shared preference is not secure enough and the data is also available for other root access level requests. I am using the Android Keystore to storing the LTK, but I need to improve the solution for two scenarios: 1. Apps with the same bundle ID. and 2. Apps with the different bundle IDs using the same SDK.
I am looking for a secure way to store the LTK in the android device which is accessible by those specific apps.
Is there a solution similar to the Apple keychain available for Android now? (I think the Android key chain works differently. I prefer a solution like the Apple key chain to transfer the security trustworthy and challenges to the OS level.) OR, should I use shared preference and secure it by myself? In this regard, if I should use Android Keystore to generate and store that LTK, is the Android Keystore allow me to access the same key from different apps with different bundle IDs? please describe the different options and limitations.
Relevant answer
Answer
good answer, I am follow
  • asked a question related to IT Security
Question
18 answers
Currently, various data security tools are used in Big Data database systems. The basic principle is the parallel use of several types of IT security and compliance with specific procedures for analyzing and securing systems against potential materialization of operational risks, including technical risks associated with used computer hardware and specific database technologies and personnel risks associated with employees who support these systems.
The key issue is also whether built database systems are directly connected to the Internet online or are not permanently connected to the Internet and certain data from the Internet are added from time to time to Big Data databases after their analysis by anti-virus software, detecting malware worms, such as keyloggers and other malicious software created by cybercriminals and used to steal information from database systems of data warehouses and Big Data.
In a situation when Big Data database systems or other systems where important information is collected are connected to the Internet online, then the information sent should be encrypted, and system gateways connecting the Big Data database with the Internet should be equipped with a good firewall and other filtering security incoming information. If the employees operating the Big Data database system use certain e-mailboxes, they should be only company mailboxes and verified from the security side of data transfer on the Internet. The company should have strict security procedures for using e-mail boxes, because in recent years via e-mails cybercriminals have sent ransomware programs hidden in e-mail attachments, used to encrypt hard disks used in company and server databases.
Do you agree with me on the above matter?
In the context of the above issues, I am asking you the following question:
How should Big Data database systems be protected against the activities of cybercriminals? What types of programs and systems for securing Big Data databases against cybercrime are currently used? What other types of security instruments for Big Data database systems are currently used?
Please reply
I invite you to the discussion
Thank you very much
Best wishes
Relevant answer
Answer
How should Big Data database systems be protected against the activities of cybercriminals?
Possible ways include:
  1. ensure access rights are only given to the right users, continuously monitor their access & revoke their access once the campaign / project is completed.
  2. data at rest encryption.
  3. data access / transfer encryption.
  4. layers of network security with different types of firewalls & only the right port(s) are turned on.
  5. backup data frequently to ensure 3-2-1 rule applies - this is to ensure your data availability when they are encrypted by ransomware.
  • asked a question related to IT Security
Question
36 answers
In my opinion, interesting questions and research thesis may concern the following issues:
Are fishing, malware (spyware, trojans, ransomware, keyloggers, ...) sending cybercriminals false e-mails with links to fake websites or viruses reading passwords for online banking accounts or other techniques used by cybercriminals as the most dangerous?
Some users use antivirus software, farewall, precautionary methods in using e-mail, etc., but this has not prevented, for example, attacks from cybercriminals using ransomware that encrypt and block access to disks on the computer.
In connection with the above, the techniques of data transfer security at the Interenet are constantly improved.
IT tools are being developed and improved, including antivirus software to protect a computer, laptop, tablet or smartphone against cybercrime and viruses sent, for example, in e-mails by hackers?
In view of the above, I am asking you the following question:
What are the new trends in research on cybercrime?
Please reply
Best wishes
Relevant answer
Answer
Therefore, in the context of the above considerations, the following important question appears:
The issue of improving information security systems collected in social media portals databases?
Is the security of information collected in social media portals databases currently one of the key determinants of the development of new online media?
Security of social media portals is currently one of the most important topics of social media portals and other new internet media and information services. Therefore, scientists at various universities are involved in researching this issue. Therefore, security tools for information collected in social media portals databases and data security systems on the Internet are being developed. In companies and key public institutions, systems for risk management of information systems and information transfer on the Internet are also developed.
Do you agree with me on the above matter?
In the context of the above issues, the following question is valid:
Is the security of information collected in social media portals databases currently one of the key determinants of the development of new online media?
Please reply
I invite you to the discussion
Thank you very much
I also conduct research in this matter. I am researching the security of social media portals in connection with Big Data database technology. Below are links to my publications:
I invite you to discussion and cooperation.
Thank you very much
Best wishes
  • asked a question related to IT Security
Question
2 answers
If I have an alghoritm that outputs pseudorandom bits, is possible to distinguish strings computed with different seeds?
Relevant answer
Answer
If the Pseudo Random Number Generator algorithm is good, then it should not matter what it is seeded with. Looking at short strings it will not be possible to determine the seeds. However, many simple PRNGs fail in this respect. The poor algorithms emit short strings before getting caught in a cycle.
  • asked a question related to IT Security
Question
15 answers
In connection with the development of cybercrime on the Internet, the security systems for transfer and processing of data, financial transactions, electronic banking, etc. carried out on the Internet are improved. In addition to electronic banking, the key information security in the internal IT systems of central state institutions is protected. Cybercriminal attacks on cyber-banking systems and hacker attacks aimed at companies to extort ransom for decrypting data encrypted by computer viruses on disks (cybercriminal ransomware attacks) and hack attacks from abroad on key central institutions, ministries and other institutions of the public administration sector and enterprises of strategic branches of the national economy.
In connection with the above, I am asking you:
Do you think, for security reasons, everything that happens on the Internet should be analyzed by the public security services?
Please answer
Best wishes
Relevant answer
Answer
Following
  • asked a question related to IT Security
Question
13 answers
Hi,
As per the definition of logic obfuscation, obfuscated circuit stays in obfuscated mode upon global reset (i.e. initial state) and generates incorrect output; upon receiving correct initialization sequence it enters into functional mode and generates intended outputs.
This is fine with respect to the design that does not connected with any further critical systems. If at all, the obfuscated logic needs to be connected to further safety critical systems, won't incorrect value generated in obfuscated mode affects the critical systems??
In such case, how to apply logic obfuscation??
Thanks in advance.
Relevant answer
Answer
You can read the literature yourself and come up with your own conclusions. It would do you good, you would sound less like a non-expert rambling about something you have very little clue about. I am done here.
  • asked a question related to IT Security
Question
6 answers
The employment of machine learning in security field is higly emarged in the current era. But, yet, did the researchers in security field utilize from it in 100% detection or protection from one or multiple kind of malwares ? Or do you forsee that malwares ( or specific malware type, like ransomware or trojan or ... ) will be obsolete due to the successful analysis of their behavior (Dynamic or static ?) by machine learning algorithims ?
Excited to read your views.
(Resources that support your opinions will be much supportive!)
Relevant answer
Answer
When creating a malware, the creator has to think about malware-detection method first (otherwise his malware did nothing). => he created a malware that is not detectable with the current algorithms (anti-virus program). When a computer is infected, the defender analyzed the malware and creates a new mechanism to detect it. And again, the creator knows this mechanism and thinking of new malware. This cycle never ends, the battle between white hat and black hat hackers I would say
  • asked a question related to IT Security
Question
22 answers
Unfortunately, despite the assurances of companies that run social media portals, the information contained on these websites is not always fully secured against the activities of cybercriminals.
In addition, the issue of downloading data from social media portals by large companies to Big Data database systems should be added in order to process them for marketing purposes.
The issue of privacy in social media is very important and is related to the security of personal information. Privacy is at risk in terms of information posted on social media portals.
Please reply. I invite you to the discussion
Dear Friends and Colleagues of RG
The problems of the analysis of information contained on social media portals for marketing purposes are described in the publication:
I invite you to discussion and cooperation.
Best wishes
Relevant answer
Answer
Thank you, Dariusz, for posting a most relevant question. My area of research is users' behaviors in information security.
You are indeed right that privacy is connected to information security, and online social networks (OSNs) has a huge amount of personal information shared by person himself or one of his connections. There is also a debate on the differences of OSN, social media websites, social media portals and similar others. There are similarities in them but different researchers used these terms without any standardization.
Moving away from the debate of "user of correct term", I believe users have share already a lot on the OSNs and I am compelled to say that at individual level we have lost the battle of privacy against the giants such as Facebook and Google. They know and remember much more than we do. However, what is left behind is to preserve privacy of an individual from being violated by "Script kiddies" and a tech savvy guy(s). We need to raise awareness among the users based on this point.
The other point you have mentioned was about use of users' data for marketing purpose. Well, that was purpose of OSNs, otherwise, how will they gather revenue for their businesses. What we, as researchers, should look into how to improve and make their terms and conditions users' friendly so that users' may read them before accepting them. I must say only the most informed users will read the terms as their needs to use an OSN is much more higher than their perceived importance of privacy :)
I would love to discuss more, and even work if you have something in mind to initiate.
Cheers,
Ali
  • asked a question related to IT Security
Question
8 answers
Antivirus programs signal this, but are the new attacks appearing, or maybe the companies that produce antivirus software use this kind of alerts mainly to stimulate consumers to buy these applications?
Is the information about the growing threat from the activities of cybercriminals also partly a result of marketing activities of antivirus software vendors?
Cybercriminal attacks involving various types of viruses occur on a daily basis in various places around the globe.
However, large-scale attacks on the global scale and publicized in the media are probably much rarer.
An example was the type of cybercriminals, which was carried out on a large scale in mid-2017, which was mainly targeted at large public and financial institutions and corporations operating in Ukraine, but quickly spread over the world through capital and business links between companies.
Then ransomware viruses known only often in the environments of security specialists, among computer scientists analyzing cybercriminal attacks, has been publicized in the media in many countries and has become a global and public problem.
In this situation, sales revenues and profits of companies producing antivirus software are growing significantly.
Recently, some of these antivirus programs inform that the threat of cybercriminal attacks involving ransomware is growing.
Is it a real increase in the risk of cybercrime or a new form of marketing for companies that produce antivirus software?
Or both?
Please, answer, comments. I invite you to the discussion.
Relevant answer
Answer
I agree with you, but it's not all about sales.
I think the most blatant was the quest for fame/notoriety by the irresponsible so-called researchers, who published the obscure (and, largely unexploitable) 'vulnerability in the instruction queue of Intel CPU's. This caused widescale panic, a few remedies which were worse than the disease, all for a bug which no hacker would ever dream of trying to exploit. Why? Because it's not cost-effective. Cybercrime is a business and, like any other, it needs to maximise ROI, so patiently hacking one PC in the hope that a password will materialise for a bank account which actually contains money is something only a researcher would do.
As a cybersecurity company, (designsim.com.au) we take a battering 24/7 from about 72 countries, mainly from botnets, so we're fairly up to date on the latest trends.
The main attack vector over the last three or four months is a DDoS attempt which appears to come from compromised IoT devices, probably NVR/DVR or routers, originating mainly in South America and looking like this (with the cutely-imbecilic and fake Referer)
181.214.196.62 - - [30/Oct/2018:00:37:37 +1100] "POST /botnet_hack.txt/trackback/ HTTP/1.0" 403 16896 "http://staging.Esal.us/wiki/index.php?title=The_Famous_Koh-i-nor_Diamond" "PHP/5.3.01"
To date we've had over 10,000 such hack attempts.
Second, is a revival of an old Drupal vulnerability, consisting of a pair of queries like:
107.161.94.87 - - [29/Oct/2018:16:03:17 +1100] "GET /?q=node/add HTTP/1.1" 200 18466
107.161.94.87 - - [29/Oct/2018:16:03:18 +1100] "GET /?q=user/register HTTP/1.1" 200 18466
the hope being for an escalation of privileges.
Lastly, one that never goes away, is the eternal exploitation of the thousands of bugs in WordPress/PHP:
94.102.49.122 - - [30/Oct/2018:06:07:50 +1100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "ZmEu"
159.69.39.191 - - [30/Oct/2018:06:14:04 +1100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 225
Perhaps it would be a good time to get the IDS to trigger on these.
  • asked a question related to IT Security
Question
6 answers
"Completely Automated Public Turing test to tell Computers and Humans Apart" (CAPTCHA) [1][2] are used e.g. to prevent bots from utilizing special web based services for spam and unwanted access. To circumvent this, botmasters take profit from human intelligence by paying people from developing countries for solving CAPTCHAs [3], in order to reach the target service.
Considering this, do you think that it is still reasonable to improve and use CAPTCHAs?
[1] U.S. Patent 6,195,698. Method for selectively restricting access to computer systems. Filed on Apr 13, 1998 and granted on Feb 27, 2001. Available at http://www.google.com/patents/US6195698 .
[2] Ahn, Luis von; Blum, Manuel; Hopper, Nicholas J.; Langford, John (2003). "CAPTCHA: Using Hard AI Problems for Security". Advances in Cryptology — EUROCRYPT 2003. Lecture Notes in Computer Science 2656. pp. 294–311.
Relevant answer
Answer
In my just-user view, there is no other choice other than using CAPTHCA. I read that open 1000 captcha is very cheap with human cheap labor, but sometime it' s not worth it. Well the solution is maybe to allow the humans to do qualified jobs and using computer for not frivolous purpose ( i.e cheap buying).
  • asked a question related to IT Security
Question
6 answers
Security is a main concern of WSN, and there are high chances of getting heterogeneous sensor nodes in a network, is maximum security achievable in heterogeneous sensor network? Because, each heterogeneous node has its own security technique.
  • asked a question related to IT Security
Question
8 answers
Does anyone have experience with FIREMAN toolkit. I need to know how to install it, and how to use it to analyse the efficiency of my firewall?
Or, what tools you using to analyse and test the efficiency of your Firewall?
  • asked a question related to IT Security
  • asked a question related to IT Security
Question
4 answers
assume for example a crypto system aim to generate a cipher message with exactly the same size of its plain text and also be stateless to be able to decrypt out of order received packets. Of course this crypto system expose some information about the message attributes however if we sacrifice this level of security but not more, is any crypto system that address such issue?
Relevant answer
Answer
@albert, yes this is possible however stream ciphers are statefull and if you look for a stateless block cipher then stream ciphering is not possible.
  • asked a question related to IT Security
Question
7 answers
There are various algorithm to generate the keys in Public Cryptosystem, e.g., Diffie-Hellman Key Exchange is very popular algorithm to generate and distribute the shared secret keys between two parties. However, I am interested to generate the shared key with the involvement session ID or number by Diffie-Hellman Key Exchange. What are different mechanism to perform these things.
Any alternative are also most welcome.
Relevant answer
Answer
A brief introduction to cryptography from the IBM website may also help you to understand: https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.14/gtps7/seccon.html
This website will generate keys online:
  • asked a question related to IT Security
Question
5 answers
As an example, is the method getActualCPUtime() used to determine the response time for a VM?
Relevant answer
Answer
  • asked a question related to IT Security
Question
6 answers
security gaps in IOV?
future research in IOV regarding security?
previous research in IOV regarding security?
Relevant answer
Answer
Previous research in IoV can be the framework proposed by Pacheco et al. (2016). They proposed an IoT Security Development Framework (ISDF) for building trustworthy Smart car services. The ISDF enables developers to consider security issues at all IoT layers and integrates security algorithms with the functions and services offered in each layer rather than considering security in an ad-hoc and after thought manner.
  • asked a question related to IT Security
Question
3 answers
I am interested in the period of 1980s-1985....
1. how were crime scenes secured
2. what search patterns were used
3. how evidence was collected 
Relevant answer
Answer
Back in the 80's the police and anyone that had to do with the police were too laid back.  They didn't find anything wrong with people getting abused.  But let me qualify this, the reason why they were like this is because back in the 60's and 70's it was allowed, yes legally, it was allowed for men to what they call punish their wife.  I can tell you stories about Albany, NY and the way that the police were so messed up I used to mess up all their cases they were trying to build by setting guys up and planting them on the.  What I did without them seeing me was no you can't do that I seen you put those drugs on him. 
  • asked a question related to IT Security
Question
5 answers
classification in cloud
Relevant answer
Answer
You can also apply the below-mentioned five main IT security objectives to cloud computing.
  • Authenticity
  • Integrity
  • Nonrepudiation
  • Privacy
  • Resilience / Availability
  • asked a question related to IT Security
Question
15 answers
To: CS742 students.
Relevant answer
Answer
- there are four important security challenges facing the iot community .
1. wi-fi enabled devices are being added on local area networks (lan) without proper security.
2. there are issues with upgradability and patchability of iot endpoints.
3. problems have arisen around protecting physical access.
4. there’s a ton of hype from developers and consumers.
- 5G While there are still valid security approaches they need to be
revisited (trust models, devices, assurance)
  • asked a question related to IT Security
Question
9 answers
Dear Professor(s),
In pattern recognition, for security purpose we are using many biometrics traits.
According to that, we did many matching, authentication and verification.so, what is difference between identification and verification. 
Relevant answer
Answer
Nabil is correct. Another more explicit way : Verification is when you are found in a data base;whereas, Identification requires absolute, impossible to impersonate, biometric proof
  • asked a question related to IT Security
Question
4 answers
Hi everyone. I want to know the current research issues (areas) in Security in WSNs. I am specifically looking at DOS attack at the various layers of WSNs or Intrution Detection in WSNs. All suggestions are welcomed.
Thank you.
Relevant answer
Answer
Due to their limited resources and their wireless communication nature, WSNs are vulnerable to several types of attacks. This special issue aims to point out the security issues in WSNs. It will focus on the current countermeasures proposed to detect attacks, ensure security and enhance the performance of WSNs. The issue will also focus on the current challenges which must be taken into account when proposing such systems of security in wireless sensors networks.
These are the most recent issues that will be taken into account when talking about the WSN's security:
- Energy-efficient secure routing protocols for WSNs
- Intrusion detection systems for WSNs
- Hybrid intrusion detection systems for WSNs
- Misuse and anomaly intrusion detection systems for WSNs
 - Cross layer intrusion detection systems for WSNs
- Security, reliability and privacy for WSNs
- Low-cost elliptic curve cryptography for WSNs
- Symmetric/asymmetric cryptography security for WSNs
- Security challenges and solutions for WSNs
- Middleware challenges for WSNs
  • asked a question related to IT Security
Question
5 answers
I’m planning to provide a dual security for data stored on the cloud. I read about various methods for encrypting and decryption algorithm but i can't get conclude which one is better for cloud security I  would like some advice about recommended techniques. I’m really looking to find out what you’d consider to be the most efficient method as cost and time are limiting factors.
Relevant answer
Answer
It depends whether you just want to store the ciphered data or even do computations on the encrypted data. I suggest the following approaches:
Storage with single-user-access: symmetrical cryptosystem
Storage with multi-user-access: secret sharing with asymmetrical cryptosystem
Querying with single-user-access: searchable symmetrical encryption
Querying with multi-user-access: secret sharing with asymmetrical cryptosystem
Modifying: homomorphic cryptosystem
  • asked a question related to IT Security
Question
6 answers
In healthcare, doctors can not decide on what appropriate information (EHRs) is really needed for treatment of a patient case. The amount of information needed by healthcare providers to complete their tasks may vary greatly. The number of medical records a healthcare provider needs to access over a certain period of time depends on many factors, including the number of patients he/she serves, the case he/she working on, and so on. Also, such factors vary among healthcare providers and may change from time to time. It is thus very hard to determine how much risk we should tolerate for a healthcare provider, if a healthcare provider believes knowing more information that is relevant to her patient's conditions enables her to make better decisions. Here, The problems of insiders such as abuse or misuse of privileges granted by authorization services are increased and would be hard to detect .
If we say that, medical records classification is infeasible and requires a great deal of effort and skills to accomplish. How can we assess the risk if the medical records are not classified and we do not know who should access what? ???
Relevant answer
Answer
kindly check this book to understand more about HIPPA , how to secure HL7 messages  and other Healthcare IT skills needed .
also your RM team should first classify the Medical records then think how to protect according to HIPPA requirements , same time they should do Risk Assessment to find out the risks  you could face and what is the impacts and likelihood reealted to each risk and what is the best risk response for that.
for instance if your LAB IS can be hacked , medical records will be exposed , or when hacker hack doctor PC he can get computerized physician order entry (CPOE) medical records.
  • asked a question related to IT Security
Question
15 answers
Research trends within Enhancement Security of Cognitive radio network
Relevant answer
Answer
My dear Colleagues... also There is another important point related to " Information Warfare" which is faced every information communication system.. Hence we need to take care about : " Intelligent Jamming and anti-jamming techniques used in CRN" !!.. it is very important approach to help us in the Security enhancement problem .
  • asked a question related to IT Security
Question
3 answers
Dr. Mawih Kareem Shaker
Dr. Kavita
Relevant answer
Answer
What is Security Market.
  • asked a question related to IT Security
Question
6 answers
Threat modeling is an important activity to identify threats at the design phase. Are there any other methods to identify threats in the design phase?
Relevant answer
Answer
Are you familiar with Crime Prevention Through Environmental Design (CPTED)? There is first generation which focusses on hard elements like lighting, fencing, line of site etc and second generation which focusses more on policy and procedures and explicit social and cultural dynamics of the environment. See attached power point
  • asked a question related to IT Security
Question
8 answers
How to evaluate the security of a computer system ? Is there a framework that is currently used as a standard for measuring computer security ?
Relevant answer
Answer
Hi Yudi
First off, I would ask what you mean by computer system? I am assuming you refer to a computer system run by a company comprising a combination of many computers, servers, an intranet, various types of software and so on. That being the case, there are a great many security standards available today. Unfortunately, there is no "one size covers all" approach to guarantee the security of your computer system. In any event, even if there were, it would very quickly become out of date. This is because the rate of exploits being developed far exceeds the rate at which they can be prevented. There are a great many reasons for this, which I will attempt to outline for you.
First, since computers first were developed, they have increased in performance at a considerable rate, year on year. Consequently, the quality and range of software has also increased in sophistication, and complexity. While this increase in sophistication is usually welcome for business managers, it brings with it its own problems. The more complex it becomes, the more difficult it becomes to set it up properly, let alone set it up securely.
Business, too, has increased in complexity, and companies these days must comply with legislation, regulation, corporate governance, standards and industry best practice. Financial penalties are on the increase for breaches in compliance, even extending to criminal charges.
Of course, the threat environment has also increased significantly. The source of attack can be generally classified into 5 categories:
State sponsored groups;
Industrial espionage groups;
Hacktivist groups;
Criminal groups;
Individuals.
Of these, state sponsored groups will have highly skilled operatives, access to the best equipment, and will be very well resourced. Industrial espionage groups will generally be well organised, but less well resourced. Hacktivist groups will generally by highly committed, often poorly financed, but nontheless will be well skilled. Criminal groups will generally be well resourced, and will be able to afford to hire very skilled people to help them achieve their goals. Individuals will generally be poorly resourced and not too skilled.
You only need to review the annual security breach reports published by various firms to understand how much of a problem this now is. Here is a list of some areas of challenge which need to be properly addressed before a proper level of computer systems security and indeed privacy, can be achieved:
Access controls
Accountability and responsibility
Audit issues
Business continuity
Complexity of systems
Data ownership
Data protection
Encryption
Failure to patch software
Forensic support
Incident analysis
Infrastructure security
Laziness
Management approach to security
Mis-configuration of software
Multi-tenancy
Non-production environment
Physical security
Privacy
Processes
Proper definition of security goals
Regulatory compliance
Resilience
Security culture in the company
Security policies
Security procedures
Social engineering attacks
Staff security training
Standards compliance
Technical complexity of cloud
The threat environment
User identity
I have also included a few lists of useful papers for you to read on security and privacy. Many of these relate to cloud computing, as cloud security and privacy is my special area of interest, but generally, since cloud is more difficult to secure, much of what they talk about will be relevant for any setting.
If you want to be serious about achieving proper security, then you will need to be properly armed with a vast knowledge of the issues you face. And even that will not be enough. Constant vigilance will be required to keep pace with all the latest vulnerabilities. And coming up with a technical solution alone will not solve your problems, as the business architecture of a company comprises a combination of people, process and technology, so all three areas need to be properly addressed.
Happy reading.
Regards
Bob
  • asked a question related to IT Security
Question
15 answers
What are the current security threats and vulnerabilities cloud users such as organizations and companies are facing? could you suggest me research papers, reports or documents related with the question?
Relevant answer
Answer
Hi Jafar
There are many security threats and vulnerabilities faced by cloud users, many of which are obvious, and some less so. Here is a suggested list of areas you should take into consideration:
Access controls
Accountability and responsibility
Audit issues
Business continuity
Complexity of systems
Data ownership
Data protection
Encryption
Failure to patch software
Forensic support
Incident analysis
Infrastructure security
Laziness
Management approach to security
Mis-configuration of software
Multi-tenancy
Non-production environment
Physical security
Privacy
Processes
Proper definition of security goals
Regulatory compliance
Resilience
Security culture in the company
Security policies
Security procedures
Social engineering attacks
Staff security training
Standards compliance
Technical complexity of cloud
The threat environment
User identity
Each of these areas will impact on your cloud security to a greater or lesser extent. By checking each of these out, you will gain a better understanding of how these issues can impact on cloud security and privacy.
Remember, the business architecture of an organisation comprises a combination of people, process and technology, thus it is vital to take this into account when seeking to develop or use a cloud system that can offer good security and privacy.
Regards
Bob
  • asked a question related to IT Security
Question
6 answers
 I would like permission to post a survey questionnaire on this group. My survey is based on my Project Dissertation "The security implication of Mobile devices to organisations". My research will require me to do a survey in regards to security and organisations and I hoping this platform will give me access to IT professionals like you and their views concerning BYOD and IT security. I believe that my survey results will also be beneficial to everyone in this group as well.  https://strathsci.qualtrics.com/SE/?SID=SV_9ZXJ4zjGI2tkHEF
Relevant answer
Answer
It's done. However, I would like to highlight few issues (I do this kind of surveys for my research and I was also looking at it as a researcher and not merely as a respondent :), so please bear my comments) :
1. Does the organization have any policy guiding the actions taken when an employee's report's his or her device missing or stolen? In response even response is NO or I don't know, on next page, "Does the organization have any policy guiding the actions taken when an employee's report's his or her device missing or stolen?" is mandatory, which should be optional.
2. Has any employee reported any of the following attacks on their devices within the last 12 months:
Options available were YES, IDK, NO, which doesn't conform to what is asked in the question.
3. Does your organization have a policy against the use of any particular software applications?  has been asked twice.
4. What type of attacks is the most concern to the organization?
[Here organization refers to my organization or organization as in general. Threats are context dependent, I mean the concern level of threats vary from organization to organization.]
5. Demographics were missing [age, gender, educational level]; For IT Experts, experience would be an important factor. Moreover, there are variety of IT Experts so giving a definition in the introduction would be helpful. For example, academic IT staff are also experts in IT, however, their roles and duties are different. Then there are Network administrator, Database/MIS related experts, Information security officers, IT help desk etc. I believe you could have different views from all of the above.
I hope my comments will be useful for your future studies.
Good Luck!
  • asked a question related to IT Security
Question
5 answers
Am trying to get another tool that I can use to test for Security and Vulnerability issues in Mobile Cloud Computing so i could verify the data I already have ?
Relevant answer
Answer
Yes, you can use Burp Suite and Hydra tool in kali linux it will be best because one is for brute force attack for security purpose and burp suite for finding vulnerabilities in the environment
  • asked a question related to IT Security
Question
7 answers
ECC ( Elliptic Curve Cryptography) can be implemented in different methods, it is more complex than RSA. In addition, its discrete logarithm problem is more difficult to break than the factorization. The researchers have tried to attack ECC, but it is infeasible using the computational resources.
In present, the security strength of ECC is stronger than other public key cryptosystems.
Any help will be the great appreciation. Thanks.
Relevant answer
Answer
I like ECC. But I need to know more about it. What is said about it here is absolutely true.
  • asked a question related to IT Security
Question
4 answers
Specifically on physical layer and MAC layer attacks.
Relevant answer
Answer
OMNET++ simulation program has many application in network, communication and advanced system that employ security.
  • asked a question related to IT Security
Question
3 answers
Although the location of eavedropper is random, in my work assumed the direct link between the sourse and the eavesdropper unavailable , if you are the reviewer of this paper, are you agree with this simplify system model?
Relevant answer
Answer
No way. Anybody ernestly trying to intrude would go to the direct link.
If this is accessible by any means, it has to be considered.
  • asked a question related to IT Security
Question
1 answer
I'm doing some research on the explosive characteristic of fountain codes,which means the original symbols can be decoded suddenly when the receiver gets some key symbols. I do think this feature can be used in the problem of physical layer security, in which the legitimate user can get enough encoded symbols before eavesdroppers,and finishes decoding firstly. I'm now focusing on how to enhance the explosive characteristic. I will really appreciate it that someone can give me some suggestions.
Relevant answer
Answer
Breaking the content in several chunks, to create "multiple" explosions?
  • asked a question related to IT Security
Question
14 answers
How much power does the encrypted packet consume comparing to unencrypted packet?
I know it depends on the encryption algorithm, but you may mention the type of encryption alongside with the power consumption. What I would like to know is both the power consumed by an unencrypted packet and an encrypted packet. so I can make comparison.
I went through many papers to figure this out, but they just mention the power consumed by encryption without mentioning how much the unencrypted packet consume ?
I need to know weather the encryption add significant overhead to the overall consumption, either symmetric or asymmetric , and might the only way is to compare the power consumed with and without encryption in numbers.
Thank you so much guys for your cooperation in advance.
Relevant answer
Answer
I think this varies greatly, depending on the type of crypto algorithm and whether it's done in hardware or software. This is an interesting piece:
Note that part about how the crypto key was reconstructed for RSA, by measuring power requirement (so-called "side channel attack").
Symmetric key stream ciphers should be the least power hungry of all, and they also do not increase the length of the message. My bet is that one can devise a symmetric key stream cipher that would require a negligible amount of extra power. I haven't actually tried measuring this, but it should be straightforward enough to run your own experiment.
So, one technique you can use to save computing time and energy, use an asymmetric key cipher to transmit the secret key, then use a symmetric key cipher for the messaging itself.
A long post, considering I didn't answer the question.
  • asked a question related to IT Security
Question
8 answers
Sometimes it is necessary to use tools for hack (testing) or discover vulnerabilities and resolving security vulnerabilities in the system of institutions by using attacker tools :
- Kali Linux
- Backtrack
- Pentoo
- Nodezero
- Network Security Toolkit (NST)
- Parrot Security
- BackBox Linux
- GnackTrack
- Bugtraq
etc..
Relevant answer
Answer
Dear Ameer
One of the best OS is Linux Distro Kali. It is best for penetrating and developed by the BackTrack team. It is basically for offensive security.
Please see the following link.
Some of the best that could be used for practice sessions are :
1. Kali Linux
2. BackBox
3. Parrot-sec forensic os
4. DEFT
5. Live Hacking OS
6. Samurai Web Security Framework
7. Network Security Toolkit (NST)
8. Bugtraq
9. NodeZero
10. Pentoo
11. GnackTrack
12. Blackbuntu
13. Knoppix STD
14. Weakerth4n
15. Cyborg Hawk
Thanks and Regards
Sanoop M
  • asked a question related to IT Security
Question
7 answers
I have come up with idea of implementing Data hiding in panorama videos in order to gain more data hiding capacity and security while maintaining a sufficient quality of videos. Are there any challenges related to this proposed idea and where to find background information on this topic.
Regards,
Satwinder Singh 
  • asked a question related to IT Security
Question
7 answers
Hello,
I am trying to find different case studies that could be used for learnng different information security and privacy (IS&P) concepts, issues, approaches to deal with different IS&P threats. Although I am more interested in case studies focused on human element in information security, however, case studies focusing other aspects of IS&P are also of interest.
In some cases, "scenarios" and "case-based learning" are also used for this kind of teaching or learning.
I myself am searching but if someone already is aware of some resources, it will be really helpful.
Thanks,
Ali
Relevant answer
Answer
Human factor is considered as the weakest link in defending systems' security and privacy. The bulk of known attacks lay in the area of social engineering attacks. Phishing attacks are wide spread in on- and off-line communications (for instance, emailing and postal services).
These bold/italic marked terms above can be used to see their exact meaning in the Wikipedia, and applied with any search engine to collect enormous amount of information relating to the actual analyses of vulnerabilities, threats and their impact on privacy and security. 
  • asked a question related to IT Security
Question
4 answers
Generally, the notion of military leadership is connected with leading people in a battle and therefore belongs to the moral component of fighting power. Or, as Liddell Hart says "a commander should have a profound understanding of human nature, the knack of smoothing out troubles, the power of winning affection while communicating energy, and the capacity for ruthless determination when required by circumstances. He needs to generate an electrifying current, and keep a cool head in applying it." On the other hand, security environment has changed (more complex, uncertain) and the military integrates more with other governmental ministries and agencies in order to provide security. The imperative for the military organization is to be more agile, responsive, adaptable and innovative. In that sense it seems that (the highest) military leadership's qualities needs to be expanded to encompass ability to transform the organization (even the culture). How does it fit in the developmental theory? (ref. Susanne Cook-Greuter, WIlliam Torbert, Ken WIlber)
Relevant answer
Answer
Military leadership is required to act differently in different situations. During war time, the military leadership is required to take strategic decisions and implement the same through command and control structure, the military organizational structure being hierarchical.However, leader is required to lead from the front, set example and keep the level of motivation of the forces high. During peace time, the leadership role is to lead a human organization, where understanding of human psyche is important . Therefore, leader is required to communicate, understand the expectations of  different ranks & training needs, be compassionate & empathetic, and keep the level of motivation high through peace time engagement in regular military exercise and social welfare activities. Military leadership is also required to coordinate with different ministries of the government  for national security and for all time preparedness for strategic warfare. Military leadership is required to create agile organization which is highly responsive and adaptable and based on a culture of morality, ethics and commitment.   
  • asked a question related to IT Security
Question
5 answers
I am a teacher of the network security,and a engineer of a network and Information system manager, I am afraid that I cannot solve all the security of my work, and want to build a wall of guard of network and system, and want to study the security theory , and want to study the data mining,but I don't know how I start. Can you help me? Thank you.
Otherwise ,my English is poor,
Relevant answer
Answer
In data mining, first you should read the next link: http://www.the-data-mine.com/
After you can read the book: Data Mining: Concepts and Techniques, you see in: https://cs.wmich.edu/~yang/teach/cs595/han/ch01.pdf
  • asked a question related to IT Security
Question
7 answers
Is there a systematic approach that can do this. We have our system threat model, a set of attack goals, a list of atomic attacks towards the system architecture components: How to link the attacker goals to atomic attacks in a tree structure ? 
Relevant answer
Answer
Hi Motti
I have an idea to try manually this relationship, following the Threat Modeling methodology [1][2].
In one side you have the attack path (built by attack tree) in another you have the attacker goals. Due the methodology you can try to connect the attacker goals with the assets mapped, those assets are part of attack tree and are the goal of attacker.
[1] Frank Swiderski, Window Snyder. Threat Modeling. Microsoft Press, 2004.
[2]Adam Shostack. Threat Modeling: designing for security. John Wiley & Sons, Inc, 2014.
  • asked a question related to IT Security
Question
3 answers
Hi Professors,
Nowadays, Many researchers are used fuzzy logic in biometric, particularly security purpose. but fuzzy logic gave only the approximate solution. how it is validated. how it is acceptable.
Relevant answer
Answer
Most of the computational systems for real life applications will have to handle uncertainty, vagueness and ambiguity.  Real life applications of biometric system in security system will have to handle any one or more of the above.  Fuzzy logic helps to represent uncertainty, vagueness and ambiguity in a better way and it will act as an intelligent layer to any conventional system.
  • asked a question related to IT Security
Question
7 answers
I'm looking for a place to potentially host an online discussion space for 40-50 users, would need to be secure and ideally professional looking.  Does anyone know of literature for this type of data collection, also? Thanks
Relevant answer
Answer
Just about any bulletin board or forum software can be configured for asynchronous focus groups. You might start by checking whether your university already has such software available through an online learning platform. If not, here are some possible programs:
With regard to security, almost all of these software packages will allow you to use password sign-in and assign avatars or self-selected user names for your participants, but remember, any participant will be able to see what the others post, which may limit your ability to promise confidentiality.
Finally, here are two articles on the topic.
  • asked a question related to IT Security
Question
3 answers
What are the problems that are being caused by computer systems?
Relevant answer
Answer
In a security perspective, hash functions are not enough to protect integrity - you need either Message Authentication Codes or Digital Signatures.
  • asked a question related to IT Security
Question
17 answers
I would like to start a simulation between two nodes using different types of encryption, and I am confused between Omnet++, Castalia and NS3. I don't know which one of them support encryption and other security features required by WSNs. Could you please share your experience in this mattaer.
Many thanx.
Relevant answer
Answer
Thanks Guys your answers is really appreciated. I am still would like to hear from someone who already has used either omnet++ or NS2 for WSN encryption.
  • asked a question related to IT Security
Question
6 answers
I have proposed a forensic model, i want to get a rough idea how i can do the following:
1. Prove the correctness
2. check the correctness
3. Evaluate the model processes
Relevant answer
Answer
In statistical analysis for the modles, there is alwys model fit indices, you can check it. in each of these tests, there is special way to read the fit result. for example, in Factor Analysis, the goodness-of-fit test comparing the variance-covariance matrix under this model to the variance-covariance matrix under the assumption that the variances and covariances can take any values. To assess goodness-of-fit, we use a Bartlett-Corrected Likelihood Ratio Test  and in Confirmatory Factor Analysis we look at several goodness of fit indices such as GFI, AGFI, IFI, CFI
  • asked a question related to IT Security
Question
7 answers
I am working in the field of designing and obtaining the best security algorithm for particular environment. It would be very helpful for me if I can get access to some data set or source from where I can retrieve security algorithm details. The detail I require is different Cryptography algorithm prevents which attacks.
Symmetric and Asymmetric both with conventional and hybrid algorithms. I am working on cloud storage as a service part, so need to secure the database, interaction with database and customer environment to build customer trust in cloud.
Relevant answer
Answer
I suggest the book:
Handbook of Applied Cryptography
by:
Alfred J. Menezes
Paul C. van Oorschot
Scott A. Vanstone
It provides a quick detailed reference to various cryptographic algorithms and protocols.
  • asked a question related to IT Security
Question
6 answers
From where can I get data related to attacks prevented by major Cryptography algorithms? Is their any data set available?
Relevant answer
Answer
  • asked a question related to IT Security
Question
3 answers
Hi,
I need a privacy meter to secure personal data. For this I need to find threshold value,so that I can find all the entities which are below threshold are safe. Other entities which are above threshold values are unsafe.
Can anyone provide some formulas and methods to find how to mitigate privacy risk for a large amount of personal data.
Relevant answer
Answer
Jeff, it was indeed a valuable response and the suggested tool will be great help towards implementation of one of the ideas I have in mind. Thank you so much. Thanks kskyani for asking the question as well :-)
  • asked a question related to IT Security
Question
4 answers
Planning to work on project on VANET Security or something familiar, what should I include. Actually looking for an idea to work on. Need suggestions. Thanks
Relevant answer
Answer
After a literature survey, you need to learn the network simulator NS-2 or NS-3 or Qualnet and then VANET SIM especially for VANET simulation. Then security measures can be implemented on VANET SIM.
  • asked a question related to IT Security
Question
4 answers
I am looking for methods and modeling languages for correctly applying a security pattern in a application model. What is the methods that exist and that I can use and what interresting field of research do you see in this area ?
Relevant answer