IT Security - Science topic

There are various ways in which cryptography can be applied to value-added services in mobile networks. One way is to use encryption to secure the communication between the mobile device and the service provider. This can be done by using algorithms such as AES (Advanced Encryption Standard) or RSA (Rivest–Shamir–Adleman).

Another way is to use digital signatures to authenticate users and transactions. Digital signatures use a combination of public and private keys to prove the authenticity of a message or transaction. This can be particularly important for financial transactions or other sensitive transactions.

Finally, it's important to use secure protocols such as TLS (Transport Layer Security) or HTTPS (HTTP Secure) to ensure that all communication between the mobile device and the service provider is encrypted and secure. These protocols can help to prevent eavesdropping and other types of attacks that can compromise the security of value-added services in mobile networks.

I don't use whatsapp and I don't care to use it.

Zhu, R. (2015). An Initial Study of Customer Internet Banking Security Awareness and Behaviour in China. In PACIS (p. 87).

The level of cybersecurity of data collected on social media is constantly being raised. However, there is still no full 100 percent. cybersecurity on this issue.

I invite you to the discussion,

Regards,

Dariusz Prokopowicz

I wrote a tool to do this: https://github.com/mmagnus/pubmex take a look if you want

pubmex.py -a -f sharp2017.pdf -r sharp2017.pdf --> ./Sharp.Hockfield.Convergence.The.future.health.Science.2017.pdf

In recent months, there have been cybercriminal attacks on public institutions and large enterprises as well as technology companies based on data stolen by cybercriminals from social networks and by sending fake e-mails containing malware and hidden ransomware viruses.

Regards,

Dariusz Prokopowicz

Yes, in recent months there have been new, spectacular and effective cybercriminal attacks targeting selected large technology companies, companies from the energy sector, fuel sector, food production and other companies operating in strategic sectors of the economy as well as public institutions, including selected local government institutions and central public administration institutions countries. Cybercriminal attacks were carried out on the basis of cybercriminal techniques and solutions that have been known for years, i.e. through spamming containing malware, infecting computers with ransomware viruses encrypting access to disks containing important company data, through various variants of the cybercriminal technique known as phishing, by hijacking data to log in to specific accounts of various websites, to log in to e-mail, data downloaded from social networks and other places where Internet users enter personal and sensitive data and do not maintain high cybersecurity standards.

Greetings,

Dariusz Prokopowicz

In the area of ​​cybersecurity of online banking, I propose the following research topic: Analysis of the use of Industry 4.0 technology in the field of improving cybersecurity of online banking, including mobile banking. This topic may also take into account the scale of application of cybersecurity rules and recommendations by bank customers and the level of cybersecurity of operating systems used by bank customers, web browsers and other Internet applications installed on laptops and smartphones, through which bank customers use online banking.

Best regards,

Dariusz Prokopowicz

Most citizens are unaware of how much information about Internet users is possessed by Internet technology companies that offer certain information services on the Internet.

Best regards,

Dariusz Prokopowicz

Since Big Data and / or Data Science resources in the databases of many Internet technology companies are constantly growing, is the importance of cyber security of the information systems of these companies and the data stored in these databases growing analogically?

Thank you, Regards,

Dariusz Prokopowicz

Social media, in recent times, has with eased an explosion of data with so many social media platforms available to interact and express opinions freely. This has led to easy access to the privacy of social media users which raise broader security concerns … Sharma, S., & Jain, A. (2020). Role of sentiment analysis in social media security and analytics. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, e1366.

The risk could be in tow form - one you already have mentioned is Security, a vital risk - needs to addressed by collective efforts on a war footing.

Secondly, the size of data itself, how integration takes place among hardware, software, latest internet serervice providers, cloud, etc. across the globe is also a risk.

At times like this, where a large part of the population is isolated, the use of digital means of payment is increasing, and therefore, the risk of being scammed as well. Therefore, in times of pandemic, I consider this as a fundamental question, on which the population should be informed in order to seek to prevent these types of fraud.

Strategies should be sought to prevent people from committing economic crimes such as theft or corruption, as described in the following manuscript

Contiki cooja is Best...

Hello

Japanese society:

( scientificو Organizerو sincerelyو developedو they work hard, Committed to not cheat, But he has no religion.

Good Nigth

Dear Nguyen ,

Currently, I'm working on enhancing the security of the smart contract, which focuses on :

1- Design patterns

2- coding and development of smart contract

Item 4 in a previous post, identity, is fundamental and at a certain level, un- provable as a absolute. We assume identity (this IS this) given evidence, but evidence too, is a form of identity (this PROVES this). The links "is" and "proves" are human judgement, and it's turtles all the way down. https://en.m.wikipedia.org/wiki/Turtles_all_the_way_down

Other than that, you have offered a lot of good ideas (and good questions and good comments) to unpack in your reply. Not sure what else I could add.

Blockchain technology & security system - Interesting - Following .

good answer, I am follow

Possible ways include:

Therefore, in the context of the above considerations, the following important question appears:

Security of social media portals is currently one of the most important topics of social media portals and other new internet media and information services. Therefore, scientists at various universities are involved in researching this issue. Therefore, security tools for information collected in social media portals databases and data security systems on the Internet are being developed. In companies and key public institutions, systems for risk management of information systems and information transfer on the Internet are also developed.

Do you agree with me on the above matter?

In the context of the above issues, the following question is valid:

Please reply

I invite you to the discussion

Thank you very much

I invite you to discussion and cooperation.

Thank you very much

Best wishes

If the Pseudo Random Number Generator algorithm is good, then it should not matter what it is seeded with. Looking at short strings it will not be possible to determine the seeds. However, many simple PRNGs fail in this respect. The poor algorithms emit short strings before getting caught in a cycle.

Following

You can read the literature yourself and come up with your own conclusions. It would do you good, you would sound less like a non-expert rambling about something you have very little clue about. I am done here.

When creating a malware, the creator has to think about malware-detection method first (otherwise his malware did nothing). => he created a malware that is not detectable with the current algorithms (anti-virus program). When a computer is infected, the defender analyzed the malware and creates a new mechanism to detect it. And again, the creator knows this mechanism and thinking of new malware. This cycle never ends, the battle between white hat and black hat hackers I would say

Thank you, Dariusz, for posting a most relevant question. My area of research is users' behaviors in information security.

You are indeed right that privacy is connected to information security, and online social networks (OSNs) has a huge amount of personal information shared by person himself or one of his connections. There is also a debate on the differences of OSN, social media websites, social media portals and similar others. There are similarities in them but different researchers used these terms without any standardization.

Moving away from the debate of "user of correct term", I believe users have share already a lot on the OSNs and I am compelled to say that at individual level we have lost the battle of privacy against the giants such as Facebook and Google. They know and remember much more than we do. However, what is left behind is to preserve privacy of an individual from being violated by "Script kiddies" and a tech savvy guy(s). We need to raise awareness among the users based on this point.

The other point you have mentioned was about use of users' data for marketing purpose. Well, that was purpose of OSNs, otherwise, how will they gather revenue for their businesses. What we, as researchers, should look into how to improve and make their terms and conditions users' friendly so that users' may read them before accepting them. I must say only the most informed users will read the terms as their needs to use an OSN is much more higher than their perceived importance of privacy :)

I would love to discuss more, and even work if you have something in mind to initiate.

Cheers,

Ali

I agree with you, but it's not all about sales.

I think the most blatant was the quest for fame/notoriety by the irresponsible so-called researchers, who published the obscure (and, largely unexploitable) 'vulnerability in the instruction queue of Intel CPU's. This caused widescale panic, a few remedies which were worse than the disease, all for a bug which no hacker would ever dream of trying to exploit. Why? Because it's not cost-effective. Cybercrime is a business and, like any other, it needs to maximise ROI, so patiently hacking one PC in the hope that a password will materialise for a bank account which actually contains money is something only a researcher would do.

As a cybersecurity company, (designsim.com.au) we take a battering 24/7 from about 72 countries, mainly from botnets, so we're fairly up to date on the latest trends.

The main attack vector over the last three or four months is a DDoS attempt which appears to come from compromised IoT devices, probably NVR/DVR or routers, originating mainly in South America and looking like this (with the cutely-imbecilic and fake Referer)

To date we've had over 10,000 such hack attempts.

Second, is a revival of an old Drupal vulnerability, consisting of a pair of queries like:

the hope being for an escalation of privileges.

Lastly, one that never goes away, is the eternal exploitation of the thousands of bugs in WordPress/PHP:

94.102.49.122 - - [30/Oct/2018:06:07:50 +1100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "ZmEu"

Perhaps it would be a good time to get the IDS to trigger on these.

In my just-user view, there is no other choice other than using CAPTHCA. I read that open 1000 captcha is very cheap with human cheap labor, but sometime it' s not worth it. Well the solution is maybe to allow the humans to do qualified jobs and using computer for not frivolous purpose ( i.e cheap buying).

@albert, yes this is possible however stream ciphers are statefull and if you look for a stateless block cipher then stream ciphering is not possible.

A brief introduction to cryptography from the IBM website may also help you to understand: https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.14/gtps7/seccon.html

This website will generate keys online:

Hi

Yes, you can.

I have done it and you can see my papers.

You should calculate cloudlets' response time by controlling events in CloudSim.

Previous research in IoV can be the framework proposed by Pacheco et al. (2016). They proposed an IoT Security Development Framework (ISDF) for building trustworthy Smart car services. The ISDF enables developers to consider security issues at all IoT layers and integrates security algorithms with the functions and services offered in each layer rather than considering security in an ad-hoc and after thought manner.

Back in the 80's the police and anyone that had to do with the police were too laid back.  They didn't find anything wrong with people getting abused.  But let me qualify this, the reason why they were like this is because back in the 60's and 70's it was allowed, yes legally, it was allowed for men to what they call punish their wife.  I can tell you stories about Albany, NY and the way that the police were so messed up I used to mess up all their cases they were trying to build by setting guys up and planting them on the.  What I did without them seeing me was no you can't do that I seen you put those drugs on him. 

You can also apply the below-mentioned five main IT security objectives to cloud computing.

- there are four important security challenges facing the iot community .

1. wi-fi enabled devices are being added on local area networks (lan) without proper security.

2. there are issues with upgradability and patchability of iot endpoints.

3. problems have arisen around protecting physical access.

4. there’s a ton of hype from developers and consumers.

- 5G While there are still valid security approaches they need to be

revisited (trust models, devices, assurance)

Due to their limited resources and their wireless communication nature, WSNs are vulnerable to several types of attacks. This special issue aims to point out the security issues in WSNs. It will focus on the current countermeasures proposed to detect attacks, ensure security and enhance the performance of WSNs. The issue will also focus on the current challenges which must be taken into account when proposing such systems of security in wireless sensors networks.

These are the most recent issues that will be taken into account when talking about the WSN's security:

- Energy-efficient secure routing protocols for WSNs

- Security, reliability and privacy for WSNs

It depends whether you just want to store the ciphered data or even do computations on the encrypted data. I suggest the following approaches:

Storage with single-user-access: symmetrical cryptosystem

Storage with multi-user-access: secret sharing with asymmetrical cryptosystem

Querying with single-user-access: searchable symmetrical encryption

Querying with multi-user-access: secret sharing with asymmetrical cryptosystem

Modifying: homomorphic cryptosystem

kindly check this book to understand more about HIPPA , how to secure HL7 messages  and other Healthcare IT skills needed .

also your RM team should first classify the Medical records then think how to protect according to HIPPA requirements , same time they should do Risk Assessment to find out the risks  you could face and what is the impacts and likelihood reealted to each risk and what is the best risk response for that.

for instance if your LAB IS can be hacked , medical records will be exposed , or when hacker hack doctor PC he can get computerized physician order entry (CPOE) medical records.

My dear Colleagues... also There is another important point related to " Information Warfare" which is faced every information communication system.. Hence we need to take care about : " Intelligent Jamming and anti-jamming techniques used in CRN" !!.. it is very important approach to help us in the Security enhancement problem .

What is Security Market.

Are you familiar with Crime Prevention Through Environmental Design (CPTED)? There is first generation which focusses on hard elements like lighting, fencing, line of site etc and second generation which focusses more on policy and procedures and explicit social and cultural dynamics of the environment. See attached power point

Hi Yudi

First off, I would ask what you mean by computer system? I am assuming you refer to a computer system run by a company comprising a combination of many computers, servers, an intranet, various types of software and so on. That being the case, there are a great many security standards available today. Unfortunately, there is no "one size covers all" approach to guarantee the security of your computer system. In any event, even if there were, it would very quickly become out of date. This is because the rate of exploits being developed far exceeds the rate at which they can be prevented. There are a great many reasons for this, which I will attempt to outline for you.

First, since computers first were developed, they have increased in performance at a considerable rate, year on year. Consequently, the quality and range of software has also increased in sophistication, and complexity. While this increase in sophistication is usually welcome for business managers, it brings with it its own problems. The more complex it becomes, the more difficult it becomes to set it up properly, let alone set it up securely.

Business, too, has increased in complexity, and companies these days must comply with legislation, regulation, corporate governance, standards and industry best practice. Financial penalties are on the increase for breaches in compliance, even extending to criminal charges.

Of course, the threat environment has also increased significantly. The source of attack can be generally classified into 5 categories:

State sponsored groups;

Industrial espionage groups;

Hacktivist groups;

Criminal groups;

Individuals.

Of these, state sponsored groups will have highly skilled operatives, access to the best equipment, and will be very well resourced. Industrial espionage groups will generally be well organised, but less well resourced. Hacktivist groups will generally by highly committed, often poorly financed, but nontheless will be well skilled. Criminal groups will generally be well resourced, and will be able to afford to hire very skilled people to help them achieve their goals. Individuals will generally be poorly resourced and not too skilled.

You only need to review the annual security breach reports published by various firms to understand how much of a problem this now is. Here is a list of some areas of challenge which need to be properly addressed before a proper level of computer systems security and indeed privacy, can be achieved:

Access controls

Accountability and responsibility

Audit issues

Business continuity

Complexity of systems

Data ownership

Data protection

Encryption

Failure to patch software

Forensic support

Incident analysis

Infrastructure security

Laziness

Management approach to security

Mis-configuration of software

Multi-tenancy

Non-production environment

Physical security

Privacy

Processes

Proper definition of security goals

Regulatory compliance

Resilience

Security culture in the company

Security policies

Security procedures

Social engineering attacks

Staff security training

Standards compliance

Technical complexity of cloud

The threat environment

User identity

I have also included a few lists of useful papers for you to read on security and privacy. Many of these relate to cloud computing, as cloud security and privacy is my special area of interest, but generally, since cloud is more difficult to secure, much of what they talk about will be relevant for any setting.

If you want to be serious about achieving proper security, then you will need to be properly armed with a vast knowledge of the issues you face. And even that will not be enough. Constant vigilance will be required to keep pace with all the latest vulnerabilities. And coming up with a technical solution alone will not solve your problems, as the business architecture of a company comprises a combination of people, process and technology, so all three areas need to be properly addressed.

Happy reading.

Regards

Bob

Hi Jafar

There are many security threats and vulnerabilities faced by cloud users, many of which are obvious, and some less so. Here is a suggested list of areas you should take into consideration:

Access controls

Accountability and responsibility

Audit issues

Business continuity

Complexity of systems

Data ownership

Data protection

Encryption

Failure to patch software

Forensic support

Incident analysis

Infrastructure security

Laziness

Management approach to security

Mis-configuration of software

Multi-tenancy

Non-production environment

Physical security

Privacy

Processes

Proper definition of security goals

Regulatory compliance

Resilience

Security culture in the company

Security policies

Security procedures

Social engineering attacks

Staff security training

Standards compliance

Technical complexity of cloud

The threat environment

User identity

Each of these areas will impact on your cloud security to a greater or lesser extent. By checking each of these out, you will gain a better understanding of how these issues can impact on cloud security and privacy.

Remember, the business architecture of an organisation comprises a combination of people, process and technology, thus it is vital to take this into account when seeking to develop or use a cloud system that can offer good security and privacy.

Regards

Bob

It's done. However, I would like to highlight few issues (I do this kind of surveys for my research and I was also looking at it as a researcher and not merely as a respondent :), so please bear my comments) :

1. Does the organization have any policy guiding the actions taken when an employee's report's his or her device missing or stolen? In response even response is NO or I don't know, on next page, "Does the organization have any policy guiding the actions taken when an employee's report's his or her device missing or stolen?" is mandatory, which should be optional.

2. Has any employee reported any of the following attacks on their devices within the last 12 months:

Options available were YES, IDK, NO, which doesn't conform to what is asked in the question.

3. Does your organization have a policy against the use of any particular software applications?  has been asked twice.

4. What type of attacks is the most concern to the organization?

[Here organization refers to my organization or organization as in general. Threats are context dependent, I mean the concern level of threats vary from organization to organization.]

5. Demographics were missing [age, gender, educational level]; For IT Experts, experience would be an important factor. Moreover, there are variety of IT Experts so giving a definition in the introduction would be helpful. For example, academic IT staff are also experts in IT, however, their roles and duties are different. Then there are Network administrator, Database/MIS related experts, Information security officers, IT help desk etc. I believe you could have different views from all of the above.

I hope my comments will be useful for your future studies.

Good Luck!

Yes, you can use Burp Suite and Hydra tool in kali linux it will be best because one is for brute force attack for security purpose and burp suite for finding vulnerabilities in the environment

I like ECC. But I need to know more about it. What is said about it here is absolutely true.

OMNET++ simulation program has many application in network, communication and advanced system that employ security.

No way. Anybody ernestly trying to intrude would go to the direct link.

If this is accessible by any means, it has to be considered.

Breaking the content in several chunks, to create "multiple" explosions?

I think this varies greatly, depending on the type of crypto algorithm and whether it's done in hardware or software. This is an interesting piece:

Note that part about how the crypto key was reconstructed for RSA, by measuring power requirement (so-called "side channel attack").

Symmetric key stream ciphers should be the least power hungry of all, and they also do not increase the length of the message. My bet is that one can devise a symmetric key stream cipher that would require a negligible amount of extra power. I haven't actually tried measuring this, but it should be straightforward enough to run your own experiment.

So, one technique you can use to save computing time and energy, use an asymmetric key cipher to transmit the secret key, then use a symmetric key cipher for the messaging itself.

A long post, considering I didn't answer the question.

Dear Ameer

One of the best OS is Linux Distro Kali. It is best for penetrating and developed by the BackTrack team. It is basically for offensive security.

Please see the following link.

Some of the best that could be used for practice sessions are :

1. Kali Linux

2. BackBox

3. Parrot-sec forensic os

4. DEFT

5. Live Hacking OS

6. Samurai Web Security Framework

7. Network Security Toolkit (NST)

8. Bugtraq

9. NodeZero

10. Pentoo

11. GnackTrack

12. Blackbuntu

13. Knoppix STD

14. Weakerth4n

15. Cyborg Hawk

Thanks and Regards

Sanoop M

there seem to be a lot of patents out there...

Human factor is considered as the weakest link in defending systems' security and privacy. The bulk of known attacks lay in the area of social engineering attacks. Phishing attacks are wide spread in on- and off-line communications (for instance, emailing and postal services).

These bold/italic marked terms above can be used to see their exact meaning in the Wikipedia, and applied with any search engine to collect enormous amount of information relating to the actual analyses of vulnerabilities, threats and their impact on privacy and security. 

Military leadership is required to act differently in different situations. During war time, the military leadership is required to take strategic decisions and implement the same through command and control structure, the military organizational structure being hierarchical.However, leader is required to lead from the front, set example and keep the level of motivation of the forces high. During peace time, the leadership role is to lead a human organization, where understanding of human psyche is important . Therefore, leader is required to communicate, understand the expectations of  different ranks & training needs, be compassionate & empathetic, and keep the level of motivation high through peace time engagement in regular military exercise and social welfare activities. Military leadership is also required to coordinate with different ministries of the government  for national security and for all time preparedness for strategic warfare. Military leadership is required to create agile organization which is highly responsive and adaptable and based on a culture of morality, ethics and commitment.   

In data mining, first you should read the next link: http://www.the-data-mine.com/

After you can read the book: Data Mining: Concepts and Techniques, you see in: https://cs.wmich.edu/~yang/teach/cs595/han/ch01.pdf

Just about any bulletin board or forum software can be configured for asynchronous focus groups. You might start by checking whether your university already has such software available through an online learning platform. If not, here are some possible programs:

With regard to security, almost all of these software packages will allow you to use password sign-in and assign avatars or self-selected user names for your participants, but remember, any participant will be able to see what the others post, which may limit your ability to promise confidentiality.

Finally, here are two articles on the topic.

In a security perspective, hash functions are not enough to protect integrity - you need either Message Authentication Codes or Digital Signatures.

Thanks Guys your answers is really appreciated. I am still would like to hear from someone who already has used either omnet++ or NS2 for WSN encryption.

In statistical analysis for the modles, there is alwys model fit indices, you can check it. in each of these tests, there is special way to read the fit result. for example, in Factor Analysis, the goodness-of-fit test comparing the variance-covariance matrix under this model to the variance-covariance matrix under the assumption that the variances and covariances can take any values. To assess goodness-of-fit, we use a Bartlett-Corrected Likelihood Ratio Test  and in Confirmatory Factor Analysis we look at several goodness of fit indices such as GFI, AGFI, IFI, CFI

I suggest the book:

Handbook of Applied Cryptography

by:

Alfred J. Menezes

Paul C. van Oorschot

Scott A. Vanstone

It provides a quick detailed reference to various cryptographic algorithms and protocols.

This may be useful to you.

Jeff, it was indeed a valuable response and the suggested tool will be great help towards implementation of one of the ideas I have in mind. Thank you so much. Thanks kskyani for asking the question as well :-)

After a literature survey, you need to learn the network simulator NS-2 or NS-3 or Qualnet and then VANET SIM especially for VANET simulation. Then security measures can be implemented on VANET SIM.

See here

“Hadoop security”

_________________________________

Current security threats and prevention measures relating to cloud services, Hadoop concurrent processing, and big data

_____________________________________________

Hadoop and Risk Analytics

Good luck