Information Security

Information Security

  • Ali A R Aldallal added an answer:
    54
    What is information security?

    Dear collegues. Your answer is highly appreciated. I think the points that you mentioned, have been prolific for me and many of RG members.

    Information security - the state of preservation of information resources and protection of the legitimate rights of the individual and society in the information sphere. Information Security - is the process of ensuring the confidentiality, integrity and availability of information.

    With kind regards, Shafagat

    Ali A R Aldallal

     Information security

    Safe-guarding an organization's data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.

    Read more: http://www.businessdictionary.com/definition/information-security.html#ixzz3zVvKKS7e

  • Pascal Paillier added an answer:
    12
    How to encrypt/decrypt a database using elliptic curve cryptography?
    I want to know about process of encryption and decryption of a database by using elliptic curve cryptography.
    Pascal Paillier

    The well-established way to public-key encrypt using elliptic curves is the ElGamal scheme, known as ECIES-KEM in standards. Just Google ECIES, you will find 4 different standards that specify it. It is trivial to implement once you have a scalar multiplication working.

  • Cem Onat Karagun added an answer:
    5
    Can we perform ARP poisoning in one subnet, say A while we are sitting in another subnet B. These subnets are connected to each other using a router.
    I want to check whether we can launch ARP poisoning attack in a subnet without really sitting in that subnet. Can we do it from a subnet which is connected to that subnet using a router?
    Cem Onat Karagun

    No my friend,
    You just can not without (!) Vlan hopping
    If u wanna learn how it could be done, search on google

    "Trunk port spoofing with Yersinia"

    Best regards,
    Cem.

  • Ramon López de Mántaras added an answer:
    1
    Hi, could someone please point me to a numerical example showing how Mantaras distance is used to compare two partitions?

    As additional context, I am planning to use this metric in clustering evaluation to calculate the distance between two partitions (each one with a set of clusters). However, I am always getting a distance of 1 (regardless of the input clusters). This issue leads me to believe that I might be interpreting incorrectly a part of the equation: Dist(Pa,Pb) = 2 - (I(Pa) + I(Pb)/I(Pa ∩ Pb)). Unfortunately, all the references I have found only show the involved equations without a detailed example.

    Ramon López de Mántaras

    I am the person that proposed this distance. In my paper "A distance based attribute selection measure for decision tree induction" (Machine Learning Journal, Vol. 6,nº 1, pp. 81-92, 1991. you can find all the necessary information to understand correctly my distance. If you have any difficulties please contact me (mantaras@iiia.csic.es)

  • Hugh Jensen Mclarty added an answer:
    2
    Has single/dual n-back training any lasting effects?

    Does single or dual-n-back training have any lasting, transferable effects on other cognitive skills, apart from improving the performance in running the dual-n-back game? Some research studies indicate that it may have some effect for some people with some conditions (e.g. older people, people with dysphoria etc.), however larger meta-studies indicate no or very small effect in general as well as methodological problems in the underlying studies. The research therefore seems inconclusive.

    What is your research experience with this? Are there any groups or conditions where such training has been shown to have transferable, lasting effects?

    Hugh Jensen Mclarty

    If you are reading in this area you have probably already found him, but I know from his work with ACT-R that Niels Taatgen has worked with N-back, cognitive modeling, and has a long interest in transfer.

  • Ali Farooq added an answer:
    16
    Can you please help in completing the survey on "Students' Perceived Information Security and Privacy Threats"?

    Dear fellows,

    I am conducting a study to explore students' perceived information security and privacy (IS&P) threats landscape. For this purpose I have designed a survey and uploaded it at the following link:

    http://bit.ly/StudentsPerceivedThreats

    The survey targets university students (undergraduate/postgraduate/PhD). It will take 15-20 minutes to fill in the survey.

    It will be really appreciated if you could help me in getting response for this survey by:

    1. filling in the survey and share with your friends, if you are a student
    2. sharing it among your students, if you are a faculty member

    The survey doesn't have any restriction, so ANY university student from ANY university from ANY where in the world can fill this survey.A large response set is crucial for this study.

    Thanking in anticipation.

    Best,
    Ali Farooq
    Doctoral Student
    University of Turku, Finland

    Ali Farooq

    Thanks Lidia.

    Indeed there is need to educate youngsters (teenagers especially) regarding security and privacy issues, social networks is one of them. Following article by our team provides Taxonomy of Information Security and Privacy Threats that our young adults (18-35 Students) are prone too. This paper also provide a Domain model to examine and classify different threats to the students:

    https://www.researchgate.net/publication/283713938_A_Taxonomy_of_Perceived_Information_Security_and_Privacy_Threats_among_IT_Security_Students

    Moreover, the survey for which I have sought your help is continuation of the same publication.

    It would be great, if you could share the survey link among students from your university as well. 

    • Source
      [Show abstract] [Hide abstract]
      ABSTRACT: The purpose of this study is to explore students’ perceived information security and privacy (IS&P) threats and to classify them in a way that helps in analyzing the problem, creating awareness measures and further improving students’ IS&P education. Using a qualitative research approach, a group of forty two Master’s degree IT students identified seventy five IS&P threats related to them. The identified threats were classified into fourteen categories. Further, using the affinity diagraming technique, the categories were grouped into four domains - Personnel, Devices, Intranet and Internet. In this way, we present a taxonomy of students’ perceived IS&P threats as well as a model that highlights the domains where students consider themselves prone to IS&P threats. The proposed taxonomy and the domain model can be used as a benchmark for designing information security awareness assessment instruments and preparing information security awareness programs. The taxonomy can also be used for highlighting areas where students lack information security related knowledge.
      Full-text · Conference Paper · Dec 2015
  • Günter Fahrnberger added an answer:
    3
    How can I use decode and forward with untrusted relay?

    I am a new researcher and i am working on physical layer security. I find a problem but stuck in a solving this issue.

    How can we use decode and forward protocol with untrusted relay, means we want to use it and also want to hide data from him.

    I am searching for any physical layer security technique to solve this problem

    Günter Fahrnberger

    @Peter: Beijing was a worthwhile trip. Nonetheless, I have not relaxed meanwhile and will publish an improved IM sifter soon.

  • Abdullah A. Mohamed added an answer:
    8
    I aim to design on-line IDS by using nsl-kDD data set. is there any way to extract the features of NSL-KDD from a real packet?
    NSL-KDD features consist of 42 features, divided into three classes TCP header, domain and 2-Minette connection. The first type is extracted easily, but the last tow type i can't seem to get. Is there any tool, program language lib. C#.net or other that could be of help?
    The feature is shown below.
    10 hot no. of hot indicators
    11 number failed logins no. of failed logins
    12 logged in (discrete)
    13 number compromised no. of compromised conditions
    14 root shell
    15 su attempted
    16 num root no. of root accesses
    17 num file creations no. of file creation operations
    18 num shells no. of shell prompts
    19 num access files no. of operations on access control files
    20 num outbound cmds no. of outbound commands in an ftp sessionc
    21 is host login (if the login belongs to the hot List)
    22 is guest login
    23 count no. of connections to the same host as the current connection in
    24 srv count no. of connections to the same service as the current connection in the past two seconds
    25 Serror rate % of connections that have SYN errors
    26 srv Serror rate % of connections that have SYN errors
    27 rerror rate % of connections that have REJ errors
    28 srv rerror rate % of connections that have REJ errors
    29 same srv rate % of connections to the same ser-vice
    30 diff srv rate % of connections to different service
    31 srv diff host rate
    32 dst host count
    33 dst host srv count
    Abdullah A. Mohamed

    thanx my friend 

  • Patrick Kamongi added an answer:
    10
    Is there any systematic way to identify assets during threat modeling and risk analysis?

     Identifying assets is the primary, and most critical step in threat modeling, because assets are essentially threat targets. 
    So, How we could determine that the list of assets is complete and be sure that we have not overlooked relevant assets? 

    Patrick Kamongi

    In addition to the above great feedbacks, you should also take in consideration all dependencies(1st, 2nd, etc... Order Levels) that each asset leverages and how many assets may share common dependencies. 

  • Ryan Heartfield added an answer:
    5
    Are there any new Social Engineering detection techniques?
    It seems that not much work - too little in fact, is being done to find solutions to detect SE attacks. I would appreciate any references to the latest SE detection techniques research.
    Ryan Heartfield

    Hi,

    I have recently had a  journal paper approved for publication in ACM Computing Surveys titled "A taxonomy of attacks and survey of defence mechanisms for semantic social engineering attacks".

    The taxonomy proposed  provides a generic, linear classification structure for technically classifying any semantic attack. It is designed to inform developers/researchers of the key technical concepts that should be considered when implementing SE defence mechanisms. The paper also includes a literature on current defenses mechanisms for semantic attacks, contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix.

    For the pre-publication copy of the journal paper please see:

    http://staffweb.cms.gre.ac.uk/~lg47/publications/HeartfieldLoukasCSUR2015.pdf 

    I expect it to be available in ACM CSUR early next year. I hope it helps!

  • Majid Bakhtiari added an answer:
    12
    What are the encryption schemes used in SMS?

    I would like to know about the encryption systems used in SMS coding (both for the purpose of transmission data security) in mobile modern phones.

    Majid Bakhtiari

    1- SMS does not encrypt in GSM . 

    Related to key management in GSM, this is why they using from IV.

  • Zakir Khan added an answer:
    5
    What are the main parameters used to measure the strength of an information security algorithm?
    To compare different techniques/algorithm what parameters are used and how can they be implemented in matlab.
    Zakir Khan

    for signals processing

    Imperceptibilty
    Amplification
    Noise addition
    Low pass filtering
    Requantization
    Re-sampling
    Compression

    __________________________________

    another aspects parameters

    MSE
    RMSE
    UIQI
    SNR
    MAE
    PSNR
    AD
    MD
    NAE
    Payload

  • Natalia G. Miloslavskaya added an answer:
    13
    Do we need Information Security Theory?
    Any thoughts about the need for and possibility of creating a complete IS Theory as a basic science?
    Natalia G. Miloslavskaya

    I would like to add we should ensure also availability, confidentiality, autenticity, non-repudiation etc. All these qualities of information and IT infrastructure assets are very important, not only integrity.

  • Mel Griffiths added an answer:
    2
    What are the dangers and benefits of "mass" surveillance systems and data profiling?
    I would like to know the impact on both sides: people's privacy and government security.
    Mel Griffiths

    Hi Oussama,

    In terms of mass surveillance, use of metadata and the security versus privacy implications, have a look at the following papers. All are very recent and offer some insight into the dangers and benefits of mass surveillance and big data. 

    Lyon, D. (2014). Surveillance, snowden, and big data: capacities, consequences, critique. Big Data & Society, 1(2), 2053951714541861.

    Schneier, B. (2014). Metadata= Surveillance. IEEE Security & Privacy, (2), 84-84.

    Miller, K. (2014). Total Surveillance, Big Data, and Predictive Crime Technology: Privacy's Perfect Storm. J. Tech. L. & Pol'y, 19, 105.

  • Quist-Aphetsi Kester added an answer:
    9
    How can I process data loss when applying steganography using DCT?

    when hide some bits of secret message in DCT coefficients ,we note some lossy in extracting message(sorry for bad English)

    Quist-Aphetsi Kester

    Gusharanjeet Singh Kalra is right in his explanation

  • Mehdi Kargar added an answer:
    7
    What is penetration testing? How it is implemented in information security?
    I need information on penetration testing to find out the vulnerabilities in the network.
    Mehdi Kargar

    The action is to find security holes in a company or an organization to protect and secure sensitive information

  • Sirapat Boonkrong added an answer:
    3
    Is there any way to perform manual assocation of random MAC addresses with the access point in a wireless environment?

    I wanted to know if an attacker can do manual associations of random MAC addresses with the access point.

    Can it be done in case of WPA2 encrypted networks too, i mean the complete four way handshaking involved during authentication?

    Sirapat Boonkrong

    It depends what type of authentication you are doing.

    If you do "open authentication", it is possible for any attacker to fake a MAC address.

    If you do "shared-key authentication", then it becomes more difficult because authentication is done using the pre-shared secret key, rather than a MAC address.

    Bear in mind that if your wireless network uses DHCP, it is very likely that you will need to have an additional authentication layer to stop DHCP from giving out IP address automatically.

  • Nils Ulltveit-Moe added an answer:
    11
    What steps should be considered before implementing ISMS in an organization?

    Hey all

    I am providing the scope of ISMS for an organization who has contract with us. We are going to test the feasibility before implementing ISMS. Does anyone have any idea about such an issue?

    Thank you so much.

    Nils Ulltveit-Moe

    We have now released a set of resources from the PRECYSE EU project that are useful for implementing an Information Security Management System:

    I have released a course on using the Verinice ISMS:
    https://sourceforge.net/p/arftoverinice/code/HEAD/tree/trunk/course/

    The YouTube playlist "PRECYSE Verinice Course" with screencast videos is here:
    https://www.youtube.com/playlist?list=PLMGXA-EPMnzIqQZ6VBs_0svhxkgarBEMR

    The arftoverinice import filter for importing OpenVAS scans into Verinice is here:
    https://sourceforge.net/projects/arftoverinice/

    The Magerit control catalogue and OCIL test suite is here:
    https://sourceforge.net/projects/mageritcc/

  • Nils Ulltveit-Moe added an answer:
    7
    How can we authenticate a remote program?

    Suppose we have a set of API hosted on a local server. I only want legal remote programs to invoke those APIs. If the remote program is, let's say the original program that I uploaded to the remote machine, then I allow the invoke. If the remote program is a version tampered by the attacker, then I disallow it. How can I bind the program's identity to the function invocation to determine whether the remote program is not tampered?

    Nils Ulltveit-Moe

    Remote attestation based on trusted computing supports detecting changes of the remote software.

  • Priti Puri added an answer:
    3
    What is the most appropriate classification method to classify qualitative parameters of bank's risk (i.e. reputation, legal and compliance) ?

    Regarding to Basel II Pillar 2, they spelled out that bank should notice other inherent risk such as compliance, reputation, legal and strategic risk. These are qualitative (as far as I know, except there is a way to quantify them).

    I was thinking about Fuzzy Inference System, but looking at the high dynamic economic condition, this method is no longer applicable or not proper enough to cover the possibilities.

    Any answer and discussion are welcome, it will be my pleasure to catch your answer/ideas.

    Regards.

  • Louis Brassard added an answer:
    47
    Do you support Tom Leinster's call not to help intelligence services through mathematics?
    "Intelligence agencies hire lots of mathematicians, but would-be employees must realise that their work is misused to snoop on everyone, says Tom Leinster"

    New Scientist has published an article recently, where Tom Leinster asks mathematicians to stay away from supporting NSA, CIA, GCHQ, (former) KGB and all the other organizations that spy on us. I even don't know the name of their Chinese colleagues' organization.

    What are your thoughts on this?
    Louis Brassard

    I recommend the 2014 documentary film (can be freely seen on the internet) : Citizenfour ; it shows the behind the scene of the Edward Snowden and the NSA spying scandal.  It was shot during the events. It  won the Academy Award for Best Documentary Feature at the 2015 Oscars.

  • Xavier Bonnaire added an answer:
    15
    Can anyone help me to find research in using encryption algorithms to secure Peer to peer network?

    I try to find some research papers for securing Peer to peer network, 

    Thanks

    Xavier Bonnaire

    You can have a look to the following publication. This is a particular case about certification, but you may find useful ideas.

  • Muhammad Imran Tariq added an answer:
    2
    How can I simulate SLA based Information Security metrics for Cloud Computing?

    I have made SLA based Information Security Metrics for Cloud Computing and desired to simulate on any simulator..

    Would you please suggest me appropriate simulator and the way to simulate it 

    Muhammad Imran Tariq

    Thanks Hamza Kheddar, It is really a good material for initial study.....

    I installed CloudSim and now working on this.... if you have any other material relates to my request then please send and oblige.

    Regards

  • Muhammad Imran Tariq added an answer:
    16
    Which Information Security framework / standard/certification/guide is best for cloud organizations to maintain their security?
    There are several Information Security frameworks, standards, certifications and guides to maintain security in an organization.
    Would you share which one is best for said purpose?
    Muhammad Imran Tariq

    Thanks Vito for your appreciation and Acknowledge. It is Book not paper. I will find out ISO 27001:20013 on internet :) 

    Warm Regards

    Muhammad Imran Tariq

  • Quist-Aphetsi Kester added an answer:
    9
    How to provide better security in our online communication?
    If it is on internet it is not private!!!
    Quist-Aphetsi Kester

    by using the state of the arts cryptographic methods like post quantum cryptography

  • Ahmad T Siddiqui added an answer:
    2
    Is there any article which discussed case study / application of privacy in distributed data mining?

    I want to know about real case study of privacy threat cause of association rule mining (Distributed or centralized database).

    Ahmad T Siddiqui

    Hi,

    try these links:

    https://www.cs.utexas.edu/~yzhang/papers/mining-ccr06.pdf

    http://link.springer.com/chapter/10.1007%2F978-3-319-02931-3_29

    http://www.ijcaonline.org/archives/volume76/number8/13271-0800

    http://arxiv.org/ftp/arxiv/papers/1004/1004.4477.pdf

    Hope it helps...

  • Per M. Gustavsson added an answer:
    7
    Can anyone help me with main principles and models usually used for visualization of information security events and incidents?
    For information security managers in SIEM systems
    Per M. Gustavsson

    Look at the start-ups that showed their products at CyberTech2014 as an example (https://www.cybertechisrael.com/)  - there you have both common and innovative methods.

    Is it real-time monitoring or is it to reconstruct an event chain?

    Should it be used for informed decision making? Purpose ?

    Real-time monitoring then the process views etc. in ITIL CORBIT may be to complicated. Often different gauge meters dashboards, network views are used, which do not provide with insightin whats happening (compare to balanced score card dashboards or lean dashboards...)  In a reconstruction analysis phase ITIL, CORBIT or rather the business process view will add value for visualization.

  • Devi Thiyagarajan added an answer:
    4
    Does anyone know of a simulator that supports implementing cryptography algorithms in the cloud?
    I’m conducting a research on cloud computing security. I need a cloud computing simulator that supports implementation of cryptography algorithms. Please advise me which simulator to use.
    Thank you
    Devi Thiyagarajan

    I would like to implement ECC algorithm in for securing files in CLoud.. Wat kind of implementation i can do...

  • Mojtaba Alizadeh added an answer:
    3
    Is this statement correct: "Mobile devices such as laptops, mobile phones, USB memories, and PDAs do not posses tamper-resistant characteristics"?

    The problem is that most of authentication methods that use smart card in authentication procedures, are vulnerable against theft. Is it correct?

    Ref: "Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems” (Khan and Kumari, 2014)

    Mojtaba Alizadeh

    Dear Muhamed,

    Thank you so much for your comprehensive answer, and for your time to answer this question. Your answer is completely helpful.

    Regards,

Topic followers (5,032) See all