Статті в журналах з теми "Threat of information leakage"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Threat of information leakage.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 статей у журналах для дослідження на тему "Threat of information leakage".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Wong, Wai Peng, Hwee Chin Tan, Kim Hua Tan, and Ming-Lang Tseng. "Human factors in information leakage: mitigation strategies for information sharing integrity." Industrial Management & Data Systems 119, no. 6 (July 8, 2019): 1242–67. http://dx.doi.org/10.1108/imds-12-2018-0546.
Повний текст джерелаАнотація:
Purpose The purpose of this paper is to explore the human factors triggering information leakage and investigate how companies mitigate insider threat for information sharing integrity. Design/methodology/approach The methodology employed is multiple case studies approach with in-depth interviews with five multinational enterprises (MNEs)/multinational corporations (MNCs). Findings The findings reveal that information leakage can be approached with human governance mechanism such as organizational ethical climate and information security culture. Besides, higher frequency of leakages negatively affects information sharing integrity. Moreover, this paper also contributes to a research framework which could be a guide to overcome information leakage issue in information sharing. Research limitations/implications The current study involved MNCs/MNEs operating in Malaysia, while companies in other countries may have different ethical climate and information sharing culture. Thus, for future research, it will be good to replicate the study in a larger geographic region to verify the findings and insights of this research. Practical implications This research contributes to the industry and business that are striving toward solving the mounting problem of information leakage by raising awareness of human factors and to take appropriate mitigating governance strategies to pre-empt information leakage. This paper also contributes to a novel theoretical model that characterizes the iniquities of humans in sharing information, and suggests measures which could be a guide to avert disruptive leakages. Originality/value This paper is likely an unprecedented research in molding human governance in the domain of information sharing and its Achilles’ heel which is information leakage.
2
Shchelkin, Kirill E., and Gleb V. Popkov. "DETECTION OF INFORMATION LEAKAGE THREATS IN FIBER OPTICAL COMMUNICATION CHANNEL." Interexpo GEO-Siberia 6, no. 2 (July 8, 2020): 182–88. http://dx.doi.org/10.33764/2618-981x-2020-6-2-182-188.
Повний текст джерелаАнотація:
The paper discusses the possibility of detecting an information leakage channel in standard fiber-optic communications by monitoring optical radiation. Any abnormal light emission can create a potential threat of speech information leakage, as well as regular light streams modulated at acoustic frequencies.
3
Zatonatskiy, D., V. Marhasova, and N. Korogod. "INSIDER THREAT MANAGEMENT AS AN ELEMENT OF THE CORPORATE ECONOMIC SECURITY." Financial and credit activity: problems of theory and practice 1, no. 36 (February 17, 2021): 149–58. http://dx.doi.org/10.18371/fcaptp.v1i36.227690.
Повний текст джерелаАнотація:
This paper considers the insider threats in the companies from different sectors and various methods of their assessment. The problem of information leakage is becoming increasingly important for companies in all areas of economic activity. The problem of insider threats is becoming increasingly important, as the company may incur losses not only due to the leakage of information about its inventions, but also through lawsuits in case of theft of personal information of the customers, contractors and more. This means that in order to gain access to the international markets, Ukrainian companies must have an appropriate level of protection not only of the company’s confidential information, but also of the data on customers, contractors, etc. The objective of the article is to analyze the existing methodological approaches to the assessment of insider threats in the enterprise as a component of personnel and economic security. We came to the conclusion that different industries have different vulnerabilities to insider threats and different approaches to insider threat management. It was determined that information leaks are a serious threat to the company’s economic and personnel security. It was discovered that firms have achieved significant improvements and developed effective procedures for counteracting external threats, however, protection against insider attacks remains rather low. In the course of the research, the concept of an insider attacker was defined, the types of insider threats were established, and the main actions of the personnel prior to the insider attack were outlined. It was proved that the degree of insider threat is determined by the type of activity of the company and the liquidity of information that may be leaked. Most leaks are observed in high-tech companies and medical institutions, while the most liquid is the information of banks, financial institutions, industrial and commercial companies.
4
Deshanta Ibnugraha, Prajna, Lukito Edi Nugroho, and Paulus Insap Santosa. "An Approach for Risk Estimation in Information Security Using Text Mining and Jaccard Method." Bulletin of Electrical Engineering and Informatics 7, no. 3 (September 1, 2018): 393–99. http://dx.doi.org/10.11591/eei.v7i3.847.
Повний текст джерелаАнотація:
Involvement of digital information in almost of enterprise sectors makes information having value that must be protected from information leakage. In order to obtain proper method for protecting sensitive information, enterprise must perform risk analysis of threat. However, enterprises often get limitation in measuring risk related information security threat. Therefore, this paper has goal to give approach for estimating risk by using information value. Techniques for measuring information value in this paper are text mining and Jaccard method. Text mining is used to recognize information pattern based on three classes namely high business impact, medium business impact and low business impact. Furthermore, information is given weight by Jaccard method. The weight represents risk levelof information leakage in enterprise quantitatively. Result of comparative analysis with existing method show that proposed method results more detailed output in estimating risk of information security threat.
5
Kuznecov, Fedor. "The threat of data leakage due to insufficient attention to information security." Russian Journal of Management 10, no. 1 (April 19, 2022): 126–30. http://dx.doi.org/10.29039/2409-6024-2022-10-1-126-130.
Повний текст джерелаАнотація:
The article discusses the main problems of data leakage in firms, formulates the basic principles of rationalization, including in the context of vectors of awareness development in the field of information security. The importance of expanding the budget allocated for the development of information security, interaction with employees responsible for information security at the facility, employees of the personnel department was noted. Emphasis is placed on the need to develop indicators of insider data compromise in order to develop a data traceability system. At the conclusion of the work, conclusions are drawn and proposals are formulated for the modernization of the information security system.
6
Skryl, S. V., S. S. Nikulin, A. V. Mazin, V. I. Spivak, V. O. Krylov, and V. V. Nikulina. "Methodological aspects of the presentation of information security threats recognition signs in the context of improving technical intelligence." Radio industry (Russia) 30, no. 4 (December 23, 2020): 35–46. http://dx.doi.org/10.21778/2413-9599-2020-30-4-35-46.
Повний текст джерелаАнотація:
Formulation of the problem. The completeness of the characteristics of one of the most serious threats to the security of information today – its leakage through the transient electromagnetic pulse emanation standard (TEMPEST) from computer equipment (CE) is determined not only by the number of detectable signs of leakage but also by several other parameters characterizing the dynamics of the implementation of such a threat. The established patterns in the scenarios of violators’ actions associated with the use of technical reconnaissance equipment (TRQ) to intercept informative TEMPEST signals from computer equipment made it possible to form a model of all possible options for using TRQ to obtain confidential information processed by computer equipment. The proposed model provides the implementation of the methodological principles of the recognition theory for a more complete characterization of threats of information leakage through the channels of spurious electromagnetic radiation and interference from CE in the process of their detection.Objective. Development of methodological grounds for presenting signs of the violator’s implementation of certain functions associated with the use of technical reconnaissance equipment to intercept informative signals of spurious electromagnetic radiation and interference from computer equipment as signs that identify the most significant conditions for the recognition and prevention of such threats.Results. Methodological solutions for the identification of three states significant for the prevention of threats are given based on the structuring of the functional representation of the intruder’s actions to implement such threats. Mathematical models for assessing the predicted amount of information disclosed in the process of intercepting TEMPEST informative signals from computer equipment, and assessing the level of security threats in case of interception of information are also presented.Practical significance. The paper presents the main options for the operation of a complex of programs for recognizing threats of information leakage through TEMPEST channels from computer equipment developed within the framework of the presented methodology.
7
Zhang, Jie, Xiao Dan Guan, Yan Sun, and Xue Jie Wei. "Study on Oil Pipeline Leakage Detection Based on Stress Wave Detection Technique and Wavelet Analysis." Advanced Materials Research 694-697 (May 2013): 1368–71. http://dx.doi.org/10.4028/www.scientific.net/amr.694-697.1368.
Повний текст джерелаАнотація:
Based on stress wave detection technique and wavelet analysis, oil pipeline leakage detection system is designed. Through vibration sensor put on the pipeline, vibration signal of pipeline is collected. The signal is used to preliminary assessment with DSP processing unit within the system, and then the feature of threat events is extracted. The information is uploaded to the centre of security central station of system by GPRS signal. At this, signal wavelet analysis is done for leakage detection. Based on LabVIEW platform, on oil pipeline leakage monitoring interface, threat events is alarmed and shown in electronic map and the system is convenient for staff to handle with. With the test, recognized police rate of system is superior to 85%, rate of false alarm is 15% below. All knocking signal of pipeline is given right alarm information. The noise by people walk, car, wind and rain is effectively filtered.
8
Anjaria, Kushal, and Arun Mishra. "Quantitative analysis of information leakage in service-oriented architecture-based Web services." Kybernetes 46, no. 3 (March 6, 2017): 479–500. http://dx.doi.org/10.1108/k-07-2016-0178.
Повний текст джерелаАнотація:
Purpose Any computing architecture cannot be designed with complete confidentiality. As a result, at any point, it may leak the information. So, it is important to decide leakage threshold in any computing architecture. To prevent leakage more than the predefined threshold, quantitative analysis is helpful. This paper aims to provide a method to quantify information leakage in service-oriented architecture (SOA)-based Web services. Design/methodology/approach To visualize the dynamic binding of SOA components, first, the orchestration of components is modeled. The modeling helps to information-theoretically quantify information leakage in SOA-based Web services. Then, the paper considers the non-interference policy in a global way to quantify information leakage. It considers not only variables which interfere with security sensitive content but also other architectural parameters to quantify leakage in Web services. To illustrate the attacker’s ability, a strong threat model has been proposed in the paper. Findings The paper finds that information leakage can be quantified in SOA-based Web services by considering parameters that interfere with security sensitive content and information theory. A hypothetical case study scenario of flight ticket booking Web services has been considered in the present paper in which leakage of 18.89 per cent information is calculated. Originality/value The paper shows that it is practically possible to quantify information leakage in SOA-based Web services. While modeling the SOA-based Web services, it will be of help to architects to identify parameters which may cause the leakage of secret contents.
9
Mohammad Kootiani, A. Zadali, and P. Abedi. "Investigation Role of Sbox to Leakage DPA Information for TDES in FPGA Targets." Applied Mechanics and Materials 256-259 (December 2012): 2820–25. http://dx.doi.org/10.4028/www.scientific.net/amm.256-259.2820.
Повний текст джерелаАнотація:
Differential power analysis (DPA) attack is an important threat that researchers spend great effort to make crypto algorithms resistant against DPA attacks. In order to determine whether the hardware has DPA leakage before manufacturing, an accurate power model in digital simulation has been generated. FPGAs Arrays are attractive options for hardware implementation of encryption algorithms. In this paper, we show generated power model by using integer numbers whole DES’s rounds vs. S-Box alone, and this method gives more realistic results to determine the effectiveness of the improvements protect whole DES rather than in which only informer elements in the DES round. In particular this allows the user to isolate some parts of its implementation in order to analyze information leakages directly linked to them. We review s-box because it’s get 2kbit or 20% CLB slice from FPGA to implement DES or TDES. This paper try to identify role of Sbox in DPA.
10
Hu, Teng, Bangzhou Xin, Xiaolei Liu, Ting Chen, Kangyi Ding, and Xiaosong Zhang. "Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats." Sensors 20, no. 18 (September 16, 2020): 5297. http://dx.doi.org/10.3390/s20185297.
Повний текст джерелаАнотація:
The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.
11
Ozhiganova, Marina, Anastasia Kalita, and Yevgeny Tishchenko. "Building Adaptive Information Security Systems." NBI Technologies, no. 4 (February 2020): 12–21. http://dx.doi.org/10.15688/nbit.jvolsu.2019.4.2.
Повний текст джерелаАнотація:
Over the past few decades, there has been a tendency to minimize the participation of the human factor in various production and other processes. This process is implemented through the mass introduction of automated systems (as). Human-machine complexes are currently the most common and productive model of activity. At the current stage of technology development, the process of automating human activity is only an intermediate link on the way to eliminating human intervention. This area is most relevant for systems that pose a potential and real threat to human health and life (for example, manufacturing plants) or systems that are threatened by humans (for example, transport systems). The second group includes the sphere of information security. The paper considers the basics of the organization of adaptive information protection systems, their application areas for information protection and methods of building models of adaptive information protection systems in the context of their application for protection against leakage through technical channels. The authors propose a generalized model of the adaptive information protection system against leakage through technical channels.
12
Renaud, Karen, and Wendy Goucher. "Monkey See - Monkey Take Photo." International Journal of Cyber Warfare and Terrorism 3, no. 4 (October 2013): 40–51. http://dx.doi.org/10.4018/ijcwt.2013100105.
Повний текст джерелаАнотація:
Mobile devices have diffused through the global population with unprecedented rapidity. This diffusion has delivered great benefits to the populace at large. In the third world people living in rural areas are now able to contact family members who live in other parts of the country for the first time. For the city-dweller the mobile device revolution has brought the ability to communicate and work on the move, while they travel to and from work, or between meetings, thus making ertswhile “dead” time more productive. It is trivial, nowadays, to utilise workplace functionality, and access confidential information, outside the four walls of the organisation's traditional boundaries. Data now moves across organisational boundaries, is stored on mobile devices, on USB sticks, and in emails, and also stored in the cloud. Organisations have somehow lost control over their data. This mobility and lack of control undeniably creates the potential for information leakage that could hurt the organisation. The almost ubiquitous camera-equipped mobile phones exacerbate the problem. These feature-rich phones change the threat from mere Shoulder Surfing into Visual Information Capture. Information is now no longer merely observed or overheard but potentially captured and retained without the knowledge of the person working on said documents in public. The first step in deciding how to manage any risk is to be able to estimate the extent and nature of the risk. This paper seeks to help organisations to understand the risk related to mobile working. We will model the mobile information leakage risk, depicting the factors that play a role in exacerbating and encouraging the threat. We then report on two experiments that investigated the vulnerability of data on laptops and tablet devices to visual information capture. The authors address both capability and likelihood (probability) of such leakage. The results deliver insight into the size of the Mobile Information Leakage risk. The following stage in this research will be to find feasible ways of mitigating the risk.
13
Choi, Donghee, Dohoon Kim, and Seog Park. "A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems." Computational and Mathematical Methods in Medicine 2015 (2015): 1–9. http://dx.doi.org/10.1155/2015/265132.
Повний текст джерелаАнотація:
Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment.
14
Zeng, Zhen, and Jiajia Zhang. "Based on the Role of Internet of Things Security in the Management of Enterprise Human Resource Information Leakage." Wireless Communications and Mobile Computing 2021 (October 5, 2021): 1–12. http://dx.doi.org/10.1155/2021/5936390.
Повний текст джерелаАнотація:
In recent years, the Internet of Things technology, which is an important part of the new generation of information technology, has developed rapidly. The Internet provides more comprehensive conditions for resource sharing at all levels of society. However, while the Internet provides convenience to the society and users, corporate human resource information security has been increasingly impacted, and the channels for personal information leakage on the Internet are also emerging endlessly and in various ways. This article studies the role of Internet of Things security in the management of enterprise human resource information leakage, in order to use Internet of Things security technology to reduce the possibility of information leakage and play the role of efficient and safe management of enterprise human resource information. Therefore, in the experiment, aiming at the problem of personnel information privacy, a privacy protection method based on secure network coding is proposed. This method uses the hybrid coding mechanism of network coding to effectively resist traffic analysis attacks, thereby protecting the information privacy of nodes. Aiming at the threat of data pollution and malicious attacks in the network coding process, GPU host is introduced, and a network coding method based on the CUDA parallel algorithm is proposed to improve the throughput of the network. Theoretical analysis and simulation experiments show that the method has good performance in privacy protection, computational overhead, and communication delay. In the final experimental results, it is concluded that with the support of IoT security technology, the average accuracy and recall rate of information privacy leakage detection results are not less than 85%.
15
Lifshits, Pavel, Roni Forte, Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein. "Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 141–58. http://dx.doi.org/10.1515/popets-2018-0036.
Повний текст джерелаАнотація:
Abstract Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks. In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.
16
V. Grishachev, Vladimir. "Detecting Threats of Acoustic Information Leakage Through Fiber Optic Communications." Journal of Information Security 03, no. 02 (2012): 149–55. http://dx.doi.org/10.4236/jis.2012.32017.
Повний текст джерела
17
Rogozin, E. A., R. E. Rogozin, D. G. Silka, I. D. Korobkin, and M. O. Meshcheryakov. "Investigation of side electromagnetic radiation generated during the operation of devices with sensory input of information." Herald of Dagestan State Technical University. Technical Sciences 48, no. 3 (November 9, 2021): 83–92. http://dx.doi.org/10.21822/2073-6185-2021-48-3-83-92.
Повний текст джерелаАнотація:
Objectives. In order to determine the "security" of a special purpose informatization object, it is necessary to calculate the indicators of side electromagnetic radiation generated during the operation of devices with sensor input of information associated with information leakage through technical channels. It is also necessary to develop a list of actions to neutralize potential threats (including the development of an information protection system to protect against this type of threat).Method. The study of side electromagnetic radiation generated during the operation of devices with sensory input of information is carried out using expert documentary and instrumental methods.Result. The results of the study of side electromagnetic radiation generated during the operation of devices with sensor input of information are given and aspects of improving special measures for the protection of information at a special purpose informatization object are determined.Conclusion. The direction of this study is very relevant and requires further development of organizational and technical measures to implement the requirements of regulatory legal documents for the protection of information.
18
Seo, Sang, and Dohoon Kim. "Study on Inside Threats Based on Analytic Hierarchy Process." Symmetry 12, no. 8 (July 29, 2020): 1255. http://dx.doi.org/10.3390/sym12081255.
Повний текст джерелаАнотація:
Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.
19
Casati, Luca, and Andrea Visconti. "The Dangers of Rooting: Data Leakage Detection in Android Applications." Mobile Information Systems 2018 (2018): 1–9. http://dx.doi.org/10.1155/2018/6020461.
Повний текст джерелаАнотація:
Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab’s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.
20
Zhang, Pu Han, Jing Zhe Li, Shuai Shao, and Peng Wang. "PDroid: Detecting Privacy Leakage on Android." Applied Mechanics and Materials 556-562 (May 2014): 2658–62. http://dx.doi.org/10.4028/www.scientific.net/amm.556-562.2658.
Повний текст джерелаАнотація:
The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.
21
Kang, Haiyan, Yanhang Xiao, and Jie Yin. "An Intelligent Detection Method of Personal Privacy Disclosure for Social Networks." Security and Communication Networks 2021 (April 23, 2021): 1–11. http://dx.doi.org/10.1155/2021/5518220.
Повний текст джерелаАнотація:
With the increase of the number of users in the current social network platform (taking WeChat as an example), personal privacy security issues are important. This paper proposes an intelligent detection method for personal privacy disclosure in social networks. Firstly, we propose and construct the eigenvalue in social platform. Secondly, by calculating the value of user account assets, we can obtain the eigenvalue to calculate the possibility of threat occurrence and the impact of threat. Thirdly, we analyse the situation that the user may leak the privacy information and make a score. Finally, SVM algorithm is used to classify the results, and some suggestions for warning and modification are put forward. Experiments show that this intelligent detection method can effectively analyse the privacy leakage of individual users.
22
Christos P, Beretas. "Industrial control systems: The biggest cyber threat." Annals of Civil and Environmental Engineering 4, no. 1 (December 4, 2020): 044–46. http://dx.doi.org/10.29328/journal.acee.1001026.
Повний текст джерелаАнотація:
Industrial control systems (ICS) are critical, as in these systems, cyber threats have the potential to affect, disorganize, change their mode of operation, act as an information extraction vehicle, and ultimately turn against itself. Creating risks to the system itself, infrastructure, downtime, leakage of sensitive data, and even loss of human life. Industrial control systems (ICS) are vital to the operation of all the modern automated infrastructure in the western world, such as power plant and power stations. Industrial control systems (ICS) differ from the traditional information systems and infrastructures of organizations and companies, a standard cyber security strategy cannot be implemented but part of it adapting to the real facts and needs of each country, legislation and infrastructure. These systems require continuous operation, reliability and rapid recovery when attacked electronically with automated control, isolation and attack management processes. Incorrect settings and lack of strategic planning can lead to unprotected operation of critical installations, as they do not meet the cyber security requirements. Industrial control systems (ICS) require special protection in their networks, as they should be considered vulnerable in all their areas, they need protection from cyber attacks against ICS, SCADA servers, workstations, PLC automations, etc. Security policies to be implemented should provide protection against cyber threats, and systems recovery without affecting the operation and reliability of operating processes. Security policies such as security assessment, smart reporting, vulnerability and threat simulation, integrity control analysis, apply security policy to shared systems, intrusion detection and prevention, and finally firewall with integrated antivirus and sandbox services should be considered essential entities.
23
Khandare, Miss Komal K. "Various Privacy and Security Issues in Online Social Networks." International Journal for Research in Applied Science and Engineering Technology 9, no. 12 (December 31, 2021): 142–46. http://dx.doi.org/10.22214/ijraset.2021.39203.
Повний текст джерелаАнотація:
Abstract: Social networks have become a part of human life. online interaction, communication, and interest sharing, letting individuals create online profiles that other users can view these are basic features that are offer by most of social networking sites Unfortunately, In many cases, users are not even aware of the disclosure of their personal information through their profiles. Leakage of a user’s private information can happen in different ways. Many of the security risks associated with using social media are presented in this paper. Also, the issue of privacy and how it relates to security are described. Based on these discussions, some key points are provided to improve a user’s privacy and security on social networks. Our inquest will help the readers to understand the security and privacy issues for the social network users, and this research will help the user. Keywords: OSN; security; classic privacy threats; modern threat.
24
Skryl, S. V., A. V. Mazin, T. V. Meshcheryakova, A. V. Kalach, M. V. Ponomarev, and O. A. Gulyaev. "Prevention of information leakage through channels of spurious electromagnetic radiation and interference: research models." Radio industry (Russia) 31, no. 2 (July 7, 2021): 22–34. http://dx.doi.org/10.21778/2413-9599-2021-31-2-22-34.
Повний текст джерелаАнотація:
Problem statement. The investigation the currently used methods for determining the sources of information leakage threats from the basic hardware and systems (BHaS) through the spurious electromagnetic radiation and interference (SERaB) channels on the object of informatization (OoI), gives grounds to assert that they have a number of disadvantages. The lack of а formal interpretation for process dynamics of the SERaB information collecting and implementing measures to prevent information leakage requires development of a systematic approach to improving the ways and means of protecting confidential information from leakage through SERaB channels.The purpose. Development of mathematical models and a systematic approach to improving methods and means of protecting confidential information from leaks through the SERaB channels from the BHaS on the OoI.Results. The article substantiates the need for a systematic approach to improving the methods and means of protecting confidential information from leakage through the SERaB channels from the BHaS on the OoI. The authors determined the ways of ensuring the adequacy of the methodological apparatus for the study of these technologies in order to justify measures to prevent leakage. They formulate requirements for techniques used to evaluate the characteristics of measures to prevent information leakage through the SERaB channels. There are describe the procedure of forming the mathematical models set structure for evaluating such characteristics. Also in the article are present the analytical models of the time characteristics of threats to intercept informative SERaB signals on the OoI and measures to prevent information leakage. Finally, the authors are justify the probabilistic format of the indicator of the effectiveness of such measures.Practical relevance. The developed mathematical models can be an effective tool for evaluating the characteristics of measures to prevent information leakage through the SERaB channels.
25
Wu, Bingzhe, Chaochao Chen, Shiwan Zhao, Cen Chen, Yuan Yao, Guangyu Sun, Li Wang, Xiaolu Zhang, and Jun Zhou. "Characterizing Membership Privacy in Stochastic Gradient Langevin Dynamics." Proceedings of the AAAI Conference on Artificial Intelligence 34, no. 04 (April 3, 2020): 6372–79. http://dx.doi.org/10.1609/aaai.v34i04.6107.
Повний текст джерелаАнотація:
Bayesian deep learning is recently regarded as an intrinsic way to characterize the weight uncertainty of deep neural networks (DNNs). Stochastic Gradient Langevin Dynamics (SGLD) is an effective method to enable Bayesian deep learning on large-scale datasets. Previous theoretical studies have shown various appealing properties of SGLD, ranging from the convergence properties to the generalization bounds. In this paper, we study the properties of SGLD from a novel perspective of membership privacy protection (i.e., preventing the membership attack). The membership attack, which aims to determine whether a specific sample is used for training a given DNN model, has emerged as a common threat against deep learning algorithms. To this end, we build a theoretical framework to analyze the information leakage (w.r.t. the training dataset) of a model trained using SGLD. Based on this framework, we demonstrate that SGLD can prevent the information leakage of the training dataset to a certain extent. Moreover, our theoretical analysis can be naturally extended to other types of Stochastic Gradient Markov Chain Monte Carlo (SG-MCMC) methods. Empirical results on different datasets and models verify our theoretical findings and suggest that the SGLD algorithm can not only reduce the information leakage but also improve the generalization ability of the DNN models in real-world applications.
26
Korochentsev, D., L. Cherckesova, and P. Razumov. "Development of a software tool for identification of information security information threats arising due to low–frequency acoustoelectric transformations." E3S Web of Conferences 224 (2020): 01042. http://dx.doi.org/10.1051/e3sconf/202022401042.
Повний текст джерелаАнотація:
The article considers the physical basis for the formation of a technical channel of information leakage that occurs due to low-frequency acoustoelectric transformations. The method of instrumental and computational control of the security of speech information in the considered channel of information leakage, which is currently used in special research, is presented with a representation in the form of a simulation model. Based on the developed simulation model, using the MVR design pattern, a software tool was developed. The main classes of software that implements the model are presented. The functionality of the developed software tool is demonstrated and recommendations are given for the possible use of a simulation model for identifying threats to information security that occur due to low – frequency acoustoelectric transformations.
27
Nakamura, Ko, Yu-ichi Hayashi, Takaaki Mizuki, and Hideaki Sone. "Information Leakage Threats for Cryptographic Devices Using IEMI and EM Emission." IEEE Transactions on Electromagnetic Compatibility 60, no. 5 (October 2018): 1340–47. http://dx.doi.org/10.1109/temc.2017.2766139.
Повний текст джерела
28
Du, Ruizhong, Yuqing Zhang, and Mingyue Li. "Database Padding for Dynamic Symmetric Searchable Encryption." Security and Communication Networks 2021 (December 31, 2021): 1–12. http://dx.doi.org/10.1155/2021/9703969.
Повний текст джерелаАнотація:
Dynamic symmetric searchable encryption (DSSE) that enables the search and update of encrypted databases outsourced to cloud servers has recently received widespread attention for leakage-abuse attacks against DSSE. In this paper, we propose a dynamic database padding method to mitigate the threat of data leakage during the update operation of outsourcing data. First, we introduce an outlier detection technology where bogus files are generated for padding according to the outlier factors, hiding the document information currently matching search keywords. Furthermore, we design a new index structure suitable for the padded database using the bitmap index to simplify the update operation of the encrypted index. Finally, we present an application scenario of the padding method and realize a forward and backward privacy DSSE scheme (named PDB-DSSE). The security analysis and simulation results show that our dynamic padding algorithm is suitable for DSSE scheme and PDB-DSSE scheme maintains the security and efficiency of the retrieval and update of the DSSE scheme.
29
Rogozin, E. A., D. G. Silka, and O. A. Gulyaev. "METHODOLOGY FOR ASSESSING THE SECURITY OF INFORMATION PASSED THROUGH THE TECHNICAL CHANNELS OF A SPECIAL-PURPOSE INFORMATISATION OBJECT." Herald of Dagestan State Technical University. Technical Sciences 46, no. 4 (January 2, 2020): 123–33. http://dx.doi.org/10.21822/2073-6185-2019-46-4-123-133.
Повний текст джерелаАнотація:
Objectives. In order to determine the security of a special-purpose informatisation object, it is necessary to calculate the effectiveness indicators of information security (IS) measures aimed at preventing unauthorised access (UA) threats associated with information leakage through technical (acoustic) channels. In order to determine the actual channels of information leakage, it is necessary to develop a list of actions to neutralise potential threats, including the development of an information protection system for a special-purpose informatisation object.Method. A security assessment of the special-purpose informatisation object is carried out using expert documentary and instrumental methods.Results. The results of evaluating the indicators of protection against information leakage through the air (acoustic) channel are presented and aspects of improving special measures for protecting information at the special-purpose informatisation object are identified.Conclusion. Due to its relevance, the direction of this study requires further development of organisational and technical measures to implement the requirements of regulatory documents on the protection of information in special-purpose informatisation objects.
30
Miao, Yuantian, Chao Chen, Lei Pan, Qing-Long Han, Jun Zhang, and Yang Xiang. "Machine Learning–based Cyber Attacks Targeting on Controlled Information." ACM Computing Surveys 54, no. 7 (July 2021): 1–36. http://dx.doi.org/10.1145/3465171.
Повний текст джерелаАнотація:
Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects—detection, disruption, and isolation.
31
Sekiguchi, Hidenori. "NOVEL INFORMATION LEAKAGE THREAT FOR INPUT OPERATIONS ON TOUCH SCREEN MONITORS CAUSED BY ELECTROMAGNETIC NOISE AND ITS COUNTERMEASURE METHOD." Progress In Electromagnetics Research B 36 (2012): 399–419. http://dx.doi.org/10.2528/pierb11101201.
Повний текст джерела
32
Hamzah, Intan Suria. "Keselamatan Peribadi di Facebook: Ancaman dan Penyelesaian." Jurnal Komunikasi: Malaysian Journal of Communication 37, no. 1 (March 31, 2021): 379–95. http://dx.doi.org/10.17576/jkmjc-2021-3701-22.
Повний текст джерелаАнотація:
Personal Security on Facebook: Threats and Solutions ABSTRACT In the age of globalization and sophistication of information technology, society is increasingly exposed to current changes and criminal threats such as personal security threats through online applications like Facebook. Therefore, this study discusses the forms of personal security threats through Facebook and its solution in Malaysia. Facebook is one of the most popular communication mediums in Malaysia and has millions of users both domestically and abroad. It is friendly, easy, fast and can share all your daily activities whether in writing, picture or video status. This study aims to highlight the forms of personal security threats that start on Facebook, give public awareness to the Malaysian community while using Facebook and provide recommendations on remedial measures before or after fraud on social media. This study used qualitative methods to obtain data and information from the Royal Malaysian Police, the Malaysian Communications and Multimedia Commission as well as the library study. The study found that Facebook helps people to connect, trading and communicate with individuals and communities. However, it also has an impact on personal safety for individuals, communities and organizations through cybercrime threats, fraud, data theft, exploitation and leakage of personal information, love fraud, slander, cyberbullying, encourage teen problems and cheating couples. This study can help the public to be more cautious when using Facebook, not just provide personal information to strangers and give them exposure to the actions they need to take when they become victims of fraud. Keywords: Social media, Facebook, communication, threat, personal security.
33
Prytys, V. I., L. А. Krymchak, and N. I. Havlovska. "Leakage of Information as a Key Problem of Information-Analytical Provision of Economic Security of Enterprise in the Context of Digitalization of the Economy." Business Inform 10, no. 513 (2020): 240–47. http://dx.doi.org/10.32983/2222-4459-2020-10-240-247.
Повний текст джерелаАнотація:
The article is aimed at researching the key problem of information and analytical provision of enterprise in the context of digitalization of the economy. The publication indicates the growth of the role of information in the implementation of management activities by an economic entity and its general role in the operation of the modern enterprise. Approaches to interpretation of the concepts of «information» and «information provision» are examined. It is defined that today the main problem of information-analytical provision of economic activity is the leakage of confidential information as one of the forms of materialization of threats to the information security of enterprise, which consists in violation of confidentiality, integrity and availability of information. It is further defined that the leakage of information at the enterprise is usually caused by the following actions: unauthorized access to confidential information; disclosure of confidential information (including the unintentional disclosure); leakage of information via the imperfect technical channels. The channels of possible information leakage are considered. In addition, the analysis of statistical data on information leakage in the global dimension was carried out. According to the researches, in 2019, among the total volume of information leakage, 49.7% of the volume is accounted for by external actors and 50.3% by internal offenders. In general, in the system of information and communication provision, special attention of the management of enterprise should be directly paid to internal communications, since more than 90% of the information comes in from employees. It should be noted that the reasons for the leakage of the enterprise’s information due to the fault of internal actors may be: unintentional actions on the part of the enterprise’s employees related to errors in the processing, storage or transmission of confidential data; the caused by certain reasons actions of employees who have access to confidential information. This may include the actions of employees who use the enterprise’s data for fraud purposes, as well as the actions of former employees who, motivated by their desire for retaliation for dismissal, «contribute» to the leakage of confidential information, passing it on to competitors or using it for their own mercenary purposes.
34
Vassilakis, Costas. "Blockchain technologies for leveraging security and privacy." Homo Virtualis 2, no. 1 (March 27, 2019): 7. http://dx.doi.org/10.12681/homvir.20188.
Повний текст джерелаАнотація:
The contemporary internet has developed into a complex ecosystem involving humans, services, applications, machines and applications that interact exchanging information, ranging from e-mail messages and social media content to crowdsourcing data and videoconferencing. In this context, a number of security threats such as viruses and malware exist, while additionally the users’ privacy is jeopardized by threats such as personal data leakage, usage pattern monitoring, and so forth. The IoT trend renders the Internet ecosystem even more complex, by adding a rich set of services, applications and machines, many of them backed by new user roles; these elements are weaved into everyday life and industry alike. This increases both the number of opportunities available to threat agents for exploitation and the volume and value of the underlying infrastructure and data, increasing thus the user risk level. In this paper, we explore how the Blockchain technology can be used to leverage security and privacy in the modern Internet, both by providing underpinnings for preventive measures and by facilitating digital forensic evidence collection storage, safeguarding and controlled access.
35
Skryl, S. V., M. P. Sychev, A. V. Mazin, T. V. Meshcheryakova, O. A. Gulyaev, and I. M. Tegentsev. "Directions for the development of the existing concept of assessing the relevance of information leakage through technical channels in the current trends of improving technical intelligence." Radio industry (Russia) 31, no. 1 (April 7, 2021): 74–83. http://dx.doi.org/10.21778/2413-9599-2021-31-1-74-83.
Повний текст джерелаАнотація:
Problem statement. The rationale for confidentiality requirements in the process of manufacturing and production testing of aviation equipment samples. There is a need to assess the effectiveness of measures to prevent information leakage through the channels of incidental electromagnetic radiation and interference and vibroacoustic channels. This situation is characteristic both for the technological equipment of the aviation industry enterprises and the equipment of the produced aircraft models.Objective. The rationale for developing the existing concept of assessing the relevance of the threats of information leakage through technical channels in the current trends of improving technical reconnaissance.Results. The article presents the analysis results of the existing regulatory and existing base of FSTEC Russia for sufficient assessment of measures to prevent information leakage through the channels of incidental electromagnetic radiation and interference and vibroacoustic channels at the enterprises of the aircraft industry in the implementation of production technologies and testing of manufactured products.Practical implications. The substantiated directions of improving the methodological basis for determining the current threats can be used in the development of methods and models for assessment of measures to prevent information leakage through the channels of electromagnetic emissions and interference and vibroacoustic channels at aircraft industry enterprises in the implementation of production technologies and testing of manufactured products.
36
Fadaeinia, Bijan, Thorben Moos, and Amir Moradi. "Balancing the Leakage Currents in Nanometer CMOS Logic—A Challenging Goal." Applied Sciences 11, no. 15 (August 2, 2021): 7143. http://dx.doi.org/10.3390/app11157143.
Повний текст джерелаАнотація:
The imbalance of the currents leaked by CMOS standard cells when different logic values are applied to their inputs can be exploited as a side channel to recover the secrets of cryptographic implementations. Traditional side-channel countermeasures, primarily designed to thwart the dynamic leakage behavior, were shown to be much less powerful against this static threat. Thus, a special protection mechanism called Balanced Static Power Logic (BSPL) has been proposed very recently. Essentially, fundamental standard cells are re-designed to balance their drain-source leakage current independent of the given input. In this work, we analyze the BSPL concept in more detail and reveal several design issues that limit its effectiveness as a universal logic library. Although balancing drain-source currents remains a valid approach even in more advanced technology generations, we show that it is conceptually insufficient to achieve a fully data-independent leakage behavior in smaller geometries. Instead, we suggest an alternative approach, so-called improved BSPL (iBSPL). To evaluate the proposed method, we use information theoretic analysis. As an attack strategy, we have chosen Moments-Correlating DPA (MCDPA), since this analysis technique does not depend on a particular leakage model and allows a fair comparison. Through these evaluation methods, we show iBSPL demands fewer resources and delivers better balance in the ideal case as well as in the presence of process variations.
37
Dzhulij, V. M., V. A. Boychuk, V. Y. Titova, O. V. Selyukov, and O. V. Miroshnichenko. "PROTECTION MODELS AND METHODS AGAINST THREATED PROGRAMS INFORMATION SYSTEMS." Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University, no. 67 (2020): 72–84. http://dx.doi.org/10.17721/2519-481x/2020/67-08.
Повний текст джерелаАнотація:
The article proposes an approach to the development of protection methods against threatening programs in modern information systems, which consists in the development of security methods based on the implementation of access control to files by their types, which can be identified by file extensions that significantly exceed the known methods of antivirus protection, such as on the effectiveness of protection, as well as the impact on the load of computing resources of the information system. It is shown that the most important for protection are executable binary and script files, and that these classes of malware require mandatory storage of the threatening file on the hard disk before its execution (read). This led to the conclusion that protection against threatening programs can be built by implementing control (delineation) of access to files. A general approach to the implementation of protection against threatening programs is proposed, based on the implementation of control of access to files by their types, which can be identified by file extensions. The possibility of using such an approach is substantiated by a study of remedies. Methods of protection against threatening programs allow to protect the information system, both from loading, and from execution of binary and scripted threat files, differing in the possibility of taking into account the location of executable files, the possibility of administration with a working security system, the ability to control the modification of access objects, renaming access features, the ability to protect against scripted threat programs, including the ability to give threatening properties to interpreters (virtual x machines). Models of access control have been developed, which allowed the built-in access matrices to formulate requirements for building a secure system, the implementation of which prevents the leakage of given access rights of subjects to objects.
38
Hu, Xiao-yang, Kai-yan Chen, Yang Zhang, Dong-xin Guo, and Yan-hai Wei. "Research on Electromagnetic Side-channel Signal Extraction for Mobile Device PCM-9589F Multi-COM." MATEC Web of Conferences 232 (2018): 04022. http://dx.doi.org/10.1051/matecconf/201823204022.
Повний текст джерелаАнотація:
The portability and various functions of mobile devices enable them to go deep into people's study, work and life. While it is convenient for people, mobile devices contain a large number of user’s private information, such as the user's personal property information, identity information and even the confidential information of enterprise etc. Side-channel attack is currently one of the most effective ways to steal private information of cryptographic devices thus the threat to mobile devices can be imagined. In this paper, the electromagnetic side-channel attack based on AES encryption algorithm on mobile device—PCM-9589F Multi-COM Board is studied. A new signal acquisition platform is designed, which solves the problem that the difficulty in locating the side-channel electromagnetic leakage signal of the mobile devices. In addition,using the time-frequency analysis and filter technology,we extract the encryption features of AES on PCM-9589F Multi-COM Board.
39
Goli, Mehran, Muhammad Hassan, Daniel Große, and Rolf Drechsler. "Security validation of VP-based SoCs using dynamic information flow tracking." it - Information Technology 61, no. 1 (February 25, 2019): 45–58. http://dx.doi.org/10.1515/itit-2018-0027.
Повний текст джерелаАнотація:
Abstract Modern System-on-Chips (SoCs) are notoriously insecure. Hence, the fundamental security feature of IP isolation is heavily used, e. g., secured Memory Mapped IOs (MMIOs), or secured address ranges in case of memories, are marked as non-accessible. One way to provide strong assurance of security is to define isolation as information flow policy in hardware using the notion of non-interference. Since, an insecure hardware opens up the door for attacks across the entire system stack (from software down to hardware), the security validation process should start as early as possible in the SoC design cycle, i. e. at Electronic System Level (ESL). Hence, in this paper we propose the first dynamic information flow analysis at ESL. Our approach allows to validate the run-time behavior of a given SoC implemented using Virtual Prototypes (VPs) against security threat models, such as information leakage (confidentiality) and unauthorized access to data in a memory (integrity). Experiments show the applicability and efficacy of the proposed method on various VPs including a real-world system.
40
Belokurov, S. V., Y. E. Lvovich, S. V. Ivanov, and A. N. Noev. "Mathematical modeling of mechanisms for detecting threats of information leakage through parametric channels." Journal of Physics: Conference Series 1202 (April 2019): 012012. http://dx.doi.org/10.1088/1742-6596/1202/1/012012.
Повний текст джерела
41
Onik, Md Mehedi Hassan, Chul-Soo Kim, Nam-Yong Lee, and Jinhong Yang. "Personal Information Classification on Aggregated Android Application’s Permissions." Applied Sciences 9, no. 19 (September 24, 2019): 3997. http://dx.doi.org/10.3390/app9193997.
Повний текст джерелаАнотація:
Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.
42
Fabšič, Tomáš, Ondrej Gallo, and Viliam Hromada. "Simple Power Analysis Attack on the QC-LDPC McEliece Cryptosystem." Tatra Mountains Mathematical Publications 67, no. 1 (September 1, 2016): 85–92. http://dx.doi.org/10.1515/tmmp-2016-0032.
Повний текст джерелаАнотація:
Abstract It is known that a naive implementation of the decryption algorithm in the McEliece cryptosystem allows an attacker to recover the secret matrix P by measuring the power consumption. We demonstrate that a similar threat is present in the QC-LDPC variant of the McEliece cryptosystem. We consider a naive implementation of the decryption algorithm in the QC-LDPC McEliece cryptosystem. We demonstrate that this implementation leaks information about positions of ones in the secret matrix Q. We argue that this leakage allows an attacker to completely recover the matrix Q. In addition, we note that the quasi-cyclic nature of the matrix Q allows to accelerate the attack significantly.
43
Chatel, Sylvain, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, and Jean-Pierre Hubaux. "SoK: Privacy-Preserving Collaborative Tree-based Model Learning." Proceedings on Privacy Enhancing Technologies 2021, no. 3 (April 27, 2021): 182–203. http://dx.doi.org/10.2478/popets-2021-0043.
Повний текст джерелаАнотація:
Abstract Tree-based models are among the most efficient machine learning techniques for data mining nowadays due to their accuracy, interpretability, and simplicity. The recent orthogonal needs for more data and privacy protection call for collaborative privacy-preserving solutions. In this work, we survey the literature on distributed and privacy-preserving training of tree-based models and we systematize its knowledge based on four axes: the learning algorithm, the collaborative model, the protection mechanism, and the threat model. We use this to identify the strengths and limitations of these works and provide for the first time a framework analyzing the information leakage occurring in distributed tree-based model learning.
44
Zhou, Yousheng, Xinyun Chen, and Meihuan Chen. "Privacy-Preserving Multidimensional Data Aggregation Scheme for Smart Grid." Security and Communication Networks 2020 (December 3, 2020): 1–14. http://dx.doi.org/10.1155/2020/8845959.
Повний текст джерелаАнотація:
In a smart grid, data aggregation is a common method to evaluate regional power consumption. Data leakage in the process of data transmission poses a security threat to the privacy of users. Many existing data aggregation schemes can only aggregate one-dimensional data; however, it is necessary to aggregate multidimensional data in practical smart grid applications. Therefore, this paper proposes a privacy-preserving multidimensional data aggregation scheme, which can aggregate multidimensional data and protect the individual user’s identity and data privacy. The security of the proposed scheme is proved under the random oracle model. The simulation results show that the proposed scheme has great advantages in computing overhead, and the communication overhead also meets the requirements of the smart grid.
45
Selifanov, Valentin, Oksana Ermak, Anna Yakunina, and Karina Yarkova. "ANALYSIS OF THE DEVELOPMENT OF MEANS OF INFORMATION PROTECTION." Interexpo GEO-Siberia 9 (2019): 25–29. http://dx.doi.org/10.33764/2618-981x-2019-9-25-29.
Повний текст джерелаАнотація:
The process of the development of means of information protection can be divided into three stages: invention of writing, emergence of technical means of information processing and period of mass Informatization of society. Each stage is characterized by the development of information carriers, as a result of which there are new threats of information leakage. In this connection there is a necessity of formation of requirements to protection of information and information systems.
46
Kolomoets, E. "Ensuring information security in the field of remote work." Journal of Physics: Conference Series 2210, no. 1 (March 1, 2022): 012008. http://dx.doi.org/10.1088/1742-6596/2210/1/012008.
Повний текст джерелаАнотація:
Abstract Remote work is a forced measure introduced by employers in order to prevent a viral infection. For employees, there are pluses in remote work - saving time and money on the road and high labour productivity because nothing distracts. There is a separate issue of information security for the employer when organising such a work regime for their employees. Any use of materials is allowed only with a hyperlink. Nowadays, in the realities of distance work, information security is coming first. Employees send all the information online; they use their data and send confidential information. Protection of personal data becomes a crucial point. The article deals with problems of ensuring information security in the field of remote work. The problems of information security during restrictive actions in connection with the coronavirus pandemic and the transfer of personnel to remote work are discussed. The threat of information leaks through remote workers is relatively high since the specialists responsible for the organisation’s information security do not have the opportunity to apply the entire arsenal of technical means and policies, with the help of which security is ensured at workstations in the office. Information leakage will lead to severe problems, so it is essential to consider what means you can use to ensure the company’s information security.
47
Tershukov, Dmitry. "Analysis of Modern Information Security Threats." NBI Technologies, no. 3 (January 2019): 6–12. http://dx.doi.org/10.15688/nbit.jvolsu.2018.3.1.
Повний текст джерелаАнотація:
In the modern world, knowledge and awareness have become the most important products, services have taken the lead, the global information space is rapidly developing, while modern information technologies represent not only new opportunities in solving various problems, but also create fundamentally new challenges and threats. The emergence of new information technologies and systems, the development and expansion of the functions of social networks, the introduction of a variety of services in social networks and their algorithmization have created tools for turning the historical process of human development from uncontrollable to manageable and even projected, there are opportunities to create a reality that does not correspond to reality, to influence the mass consciousness of millions of people around the world. Currently, specialists in the field of information security require knowledge and skills that are at the intersection of various fields of knowledge: information technology, psychology, political science, law, criminology. Meanwhile, graduates of technical universities do not always have sufficient knowledge and skills to properly assess the actions of the violator of information security, to understand the political component of the problems of information security. Graduates of humanities universities are not sufficiently versed in the specifics of threats to information security, the physical nature of the channels of information leakage. The way out of this situation can be the use of a system of retraining and advanced training of specialists in information protection.
48
Gu, Jingjing, Ruicong Huang, Li Jiang, Gongzhe Qiao, Xiaojiang Du, and Mohsen Guizani. "A Fog Computing Solution for Context-Based Privacy Leakage Detection for Android Healthcare Devices." Sensors 19, no. 5 (March 8, 2019): 1184. http://dx.doi.org/10.3390/s19051184.
Повний текст джерелаАнотація:
Intelligent medical service system integrates wireless internet of things (WIoT), including medical sensors, wireless communications, and middleware techniques, so as to collect and analyze patients’ data to examine their physical conditions by many personal health devices (PHDs) in real time. However, large amount of malicious codes on the Android system can compromise consumers’ privacy, and further threat the hospital management or even the patients’ health. Furthermore, this sensor-rich system keeps generating large amounts of data and saturates the middleware system. To address these challenges, we propose a fog computing security and privacy protection solution. Specifically, first, we design the security and privacy protection framework based on the fog computing to improve tele-health and tele-medicine infrastructure. Then, we propose a context-based privacy leakage detection method based on the combination of dynamic and static information. Experimental results show that the proposed method can achieve higher detection accuracy and lower energy consumption compared with other state-of-art methods.
49
Babenko, Aleksey, and Svetlana Kozunova. "The Model of Information Security Control in State Information Systems." NBI Technologies, no. 4 (February 2019): 16–22. http://dx.doi.org/10.15688/nbit.jvolsu.2018.4.3.
Повний текст джерелаАнотація:
The control of information protection in state information systems is relevant due to the requirements of the legislation of the Russian Federation, to the value of the information processed in them, to its increasing role in the formation of the modern information society in the Russian Federation, as well as the increasing need for procedures for combining information flows of organizations and enterprises. The article deals with the issues related to the control of information security in state information systems. The analysis of works on this subject reveals a solution to particular problems. Therefore, an integrated formalized approach to solving the problem of protecting information in state information systems, taking into account their specifics, threats and requirements of regulators, is relevant. The information leaks, leakage channels in such systems, as well as threats to information security breaches in state information systems have been analyzed. The most likely threats are cyber-attacks, natural disasters, structural failures and human errors. A formalized model for managing information security in state information systems has been developed, which defines an effective set of protection tools in accordance with the requirements of technical protection measures that can be used to automate the process of monitoring. The formal model aimed at solving the problem of optimizing the used protection mechanisms in relation to the overlapping threats has been proposed. The prospects for the development of this study have been determined.
50
Anjaria, Kushal, and Arun Mishra. "Thread scheduling using ant colony optimization: An intelligent scheduling approach towards minimal information leakage." Karbala International Journal of Modern Science 3, no. 4 (December 2017): 241–58. http://dx.doi.org/10.1016/j.kijoms.2017.08.003.
Повний текст джерела