Moriai S.,Institute of Information Security
Journal of the National Institute of Information and Communications Technology | Year: 2016
This paper introduces the overview of the R&D activities and achievements on security fundamental technologies during the 3rd Medium- to Long-Term Plan (from FY2011 to FY2015).
Alvarez Marino R.,Health Center Nunez Morgado |
Hernandez Alvarez F.,Institute of Information Security |
Hernandez Encinas L.,Institute of Information Security
Information Sciences | Year: 2012
One of the most important uses of Biometrics is the identification and authentication of individuals using one or several of their physiognomical or behavioral features. Moreover, Biometrics offers a good option to assist Cryptography for confidentiality, encryption, and decryption of messages by using some biometric traits. In this paper, a crypto-biometric scheme, based on fuzzy extractors, by using iris templates, is proposed, i.e., we propose a new system in order to permit a user to retrieve a secret or a previously saved key by using her own biometric template. The properties and efficiency for selecting the most useful parameters to provide a high level of security in the scheme are thoroughly analyzed. © 2012 Elsevier Inc. All rights reserved.
Chang C.-C.,Feng Chia University |
Chen Y.-H.,Asia University, Taiwan |
Wang H.-C.,Institute of Information Security
Information Sciences | Year: 2011
Lin and Tasi, Yang et al., and Chang et al.'s meaningful secret sharing schemes provided authentication mechanisms but none included a remedy ability that would cause the secret image never to be completely obtained while some information of the stego-images are losing or tampering with. This paper proposes a meaningful secret-sharing scheme which includes both authentication and remedy abilities that allow for detection of the corrupted area and use of the hidden information to repair the secret image with reasonable visual quality. In comparison with previous schemes, this approach results in superior visual qualities of the stego-images by an average of more than 3 dB. © 2011 Elsevier Inc. All rights reserved.
News Article | November 24, 2016
Bletchley Park, the site of secret code-deciphering projects during World War Two, could become the centre for a new generation of codemakers and codebreakers. There are plans for a training college to teach cybersecurity skills to 16-19 year olds at the Buckinghamshire site. Former home secretary Lord Reid said it had become vital to build up the "talent pool" for cyber-defence. The college, in a wartime building at Bletchley, is intended to open in 2018. Developed by a not-for-profit group from the cybersecurity industry, it would open as a boarding college, with around 10% of places for day students. The National College of Cybersecurity would be free to all students, who would be selected as "gifted and talented". The BBC understands that candidates would not need to meet specific academic qualifications, but would be selected through aptitude tests, or on the basis of exceptional technology skills - such as self-taught coders or students who dabble in making their own websites. The students would work towards a potential variety of qualifications including A levels or Extended Project Qualification (EPQs). Around 40% of the curriculum would be devoted to cybersecurity - with extra focus on maths, physics, computer science or economics. There have been repeated warnings about the lack of a skilled workforce for cybersecurity in the UK, despite a rising number of sophisticated cyber-attacks. A spokesperson for the GCHQ intelligence agency welcomed such "initiatives that promote and develop skills in cybersecurity". "The concept of a sixth-form college is interesting, especially if it can provide a pathway for talented students from schools that are not able to provide the support they need," the spokesperson added. The project plans to use G-Block, built in 1943, on the Bletchley Park site as the base for the college, with a £5m restoration project for the building. Bletchley House was Britain's best kept secret for decades. No one was allowed to talk about the work that was carried out there during World War Two - and it was not until a veteran code-breaker spilled the beans in 1974 that its existence became known. During the war, it housed the Government Code and Cypher School (GC&CS) which worked on cracking the military codes that secured German, Japanese and other enemy nation's communications. The work of the wartime team, which included the computer scientist Alan Turing, heralded the dawn of the information age - creating the world's first computer, Colossus - and was famed for breaking the German Enigma encryption system. After the war, some of the staff stayed on in a new organisation, Government Communications Headquarters (GCHQ). Now one of three UK intelligence and security agencies, along with MI5 and MI6, GCHQ works to keep the UK safe. GCHQ credits its "particularly strong" relationship with its US equivalent, the National Security Agency, to the collaboration it began at Bletchley Park and agreements it signed at the end of World War Two. Bletchley Park was decommissioned in 1987 after a 50 year association with British Intelligence, which relocated GCHQ to Cheltenham. There are also smaller sites in Cornwall, North Yorkshire and Manchester. In 1991, moves to demolish the site sparked an eight year battle to save Bletchley Park and keep its wartime story alive. The Bletchley Park Trust is now working on a 10-year plan to transform the site into a world-class museum and education centre. The plan for training a new generation of codebreakers at Bletchley comes from a group called Qufaro, set up by cybersecurity representatives, including from Cyber Security Challenge UK, The National Museum of Computing and BT Security. Funding and development comes from Qufaro in collaboration with the Cyber Security Challenge UK - a government and industry backed-competition that seeks people with the the skills needed to help the UK beat back cyber criminals, hacktivists and terrorists. It also has the backing of City and Guilds, which provides vocational qualifications. Alastair MacWilson, of the Institute of Information Security Professionals and chair of Qufaro, says cyber-education at the moment is "disconnected and incomplete, putting us at risk of losing a whole generation of critical talent". He says that the Qufaro project would help to provide a more "unified" approach to try to fill the gaps in training. Margaret Sale, founding member of the National Museum of Computing, said setting up a college would help to "reactivate" the site as a "major active contributor to our national security". Lord Reid, who chairs the Institute for Security and Resilience Studies at University College London, said cyber-activity "now reaches into every aspect of our lives, as individuals and as a nation". But he said there was a challenge in "developing a sustainable flow of skilled professionals for security, growth and cyber-innovation. "Existing initiatives cannot close the skills gap alone so it is vital that we keep looking for new ways to build our talent pool," he stressed. He said the plans for a National College of Cyber Security could "harness the legacy of this historic location to inspire the next generation".
Davis J.J.,Defence Science and Technology Organisation, Australia |
Clark A.J.,Institute of Information Security
Computers and Security | Year: 2011
Data preprocessing is widely recognized as an important stage in anomaly detection. This paper reviews the data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used. Motivation for the paper comes from the large impact data preprocessing has on the accuracy and capability of anomaly-based NIDS. The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers. Time-based statistics can be derived from these headers to detect network scans, network worm behavior, and denial of service attacks. A number of other NIDS perform deeper inspection of request packets to detect attacks against network services and network applications. More recent approaches analyze full service responses to detect attacks targeting clients. The review covers a wide range of NIDS, highlighting which classes of attack are detectable by each of these approaches. Data preprocessing is found to predominantly rely on expert domain knowledge for identifying the most relevant parts of network traffic and for constructing the initial candidate set of traffic features. On the other hand, automated methods have been widely used for feature extraction to reduce data dimensionality, and feature selection to find the most relevant subset of features from this candidate set. The review shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing. These context sensitive features are required to detect current attacks. © 2011 Elsevier Ltd. All rights reserved.
Kim C.H.,Institute of Information Security
IEEE Communications Letters | Year: 2011
A distance bounding protocol enables one entity to determine an upper bound on the physical distance to the other entity as well as to authenticate the other entity. It measures the round-trip time of exchanged messages that normally consist of n rounds of a single-bit challenge and a single-bit response. Let FAR M and FAR D be the false acceptance rate against mafia fraud attack and distance fraud attack, respectively. Brands and Chaum designed the first distance bounding protocol that has (FAR M, FAR D) = ((1/2) n, (1/2) n). Recently Yum et al. proposed a flexible distance bounding protocol, in IEEE Communications Letters, asserting that its false acceptance rate (FAR M, FAR D) can be chosen from ((1/2) n, (1/2) n) to ((1/4) n, ((3/4)) n). However, we introduce a new attack that achieves a higher false acceptance rate, where (FAR M, FAR D) varies from ((1/2) n, (1/2) n) to ((1/2) n, (1/2) n/2). © 2006 IEEE.
Uchida K.,Institute of Information Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015
Information Systems are composed in four main portions, people, information, appliance and facilities. These four portions are called information assets. Information security protects information assets and keeps safe them from the view point of Confidentiality, Integrity and Availability (CIA). Recently, cyber-attacks to people in specific organizations are called advanced persistent threat (APT) or targeted attacks. APT attacks are attacks using psychological and behavioral science weakness of people, are not technical attacks. Kevin Mitnick, the most competent and the most famous attacker for people says “Security is not a technology problem. It is a human and management problems” in his book. By using the knowledge of psychology, behavioral science and criminology, the attackers attack people, and achieve the purposes. Targets of the attacks are not only the direct objects that are theft or destruction of information, but also the indirect objects that obtain the information necessary to achieve the goal. Sun Tzu, a Chinese military general, strategist and philosopher said “If you know your enemies and know yourself, you can win a hundred battles without a single loss”. Attackers and victims are classified into people, appliance (hardware and software) and hybrid (people and appliance). The methods of attackers for each attack and cases of attacks are classified in this paper. Some organizations are beginning to use the elements of games and competitions to motivate employees, and customers. This is known as gamification which is the application of game elements and digital game design techniques to non-game problems, such as business and social impact challenges. Gamification is very useful for awareness training of information security, I believe. This paper attempts to classify and systematize attackers, victims and the methods of attacks, as by psychology, behavioral science, criminal psychology, and cognitive psychology I have proposed some ideas for education, training and awareness for information security using the findings of psychology and behavioral science. © Springer International Publishing Switzerland 2015
Fuster-Sabater A.,Institute of Information Security
Procedia Computer Science | Year: 2013
A large Linear Complexity (LC) is a fundamental requirement for a binary sequence to be used in secret key cryptography. In this paper, a method of computing all the nonlinear filters applied to a shift register with a linear complexity LC ≥ (L k), where L is the length of the register and k the order of the filter, is proposed. The procedure is based on the handling of filtering functions by means of algebraic operations. The method formally completes the family of nonlinear filtering functions with a guaranteed large linear complexity. In cryptographic terms, it means an easy and useful way of designing sequence generators for cryptographic purposes. © 2013 The Authors. Published by Elsevier B.V.
Hayashi K.,Institute of Information Security
Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 | Year: 2013
Business people and academia are now excited about Big Data and Cloud Computing as the new and most innovative means for enhancing productivity and customer satisfaction. Simultaneously, there are strong concerns about privacy not only among privacy advocates but among consumers in general, and how to strike a right balance is the main theme in every field of science. However, it is quite strange that very little attention has been paid to the concept of confidentiality, which must be the core element of privacy. This paper first tries to analyze the following two dichotomies as a basis for possible policy considerations: (1) privacy approach in the United States versus confidentiality approach in the United Kingdom, though they share the same common law tradition, and (2) clear demarcation between Information Service and Telecommunications in the United States, dating back to the Computer Inquiry in the 1970s. This paper also analyzes the features of the Cloud and discusses the possibility of treating it as a new type of Public Utility, namely Information Utility. This hypothesis should be rejected, because there are crucial differences in market structures, regardless of clear similarities in service features. Instead, this paper emphasizes the necessity of protecting confidentiality as an industrial norm. Taking into account the long tradition of free market for computing industries, self-regulation is basically preferable to government regulation. But from a different viewpoint of "nudge", a hybrid combination of libertarianism and paternalism, this paper concludes by proposing five short recommendations including fair contract terms as well as unbundling confidentiality from privacy. © 2013 IEEE.
Agency: GTR | Branch: Innovate UK | Program: | Phase: Innovation Voucher | Award Amount: 5.00K | Year: 2013
The IISP exists to raise standards of professionalism in the Information Security industry. Our aim is to help small organisations, who often wrestle with implementing security practice, achieve appropriate cyber security levels.