Device-based Secure Data Management Scheme in a Smart Home
|
|
- Joleen Pierce
- 8 years ago
- Views:
Transcription
1 Int'l Conf. Security and Management SAM' Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University, Suwon, Korea 2 Department of Information and Computer Engineering, Ajou University, Suwon, Korea Abstract - Due to the developments in IT, smart home services using network-based smart devices are becoming more diverse. A smart home provides users with numerous services, regardless of time and place, through interactions among users, objects, and services. However, there are security concerns such as data leakage, data forgery, and unidentified access. In case of smart home data is exposure at threats, smart home exist very danger into characteristic of smart home. This paper will examine smart home communication and analyze the security problems and security requirements. Based on this information, we will propose a device-based secure data management scheme for a smart home. Keywords: Smart home, Smart devices, Data management, Mobile. 1. Introduction The use of smart devices is increasing as information communication technology continues to develop. There is an increase in the types of available smart devices, smart home devises, and smart health devices. Accordingly, the ubiquitous society has become a part of our lives and is still developing. A smart home is an intelligent environment where users and home appliances send/receive information and data in real-time. The smart home can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Users can control devices in the home in real time through wired or wireless network technology[1]. Through smart home communication, users can access the smart home s meter reading system, boiler control, lighting control, appliance control, and various services in external[2,3]. However, smart home communication is not immune to security threats because it is equipped with network functionality. Security threats such as data forgery, illegal access, and privacy invasion are a real possibility if the smart home is accessed by a malignant device. In addition, new security threats are arising with technology convergence. In addition, smart home exist second danger into characteristic of smart home. In this paper, we propose a data management scheme that is secure and efficient for a smart home environment, overall reducing security concerns. This scheme can upload and download data to authenticated devices. We will analyze smart home security and propose a device-based, secure, data management scheme suitable for a smart home environment. This paper is organized as follows. Section 2 describes a smart home. Section 3 analyzes the security requirements of a smart home communication network, and the security issues such a network faces. Section 4 proposes a devicebased, secure, data management scheme suitable for a smart home. Section 5 presents a security analysis of our proposed scheme, and Section 6 concludes our findings. 2. The smart home With the development in information communication technology, mounted wireless devices have become an integral part of many appliances and electronic devices, creating a class of devices called smart devices.. With the appearance of these smart devices, came the concept of the "smart home. Technology and services for smart homes are developing rapidly and are diverse. A smart home makes tasks in the user life more convenient and easy to perform. In addition, smart devices are becoming increasingly automated. The communication system of a smart home is composed of a wired or wireless network connected to smart home devices. It provides various services allowing the user to supervise the smart home, regardless of the time and the location of the user. Therefore, a smart home is the collection of a set of automated, smart devices, connected and communicating on a common network[4]. Smart home technology can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Because home platform technology links home technology to external networks, it includes home-server, gateway, and home middle ware technology. Green home technology provides comfortable and economic life, including green management technology, green home-network technology, and smart grid interlock technology. In addition, smart device technology can be described as making use of existing appliances and sensors. The most important technology among smart home technology is the networking technology[5]. The networking technology of a smart home provides the connection between smart devices. Among various networking technologies, wireless network technology is drawing more attention as it continues to evolve at a rapid
2 232 Int'l Conf. Security and Management SAM'15 pace and requires relatively low power. Some examples of such technologies are Wi-Fi, WPAN, 3G/4G/LTE, Bluetooth, Microwave, and Ethernet. Smart home devices provide remote control services by connecting the existing home appliances to a CPU and a wired, or wireless, network technology. Users can then be provided with smart home services by using a mobile device away from home. 3. Analysis of security problems and security requirements In this section, we will analyze the problems that arise from data management in a smart home environment. Based on these issues, we will analyze the security requirements for such an environment[6]. 3.1 Analysis of Security Problems Data leakage A user can download sharing so they can access their smart home externally through a wireless network. This makes it possible for an attacker to gain access to the home through an unauthenticated smart device. If the attacker leaks important information gained through access to the home, this is a breach of privacy and can lead to issues regarding confidentiality Data falsification A smart home transfers data to a user through a wireless network. Accordingly, an attacker can gain access to the home through the network, and falsify data before it reaches the user. In addition, the attacker can intercept user commands to the smart home and can control the smart home system instead. Therefore, the integrity of important data stored in the smart home cannot be ensured Unauthorized access When transmitted data is received via a wireless network in a smart home environment, an attacker is able to insert malignant code into smart devices, giving the attacker access to the home through an unauthenticated device. Smart devices that contain malignant code become zombies and can be used to send malignant mail and execute distributed denial of service (DDOS) attacks. In addition, cameras can be installed or activated in smart devices through malignant code, invading the smart home owner s privacy. These types of cyberattack are mounting continually, and pose serious security threats to users of smart homes. 3.2 Analysis of Security Requirements Data confidentiality Smart home data contains sensitive information such as private information, control messages, and confidential data, which is controlled through the network. Through unauthorized access, an attacker can obtain this information, leak private information and sensitive messages, and remotely control smart devices. To prevent these sorts of attacks, the device through which the user accesses the smart home should be authenticated and malicious the attacker hasn t to access to smart home Data integrity The data of smart devices can be falsified via malicious devices that gained access through the wireless network. Thus, transferred data and messages should not be prone to falsification from illegal smart devices in a smart home environment. Fig. 1. Proposed scheme
3 Int'l Conf. Security and Management SAM' Device authentication Many smart devices can be accessed by devices without regard for security, allowing unauthenticated smart devices to be accessed through the smart home s wireless network. Disposable and cloned smart home devices can access the smart home, allowing malignant code to be inserted into the smart device. This compromises the smart home communication and creates zombie smart devices. Also, a smart home system can become dangerous if the attacker can disguise the attack as though it is from a smart device within the home. Thus, the authentication of smart devices is essential to the smart home environment. 4. Proposed scheme In this section, a server safely stores and manages the data of the smart home. We proposed a data management scheme, in which this secure smart home server manages the data of all smart devices registered in the home. The server stores data that is divided by importance into public data and confidential data. This allows for secure and convenient data management. Confidential data can only be accessed through use of a password. Additionally, a security check tool scans the integrity of the data before it is saved to the server. Also, data be saved and download through an authenticated device, enhancing the safety and reliability of the data. However, even if the authentication device it that have not access authority can t download data. The proposed scheme is composed of three phases: the registration phase in which some rules need to be met by a smart device in order to register with the server; the data storage phase, in which a smart device saves data to the server; and the download phase, in which a user s smart device downloads data from the server. 4.1 Notations Table 1 shows the notations used to explain the process of the proposed scheme. Notation DeviceInfo DeviceInfo N TABLE I. NOTATIONS Description Smart home device s information Smart home device s information authentication requested Public key of a smart device Public key of a smart server Random number Time stamp from smart home server Time stamp from a smart home device Valid time interval for transmission delay Value access to confidential data Value access to public data 4.2 Registration Phase In the registration phase, new smart devices are registered to the smart home server and are divided into separate groups in order to separate public data and confidential data. The procedure is as follows. Fig. 2. Registration phase 1) A smart device requests to communicate with the smart home server. 2) The smart home server encrypts its time stamp and a random number into public key for the smart device in order to prevent reply attacks, and transfers this key to the device. 3) The smart device encrypts its information, its time stamp, and random number into the public key for the smart home server, and transfers this key to the server. 4) The smart home server validates the time interval for the transmission delay by comparing the differential between the time stamp of the smart home server and the time stamp of the smart device. 5) A user logs into the smart home server using their ID and password, and inputs the serial number and information of the device. 6) The smart home server authenticates that the smart device information received and user-input, smart device information are the same. 7) The authenticated smart device is classified into a device group and is granted access to the data, where it creates a value access to the data. This value consists of two things: a value access to public data, and a value access to confidential data. The smart home server creates values appropriate to the smart devices. 8) The smart home server encrypts the value access into the public key of the smart device and transfers it to the smart device. 9) The smart device saves the value access to the data, and communicates with the server that it is ready to exit.
4 234 Int'l Conf. Security and Management SAM' Data Storage Phase This section describes the procedure for data generating or data acquired smart device connecting to the smart home server, verification data. In addition, we will discuss the rules used to store the data security level. When storing confidential data, the smart home server stores the hash of the value access to confidential data and the data itself. 6) The data is stored in the database, disconnects from the server. 4.4 Data Download Phase This section describes the download procedure using a user s smart device to request necessary data. The user connects to the smart home server through a smart device and can download data if they have appropriate authorization. Fig. 3. Data storage phase 1) The smart device requests a connection to the smart home server in order to generate/acquire synchronized data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device and communication will be released. 3) Authenticated smart devices can access the smart home server. Smart device are sorted into either common devices, which are used together, or personal devices, which are personally used. 4) Data safety is verified by a security check tool in the assorted smart device. If a virus is found, the data storage is cancelled and communication is released. 5) Data verified by the security check tool as fit for storage, is divided into either public data or confidential data for secure and convenient data management. When storing public data, the smart home server stores the hash of the value access to public data and the data itself. Fig. 4. Data download phase 1) The smart device requests to connect to the smart home server in order to download the necessary data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device, and communication will be released. 3) Authenticated smart devices can access the smart home server. The user is now able to request to download the necessary data through the smart device. 4) The smart home server confirms that the requesting smart device has download permission. If the device does not have permission, then the server rejects the data download and returns to step 3).
5 Int'l Conf. Security and Management SAM' ) If the smart device has download permission, then user authentication is required through a request for the user to enter their password. Hashed data will be downloaded by decrypting the value access to the data. If the user authentication fails, the data download is rejected and returns to step 3). 6) If the user authentication succeeds, then the smart home server has permission to download the data. The data is downloaded by accessing the device record in the database, and then disconnects from the server. 5. Security analysis of the proposed scheme In this section, we analyze the security of our proposed device-based, secure, data management scheme in smart home environment. 5.1 Confidentiality A smart device must ensure confidentiality because it has important data such as private information, control messages, and sense information. This paper s proposed scheme is to authentication smart device before allowing access to the smart home server. Unauthenticated smart devices are not allowed to store and download data because they do not have access to the smart home server. Even if a user loses a device, or device information is leaked, an attacker cannot access the data on the smart home server because they must have password. In addition, if the smart device was authenticated, the user cannot access the data on the smart home server if they do not know password because the data is divided into encrypted public data and encrypted confidential data. 5.2 Integrity Data is prone to risks such as data and message falsification by the access of malicious smart devices through the wireless network in a smart home communication environment. This paper proposes a scheme in which data is stored in a hash with a value access when the data is stored to the smart home server. When smart devices download the data, value access that has authority with data will be encrypt. Therefore, this proposed scheme prevents data falsification. 5.3 Device Authentication Smart devices can insert malignant code through unauthenticated device access. In this situation, the smart device will become a zombie device. It is able to send malignant mail and execute distributed denial of service (DDOS) attack. Our proposed scheme prevents the change of smart device information because the smart home server saves the information of each smart device during the initial registration phase, saving hash values of this information. By using the hash values for communication, the information of the smart devices cannot be changed. In addition, because the smart home server supervises all of the smart devices of the home, access of unauthorized devices can be prevented and authentication of smart devices can be provided. 6. Conclusions Smart home technology continues to develop and provides various services through open network communication among smart devices. However, there are still security concerns such as data forgery, unidentified access, and invasion of privacy, and new security threats continue to arise. In order to address this, we need a safe data-management method to prevent these security threats. In this paper, we analyzed the security concerns and security requirements and suggested a safe data management method based on the devices in the smart home environment. This suggested method can block unauthorized access through device verification. Research regarding smart homes is currently booming, both nationally and worldwide. Safe data management is very important because the smart home contains sensitive data. Finally, we expect that the suggestions made in this paper will be helpful to future studies and developments regarding a safe smart home environment. 7. Acknowledgment This work was supported by the ICT R&D program of MSIP/IITP, Republic of Korea. [ , Development of Mobile S/W Security Testing Tools for Detecting New Vulnerabilities of Android] 8. References [1] Gao Chong, Ling Zhihao, Yuan Yifeng, The research and implement of smart home system based on Internet of Things, pp , Sept [2] Hwa-jeong Suh, Dong-gun Lee, Jong-seok Choe, Ho-won Kim, IoT security technology trends The Korea Institute of Electromagnetic Engineering and Science, Vol. 24, No. 4, pp , July [3] Tae-woong Lee, Cheol-su Son, Won-jung Kim, The Implement of Intelligent Home Network System on Smart Phone, The Korea Institute of Electronic Communication Sciences, Vol. 6, No. 4, pp , Aug [4] Ji-Yean Son, Ji-Hyun Lee, Jeu-Young Kim, Jun-Hee Park, Young-Hee Lee, RAFD: Resource-aware fault diagnosis system for home environment with smart devices, Consumer Electronics, IEEE Transactions on, Vol. 58, No. 4, pp , Jan [5] Seong-gu Sim, Ho-jin Park, Jun-hee Park, Smart home standardization construction and strategy, The Korea Institute of Information Scientists & Engineers, Vol. 30, No. 8, pp , Aug [6] A. Wright, Cyber security for the power grid: cyber security issues & Securing control systems, ACMCCS, Nov. 2009
Security Threats on National Defense ICT based on IoT
, pp.94-98 http://dx.doi.org/10.14257/astl.205.97.16 Security Threats on National Defense ICT based on IoT Jin-Seok Yang 1, Ho-Jae Lee 1, Min-Woo Park 1 and Jung-ho Eom 2 1 Department of Computer Engineering,
More informationA Digital Door Lock System for the Internet of Things with Improved Security and Usability
, pp.33-38 http://dx.doi.org/10.14257/astl.2015.109.08 A Digital Door Lock System for the Internet of Things with Improved Security and Usability Ohsung Doh 1, Ilkyu Ha 1 1 Kyungil University, Gyeongsan,
More informationStudying Security Weaknesses of Android System
, pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationCRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME
CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationIn the pursuit of becoming smart
WHITE PAPER In the pursuit of becoming smart The business insight into Comarch IoT Platform Introduction Businesses around the world are seeking the direction for the future, trying to find the right solution
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationSecurity Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT
, pp.347-356 http://dx.doi.org/10.14257/ijsia.2015.9.7.32 Security Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT Jung ho Eom Military Studies, Daejeon University,
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationWireless Network Security
Wireless Network Security Bhavik Doshi Privacy and Security Winter 2008-09 Instructor: Prof. Warren R. Carithers Due on: February 5, 2009 Table of Contents Sr. No. Topic Page No. 1. Introduction 3 2. An
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More information86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014
86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 Dual server-based secure data-storage system for cloud storage Woong Go ISAA Lab, Department of Information Security Engineering,
More informationSecurity Assessment through Google Tools -Focusing on the Korea University Website
, pp.9-13 http://dx.doi.org/10.14257/astl.2015.93.03 Security Assessment through Google Tools -Focusing on the Korea University Website Mi Young Bae 1,1, Hankyu Lim 1, 1 Department of Multimedia Engineering,
More informationIT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities
IT Infrastructure Services White Paper Cyber Risk Mitigation for Smart Cities About the Author Abhik Chaudhuri Abhik Chaudhuri is a Domain Consultant with the Information Technology Infrastructure Services
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationAn Innovative Two Factor Authentication Method: The QRLogin System
An Innovative Two Factor Authentication Method: The QRLogin System Soonduck Yoo*, Seung-jung Shin and Dae-hyun Ryu Dept. of IT, University of Hansei, 604-5 Dangjung-dong Gunpo city, Gyeonggi do, Korea,
More informationInformation Security. Be Aware, Secure, and Vigilant. https://www.gosafeonline.sg/ Be vigilant about information security and enjoy using the internet
Be Aware, Secure, and Vigilant Information Security Use the Internet with Confidence Be vigilant about information security and enjoy using the internet https://www.gosafeonline.sg/ The Smartphone Security
More informationResearch on Situation and Key Issues of Smart Mobile Terminal Security
Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationCourse Title: Penetration Testing: Network Threat Testing, 1st Edition
Course Title: Penetration Testing: Network Threat Testing, 1st Edition Page 1 of 6 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base
More informationA Practical Analysis of Smartphone Security*
A Practical Analysis of Smartphone Security* Woongryul Jeon 1, Jeeyeon Kim 1, Youngsook Lee 2, and Dongho Won 1,** 1 School of Information and Communication Engineering, Sungkyunkwan University, Korea
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationEnergy Monitoring and Management Technology based on IEEE 802.15. 4g Smart Utility Networks and Mobile Devices
Monitoring and Management Technology based on IEEE 802.15. 4g Smart Utility Networks and Mobile Devices Hyunjeong Lee, Wan-Ki Park, Il-Woo Lee IT Research Section IT Convergence Technology Research Laboratory,
More informationDevelopment of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations
Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations Ryu HyunKi, Moon ChangSoo, Yeo ChangSub, and Lee HaengSuk Abstract In this paper,
More informationVulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack
Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack You Joung Ham Graduate School of Computer Engineering, Hanshin University, 411, Yangsan-dong, Osan, Gyeonggi, Rep. of Korea
More informationResponsible Access and Use of Information Technology Resources and Services Policy
Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationSECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER
SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationSecurity Model for VM in Cloud
Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,
More informationRFID based Bill Generation and Payment through Mobile
RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce
More informationAppendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.
Appendix A Cyber Security 1 Copyright 2012, Oracle and/or its affiliates. All rights Overview This lesson covers the following topics: Define cyber security. List the risks of cyber security. Identify
More informationA Stubborn Security Model Based on Three-factor Authentication and Modified Public Key
International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young
More informationStudy on the Vulnerability Level of Physical Security And Application of the IP-Based Devices
, pp. 63-68 http://dx.doi.org/10.14257/ijsh.2015.9.10.07 Study on the Vulnerability Level of Physical Security And Application of the IP-Based Devices Kwang-Hyuk Park 1, Il-Kyeun Ra 2 and Chang-Soo Kim
More informationThe Internet of Things (IoT) Opportunities and Risks
Session No. 744 The Internet of Things (IoT) Opportunities and Risks David Loomis, CSP Risk Specialist Chubb Group of Insurance Companies Brian Wohnsiedler, CSP Risk Specialist Chubb Group of Insurance
More informationDistributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment
Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment Chandra Sekhar Murakonda M.Tech Student, Department of Computer Science Engineering, NRI Institute
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationOverview of the Internet of things
Overview of the Internet of things Tatiana Kurakova, International Telecommunication Union Place des Nations CH-1211 Geneva, Switzerland Abstract. This article provides an overview of the Internet of things
More informationA Study on the Security of RFID with Enhancing Privacy Protection
A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationDesigning and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System
, pp.97-108 http://dx.doi.org/10.14257/ijseia.2014.8.6.08 Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System Suk Hwan Moon and Cheol sick Lee Department
More informationBiometric Authentication Platform for a Safe, Secure, and Convenient Society
472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.
More informationA Security Mechanism for Remote Monitoring System Security using Smartphone
A Security Mechanism for Remote Monitoring System Security using Smartphone Sungjae Yu Chau Ngoc Tu Souhwan Jung School of Electronic Engineering Soongsil University SEOUL, KOREA {ysj77777, chaungoctu,
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationCyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants
Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and
More informationDynamic Query Updation for User Authentication in cloud Environment
Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,
More informationModern Accounting Information System Security (AISS) Research Based on IT Technology
, pp.163-170 http://dx.doi.org/10.14257/astl.2016. Modern Accounting Information System Security (AISS) Research Based on IT Technology Jiamin Fang and Liqing Shu Accounting Branch, Jilin Business and
More informationSECURITY IN THE INTERNET OF THINGS
Lessons from the Past for the Connected Future INNOVATORS START HERE. EXECUTIVE SUMMARY Although it has been with us in some form and under different names for many years, the Internet of Things (IoT)
More informationHIPAA Security Rule Compliance and Health Care Information Protection
HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationPineApp TM Mail Encryption Solution TM
PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationFujitsu s Approach to Cloud-related Information Security
Fujitsu s Approach to Cloud-related Information Security Masayuki Okuhara Takuya Suzuki Tetsuo Shiozaki Makoto Hattori Cloud computing opens up a variety of possibilities but at the same time it raises
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationREVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY
REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY Babul K Ladhe 1, Akshay R Jaisingpure 2, Pratik S Godbole 3, Dipti S Khode 4 1 B.E Third Year, Information Technology JDIET, Yavatmal ladhebabul23@gmail.com
More informationSmart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service
, pp. 195-204 http://dx.doi.org/10.14257/ijsh.2015.9.5.19 Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service Ju-Su Kim, Hak-Jun
More informationScheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones
보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones Rosslin John Robles 1) and Tai-hoon Kim 2) Abstract
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationAshok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.
Protection of Vulnerable Virtual machines from being compromised as zombies during DDoS attacks using a multi-phase distributed vulnerability detection & counter-attack framework Ashok Kumar Gonela MTech
More informationOn the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme
On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationNETWORK SECURITY Staying Ahead of the Curve
NETWORK SECURITY Staying Ahead of the Curve PREFACE Very few things in this world move at the pace of technology. Today s internet infrastructure offers a tremendous value proposition to those implementing
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationA Study on Behavior Patternize in BYOD Environment Using Bayesian Theory
A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory Dongwan Kang, Myoungsun Noh, Chaetae Im Abstract Since early days, businesses had started introducing environments for mobile device
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationHE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK
HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK Prepared By: Raghda Zahran, Msc. NYIT-Jordan campus. Supervised By: Dr. Lo ai Tawalbeh. November 2006 Page 1 of 8 THE WAR AGAINST BEING AN INTERMEDIARY
More informationDecentralized Information Accountability Framework for Information Sharing In Cloud Environment
Decentralized Information Accountability Framework for Information Sharing In Cloud Environment Deepthi Srinivas, Shylaja BR, Rajeev RK, Muruli R 1 BNM Institute of technology 2,3,4 Rai Technology University
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationRemote Monitoring and Controlling System Based on ZigBee Networks
Remote Monitoring and Controlling System Based on ZigBee Networks Soyoung Hwang and Donghui Yu* Department of Multimedia Engineering, Catholic University of Pusan, South Korea {soyoung, dhyu}@cup.ac.kr
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationIndustrial Control Systems Vulnerabilities and Security Issues and Future Enhancements
, pp.144-148 http://dx.doi.org/10.14257/astl.2015.95.27 Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements Hongseok Chae 1, AAmir Shahzad 1, Muhammad Irfan 2, HyangRan
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security
More informationSecurity Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics
Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,
More informationSecurity Risk Management and Assessment System
ABSTRACT SAGEPOT: A TOOL FOR SECURITY ASSESSMENT AND GENERATION OF POLICY TEMPLATES K. Saleh, A. Meliani, Y. Emad and A. AlHajri American University of Sharjah, Department of Computer Science Box 26666,
More informationResearch Article Secure Model against APT in m-connected SCADA Network
Distributed Sensor Networks, Article ID 594652, 8 pages http://dx.doi.org/10.1155/2014/594652 Research Article Secure Model against APT in m-connected SCADA Network Si-Jung Kim, 1 Do-Eun Cho, 2 and Sang-Soo
More informationA Proxy-Based Data Security Solution in Mobile Cloud
, pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,
More informationManagement Standards for Information Security Measures for the Central Government Computer Systems
Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationAMI security considerations
AMI security considerations Jeff McCullough Introduction Many electric utilities are deploying or planning to deploy smart grid technologies. For smart grid deployments, advanced metering infrastructure
More information