• Нет обложки

  • User's privacy protection based on detected face encryption

    Сети и безопасность
    Today, the great use of secure images that are either transferred over a network or are stored on disk has raised a concern over information security. The confidentiality and image privacy protection is most likely effective through image encryption. Digital images are large in size and complex, thus computational overhead plus processing time required to conduct full image encryption result in the limiting elements that block them from being more intense in real time. In order to solve this issue, encryption algorithms are used in part, which means only some portions of the video frame or images are used.

  • Coercion-Resistant Cryptographic Voting

    Сети и безопасность
    Remote electronic voting is a promising concept. Voters are enabled to cast their votes over the Internet, from arbitrary computers. It offers convenience and does not require geographical proximity on the election day. Thus, it has the potential to allure those groups of voters that regularly abstain from general elections. However, in order to implement free and secret electronic elections, the threats of vote buying and coercion against the voters need to be addressed.In this book, a cryptographic approach that deals with these issues is investigated. Especially, a cryptographic voting protocol is described, evaluated and prototypically implemented that offers mechanisms to protect voters against coercion and thwarts vote buying.Readers of this book would include graduate students and postgraduate researchers in both academia and industry, who wish to gain a deeper knowledge of cryptographic voting protocols, its underlying theoretical concepts and its potential capabilities.

  • Securing EVM by Threshold Multipair Cryptosystem

    Сети и безопасность
    In the democratic country like India, though there is an abundant development of technology, it is still lacking behind in the election process. The votes casted by the public determine the fate of the country for a particular duration. Due to ballot design or the mistake of unintentional voter, may lead to foul votes. Unreliable results can also be produced by this scheme. Due to the problems created by the manual machine, Electronic voting machine currently came to process. But the design of EVM provides some loop holes which threatens the security of the votes. To avoid the above mentioned problem, our thesis challenges the security of the votes casted by the public. Our thesis focuses on two points. One is to provide security and the other is to provide backup storage for post checking, if at all any problem arises. This facility is provided by using cryptography where two public keys are used for encryption and one private key for decryption. Backup storage acts as a remote server which preserves the votes. This storage is used for the purpose of rechecking and confirmation. Hence, our thesis provides solution for the security problems of the votes in EVM.

  • A Lattice Attack on the McEliece Public Key Cryptosystem

    Сети и безопасность
    The McEliece cryptosystem was proposed by R.McEliecein 1978. In its original version it is based on Goppacodes. Given a public key matrix G and a codewordc=mG+e, we reduce the problem of recovering the errorvector e to the shortest lattice vector problem.Using Conway and Sloane''s "Construction A", weconstruct a basis of a lattice, in which the norm ofthe shortest vector w.r.t. lp norm is equal to the lpnorm of the error vector e for p>log(t), where t isthe weight of the error vector e. To find suchshortest vector in our lattice we use the LLL andblock basis reduction algorithms for the lp norm,which guarantee only an approximation of the lengthof the shortest lattice vector. Our tests show thatthis attack method provides no positive results forGoppa codes of length more than 127.

  • NTRU Cryptography

    Сети и безопасность
    The book gives a detailed introduction to the NTRU cryptosystem and its attacks. First we give some mathematical background, where we consider the ring on which NTRU is based on and we introduce some important properties of this ring. Then we introduce the cryptosystem, where we see two possible ways to decrypt. Followed by this we do a security analysis, where we introduce the most important attacks against NTRU. The most interesting attacks are the lattice attacks, where we spend a whole chapter to these sorts of attacks.

  • RSA : Data Encryption and Data Decryption

    Сети и безопасность
    Cryptography, the science of encryption, plays a central role in mobile phone communications, pay-tv, e-commerce, sending private emails, transmitting financial information, security of ATM cards, computer passwords, electronic commerce digital signature and touches on many aspects of our daily lives. RSA cryptosystem is the most commonly used public key cryptosystem. It is the first public key cryptosystem. The strength of this cryptosystem is based on the larger key size. There are many algorithms and variants of RSA. But, it is steal a burning topic of research. Because the thrust to store data secret is never going to end. In this book, we have proposed a literature review of some modern variants of the RSA algorithm. All the algorithms have been analyzed. Their merits and demerits are also discussed. In digital era, the data continuously moves on the network. So the personal or confidential record is required to be protected from the outside world. So there is a need to develop a zero tolerant security algorithm. In this book, proposed a modified RSA algorithm. The proposed version is taking less time in data decryption.

  • A Tri-level Cryptographic Technique for Secured Message Transaction

    Сети и безопасность
    The security of the cryptographic techniques heavily relies on strong encryption and decryption algorithms and increased complexity associated to the algorithms. In this book the plaintext message is converted to the ciphertext message by using both RSA as asymmetric key algorithm and one-time pad as symmetric key algorithm. Three levels of encryption processes are imposed to produce a ciphertext which for sending to the receiver. First, the original message is encrypted by the private key of RSA algorithm of the sender then the output of the first encryption is again encrypted with the public key RSA algorithm of the receiver and finally the output of the second encryption is further encrypted by a shared secret key of one-time pad algorithm. After the above three encryptions a final ciphertext is generated and then sent to the receiver through the communication channels.

  • Membrane Computing and Cryptographic Systems

    Сети и безопасность
    Membrane computing is an area of computer science aiming to abstract computing ideas and models from the structure and the functioning of living cells. In short, it deals with distributed and parallel computing models, processing multiset with an essential role played by the communication among compartments where evolution rules and evolving objects are encapsulated into compartments delimited by membranes. RSA algorithm is the most widely used public-key cryptosystem. In practice, public-key encryption schemes are slower than symmetric-key counterparts due to using large numbers in power calculations . Since mathematical calculations need long time to perform encryption / decryption processes, In this book, two proposed designs of RSA using the membrane computing environment ideas are proposed. The first model depends on decreasing time of power calculations as it runs RSA algorithm as three parallel threads with all calculations which can be done parallel are executed at the same time.The second proposed design is depending on representing the parallel nature of membrane computing by using GPU model

  • Global System for Mobile Communication Strategy and Security Prospects

    Сети и безопасность
    This work examined the basic concept of GSM communication network as a new standard set by the European telecommunications standard institutes and as a cellular system using digital radio access technology for cellular networks and to provide quality radio communication. It offers detailed insight into this topical area of GSM cellular radio featuring numerous illustrations, this work focuses on the fundamentals of the mobile radio system, covering the standards and protocols extensively. This project reviewed concept, the application and the effects of wireless networks, which it saw as a promising leading technology in communications industry. One attractive and novel feature of GSM is the subscriber identity module (SIM), which is a portable device in the form smart card or plug-in module that stores the subscriber’s identification number. It also considered the security implication of GSM network. The security mechanism including the subscriber identification module (SIM) card and the international Equipment identification module (IMEI) which provide prevention against theft of mobile sets using the Equipment Identity Register (EIR) to identify stolen mobiles.

  • Heuristic Cryptanalysis of Classical and Modern Ciphers

    Сети и безопасность
    Block cipher algorithms are commonly used to secure confidential information in everyday user applications like smart cards. However, it is quite common for ignorant users to use familiar dictionary words or even names as their personal passwords. Two optimisation heuristic cryptanalytic attack methods (Tabu Search and Genetic Algorithm) are used to conduct intelligent keysearch attacks on classical ciphers and modern ciphers. The classical ciphers examined are the Hill Cipher (a substitution cipher) and the Columnar Transposition Cipher (a permutation / transposition cipher). The algorithm chosen to represent modern block ciphers is the Advanced Encryption Standard (AES) algorithm (also known as “Rijndael”). Find out how a password encrypted with AES can be broken within a few hours!

  • Манифест криптоанархиста

    Сети и безопасность
    Криптоанархизм - философия, суть которой заключается в том, чтобы использовать сильную криптографию для защиты приватности и личной свободы. Криптоанархисты считают, что криптография защищает людей от слежки в Интернете и уверены, что законы математики сильнее человеческих законов и что без шифрования сообщений и информации личная жизнь людей пострадает. Криптоанархисты - это люди, которые поддерживают философию криптоанархизма. Глобальная цель криптоанархистов - интернет доверия.Это явление можно отнести к сфере социально-политической идеологии, направленной на борьбу за свободу слова, тайну личности и частной переписки. Только в качестве основного инструмента этой борьбы криптоанархисты видят не стачки, митинги и уличные протесты, а математические алгоритмы и глубокое шифрование.Возможно ли реализовать в киберпространстве социально-технологические модели, которые многие современные эксперты считают утопиями? Книга знакомит с различными мнениями авторитетных специалистов в различных областях современной науки.

  • Защита информации, устройства несанкционированного съема информации и борьба с ними

    Бизнес литература, Сети и безопасность
    Настоящее учебно-практическое пособие подготовлено на основе многолетнего практического опыта ветеранов отечественных спецслужб, специализирующихся на обеспечении безопасности высшего руководства страны и борьбе с терроризмом.Благодаря представленным в пособии материалам читатель не только сможет ознакомиться с каналами утечки информации, устройствами ее несанкционированного съема (УНСИ) и тактикой преступных элементов при установке и контроле этих устройств, но и получит наглядный и эффективный практикум по организации поиска и локализации УНСИ.Книга написана простым и доступным для понимания языком, содержит большое количество иллюстраций, что делает ее полезной не только для специалистов в области обеспечения безопасности и работников профильных учебных заведений, но и для широкого круга читателей, чей бизнес предполагает острую конкурентную борьбу.Пособие рекомендовано Учебным центром Содружества телохранителей России "Железный орел".

  • Assessment Framework for Cyber Security

    Сети и безопасность
    The capabilities and opportunities the Internet provides have caused transformation in many business activities, increasing the speed and ease for conducting transactions while also lowering many of the costs. As a consequence, the national economy and welfare have grown critically dependent on the cyber network infrastructure. In a digital world, information access is expected anytime and from anywhere, but this accessibility can create vulnerabilities that threaten the security of the information and leave organizations open to various forms of malicious attack. Thus the increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking cyber attacks and vulnerabilities. The main aim of this book is to develop an assessment framework for cyber security. It recommends the adoption of the proposed framework by all government ministries as well as the third party cyber security service providers, it provides information for decision makers on the cyber security assessment of individual organizations and nations. It further provides a basis of knowledge, development and study for scholars in the Information Technology field.

  • Системный подход к обеспечению информационной безопасности предприятия (фирмы)

    Бизнес литература, Сети и безопасность
    В монографии изложен системный подход к построению комплексной защиты информационной системы предприятия (фирмы). Рассмотрены принципы и предпосылки обеспечения информационной безопасности предприятия (фирмы); характеристики угроз и анализ уязвимостей системы; требования к системе защиты.Описывается подход к построению комплексной защиты интегрированной информационной системы предприятия (фирмы) с применением отечественных средств зашиты.Для специалистов, проектирующих информационные системы и средства их защиты, а также научных работников и студентов вузов.

  • Cyber War Will Not Take Place

    Сети и безопасность, Юриспруденция
    "Cyber war is coming," announced a land-mark RAND report in 1993. In 2005, the U.S. Air Force boasted it would now fly, fight, and win in cyberspace, the "fifth domain" of warfare. This book takes stock, twenty years on: is cyber war really coming? Has war indeed entered the fifth domain?Cyber War Will Not Take Place cuts through the hype and takes a fresh look at cyber security. Thomas Rid argues that the focus on war and winning distracts from the real challenge of cyberspace: non-violent confrontation that may rival or even replace violence in surprising ways.The threat consists of three different vectors: espionage, sabotage, and subversion. The author traces the most significant hacks and attacks, exploring the full spectrum of case studies from the shadowy world of computer espionage and weaponised code. With a mix of technical detail and rigorous political analysis, the book explores some key questions: What are cyber weapons? How have they changed the meaning of violence? How likely and how dangerous is crowd-sourced subversive activity? Why has there never been a lethal cyber attack against a country's critical infrastructure? How serious is the threat of "pure" cyber espionage, of exfiltrating data without infiltrating humans first? And who is most vulnerable: which countries, industries, individuals?

  • Особенности киберпреступлений в России. Инструменты нападения и защита информации

    Сети и безопасность, Юриспруденция
    Материал книги помогает разобраться в том, что обычно скрывается за терминами и шаблонными фразами «взлом электронной почты», «кибершпионаж» и «фишинг». Автор старался показать информационную безопасность как поле битвы с трех сторон: со стороны преступного сообщества, использующего информационные технологии, со стороны законодательства и правоохранительной системы и со стороны атакуемого.Книга включает практический взгляд на механизмы, используемые киберпреступниками, а также процесс формирования судебного производства и методов расследования таких преступлений.Приводимые методы атак подкрепляются примерами из реальной жизни. Углубленно разбираются механизмы получения незаконного доступа к учетным записям информационных ресурсов, в частности электронной почты. Акцентируется внимание на методе проведения фишинг-атак как наиболее эффективном на сегодняшний день инструменте получения паролей. Фишинг рассматривается как универсальный инструмент, находящий свое проявление в различных мошеннических и хакерских комбинациях, как с технической, так и с юридической стороны.Материал дает возможность пересмотреть и адекватно оценивать риски, эффективность используемых систем защиты, выстроить политику безопасности в соответствии с реальностью. Приводятся советы по предотвращению кибератак и алгоритм первоначальных действий, которые необходимо предпринимать при наступлении инцидента и которые направлены на фиксацию следов, эффективное расследование и взаимодействие с правоохранительными органами.

  • Коды аутентификации

    Сети и безопасность
    Излагаются основные понятия и разделы позволяющие получить представление о проблематике и методах теории кодов аутентификации. Монография содержит как классические результаты теории, так и результаты автора. Основные утверждения строго доказаны.Для научных работников, студентов, аспирантов, изучающихматематические методы защиты информации, преподавателей, а также для широкого круга специалистов.

  • ,

    A Guide to Kernel Exploitation: Attacking the Core

    Сети и безопасность
    "A Guide to Kernel Exploitation: Attacking the Core" discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. Covers a range of operating system families - UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks

  • Информационная безопасность систем организационного управления. Теоретические основы. В 2 томах. Том 2

    Бизнес литература, Компьютерная литература, Сети и безопасность
    В монографии рассмотрены следующие вопросы: информационная безопасность в системах организационного управления на законодательном и организационном уровнях, информационная безопасность и информационное управление, методы защиты информации от несанкционированного доступа, обеспечение достоверности и сохранности информации. Цель книги - обзор, классификация и анализ уже имеющихся в этих областях теоретических разработок, ознакомление специалистов с новыми методами и способами защиты информации на ее различных уровнях, рекомендации в области обеспечения информационной безопасности. Для научных работников и специалистов по информационной безопасности.