Illegal Information Research Articles

Sensitivity-based synchronisation protocol to prevent illegal information flow among objects

In information systems, a transaction may illegally read data stored in an object, which the transaction is not allowed to read. A transaction illegally writes data to an object after issuing illegal read. The write-abortion (WA), read-write-abortion (RWA) and flexible RWA (FRWA) protocols to prevent illegal information flow are proposed in our previous papers. In the WA and RWA, a transaction is aborted once issuing an illegal write and illegal read, respectively. In the WA, some reads are meaninglessly performed. In the RWA, some reads are lost. In the FRWA, a transaction is aborted with some probability once issuing illegal read. We newly introduce an object sensitivity concept to decide on the abortion probability. In the evaluation, the execution time of each transaction in the FRWA with object sensitivity is shorter than the WA and more number of reads can be performed than the RWA.

Quantum key distribution with prepare-and-measure Bell test

The prepare-and-measure quantum key distribution (QKD) has the merits of fast speed, high key generation rate, and easy implementation. However, the detector side channel attacks greatly undermine the security of the key bits. The eavesdropper, Eve, exploits the flaws of the detectors to obtain illegal information without violating quantum principles. It means that she can intervene in the communication without being detected. A prepare-and-measure Bell test protocol will be proposed. By randomly carrying out Bell test at the side of the information receiver, Bob, Eve’s illegal information gain within the detector side channel attack can be well bounded. This protocol does not require any improvement on the detectors used in available prepare-and-measure QKD. Though we only illustrate its application in the BB84 protocol, it is applicable for any prepare-and-measure QKD.

Comment on “Device-independent entanglement-based Bennett 1992 protocol”

Recently, Lucamarini et al. proposed the device-independent entanglement-based Bennett 1992 protocol [Phys. Rev. A 86, 032325 (2012)]. By exploiting the results in device-independent quantum key distribution with the Clauser-Horne-Shimony-Holt inequality, they claimed the security of their protocol. We will show, however, the way of encoding and the process for the latent eavesdropper to obtain the illegal information are different in these two protocols. Thus the security of their protocol cannot rely on Bell's theorem only.

Specification and static enforcement of scheduler-independent noninterference in a middleweight Java

We introduce a new timing covert channel that arises from the interplay between multithreading and object orientation. This example motivates us to explore the root of the problem and to devise a mechanism for preventing such errors. In doing so, we first add multithreading constructs to Middleweight Java, a subset of the Java programming language with a fairly rich set of features. A noninterference property is then presented which basically demands program executions be equivalent in the view of whom observing final public values in environments using the so-called high-independent schedulers. It is scheduler-independent in the sense that no matter which scheduler is employed, the executions of the program satisfying the property do not lead to illegal information flows in the form of explicit, implicit, or timing channels. We also give a provably sound type-based static mechanism to enforce the proposed property.

Effects of increased nurses' workload on quality documentation of patient information at selected Primary Health Care facilities in Vhembe District, Limpopo Province.

BackgroundRecording of information on multiple documents increases professional nurses’ responsibilities and workload during working hours. There are multiple registers and books at Primary Health Care (PHC) facilities in which a patient’s information is to be recorded for different services during a visit to a health professional. Antenatal patients coming for the first visit must be recorded in the following documents: tick register; Prevention of Mother-To-Child Transmission (PMTCT) register; consent form for HIV and AIDS testing; HIV Counselling and Testing (HCT) register (if tested positive for HIV and AIDS then this must be recorded in the Antiretroviral Therapy (ART) wellness register); ART file with an accompanying single file, completion of which is time-consuming; tuberculosis (TB) suspects register; blood specimen register; maternity case record book and Basic Antenatal Care (BANC) checklist. Nurses forget to record information in some documents which leads to the omission of important data. Omitting information might lead to mismanagement of patients. Some of the documents have incomplete and inaccurate information. As PHC facilities in Vhembe District render twenty four hour services through a call system, the same nurses are expected to resume duty at 07:00 the following morning. They are expected to work effectively and when tired a nurse may record illegible information which may cause problems when the document is retrieved by the next person for continuity of care.ObjectivesThe objective of this study was to investigate and describe the effects of increased nurses’ workload on quality documentation of patient information at PHC facilities in Vhembe District, Limpopo Province.MethodsThe study was conducted in Vhembe District, Limpopo Province, where the effects of increased nurses’ workload on quality documentation of information is currently experienced. The research design was explorative, descriptive and contextual in nature. The population consisted of all nurses who work at PHC facilities in Vhembe District. Purposive sampling was used to select nurses and three professional nurses were sampled from each PHC facility. An in-depth face-to-face interview was used to collect data using an interview guide.ResultsPHC facilities encountered several effects due to increased nurses’ workload where incomplete patient information is documented. Unavailability of patient information was observed, whilst some documented information was found to be illegible, inaccurate and incomplete.ConclusionDocumentation of information at PHC facilities is an evidence of effective communication amongst professional nurses. There should always be active follow-up and mentoring of the nurses’ documentation to ensure that information is accurately and fully documented in their respective facilities. Nurses find it difficult to cope with the increased workload associated with documenting patient information on the multiple records that are utilized at PHC facilities, leading to incomplete information. The number of nurses at facilities should be increased to reduce the increased workload.

A read-write abortion protocol to prevent illegal information flow in role-based access control systems

In information systems, a transaction may illegally read data stored in an object which the transaction is not allowed to read is stored in the object. A transaction illegally writes data to an object after issuing illegal read. A transaction suspiciously reads data in a suspicious object whose data is not allowed to flow to some object. A transaction impossibly writes data to an object after issuing suspicious read. In our previous studies, the write-abortion (WA) role-based synchronisation (RBS) and object-based synchronisation (OBS) protocols are proposed where a transaction illegally or impossibly writes data to objects is aborted. In this paper, we newly propose a pair of read-write-abortion (RWA) RBS and OBS protocols where a transaction is aborted only if the transaction issues an illegal read or impossible write to an object. In the evaluation, the execution time of each transaction in RWA protocols is shorter than the WA protocols.

Securing cyberspace

Cyberspace, the ubiquitous space that exists in relation to the Internet, is usually referred to as a dynamic broad domain ranging from Internet and its infrastructures to social networks. More research work in security has been extended from securing computers to securing Cyberspace, which includes the physical-level security, the network-level security, and the application-level security and addresses improvements in Cyberspace management. As a result, recent years have witnessed increasing research attention on securing Cyberspace, and many interesting methods have been proposed to locate suspicious IP, detect gossip content, prevent illegal information publication and distribution, manage social software and applications, and profile user behavior and opinion. This trend has provided the motivation to launch this special issue. Based on an open call in this area and invited best papers from The Fifth International Conference on Applications and Techniques for Information Security (ATIS 2014) and The first International Workshop on Curbing Cyber-Crimes (C3 2014), five submissions have been accepted to best illustrate the main development and perspectives. The papers in this issue report a variety of methods used to tackle the security issues in cyberspace. They aim at improving security in applications ranging from RFID systems, location based service, discovery of software vulnerability to private medical records, and outsourcing in Multi-Cloud. The problems discussed in these papers are also related to disciplines including data mining, network security, digital forensics, and behavioral and psychological sciences. Here, we provide an integrative perspective of this special issue by summarizing each contribution contained therein. In 1, to address security and privacy issue in RFID systems, a new off-line reading order-independent grouping-proof protocol is proposed to generate a proof that a group of tags have been scanned simultaneously in the range of a reader. The proposed protocol defines an ideal grouping-proof functionality aiming at capturing the secure grouping-proof generation for a group of RFID tags in the UC framework. The new protocol maintains its security properties when composed concurrently with an unbounded number of instances of arbitrary protocol. In addition, the protocol conforms to the computational constraints of EPC Class-Gen-2 passive RFID tags. It is suitable for low-cost passive RFID tags, which are widely used in practical applications. In 2, the authors proposed an algorithm to address the problem of preserving privacy for individual users in location-aware applications. They define a novel distance measurement that combines the semantic and Euclidean distance to address the privacy-preserving issue. They conduct performance experiments on the proposed algorithm and distance metric, and results suggest that they can successfully retain the utility of the location services. In 3, to discover software vulnerability, an effective and efficient mechanism is proposed. The method also helps programmers to write secure code to avoid the existence of vulnerability at the early stage of software development. The proposed mechanism uses code clone verification to discover vulnerability in software programs and reduces the false positive of detection by combining the advantages of static and dynamic analysis. In addition, it also mitigates the path explosion problem in the testing process when verifying the existence of vulnerability. As a result, the proposed approach effectively improves the security of software systems, applications, and utilities in various areas of Cyberspace. In particular, it helps to create a reliable environment for the communications of all the social media participants. In 4, the authors analyze the security of Fair Remote Retrieval (FRR) model that is used to ensure the integrity of remote medical records. They show that FRR model fails to achieve its security goals, therefore present an improved protocol, called IFR2̂, to fix the security minor faults while preserving all the properties of FRR. The paper analyzes the correctness and security of IFR2̂ and experimentally verifies the efficiency in terms of computational and communication cost of the model. In 5, the authors propose an identity based storage management and integrity verification protocol for secure outsourcing in Multi-Cloud. The paper aims to fill the gap on guaranteeing fair results on two-party storage checking protocols without third party audit in multi-cloud computing. Specifically, the authors prove the security and efficiency of their protocol by theoretical analysis and simulation experiments without using any trusted organizer. Furthermore, the protocol enjoys many security attributes including prevention of various attacks, user anonymity, and local password verification. Preparation of this issue would have been impossible without the hard work of anonymous reviewers and the authors. Special thanks go to Prof. Geoffrey Fox, editor-in-chief of the journal, for his great support.

Design of USIM-based secure user authentication scheme in a mobile office environment

In order to spread the scale of the mobile device market rapidly, mobile office applications have been introduced that can be process office work anytime, anywhere. However, the mobile office is vulnerable to several security threats that can occur over wireless networks, which can result in illegal enterprise information access and disclosure because of the openness and portability of the mobile device. Therefore, the mobile office environment must prevent unauthorized service and resource access, and a user authentication scheme is needed to mitigate the potential security vulnerabilities. In this paper, we propose a USIM-based secure user authentication scheme for a mobile office environment. The proposed scheme uses the USIM to securely share secret information for authentication between the mobile user and the server, and the mobile device can perform re-authentication to the server through the re-authentication phase in the event of handover. Moreover, the proposed authentication scheme is specified using Casper and is verified the security using the CasperFDR and FDR tool.

A write abortion-based protocol in role-based access control systems

In information systems, data in an object may illegally flow into another object if transactions manipulate the objects. In our previous studies, the read-abortion-based role-based synchronisation (RA-RBS) and object-based synchronisation (RA-OBS) protocols are discussed to prevent illegal information flow in the role-based access control (RBAC) model. Illegal read operations mean read operations which might imply illegal information flow. Here, transactions which issue illegal read operations are aborted. In this paper, we consider a unique object whose data is not allowed to flow to another object. An illegal write is defined to be a write operation which a transaction issues after reading a unique object or illegally reading an object. Each transaction reads objects but is aborted if the transaction illegally writes an object. Two types of write-abortion (WA)-based synchronisation protocols WA-RBS and WA-OBS are discussed based on abortions of transactions issuing illegal write operations. In the evaluation, the number of transactions aborted can be more reduced in the WA protocols than the RA protocols.

Read-abortion (RA) based synchronization protocols to prevent illegal information flow

In information systems, data in an object may illegally flow into another object through manipulations of the objects. First, we define a legal information flow relation ri⇒rj among roles ri and rj. It means, if a subject granted the role ri manipulates objects before another subject granted the role rj, no illegal information flow occur. We discuss safe systems where no illegal information flow occur even if operations from different subjects are performed in any order. Then, we discuss a read-abortion role-based synchronization (RA-RBS) protocol and a read-abortion object-based synchronization (RA-OBS) protocol to prevent illegal information flow in unsafe systems. Here, a transaction is aborted if the transaction reads an object and illegal information flow might occur. We evaluate the RA-RBS and RA-OBS protocols in terms of number of transactions aborted.

Web Information Filtering Technology Based on Mutual Information

The popularity of Internet application makes web page illegal information filtering an important work. Based on mutual information model study of illegal information filtering in web page, this article first elaborated the theoretical basis of mutual information filtering algorithm, then designed a mutual information filtering algorithm based on improved formula, and designed and implemented illegal web page filtering system by using the algorithm and related technology and did a series of experiments, which effectively reduced the impact of negative factors on healthy development of network culture industry, and it is advantageous to the purification of social morality and social stability.

Freight Vehicles Regulatory Assistance System Based on Internet of Things

In order to guarantee the safety of the highway transportation and the durability of road use, reducing vehicle overloading transfinite damage to roads and dangerous driving influence on transportation security, curb corruption in traffic law enforcement, our team is based on vehicle networking technology, the video monitoring technology, RFID radio frequency technology, geographic information platform, information fusion technology, 3G network, the organic combination of GPS positioning technology, developed a freight vehicle supervision assistant system. System can not only achieve dynamic measuring weight, illegal vehicle information acquisition and processing, and also can realize illegal vehicle directional interception, dangerous driving warning and drivers complaint report law enforcement behavior, to reduce overload the accident happened at the same time, also reduce the waste of traffic administration human and financial resources, realize the driver and two-way supervision and law enforcement personnel, make the law enforcement process more fair, just and open, thus further improving the overall quality of traffic law enforcement.

GNS-Based Simulation and Analysis of OSPFv2 Neighbor Authentication

Routing information release is a kind of promise from the router for network reachability. Illegal routing information may have disastrous effects on the normal work of the network. Open Shortest Path First (OSPF) protocol provides authentication methods to protect the authenticity and integrity of the routing traffic. This paper describes two authentication types of OSPFv2, analyzes the realization mechanism and packet header format of each authentication respectively. Based on GNS3, a typical network topology was designed, and with the aid of it functional verification and security analysis are carried out. The simulation can provide a reference for building an OSPF network. Experimental results show that the configuration of OSPFv2 routing authentication can effectively prevent the router from receiving unauthorized or malicious routing updates, thereby improving network safety.

Legal limits of search and seizure for digital forensic in Korea

Policy actions against various cyberspace crimes should respond both systematically and specifically to the nature of each crime and its accompanying evidence. Voice phishing as an emerging internet fraud practice has already victimized many unsuspecting consumers and hit the headlines frequently; cyber prostitution, pornography, illegal duplication of software, and online gambling have also become routine problems. Anonymity and facelessness in cyberspace distort one’s sense of guilt and allow for rapid collection, modification, and distribution of illegal and harmful information that disrupts social order and public safety. The purpose of this research is to examine the concept and type of cyber crime and to trace its trend in the Republic of Korea in the recent years. Due to its informational, national, global, and networking properties, cyber crime often puts serious restraints on conventional criminal justice procedures that cannot compromise such legal issues as individual safety and protection of privacy. If made accessible, information stored in private computers has potential to serve as decisive evidence in many criminal litigations. The Korean criminal procedure law promulgated on July 18, 2011 and enforced since January 1, 2012 contains an express provision permitting the search and seizure of digital evidence. But this partial code does not explicitly define the admissibility of digital evidence and acceptable methods of examining it. Hence, it is one of the goals of this research to identify problems pertaining to this law and suggest ways to improve it.

Encryption and incrimination: The evolving status of encrypted drives

AbstractEDITOR'S SUMMARYIndividuals use encryption to safeguard many valid and legal applications but also to hide illegal activity. Several legal cases have drawn the limits of self‐incrimination under the Fifth Amendment regarding providing passwords to access illegal information content, such as child pornography. The cases illustrate that certain knowledge of evidence amounts to a compelling need for access and that a subpoena for hard drive contents is more likely to succeed than requiring a witness to provide a password. Since known documents are not legally protected and biometric data can be compelled as evidence, there is no reason that known digital documents, biometric passwords, and by extension, alphanumeric passwords should not be compelled. Considering precedent and legal doctrine, individuals should resist giving law enforcement any passwords and be wary of sharing them. The question of encryption in criminal cases is under scrutiny and warrants citizens' concern.

Design of Notification System Illegal Parking Vehicles on Campus

The increase in the number of private cars as well as non-standard parked behavior has brought great pressure to campus traffic. In order to control this non-standard parked behavior, orderly and reasonable guide and regulate owners to develop good parking habits, we design a vehicle parking violation notification system. A system is designed in the article to record illegal parking information of vehicles. A working principle of this system is that a wireless MMS image terminal captures image information of illegal vehicles, and real-time transmits the captured image information to the Data Center Computer in Security Department of the school through the GPRS network, so as to achieve illegal vehicle information is timely recorded and notified. Meanwhile, outside campus of illegal vehicles will be warned or limited its re-enter the campus. After a year of work and testing, the entire system is stable, and the image information transmission failure rate is very low. Illegal parking behavior on campus has been significantly curbed, and traffic order has been significantly improved.

A Survey on Video Content Identification Tool

Now-a-days, the search engines available are text-based search engines. Thus using text-based search engines one can efficiently search for the desired video. Many times it happens like video name that has fired as a query, contains irrelevant data. Even recently it is found that some illegal information is communicated via video by embedding it into a longer video. And also it is found that broadcast channels and IPTV services many times use same digital videos. An efficient method of consuming, storing and retrieving such vast amounts of videos is essential. This has led to the emergence of video copy detection as an active area of research. In this survey, a study of different MPEG standard, challenges in video copy detection, brief idea about video fingerprint and its application are discussed.

RFID Authentication and Communication Protocol Based on the Dynamic Active Tag ID and Key

The reliability of Radio Frequency Identification (RFID) mechanism is disturbed by illegal tracking and information intercepted.The paper proposed a new active RFID authentication protocol based on the dynamic tag ID and encryption key,which transforms the tag ID using chaotic transformation during authentication and communication between the reader and tags,and realizes mutual authentication of the reader and tags.Through the analysis of security, the protocol not only can ensure the integrity, fresh and confidentiality of data, but also can effectively prevent illegal tracking labels and replay attack.

USIM을 활용한 스마트워크 사용자 및 디바이스 인증 기술 연구

스마트 디바이스의 보급률 증가로 인해 시간과 공간의 제약이 많은 업무 환경을 효율적으로 활용할 수 있는 스마트워크 모바일 이동근무 환경이 발달하게 되었다. 하지만 업무의 효율성을 높여주는 스마트워크 환경에서도 미인증 디바이스에 의한 정보탈취 등 다양한 보안위협이 존재한다. 특히, 다수의 사용자가 접근하는 스마트워크 환경의 특성상 정당한 사용자에 대한 인증과 디바이스 인증에 대한 문제가 크게 대두되고 있는 실정이다. 하지만 이와 같은 스마트워크 환경에 대한 연구가 초기 단계에 머물러 있으며, 그 중에서도 적합한 사용자 인증 기법과 디바이스 인증에 대한 연구가 부족한 실정이다. 따라서 본 논문에서는 스마트워크 환경에서 USIM을 활용한 사용자 및 디바이스 인증 기술에 대해 제안한다. As the distribution rate of smart device increases, users of smartwork are increasingly able to work without constraints imposed by time and space. However, there are many security threats in smartwork environment. Security threats is illegal information for an unauthenticated device. Especially, smartwork environment is approach to users. Therefore, there are other matters concerning justifiable user and device authentication. However, the studies of smartwork are still in early stage of development, and the studies of user and device authentication also not enough to apply smartwork environment. In this paper, we proposed USIM based user and device authentication scheme in the smartwork environment.

Endangering Friendship between Competitors: The Rules of Information Exchange

The 6th issue of ACTECON Papers deals with rules of information exchange which becomes popular after Turkish Competition Board (TCB) fined automotive companies in 2011. In this issue, the question that every company faces in the business life is answered in comprehensible terms: What is ok and what is not regarding the new understanding of the information exchange?In competition literature, the information exchange between rivals can create both competitive and anti-competitive results regarding the nature of the information. While some information exchanges lead to companies to compete more effectively, the other types may serve as a tool for competitors to behave jointly. In the recent decisions of TCB, it is understood that the renowned issue of information exchanges have been expanded to an unanticipated level, which affected the way companies doing business. The sanction of this decision was also by far the largest fine ever imposed by the TCB. TCB wants the companies to behave independently in the market, thus it is very important to distinguish illegal information exchange dissolve the uncertainty in the market from the legal one. In this article written by Belit Polat, the concept of information exchange is discussed and abstracted with some clear rules for an easy understanding. Please find the 6th issue of ACTECON Papers titled 'Endangering Friendship Between Competitors: The Rules of Information Exchange' attached to this letter.