Security Triad Research Articles

Safety as a synthetic scientific category

This paper the main concepts (schools) of security presented in the literature were analyzed, and it is shown that within their framework a different understanding of the term “security” was formed. It is noted that the monoreference model of B. Buzen and the binary security system of the state and society of O. Waver are being replaced by an understanding of the triad of security organized from the state to the person through society. Thus, the rethought concept of security takes into account not only States and their respective relationships, but also the relationship between the individual, society and the State and their overlapping perceptions of threats, which have become diverse and multidirectional. The combination of these approaches enriches our understanding of security, leads to the conclusion that security is now a complex (synthetic) scientific category, which is the theoretical and methodological basis for cognition and identification of a number of generic concepts: “national”, “public”, “environmental” and other security. According to the position of the authors, it is necessary to conceptualize the concept of “security” and consider it as a system of rational management of fears and threats (through various measures specifically defined in regulatory legal acts for each sector and reference object, consistently implemented by state and non-state actors.

Identifying Commonalities of Cyberattacks Against the Maritime Transportation System

The purpose of this study is to identify commonalities in cyberattacks against the civilian maritime transportation system (MTS). For this exploratory study, the researcher analysed documents to identify trends about the cyberattacks impacting and responsible adversaries targeting maritime operations. The MTS can use identified trends to make informed decisions about information technology (IT) and operational technology (OT) requiring new or enhanced cybersecurity measures. Current research examining publicly disclosed cyberattacks impacting MTS companies identifies the trend of increasing cyberattacks against the MTS. However, current research fails to examine adversaries and their social-political needs thoroughly. Knowledge of the adversary based on the Diamond Model of Intrusion Analysis can be augmented by identifying which MTS assets (e.g., shipbuilding, ports) and which aspect of the information security triad—Confidentiality, Integrity, or Availability (CIA)—the adversary targeted. At the conclusion of this limited, exploratory document analysis, the researcher determined the most compromised aspect of the information security triad was Availability and then Confidentiality; there were no identified Integrity compromises. The most targeted MTS assets was shipping companies, followed by ports, administration, shipbuilding, and vessels. Concerning the adversary customer behind MTS cyberattacks, China was first, followed by unknown cyber adversaries, then Russia, Iran, and Israel. Last, in terms of adversary’s social-political needs, data exfiltration occurred the most, followed by ransomware, political agenda, and unknown needs.

Secure Virtual Machine Image Storage Process into a Trusted Zone-based Cloud Storage

The emerging trend of Cloud Computing inducts virtualization as the quintessence concept to offer to end users a large scale Infrastructure-as-a-Service (IaaS) paradigm. Virtualization leverages virtual environment instantiated from user namely Virtual Machine Images (VMI) where user has the ability to provision and manage its own operating system. Therefore, user VMI dynamic data privacy depends upon the supplied security policy by Cloud Service Provider (CSP) and cloud storage architecture which remains the most prominent cloud delivered services. This paper covers thoroughly a secure storage process of user VMI in a cloud zone-based storage based on Proof-of-Retrievability (PoR). The proposed security architecture ensures the elementary security triad CIA (Confidentiality, Integritty and availability). VMI data confidentiality comprises generation of encryption key pair based on Goppa Code and McEliece cryptosystem, thus, integrity and stored VMI dynamic data correctness have been ensured using public auditing privacy-preserving in cloud zone-based storage. a know practical Error-Correcting-Codes (ECC) in heuristic researches

Probability of Data Leakage and Its Impacts on Confidentiality

A multi-channel communication architecture featuring distributed fragments of data is presented as a method for improving security available in a communication architecture. However, measuring security remains challenging. The Quality of Secure Service (QoSS) model defines a manner by which the probability of data leakage and the probability of data corruption may be used to estimate security properties for a given communication network. These two probabilities reflect two of the three aspects of the IT security triad, specifically confidentiality and integrity. The probability of data leakage is directly related to the probability of confidentiality and may be estimated based on the probabilities of data interception, decryption, and decoding. The number of listeners who have access to the communication channels influences these probabilities, and unique to the QoSS model, the ability to fragment and distribute data messages across multiple channels between sender and receiver. To simulate the behaviors of various communication architectures and the possibility of malicious interference, the probability of data leakage and its constituent metrics require a thorough analysis. Even if a listener is aware that multiple channels exist, each intermediate node (if any) simply appears to have one input and one output. There may be one or more listeners, and they may or may not be working cooperatively. Even if the listener(s) gains access to more than one channel, there is still the challenge of decrypting, decoding, or reassembling the fragmented data. The analysis presented herein will explore the probability of confidentiality from both the authorized user’s and the adversary’s perspective.

ARES: Persistently Secure Non-Volatile Memory with Processor-transparent and Hardware-friendly Integrity Verification and Metadata Recovery

Emerging byte-addressable Non-Volatile Memory (NVM) technology, although promising superior memory density and ultra-low energy consumption, poses unique challenges to achieving persistent data privacy and computing security, both of which are critically important to the embedded and IoT applications. Specifically, to successfully restore NVMs to their working states after unexpected system crashes or power failure, maintaining and recovering all the necessary security-related metadata can severely increase memory traffic, degrade runtime performance, exacerbate write endurance problem, and demand costly hardware changes to off-the-shelf processors. In this article, we designed and implemented ARES, a new FPGA-assisted processor-transparent security mechanism that aims at efficiently and effectively achieving all three aspects of a security triad—confidentiality, integrity, and recoverability—in modern embedded computing. Given the growing prominence of CPU-FPGA heterogeneous computing architectures, ARES leverages FPGA’s hardware reconfigurability to offload performance-critical and security-related functions to the programmable hardware without microprocessors’ involvement. In particular, recognizing that the traditional Merkle tree caching scheme cannot fully exploit FPGA’s parallelism due to its sequential and recursive function calls, we (1) proposed a Merkle tree cache architecture that partitions a unified cache into multiple levels with parallel accesses and (2) further designed a novel Merkle tree scheme that flattened and reorganized the computation in the traditional Merkle tree verification and update processes to fully exploit the parallel cache ports and to fully pipeline time-consuming hashing operations. Beyond that, to accelerate the metadata recovery process, multiple parallel recovery units are instantiated to recover counter metadata and multiple Merkle sub-trees. Our hardware prototype of the ARES system on a Xilinx U200 platform shows that ARES achieved up to 1.4× lower latency and 2.6× higher throughput against the baseline implementation, while metadata recovery time was shortened by 1.8 times. When integrated with an embedded processor, neither hardware changes nor software changes are required. We also developed a theoretical framework to analytically model and explain experimental results.

IoT-based Application of Information Security Triad

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices.

Enhancing the Security and Performance of Cloud for E-Governance Infrastructure

E-Governance is getting momentous in India. Over the years, e-Governance has played a major part in every sphere of the economy. In this paper, we have proposed E-MODI (E-governance model for open distributed infrastructure) a centralized e-Governance system for government of India, the implementation of this system is technically based on open distributed infrastructure which comprises of various government bodies in one single centralized unit. Our proposed model identifies three different patterns of cloud computing which are DGC, SGC and CGC. In addition, readiness assessment of the services needs to migrate into cloud. In this paper, we propose energy efficient VM allocation algorithm to achieve higher energy efficiency in large scale cloud data centers when system on optimum mode. Our objectives have been explained in details and experiments were designed to demonstrate the robustness of the multi-layered security which is an integration of High secure lightweight block cipher CSL along with Ultra powerful BLAKE3 hashing function in order to maintain information security triad.

Blockchain as supply chain technology: considering transparency and security

PurposeThis paper discusses how the features of blockchain technology impact supply chain transparency through the lens of the information security triad (confidentiality, integrity and availability). Ultimately, propositions are developed to encourage future research in supply chain applications of blockchain technology.Design/methodology/approachPropositions are developed based on a synthesis of the information security and supply chain transparency literature. Findings from text mining of Twitter data and a discussion of three major blockchain use cases support the development of the propositions.FindingsThe authors note that confidentiality limits supply chain transparency, which causes tension between transparency and security. Integrity and availability promote supply chain transparency. Blockchain features can preserve security and increase transparency at the same time, despite the tension between confidentiality and transparency.Research limitations/implicationsThe research was conducted at a time when most blockchain applications were still in pilot stages. The propositions developed should therefore be revisited as blockchain applications become more widely adopted and mature.Originality/valueThis study is among the first to examine the way blockchain technology eases the tension between supply chain transparency and security. Unlike other studies that have suggested only positive impacts of blockchain technology on transparency, this study demonstrates that blockchain features can influence transparency both positively and negatively.

Framework for concealing medical data in images using modified Hill cipher, multi-bit EF and ECDSA

Digitisation spread to the core area of the medical field and one of the results is telemedicine. Telemedicine provides the transfer of medical information of patients such as medical results, reports and images which closely deals with privacy. The real essence of telemedicine application relies on the secure storage and transfer of medical data over unsecured platform or network where the patient is remotely located from the service provider. The proposed work focused on combining security aspects into a single framework providing the CIA triad of security, i.e., confidentiality, integrity and authentication to achieve the above criteria, we use modified Hill cipher and multi-bit encoding function (EF) for confidentiality, ROI-based hashing for integrity and elliptic curve digital signature algorithm (ECDSA) for authentication. The experimental results prove the framework have a better embedding capacity with a comparatively higher PSNR value.

Industrial Control System Availability Assessment with a Metric Based on Delay and Dependency

Abstract Analyzing safety and security of modern integrated enterprises, one can realize that for industrial control systems, availability is much more critical than other properties composing the classic security triad. However, it is not availability but confidentiality and integrity that are usually more concerned and adequately described in security policies. Furthermore, for assessing and maintaining system security, a number of formal models are utilized, but none of them corresponds directly to availability. The article considers the property of availability of industrial control systems, suggests adopting the IEC 62443 availability interpretation, and reveals a delay of the signal transmission to be a useful measure of the quantitative availability assessment. Investigating the software level of industrial control systems, the article presents a scheme of domains affecting availability and advocates utilizing a system dependency for making availability assessment more accurate and universal. As a result of the research, the article proposes a metric based on delay and dependency, which is helpful for the safety and risk engineering at both the design and operational stages.

Security Evaluation of Pailiar Homormophic Encryption Scheme

In modern days of information security, much attention is drifted towards achieving the major security triad of privacy, authentication and availability. Pailiar homormophic encryption is one of the most widely area of pubic key encryption schemes researchers are exploring to enhance information security. In this paper, we presented an overview of the Pailiar cryptosystem. We further evaluated the security vulnerabilities in the cryptosystem. This was achieved through mathematical theorems and inductions. This is to present some open issues for further research to propose and implement a more robust security system based on the Pailiar homormophic encryption scheme.

Using the security triad to assess blockchain technology in public sector applications

This conceptual paper explores the impact of blockchain technology on public sector processes through the lens of information security. It includes an overview of the evolution of e-government, a synopsis of existing applications of blockchain technology, and innovative blockchain developments. We utilize the Confidentiality-Integrity-Accessibility (CIA) triad to guide our discussion of the security, governance, and regulatory implications of this technology. Leveraging the CIA triad model, we provide context for public managers who may consider blockchain technologies, and we highlight certain advantages arising from the “non-reputability” of distributed ledgers.In particular, we highlight the advantages of blockchain technologies with regards to non-reputability to help public managers understand how to best leverage blockchain technology to transform operations.

Cryptographic Solutions for Cloud-Based Storage System

Nowadays cloud computing is a driving force which has a large impact on each aspect of our lives and widely used in today's business structure. With its capacity and capability, it is widely accepted by many organizations and users. Cloud computing provides numerous benefits to end users and companies in terms of cost, maintenance, management due to which many organizations prefer to use its services with open hands. With the increasing demand, day-by-day service providers also increased and the user has a choice to choose the best one based on their demand Cloud Storage is one such service that provides cost effective storage solution to the users. They provide unlimited storage to the users based on the requirement and charge according to that only. User can rely on them for the storage but apart from the numerous benefits security and privacy remains the biggest concern whenever a user moves to cloud services. Security triad comprises of authentication, Integrity, and availability remains the concern for every user while moving towards cloud-based services. Almost everyday industry and academician working on finding an effective and efficient way, which could provide secure migration of user data in the cloud. One of the solutions could be the use of cryptographic techniques to provide data security. Cryptography is accepted largely to ensure the privacy and security of data in cloud computing. In this paper, several cryptographic technique discussed which are expected to provide the solution to the user's problem when they tend to move towards cloud computing.

Cryptographic Solutions for Cloud-Based Storage System

Nowadays cloud computing is a driving force which has a large impact on each aspect of our lives and widely used in today's business structure. With its capacity and capability, it is widely accepted by many organizations and users. Cloud computing provides numerous benefits to end users and companies in terms of cost, maintenance, management due to which many organizations prefer to use its services with open hands. With the increasing demand, day-by-day service providers also increased and the user has a choice to choose the best one based on their demand Cloud Storage is one such service that provides cost effective storage solution to the users. They provide unlimited storage to the users based on the requirement and charge according to that only. User can rely on them for the storage but apart from the numerous benefits security and privacy remains the biggest concern whenever a user moves to cloud services. Security triad comprises of authentication, Integrity, and availability remains the concern for every user while moving towards cloud-based services. Almost everyday industry and academician working on finding an effective and efficient way, which could provide secure migration of user data in the cloud. One of the solutions could be the use of cryptographic techniques to provide data security. Cryptography is accepted largely to ensure the privacy and security of data in cloud computing. In this paper, several cryptographic technique discussed which are expected to provide the solution to the user's problem when they tend to move towards cloud computing.

Социально-экономическая безопасность в системе защищенности государства

Taking as a basis the scientific study of different concepts in the theory of security, it is necessary to assume that the inaccessibility of the threat in the absolute sense is impossible. In fact, there may not be a certain type of threat to a particular object in a specific period of time (if there is not yet or there is no longer a corresponding danger factor). It is necessary to take into account that interests are only a small part of a wide range of objects of state protection. This share differs subjectively and interacts with the implemented financial, economic and social policy, the productivity of which is largely dependent on the impact of individual groups of people and parties (based on socio–political preferences). In addition — it is quite a mobile category, which has the ability to change qualitatively. It is obvious that the danger is one of the many destructive moments of security, along with those of which have already been discussed, for example threat, challenge, risk, decline, crisis, cataclysm, destruction, deformation processes, etc. It is necessary to clarify that the danger in the context of the ‘security triad’ is always modified: in a short time, they have all chances to transform from the present into the probable and vice versa.

Annotation of Software Requirements Specification (SRS), Extractions of Nonfunctional Requirements, and Measurement of Their Tradeoff

Software requirement artifacts such as manuals request for proposals, and software requirements specification (SRS) are commonly focused on functional requirements. In most SRS files, nonfunctional requirements do not formally encoded or encoded as a whole, not for an individual design problem. Moreover, these nonfunctional requirements are intermingled with functional requirements. Therefore, these nonfunctional requirements need special attention to understand for successful project development. These nonfunctional requirements have an impact on each other and optimal tradeoff is required for balanced nonfunctional requirements set. NFRs have a negative and positive tradeoff with each other such as increase confidentiality, decrease the availability, and enhance authenticity. So, an optimum tradeoff among these design problem within a module is required to have better design decisions. Instead of considering all nonfunctional requirements, the NFRs that have mutual tradeoff is considered. In this paper, we devised a novel document annotation scheme for SRS and extracted nonfunctional requirements from these annotated artifacts. In the next step, we classified NFRs into two classes security triad and performance triad, and the cost is assumed constant for each NFR. From the design problem, the tradeoff ratio is calculated among NFRs associated with it. Then, the production possibility graph is plotted to estimate the optimum tradeoff ratio within the module. For estimation economic optimum from a set of NFR, iso-cost graphs by assuming the constant cost. Some hypothetical variations in cost are also examined using 3D iso-cost graph. The reason to measure these tradeoff is to make design decision more empirical and helpful for the selection of design patterns, especially secure design patterns.

CLASSIFICATION OF THREATS AND RISKS OF MODERN INFORMATION COMMUNICATION SYSTEMS

The paper deals with the problem of classification of current models of cyber threats to infocommunication systems according to various modern factors in combination with the classical methodology. In accordance with this task of determining the current model of cyber-threats of digital data processing is considered as adaptive correction of modern cyber-threats according to current DARPA R&D. While for IT developers, threat modeling is a complex process with a bunch of pitfalls, for Internet users it's a fairly straightforward set of rules that can greatly en-hance your individual security on the Internet. Practice shows that most of the protected area flows from technical data chan-nels. The signal is distributed in a particular physical environment, it can be acoustic or electromagnetic, its interception is by means of mortgage devices and other ways. Devices can intercept electromagnetic radiation data, acoustic and visual in-formation. This method of interception is protected by restricting access to the pro-tected object Many try to hide behind technology, ignoring people and procedures. Sufficient attention should be paid to the entire security triad: people, procedures, technology. Cyber hygiene has long been widely used in effectively operating companies around the world. Knowing your risks requires working with people, implementing technolo-gy, and managing policies and procedures. When investigating different types of cyber threats, the main and often overrid-ing component is the victim's communication channel and the attacker's or insider's management system with its curators. Often, this link is hidden. Therefore, exploring these communication channels is the most important step in the cyber-threat inves-tigation process as a whole.

On Localized Countermeasure Against Reactive Jamming Attacks in Smart Grid Wireless Mesh Networks

Reactive jamming attacks have been considered as one of the most lethal and disruptive threats to subvert or disrupt wireless networks since they attack the broadcast nature of transmission mediums by injecting interfering signals. Existing countermeasures for the Internet against reactive jamming attacks, i.e., channel surfing or frequency hopping, demands excessive computing resources, which are infeasible on the low cost resource constraint of the electrical devices in the Smart Grid wireless mesh networks. Even these are inadequate protect approaches to the control systems where the availability is the major security priority to achieve. To overcome the problems for normal lower computation power electrical devices in the Smart Grid wireless mesh networks with difference security triad from the Internet, we propose an efficient localized jamming-resistant countermeasure against the jamming attacks by the identification of trigger nodes whose wireless signal invokes the jammer in the grid. By constraining the trigger nodes to be receivers only, we can avoid the activation of the jammers and completely nullify the reactive jamming attack. The triggers identification approach utilizes a hexagon tiling coloring and sequential Group Testing (GT), which does not demand any sophisticated hardware. Theoretical analyses and simulation results endorse the suitability of our localized algorithm in terms of message and time complexity.

TCpC: a graphical password scheme ensuring authentication for IoT resources

In last few years, information world has come across one of the most appealing paradigms, namely Internet-of-Things (IoT). Both the industry as well as the academia is fascinated by the open issues and research challenges of Internet-of-Things. The enormity in the development, expansion, and advantages of the paradigm is unbelievable, and this results in the transition of the information world to this paradigm. At the same time, it raises the security concerns along with many other open issues towards the paradigm. This paper specifically focuses on the confidentiality component out of the three components of security triad, namely confidentiality, integrity and availability. Although researchers have high interest towards all the three components, but the questions posed by many researchers, academicians and end users raise major issues over ‘confidentiality’. Confidentiality is all about guaranteeing the authentic access to a piece of information or a service or even a resource, to a particular individual or computing device. The resource in question may be one of the resources of an IoT system. This can be achieved by deploying some authentication techniques. Here we discuss various types of authentication techniques, purposely putting our emphasis on one of the well-known authentication technique, viz. passwords. This work reviews the existing techniques, their drawbacks and claimed advantages of the upcoming password techniques. It also surveys some of the supportive methods for the naive users of password techniques. This paper aims at classifying, comparing and encapsulating the problems, demanded solutions and suggestions from relevant published technical and review articles in the field of authentication. This paper particularly highlights graphical password schemes. This proposes a naive graphical password scheme to assure the authentic access of IoT resources, namely TCpC. At the end we have mentioned the advantages of TCpC over other authentication schemes. We have also compared and analyzed the different proposed password schemes with our technique.

IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider

Cloud computing (CC) has the potential to provide significant benefits to healthcare organizations; however, its susceptibility to security and privacy apprehensions needs to be addressed before its adoption. It is important to evaluate the risks that arise from CC prior to its adoption in healthcare projects. Failure to evaluate security and privacy concerns could result in regulatory penalties, reputation loss, financial issues, and public loss of confidence in the healthcare provider. This paper uses Alberta’s Privacy Impact Assessment (PIA) requirement and COBIT 5 for Risk as guidance to highlight CC risk assessment areas and presents an IT governance and risk mitigation approach useful for CC adoption in the healthcare industry. In compliance with Alberta’s Health Information Act (HIA), the risk assessment areas are analyzed based on the security triad with emphasis on the confidentiality principle where privacy is the main focus. The proposed approach presented in this paper can be utilized by healthcare providers to mitigate and continuously evaluate CC risks from an IT governance perspective. Although the case study uses Canadian regulations, similar considerations can be taken into account in other jurisdictions.