Investigation of side electromagnetic radiation generated during the operation of devices with sensory input of information

Objectives. In order to determine the "security" of a special purpose informatization object, it is necessary to calculate the indicators of side electromagnetic radiation generated during the operation of devices with sensor input of information associated with information leakage through technical channels. It is also necessary to develop a list of actions to neutralize potential threats (including the development of an information protection system to protect against this type of threat).Method. The study of side electromagnetic radiation generated during the operation of devices with sensory input of information is carried out using expert documentary and instrumental methods.Result. The results of the study of side electromagnetic radiation generated during the operation of devices with sensor input of information are given and aspects of improving special measures for the protection of information at a special purpose informatization object are determined.Conclusion. The direction of this study is very relevant and requires further development of organizational and technical measures to implement the requirements of regulatory legal documents for the protection of information.

Download Full-text

METHODOLOGY FOR ASSESSING THE SECURITY OF INFORMATION PASSED THROUGH THE TECHNICAL CHANNELS OF A SPECIAL-PURPOSE INFORMATISATION OBJECT

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-4-123-133 ◽

2020 ◽

Vol 46 (4) ◽

pp. 123-133

Author(s):

E. A. Rogozin ◽

D. G. Silka ◽

O. A. Gulyaev

Keyword(s):

Information Security ◽

Information Leakage ◽

Protection System ◽

Security Assessment ◽

Information Protection ◽

Acoustic Channel ◽

Regulatory Documents ◽

Instrumental Methods ◽

Further Development ◽

Technical Measures

Objectives. In order to determine the security of a special-purpose informatisation object, it is necessary to calculate the effectiveness indicators of information security (IS) measures aimed at preventing unauthorised access (UA) threats associated with information leakage through technical (acoustic) channels. In order to determine the actual channels of information leakage, it is necessary to develop a list of actions to neutralise potential threats, including the development of an information protection system for a special-purpose informatisation object.Method. A security assessment of the special-purpose informatisation object is carried out using expert documentary and instrumental methods.Results. The results of evaluating the indicators of protection against information leakage through the air (acoustic) channel are presented and aspects of improving special measures for protecting information at the special-purpose informatisation object are identified.Conclusion. Due to its relevance, the direction of this study requires further development of organisational and technical measures to implement the requirements of regulatory documents on the protection of information in special-purpose informatisation objects.

Download Full-text

METHOD OF SELECTING OPTIMAL LEVEL OF STAFF FORCING INSTITUTIONAL MEASURES FOR INCREASING INFORMATION SECURITY

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2018-2-101-109 ◽

2018 ◽

pp. 101-109

Author(s):

Kira Aleksandrovna Vrublevskaya ◽

Albert Iscandarovich Azhmukhamedov ◽

Nadezhda Valerievna Daviduk

Keyword(s):

Information Security ◽

Information Leakage ◽

Optimal Level ◽

Protection System ◽

Information Protection ◽

Protection Measures ◽

Management Measures ◽

The Social ◽

Study Results ◽

Staff Behavior

The article considers the problem of the effectiveness of information protection system from the human factor and, in particular, of the influence of management measures on the social subsystem on the overall level of information security. It has been stated that risk of classified information leakage occurs due to primary uncertainty of staff behavior and lack of the staff loyalty to the methods of management. It is claimed that the nature of dependency between the regulation of activities and the effectiveness of the work of personnel and compliance with information protection measures testify that the strengthening institutional measures beyond a certain "mark" leads to a decrease in performance and a decrease of information security. The problem solving is in searching and applying methods and mechanisms aimed at changing the state of a social subsystem in the needed direction for a decision taking person. There has been suggested the method that allows selecting optimal level of institutional measures of impact on personnel, exceeding which adversely affects to the effectiveness of the information protection system. It is based on a method of nonstrict ranging for certain activities that need reglamentation, and calculating average level of the staff loyalty to the introduced measures. The experimental study results and the computational example are given

Download Full-text

Electromagnetic radiation-based IC device identification and verification using deep learning

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-020-01808-z ◽

2020 ◽

Vol 2020 (1) ◽

Author(s):

Hong-xin Zhang ◽

Jia Liu ◽

Jun Xu ◽

Fan Zhang ◽

Xiao-tong Cui ◽

...

Keyword(s):

Radio Frequency ◽

Electromagnetic Radiation ◽

Integrated Circuit ◽

Information Leakage ◽

Physical Layer ◽

Descent Method ◽

Gradient Descent Method ◽

Absolute Level ◽

Device Identification ◽

Multifactor Authentication

Abstract The electromagnetic radiation of electronic equipment carries information and can cause information leakage, which poses a serious threat to the security system; especially the information leakage caused by encryption or other important equipment will have more serious consequences. In the past decade or so, the attack technology and means for the physical layer have developed rapidly. And system designers have no effective method for this situation to eliminate or defend against threats with an absolute level of security. In recent years, device identification has been developed and improved as a physical-level technology to improve the security of integrated circuit (IC)-based multifactor authentication systems. Device identification tasks (including device identification and verification) are accomplished by monitoring and exploiting the characteristics of the IC’s unintentional electromagnetic radiation, without requiring any modification and process to hardware devices, thereby providing versatility and adapting existing hardware devices. Device identification based on deep residual networks and radio frequency is a technology applicable to the physical layer, which can improve the security of integrated circuit (IC)-based multifactor authentication systems. Device identification tasks (identification and verification) are accomplished by passively monitoring and utilizing the inherent properties of IC unintended RF transmissions without requiring any modifications to the analysis equipment. After the device performs a series of operations, the device is classified and identified using a deep residual neural network. The gradient descent method is used to adjust the network parameters, the batch training method is used to speed up the parameter tuning speed, the parameter regularization is used to improve the generalization, and finally, the Softmax classifier is used for classification. In the end, 28 chips of 4 models can be accurately identified into 4 categories, then the individual chips in each category can be identified, and finally 28 chips can be accurately identified, and the verification accuracy reached 100%. Therefore, the identification of radio frequency equipment based on deep residual network is very suitable as a countermeasure for implementing the device cloning technology and is expected to be related to various security issues.

Download Full-text

SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

Vestnik of Don State Technical University ◽

10.23947/1992-5980-2018-18-3-333-338 ◽

2018 ◽

Vol 18 (3) ◽

pp. 333-338

Author(s):

E. A. Vitenburg ◽

A. A. Levtsova

Keyword(s):

Information System ◽

Information Security ◽

International Standards ◽

Protection System ◽

Enterprise Information System ◽

Enterprise Information ◽

Research Results ◽

Legal Documents ◽

The Russian Federation ◽

Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified. The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition of the components (subsystems).

Download Full-text

Discussion on Payment Application in Cross-border E-Commerce Platform from the Perspective of Blockchain

E3S Web of Conferences ◽

10.1051/e3sconf/202123503020 ◽

2021 ◽

Vol 235 ◽

pp. 03020

Author(s):

Qian Liao ◽

Mimi Shao

Keyword(s):

Information Leakage ◽

Consumer Information ◽

Third Party ◽

Cross Border ◽

Blockchain Technology ◽

Distributed Ledger ◽

Smart Contract ◽

Cash Payment ◽

Asymmetric Encryption ◽

Further Development

Features like the distributed ledger, consensus mechanism, asymmetric encryption technology, smart contract and Token of blockchain can lower transaction cost, enhance trust between customers and merchants, as well as eliminate false payment and consumer information leakage, problems which are common in current payment of cross-border E-Commerce platform. Based on the analysis of existing scholars, this paper studied two payment models: digital cash payment based on blockchain technology and the application of blockchain in third-party payment platform. Then the paper discussed the mechanism of blockchain in cross-border e-commerce payment platform, and creatively proposed a blockchain cross-border e-commerce payment platform, serving as reference and guidance for further development of blockchain technology in cross-border payment.1

Download Full-text

Research of the cyberbullying phenomenon and analysis of ways to counter its manifestations

Computer Science and Cybersecurity ◽

10.26565/2519-2310-2020-1-02 ◽

2020 ◽

Keyword(s):

Individual Characteristics ◽

Network Services ◽

Modern World ◽

Financial Position ◽

Internet Harassment ◽

Effective Technology ◽

Further Development ◽

Technical Measures ◽

User Protection ◽

Made In

The main characteristics of Internet harassment (cyberbullying) are investigated in the research. The main features of this phenomenon are considered. The analysis of existing types of cyberbullying and their individual characteristics is made. The examples of legislative acts of different countries is concluded that there is deficiency of relevant rules of low. It is emphasized that anyone can become a victim of in the modern world. At the same time a risk of becoming a victim of cyberbullying does not depend on any factors (for example financial position of victim, his or her age, sex, social position etc.). It is noted that communications that are made in cyberspace provide an opportunity for users to choose information they want to make public carefully and in advance. In most cases it contributes to help people show theirs strengths (for example, when communicating in chats). In results there is often false sympathy between network interlocutors and they trust each other. So the idealization of the partner happens and any his or her information is perceived more sensitive than during direct communication. This effect is successfully used during cyberbullying, when first one person inspires the trust of another and then changes communication tactics, becoming faithless and aggressive. It is emphasized that the cyberbullying phenomenon is very underestimated and that`s why it is a serious problem. The brief overview of existing technologies and means of counteracting this phenomenon is made. The comparison of their effectiveness is made. The standards that modern and effective technology of cyberbullying resistance must meet are systematized. There are examples of successful realization of user protection in most popular social network. It is emphasized that for cyberbullying resistance nowadays in most cases the protection technologies of it is to localize undesirable content in terms of the existence of cyberbullying. Based on the results of this research it is confirmed that the cyberbullying will spread further. This is due to the constant increase in the number of users of new network services and online platforms for communication. For effective defense against cyberbullying it is required the introduction of organizational and technical measures. At the end it is proposed the general assessment of further development of cyberbullying and the ways to improve appropriate countermeasures.

Download Full-text