scholarly journals USING A CRYPTO-STEGANOGRAPHIC APPROACH TO SOLVE INFORMATION SECURITY PROBLEMS

2020 ◽  
Vol 20 ◽  
pp. 12-16
Author(s):  
N. Kukharska ◽  
Yu. Kordunova ◽  
I. Khomych
Keyword(s):  
Information Security ◽  
Text Message ◽  
Sensitive Information ◽  
Open Communication ◽  
New Methods ◽  
File Structure ◽  
Rgb Images ◽  
Digital Objects ◽  
Audio Files ◽  
Rc4 Stream Cipher

The paper substantiates the feasibility of integrating as one software solution cryptographic and steganographic ap-proaches to information security and developed two cryptoseganosystems to protect sensitive information and their trans-mission through open communication channels. The principle of implementation of RC4 stream cipher and block AES is described; the essence of the steganographic LSB method, the application of which involves the concealment of information in digital objects, socalled containers. In this paper, the RGB images and WAVE audio files are used as steganocontainers. In the case of a container image, the steganographic protection of the cryptographically enclosed RC4 information algorithm is accomplished by embedding it in the least significant bits of pseudo-randomly selected pixels. The choice of an RGB bitmap is because this type of image consists of a set of pixels of red, green and blue components, which in turn creates enough redundancy and the ability to embed large amounts of information. The embedding of an AES encrypted text message into an audio file is done by block hiding. The simplicity of the WAVE file structure makes it easy to implement any steganographic methods of hiding data without much effort. Software complexes have been developed based on crypto-steganographic systems. The conclusions about the prospects of the crypto-steganographic approach and the feasibility of further research in this direction have been made. The integration of cryptography and steganography makes it possible to get rid of the vulnerabilities of the known methods of information protection and to develop new methods of solving information security problems from the standpoint of computational complexity and resistance to hacking.

STEGANOGRAPHIC METHODS FOR EMBEDDING INFORMATION IN DIGITAL OBJECTS TO PROVIDE INFORMATION SECURITY IN THE CONCEPT OF "INTERNET OF THINGS"

2019 ◽  
pp. 110-116
Author(s):  
Hristo Terziev
Keyword(s):  
Information Security ◽  
Internet Of Things ◽  
Information And Communication Technologies ◽  
Communication Technologies ◽  
Virtual Space ◽  
Least Significant Bit ◽  
Computer Environment ◽  
Information And Communication ◽  
Digital Objects ◽  
Effective Service

Internet of Things is a new world for connecting object space in the real world with virtual space in a computer environment. To build IoT as an effective service platform, end users need to trust the system. With the growing quantity of information and communication technologies, the need to ensure information security and improve data security is increasing. One of the potential solutions for this are steganographic methods. Steganography based on the least significant bit (LSB) is a popular and widely used method in the spatial domain.

scholarly journals Data Mining Usage in Corporate Information Security: Intrusion Detection Applications

2017 ◽  
Vol 8 (1) ◽  
pp. 51-59 ◽  
Author(s):  
Masoud Al Quhtani
Keyword(s):  
Data Mining ◽  
Information Security ◽  
Intrusion Detection ◽  
Mining System ◽  
Systematic Analysis ◽  
New Methods ◽  
Use Of Data ◽  
Efficient Data ◽  
Abuse Risk ◽  
Corporate Information

AbstractBackground: The globalization era has brought with it the development of high technology, and therefore new methods of preserving and storing data. New data storing techniques ensure data are stored for longer periods of time, more efficiently and with a higher quality, but also with a higher data abuse risk. Objective: The goal of the paper is to provide a review of the data mining applications for the purpose of corporate information security, and intrusion detection in particular. Methods/approach: The review was conducted using the systematic analysis of the previously published papers on the usage of data mining in the field of corporate information security. Results: This paper demonstrates that the use of data mining applications is extremely useful and has a great importance for establishing corporate information security. Data mining applications are directly related to issues of intrusion detection and privacy protection. Conclusions: The most important fact that can be specified based on this study is that corporations can establish a sustainable and efficient data mining system that will ensure privacy and successful protection against unwanted intrusions.

scholarly journals The Challenges of Effectively Anonymizing Network Data

2013 ◽  
pp. 15-22
Author(s):  
Ch. Himabindu
Keyword(s):  
Network Security ◽  
Information Security ◽  
Data Collection ◽  
Network Data ◽  
Sensitive Information ◽  
Security Testing ◽  
The Past ◽  
Technical Leadership ◽  
Security Research ◽  
Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

scholarly journals An Approach for Risk Estimation in Information Security Using Text Mining and Jaccard Method

2018 ◽  
Vol 7 (3) ◽  
pp. 393-399
Author(s):  
Prajna Deshanta Ibnugraha ◽  
Lukito Edi Nugroho ◽  
Paulus Insap Santosa
Keyword(s):  
Text Mining ◽  
Information Security ◽  
Risk Estimation ◽  
Information Leakage ◽  
Information Value ◽  
Sensitive Information ◽  
Digital Information ◽  
Security Threat ◽  
Business Impact ◽  
Related Information

Involvement of digital information in almost of enterprise sectors makes information having value that must be protected from information leakage. In order to obtain proper method for protecting sensitive information, enterprise must perform risk analysis of threat. However, enterprises often get limitation in measuring risk related information security threat. Therefore, this paper has goal to give approach for estimating risk by using information value. Techniques for measuring information value in this paper are text mining and Jaccard method. Text mining is used to recognize information pattern based on three classes namely high business impact, medium business impact and low business impact. Furthermore, information is given weight by Jaccard method. The weight represents risk levelof information leakage in enterprise quantitatively. Result of comparative analysis with existing method show that proposed method results more detailed output in estimating risk of information security threat.

Practical Measures for Securing Government Networks

2008 ◽  
pp. 386-394
Author(s):  
Stephen K. Aikins
Keyword(s):  
Information Security ◽  
Denial Of Service ◽  
Cost Effective ◽  
Internet Security ◽  
The State ◽  
Sensitive Information ◽  
Dos Attacks ◽  
Security Vulnerabilities ◽  
Internal Resources ◽  
State And Local

The modern network and Internet security vulnerabilities expose state and local government networks to numerous threats such as denial of service (DoS) attacks, computer viruses, unauthorized access, confidentiality breaches, and so forth. For example, in June 2005, the state of Delaware saw a spike of 141,000 instances of “suspicious activity” due to a variant of the mytopb worm, which could have brought the state’s network to its knees had appropriate steps not been taken (Jarrett, 2005; National Association of State Chief Information Officers [NASCIO], 2006b). On an average day, the state of Michigan blocks 22,059 spam e-mails, 21,702 e-mail viruses, 4,239 Web defacements, and six remote computer takeover attempts. Delaware fends off nearly 3,000 attempts at entering the state’s network daily (NASCIO, 2006b). Governments have the obligation to manage their information security risks by securing mission- critical internal resources such as financial records and taxpayer sensitive information on their networks. Consequently, public-sector information security officers are faced with the challenge to contain damage from compromised systems, prevent internally and Internet-launched attacks, provide systems for logging and intrusion detection, and build frameworks for administrators to securely manage government networks (Oxlenhandler, 2003). This chapter discusses some of the cost-effective measures needed to address government agency information security vulnerabilities and related threats.

The Social Side of Security

2011 ◽  
pp. 140-150 ◽  
Author(s):  
Richard G. Taylor
Keyword(s):  
Social Issue ◽  
Information Systems ◽  
Information Security ◽  
New Technologies ◽  
Security Threats ◽  
Current Information ◽  
New Methods ◽  
The Social ◽  
Organizational Information ◽  
Social Side

The introduction of new technologies to accumulate large amounts of data has resulted in the need for new methods to secure organizational information. Current information security strategies tend to focus on a technology-based approach to securing information. However, this technology-based approach can leave an organization vulnerable to information security threats. Organizations must realize that information security is not necessarily a technology issue, but rather a social issue. Humans operate, maintain, and use information systems. Their actions, whether intentional or accidental, are the real threat to organizations. Information security strategies must be developed to address the social issue.

Road Map to Information Security Management

2011 ◽  
pp. 895-902
Author(s):  
Lech J. Janczewski ◽  
Victor Portougal
Keyword(s):  
Information Security ◽  
Security Management ◽  
Multimedia Technology ◽  
Sensitive Information ◽  
Information Security Management ◽  
The Past ◽  
Road Map ◽  
External Threat ◽  
Cyber Criminals

Developments in multimedia technology and networking offer organizations new and more effective ways of conducting their businesses. That includes intensification of external contacts. Barriers between different organizations are becoming less visible. The progress gives advantages to competing forces, as well. In the past, an organization was directly exposed to competition only within its own region. Now, due to easy communications, a competitor could be located on the opposite side of the globe, having the ability to access or even disrupt the most sensitive information of a competing company. Hackers and other cyber-criminals are another part of the external threat.

Modeling Access Control in Healthcare Organizations

2011 ◽  
pp. 23-44
Author(s):  
Efstratia Mourtou
Keyword(s):  
Information Security ◽  
Access Control ◽  
Security Policy ◽  
Healthcare Professionals ◽  
Vital Role ◽  
Sensitive Information ◽  
Healthcare Organizations ◽  
Security Issues ◽  
Efficiency And Effectiveness ◽  
The Status

Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.

Gore builds great workplace without traditional hierarchies

2015 ◽  
Vol 23 (7) ◽  
pp. 9-11
Keyword(s):  
Design Methodology ◽  
Plant Size ◽  
Social Implications ◽  
Open Communication ◽  
Flat Structure ◽  
Content Type ◽  
New Methods ◽  
Job Titles ◽  
Practical Implications ◽  
Organizational Requirements

Purpose – Describes the policies and practices that have helped W. L. Gore & Associates to win a string of accolades in the Great Places to Work awards. Design/methodology/approach – Examines the founding principles of the company and shows how they work out in practice. Findings – Concentrates on the company’s flat structure with few job titles, system of flexible teams, open communication and constant encouragement of innovation. Practical implications – Reveals that employees take on flexible commitments – tasks that stem from business and organizational requirements, sometimes outside the scope of their main job. They are not specifically told what to do but commit themselves to fulfilling their responsibilities in a self-motivated and team-orientated way. Social implications – Advances the view that a plant size in a range of 250-300 employees is best for communication to work most efficiently. Originality/value – Shows that people who are successful in the Gore organization are flexible, open-minded team workers ready to try unconventional approaches and new methods and to think out of the box.

Sign in / Sign up

Export Citation Format

Share Document