scholarly journals Securing Remote Access to Information Systems of Critical Infrastructure Using Two-Factor Authentication

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1819
Author(s):  
Rasa Bruzgiene ◽  
Konstantinas Jurgilas
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Critical Infrastructure ◽  
User Authentication ◽  
Remote Access ◽  
Access To Information ◽  
Digital Space ◽  
Cyber Threats ◽  
The Core ◽  
Common Target

Information systems of critical infrastructure provide services on which the core functions of a state and its economy depend as well as welfare of society. Such systems are becoming an increasingly common target for crimes and attacks in cyberspace, as their vulnerabilities can be exploited for malicious activities seeking financial or political gain. One of the main reasons that threatens the security of these systems is the weak control of remote access, otherwise defined as management of a system’s user identity. Management of user identity depends on user authentication, authorization and the assignment of certain rights in the digital space. This paper provides the proposed two-factor (2FA) digital authentication method for remote access to an information system of a critical infrastructure. Results of testing the method’s usability and resilience to cyber threats have shown that the system, in which the method was implemented, is protected from dangerous HTTP requests and publicly available system’s endpoints are protected from threatening inputs that could cause malicious activities on the critical infrastructure. Additionally, the implementation of the authentication API application ensures the rapidity of the method for less than 500 ms for 100 users working in parallel with the system at the same time.

An Evaluation of User Password Practice

2013 ◽  
pp. 969-980
Author(s):  
John Campbell ◽  
Kay Bryant
Keyword(s):  
Information Systems ◽  
User Authentication ◽  
Computer Users ◽  
Access To Information ◽  
First Line ◽  
Security Issues ◽  
Meaningful Information ◽  
Security Practices ◽  
Access Controls ◽  
Associated Data

Maintaining the security of information systems and associated data resources is vital if an organization is to minimize losses. Access controls are the first line of defense in this process. The primary function of authentication controls is to ensure that only authorized users have access to information systems and electronic resources. Password-based systems remain the predominant means of user authentication despite viable authentication alternatives. Research suggests that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.

An Evaluation of User Password Practice

2011 ◽  
pp. 112-128
Author(s):  
John Campbell ◽  
Kay Bryant
Keyword(s):  
Information Systems ◽  
User Authentication ◽  
Computer Users ◽  
Access To Information ◽  
First Line ◽  
Security Issues ◽  
Meaningful Information ◽  
Security Practices ◽  
Access Controls ◽  
Associated Data

Maintaining the security of information systems and associated data resources is vital if an organization is to minimize losses. Access controls are the first line of defense in this process. The primary function of authentication controls is to ensure that only authorized users have access to information systems and electronic resources. Password-based systems remain the predominant means of user authentication despite viable authentication alternatives. Research suggests that password-based systems are often compromised by poor user security practices. This chapter presents the results of a survey of 884 computer users that examines user practice in creating and reusing password keys, and reports the findings on user password composition and security practices for email accounts. Despite a greater awareness of security issues, the results show that many users still select and reuse weak passwords keys that are based on dictionary words and other meaningful information.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Research on Multimedia Sports Humanistic Information Systems

2014 ◽  
Vol 926-930 ◽  
pp. 2706-2709
Author(s):  
Ming Wen Hu
Keyword(s):  
Information System ◽  
Information Systems ◽  
Program Implementation ◽  
Social Life ◽  
Technology Development ◽  
Rapid Development ◽  
Development Environment ◽  
Sports Culture ◽  
The Core ◽  
Set Up

With the rapid development of social productive forces and increasingly higher level of social life, the sports humanity as the core spirit of sports culture in informational times, which is the sum of the psychological aspects of sports culture from the cultural spirit. Its essence is the pursuit of truth, good and beautiful as the core values and ideals, people's healthy development as the ultimate goal. This paper discusses basic mode ,the basic framework of the multimedia sports humanistic information system, the processing technology, development environment ,tools and methods . Through the analysis program implementation elements and design ideas of multimedia sports humanistic information system, in order to set up multimedia sports humanistic information systems, we proposes a viable framework and models with a theoretical basis and practical value.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

scholarly journals Development of basic approaches to creating hardware and software for radiation monitoring information systems

2020 ◽  
Keyword(s):  
Information Systems ◽  
Dose Rate ◽  
Block Diagram ◽  
Radiation Detectors ◽  
Exposure Dose ◽  
Radiation Monitoring ◽  
Remote Access ◽  
Basic Approaches ◽  
Dosimetric System ◽  
Monitoring Information

Basic approaches to creating hardware and software for radiation monitoring information systems have been developed in the article. A modern information system for radiation monitoring and control that requires a comprehensive approach and an iterative process of its creation has been developed. The proposed approach to integrating local measuring devices with cloud services, using M2M/IoT technology for remote measurements, advanced semiconductor sensors based on CdTe and CdZnTe radiation detectors, modern microcontroller and communication microchips is highly promising. Developed hardware and software solutions demonstrate increased accuracy due to hardware and software correction of measurement results. A variant of the architectural solution for building a platform for remote access to dosimetric and radiometric measurements is being developed. The solution lies in the direction of improving the parameters of detectors, as well as the characteristics of electronic modules of detecting systems and creating software for controlling the detection process, collecting and digital processing of information, and its adequate presentation to users online. The architecture and structural diagram of a dosimetric system, a sequence diagram, a diagram of a dosimetric system with a subsystem for data exchange over the Internet have been created. A new algorithm for measuring the exposure dose rate of ionizing radiation has been proposed. The block diagram of a microcontroller dosimeter has been developed. The algorithm for correcting the dependence of the sensitivity of the detector based on CdZnTe on the energy of the detected gamma quanta has already been proposed. The algorithm significantly reduces the uncertainty of measuring the radiation dose rate. The architecture and block diagram of the dosimetric system with the possibility of remote access and remote control of the main functions has been presented as well. The calculation of the exposure dose of gamma radiation and the power of the exposure dose with the energy dependence correction have been used. The system elements have proved to be useful for students’ distant laboratory work during the quarantine.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

A New Approach in Cloud Computing User Authentication

Web Services ◽  
2019 ◽  
pp. 1393-1410
Author(s):  
Alaa Hussein Al-Hamami ◽  
Rafal A. Al-Khashab
Keyword(s):  
Cloud Computing ◽  
High Performance ◽  
User Authentication ◽  
Low Cost ◽  
Remote Access ◽  
Security And Privacy ◽  
Main Concern ◽  
Security Measures ◽  
User Privacy ◽  
Is Security

Cloud computing provides the full scalability, reliability, high performance and relatively low cost feasible solution as compared to dedicated infrastructure. These features make cloud computing more attractive to users and intruders. It needs more and complex security measures to protect user privacy and data centers. The main concern in this chapter is security, privacy and trust. This chapter will give a discussion and a suggestion for using cloud computing to preserve security and privacy. The malicious hacker and other threats are considering the major cause of leaking security of the personal cloud due to centralized location and remote accesses to the cloud. According to attacks, a centralized location can be easier target rather than several goals and remote access is insecure technologies which offer a boundary of options for attackers to infiltrate enterprises. The biggest concern is attackers that will use the remote connection as a jumping point to get deeper into an organization.

Sign in / Sign up

Export Citation Format

Share Document