scholarly journals Fast Packet Inspection for End-To-End Encryption

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1937
Author(s):  
So-Yeon Kim ◽  
Sun-Woo Yun ◽  
Eun-Young Lee ◽  
So-Hyeon Bae ◽  
Il-Gu Lee
Keyword(s):  
Information Security ◽  
Information Transfer ◽  
High Speed ◽  
Personal Data ◽  
Security System ◽  
Frame Structure ◽  
Inspection Time ◽  
Deep Packet Inspection ◽  
End To End ◽  
Packet Inspection

With the recent development and popularization of various network technologies, communicating with people at any time, and from any location, using high-speed internet, has become easily accessible. At the same time, eavesdropping, data interception, personal data leakage, and distribution of malware during the information transfer process have become easier than ever. Recently, to respond to such threats, end-to-end encryption (E2EE) technology has been widely implemented in commercial network services as a popular information security system. However, with the use of E2EE technology, it is difficult to check whether an encrypted packet is malicious in an information security system. A number of studies have been previously conducted on deep packet inspection (DPI) through trustable information security systems. However, the E2EE is not maintained when conducting a DPI, which requires a long inspection time. Thus, in this study, a fast packet inspection (FPI) and its frame structure for quickly detecting known malware patterns while maintaining E2EE are proposed. Based on the simulation results, the proposed FPI allows for inspecting packets approximately 14.4 and 5.3 times faster, respectively, when the inspection coverage is 20% and 100%, as compared with a DPI method under a simulation environment in which the payload length is set to 640 bytes.

QUANTITATIVE ASSESSMENT OF OPERATING CHARACTERISTICS OF PERSONAL DATA PROTECTION SYSTEMS IN MEDICAL INFORMATION SYSTEMS

2021 ◽  
pp. 92-102
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Айжана Михайловна Каднова ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Data Protection ◽  
Medical Information ◽  
Personal Data ◽  
Security System ◽  
Medical Information Systems ◽  
Personal Data Protection ◽  
Operational Characteristics ◽  
Protection Systems

На основе анализа практических аспектов защиты персональных данных при автоматизированной обработке в организациях здравоохранения определен круг проблем, касающихся потребительского качества систем защиты информации. Одной из главных проблем защиты персональных данных в медицинских информационных системах является обеспечение своевременной настройки систем защиты информации администратором в соответствии с установленной политикой в организации. При этом ключевой проблемой является формирование условий работы администратора обеспечивающих стопроцентную гарантию реакции администратора на поступление заявок по настройке систем защиты информации, управлению пользователями, правами доступа, парированию угроз различной природы. В условиях отсутствия в настоящее время методических подходов к оценке временных (вероятностных) параметров деятельности администратора безопасности медицинских информационных систем, известных как операционные характеристики систем защиты информации, обеспечить стопроцентное соответствие настроек систем защиты информации текущей политике проблематично. В статье предложен вероятностный показатель для оценки операционных характеристик систем защиты информации. Разработана методика его оценки на основе эксперимента по фиксации движения курсора мыши при выполнении основных действий администратором и распределения его внимания (тепловой карты) по элементам интерфейса системы защиты информации. Представлены результаты оценок операционных характеристик системы защиты информации «Страж NT 3.0», выполненные с использованием предложенной экспериментальной методики Based on the analysis of the practical aspects of personal data protection (PD) during automated processing in healthcare organizations, a range of problems related to the consumer quality of information protection systems (ISS) has been identified. One of the main problems of PD protection in medical information systems (MIS) is to ensure the timely configuration of the information security system by the administrator in accordance with the established policy in the organization. At the same time, the key problem is the formation of the administrator's working conditions that provide one hundred percent guarantee of the administrator's reaction to the receipt of requests for setting up the information security system, managing users, access rights, and countering threats of various nature. In the absence of methodological approaches to assessing the temporal (probabilistic) parameters of the MIS security administrator's activities, known as the operational characteristics of the ISS, it is problematic to ensure that the ISS settings are 100% consistent with the current policy. The article proposes a probabilistic indicator for assessing the operational characteristics of the information security system. A methodology for its assessment was developed on the basis of an experiment on fixing the movement of the mouse cursor when performing basic actions by the administrator and distributing his attention (heat map) among the elements of the information security interface. The results of evaluations of the operational characteristics of the SZI "Ctrazh NT 3.0" carried out using the proposed experimental method are presented

Konsep Pengamanan Video Conference Dengan Enkripsi AES-GCM Pada Aplikasi Zoom

2020 ◽  
Vol 4 (1) ◽  
pp. 109-113
Author(s):  
Jamaluddin Jamaluddin ◽  
◽  
Naikson Saragih ◽  
Roni Simamora ◽  
Rimbun Siringoringo
Keyword(s):  
Information Security ◽  
Video Conferencing ◽  
Security System ◽  
Video Conference ◽  
Interaction Patterns ◽  
Online Interaction ◽  
Use Of Technology ◽  
End To End ◽  
Patterns Of Interaction

The conditions of the Covid-19 pandemic, which began to plague at the end of 2019, brought about major changes to the patterns of interaction in society. Activities that have been carried out directly have begun to shift to activities carried out online. The use of technology, especially in applications for online interaction patterns such as video conferencing applications, is an alternative. The Zoom Cloud Meeting application is widely used by people who initially had doubts about its security system. By implementing end-to-end encryption with AES-256-GCM, it has been able to convince clients on the information security side to keep using the Zoom Cloud Meeting application.

scholarly journals An Efficient Security System for Mobile Data Monitoring

2018 ◽  
Vol 2018 ◽  
pp. 1-10 ◽  
Author(s):  
Likun Liu ◽  
Hongli Zhang ◽  
Xiangzhan Yu ◽  
Yi Xin ◽  
Muhammad Shafiq ◽  
...  
Keyword(s):  
High Performance ◽  
Rapid Development ◽  
Cyber Attacks ◽  
Security System ◽  
Deep Packet Inspection ◽  
Set Partition ◽  
Mobile Data ◽  
Tcp Protocol ◽  
Packet Inspection ◽  
Attack Intensity

During the last decade, rapid development of mobile devices and applications has produced a large number of mobile data which hide numerous cyber-attacks. To monitor the mobile data and detect the attacks, NIDS/NIPS plays important role for ISP and enterprise, but now it still faces two challenges, high performance for super large patterns and detection of the latest attacks. High performance is dominated by Deep Packet Inspection (DPI) mechanism, which is the core of security devices. A new TTL attack is just put forward to escape detecting, such that the adversary inserts packet with short TTL to escape from NIDS/NIPS. To address the above-mentioned problems, in this paper, we design a security system to handle the two aspects. For efficient DPI, a new two-step partition of pattern set is demonstrated and discussed, which includes first set-partition and second set-partition. For resisting TTL attacks, we set reasonable TTL threshold and patch TCP protocol stack to detect the attack. Compared with recent produced algorithm, our experiments show better performance and the throughput increased 27% when the number of patterns is 106. Moreover, the success rate of detection is 100%, and while attack intensity increased, the throughput decreased.

scholarly journals Development of a Method for Conducting an Audit of the Information Security System

2021 ◽  
pp. 18-27
Author(s):  
Pavel Zaporotskov ◽  
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Data ◽  
Information Resources ◽  
Security System ◽  
Security Audit ◽  
Personal Data Protection ◽  
State Security ◽  
Information Processes ◽  
Innovative Model

Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

The Outgoing and Incoming Network Packets Intercepting Method

2018 ◽  
pp. 45-56
Author(s):  
M. V. Filippov ◽  
N. Yu. Ryazanova ◽  
B. I. Ryazantsev
Keyword(s):  
Information Security ◽  
Computer Network ◽  
Deep Packet Inspection ◽  
Linux Kernel ◽  
Local Networks ◽  
Global Networks ◽  
Network Information ◽  
Encryption And Decryption ◽  
Packet Inspection ◽  
Network Device

In connexion with the rapidly growing computer network information capacities, information security of local networks connected with global networks becomes a critical challenge. One of the information security aspects is to control and filter the network traffic by intercepting the incoming and outgoing network packets. This is accomplished owing to firewalls. The Linux kernel 2.4.x included the Netfilter firewall and the iptables utility, which allow us to analyse only the packets headers and their pertaining to specific network connections. In addition, the practice of rewriting the Linux kernel codes complicates the maintenance of the software targeting for this firewall.The article proposes a network packet intercepting method based directly on the structures and functions of the kernel, so it has no restrictions associated with the inherent Netfilter/iptables functionality. To provide intercepting, are used the struct net_device structure of the kernel that describes a network device and the struct net_device_ops structure that lists operations possible on the network device and two functions: ndo_start_xmit and rx_handler used to process outgoing and incoming packets, respectively. These functions are rewritten in order to include new functionality into the kernel to meet the users’ requests. The use of the structures and functions of the kernel provides desirable stability, versatility, and adaptive capability of the developed software for users’ requests such as content analysis of data transmitted in packets, their encryption and decryption. The proposed method can be used to create firewalls of the next-generation to implement technology of deep packet inspection, as well as a complement to the available firewalls.

System architecture for deep packet inspection in high-speed networks

2017 ◽  
Author(s):  
Grigory R. Khazankin ◽  
Sergey Komarov ◽  
Danila Kovalev ◽  
Artur Barsegyan ◽  
Alexander Likhachev
Keyword(s):  
System Architecture ◽  
High Speed ◽  
Deep Packet Inspection ◽  
High Speed Networks ◽  
Packet Inspection
Sign in / Sign up

Export Citation Format

Share Document