The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sens...The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.展开更多
Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces m...Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.展开更多
A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n...A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n) threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a (t, n) threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamir's threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.展开更多
Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via vario...Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.展开更多
Due to the rapid development of broadband access technologies, the broadband access networks have wider and wider application. However, with the development, the security issue became a public concern. Under the envir...Due to the rapid development of broadband access technologies, the broadband access networks have wider and wider application. However, with the development, the security issue became a public concern. Under the environment of access network, customers, access equipment and networks all face various threats, especially those from the user side. Such technologies and solutions as port positioning, fraud prevention on Medium Access Control (MAC) addresses and monitoring of illegal services might be the solution to the security problem existing in the current networks.展开更多
Hadoop technology is followed by some security issues. At its beginnings, developers paid attention to the development of basic functionalities mostly, and proposal of security components was not of prime interest. Be...Hadoop technology is followed by some security issues. At its beginnings, developers paid attention to the development of basic functionalities mostly, and proposal of security components was not of prime interest. Because of that, the technology remained vulnerable to malicious activities of unauthorized users whose purpose is to endanger system functionalities or to compromise private user data. Researchers and developers are continuously trying to solve these issues by upgrading Hadoop’s security mechanisms and preventing undesirable malicious activities. In this paper, the most common HDFS security problems and a review of unauthorized access issues are presented. First, Hadoop mechanism and its main components are described as the introduction part of the leading research problem. Then, HDFS architecture is given, and all including components and functionalities are introduced. Further, all possible types of users are listed with an accent on unauthorized users, which are of great importance for the paper. One part of the research is dedicated to the consideration of Hadoop security levels, environment and user assessments. The review also includes an explanation of Log Monitoring and Audit features, and detail consideration of authorization and authentication issues. Possible consequences of unauthorized access to a system are covered, and a few recommendations for solving problems of unauthorized access are offered. Honeypot nodes, security mechanisms for collecting valuable information about malicious parties, are presented in the last part of the paper. Finally, the idea for developing a new type of Intrusion Detector, which will be based on using an artificial neural network, is presented. The detector will be an integral part of a new kind of virtual honeypot mechanism and represents the initial base for future scientific work of authors.展开更多
This paper deals with the design of an intelligent access control system based on the fingerprint sensor FPC- 1011C. The design uses the S3C2410 and TMS320VC5510A as the system processor. A fingerprint acquisition mod...This paper deals with the design of an intelligent access control system based on the fingerprint sensor FPC- 1011C. The design uses the S3C2410 and TMS320VC5510A as the system processor. A fingerprint acquisition module and a wireless alarm module were designed by using the fingerprint sensor FPC1011C and GPRS module SIM100 respectively. The whole system was implemented wireless alarm through messages and GPRS-Internet in the GSM/GPRS web. In order to achieve the simple and high Real-time system, the μC-Linux system migration was also implemented.展开更多
This paper presents an auxiliary planning method for intelligent substation access system based on security region. Firstly, the method of resolving the static voltage security region is proposed. Secondly, the method...This paper presents an auxiliary planning method for intelligent substation access system based on security region. Firstly, the method of resolving the static voltage security region is proposed. Secondly, the method of constructing the optimal index of substation accession is given, which is used to describe the priority of the node into the substation. Finally, a complete set of intelligent substation access system auxiliary planning strategy is given, which takes into account the constraints of the normal operation of the grid on the voltage amplitude.展开更多
The food insecurity experiences and related behaviors of Nigerian households during the COVID-19 lockdown have not been fully discussed. This study was conducted to elicit information on the impact of COVID-19 lockdow...The food insecurity experiences and related behaviors of Nigerian households during the COVID-19 lockdown have not been fully discussed. This study was conducted to elicit information on the impact of COVID-19 lockdown on economic and behavioral patterns related to food access. An online-based semi-structured questionnaire distributed through messaging platforms was used to collect information on characteristics, food purchasing behaviour be<span>fore and during COVID-19 lockdown among respondents. Experience of</span> food insecurity was assessed using Food Insecurity Experience Scale (FIES). A total of 883 responses were received and analyzed using SPSS Version 20.0. Most of the respondents (90.5%) were at home or had stopped going to work due to COVID-19 restrictions. Even though smaller households had higher food <span>expenditure claims than larger households (p = 0.012), the larger the</span> house<span>hold, the more acute the challenge of economic access to food (p = 0.050)</span>. Location (p = 0.000), age (p = 0.003), occupation (p = 0.014) and income level (p = 0.000) were associated with experience of food insecurity. In conclusion, lockdown restrictions increased food expenditure and experience of food insecurity among the respondents and thus we recommend the probe of long-term consequences of deviations from usual food access on undernutrition or overnutrition in Nigerian households.展开更多
With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality a...With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.展开更多
This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relatio...This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).展开更多
基金supported in part by Jiangsu Province High Level“333”Program (0401206044)National Natural Science Foundation of China (61801243,62072255)+4 种基金Program for Scientific Research Foundation for Talented Scholars of Jinling Institute of Technology (JIT-B-202031)University Incubator Foundation of Jinling Institute of Technology (JIT-FHXM-202110)Open Project of Fujian Provincial Key Lab.of Network Security and Cryptology (NSCL-KF2021-02)Open Foundation of National Railway Intelligence Transportation System Engineering Tech.Research Center (RITS2021KF02)China Postdoctoral Science Foundation (2019M651914)。
文摘The secured access is studied in this paper for the network of the image remote sensing.Each sensor in this network encounters the information security when uploading information of the images wirelessly from the sensor to the central collection point.In order to enhance the sensing quality for the remote uploading,the passive reflection surface technique is employed.If one eavesdropper that exists nearby this sensor is keeping on accessing the same networks,he may receive the same image from this sensor.Our goal in this paper is to improve the SNR of legitimate collection unit while cut down the SNR of the eavesdropper as much as possible by adaptively adjust the uploading power from this sensor to enhance the security of the remote sensing images.In order to achieve this goal,the secured energy efficiency performance is theoretically analyzed with respect to the number of the passive reflection elements by calculating the instantaneous performance over the channel fading coefficients.Based on this theoretical result,the secured access is formulated as a mathematical optimization problem by adjusting the sensor uploading power as the unknown variables with the objective of the energy efficiency maximization while satisfying any required maximum data rate of the eavesdropper sensor.Finally,the analytical expression is theoretically derived for the optimum uploading power.Numerical simulations verify the design approach.
基金supported by National Information Security Program under Grant No.2009A112
文摘Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.
基金Supported bythe National Basic Research Programof China(973 Program G1999035805)
文摘A multiple secret sharing scheme can share a group of secrets in each sharing session, which is very useful especially in sharing large secrets. However, most of the existing multiple secret sharing schemes are (t, n) threshold schemes, so they are fit for only threshold applications and unfit for the applications of general access structures. Due to the fact that a (t, n) threshold scheme could only handle a small fraction of the secret sharing idea, a novel multi-secret sharing scheme is proposed, which is designed based on general access structures. The security of this scheme is the same as that of Shamir's threshold secret sharing scheme. Compared with the existing multiple secret sharing schemes, the proposed scheme can provide greater capabilities for many applications because it is able to deal with applications of general access structures.
文摘Remote access is a means of accessing resources outside one’s immediate physical location. This has made employee mobility more effective and productive for most organizations. Remote access can be achieved via various channels of remote communication, the most common being Virtual Private Networks (VPNs). The demand for remote access is on the rise, especially during the Covid-19 pandemic, and will continue to increase as most organizations are re-structuring to make telecommuting a permanent part of their mode of operation. Employee mobility, while presenting organizations with some advantages, comes with the associated risk of exposing corporate cyber assets to attackers. The remote user and the remote connectivity technology present some vulnerabilities which can be exploited by any threat agent to violate the confidentiality, integrity and availability (CIA) dimensions of these cyber assets. So, how are users and remote devices authenticated? To what extent is the established connection secured? With employee mobility on the rise, it is necessary to analyze the user authentication role since the mobile employee is not under the monitoring radar of the organization, and the environment from which the mobile employee connects may be vulnerable. In this study, an experiment was setup to ascertain the user authentication roles. The experiment showed the process of 2FA in user authentication and it proved to be an effective means of improving user authentication during remote access. This was depicted via the use of what the user has (mobile phone/soft-token) as a second factor in addition to what the user knows, i.e. password. This authentication method overcomes the security weaknesses inherent in single-factor user authentication via the use of password only. However, the results also showed that though 2FA user authentication ensures security, the remote devices could exhibit further vulnerabilities and pose serious risks to the organization. Thus, a varied implementation was recommended to further enhance the security of remote access communication with regards to the remote user authentication.
文摘Due to the rapid development of broadband access technologies, the broadband access networks have wider and wider application. However, with the development, the security issue became a public concern. Under the environment of access network, customers, access equipment and networks all face various threats, especially those from the user side. Such technologies and solutions as port positioning, fraud prevention on Medium Access Control (MAC) addresses and monitoring of illegal services might be the solution to the security problem existing in the current networks.
文摘Hadoop technology is followed by some security issues. At its beginnings, developers paid attention to the development of basic functionalities mostly, and proposal of security components was not of prime interest. Because of that, the technology remained vulnerable to malicious activities of unauthorized users whose purpose is to endanger system functionalities or to compromise private user data. Researchers and developers are continuously trying to solve these issues by upgrading Hadoop’s security mechanisms and preventing undesirable malicious activities. In this paper, the most common HDFS security problems and a review of unauthorized access issues are presented. First, Hadoop mechanism and its main components are described as the introduction part of the leading research problem. Then, HDFS architecture is given, and all including components and functionalities are introduced. Further, all possible types of users are listed with an accent on unauthorized users, which are of great importance for the paper. One part of the research is dedicated to the consideration of Hadoop security levels, environment and user assessments. The review also includes an explanation of Log Monitoring and Audit features, and detail consideration of authorization and authentication issues. Possible consequences of unauthorized access to a system are covered, and a few recommendations for solving problems of unauthorized access are offered. Honeypot nodes, security mechanisms for collecting valuable information about malicious parties, are presented in the last part of the paper. Finally, the idea for developing a new type of Intrusion Detector, which will be based on using an artificial neural network, is presented. The detector will be an integral part of a new kind of virtual honeypot mechanism and represents the initial base for future scientific work of authors.
文摘This paper deals with the design of an intelligent access control system based on the fingerprint sensor FPC- 1011C. The design uses the S3C2410 and TMS320VC5510A as the system processor. A fingerprint acquisition module and a wireless alarm module were designed by using the fingerprint sensor FPC1011C and GPRS module SIM100 respectively. The whole system was implemented wireless alarm through messages and GPRS-Internet in the GSM/GPRS web. In order to achieve the simple and high Real-time system, the μC-Linux system migration was also implemented.
文摘This paper presents an auxiliary planning method for intelligent substation access system based on security region. Firstly, the method of resolving the static voltage security region is proposed. Secondly, the method of constructing the optimal index of substation accession is given, which is used to describe the priority of the node into the substation. Finally, a complete set of intelligent substation access system auxiliary planning strategy is given, which takes into account the constraints of the normal operation of the grid on the voltage amplitude.
文摘The food insecurity experiences and related behaviors of Nigerian households during the COVID-19 lockdown have not been fully discussed. This study was conducted to elicit information on the impact of COVID-19 lockdown on economic and behavioral patterns related to food access. An online-based semi-structured questionnaire distributed through messaging platforms was used to collect information on characteristics, food purchasing behaviour be<span>fore and during COVID-19 lockdown among respondents. Experience of</span> food insecurity was assessed using Food Insecurity Experience Scale (FIES). A total of 883 responses were received and analyzed using SPSS Version 20.0. Most of the respondents (90.5%) were at home or had stopped going to work due to COVID-19 restrictions. Even though smaller households had higher food <span>expenditure claims than larger households (p = 0.012), the larger the</span> house<span>hold, the more acute the challenge of economic access to food (p = 0.050)</span>. Location (p = 0.000), age (p = 0.003), occupation (p = 0.014) and income level (p = 0.000) were associated with experience of food insecurity. In conclusion, lockdown restrictions increased food expenditure and experience of food insecurity among the respondents and thus we recommend the probe of long-term consequences of deviations from usual food access on undernutrition or overnutrition in Nigerian households.
文摘With the development of cloud computing, the mutual understandability among distributed data access control has become an important issue in the security field of cloud computing. To ensure security, confidentiality and fine-grained data access control of Cloud Data Storage (CDS) environment, we proposed Multi-Agent System (MAS) architecture. This architecture consists of two agents: Cloud Service Provider Agent (CSPA) and Cloud Data Confidentiality Agent (CDConA). CSPA provides a graphical interface to the cloud user that facilitates the access to the services offered by the system. CDConA provides each cloud user by definition and enforcement expressive and flexible access structure as a logic formula over cloud data file attributes. This new access control is named as Formula-Based Cloud Data Access Control (FCDAC). Our proposed FCDAC based on MAS architecture consists of four layers: interface layer, existing access control layer, proposed FCDAC layer and CDS layer as well as four types of entities of Cloud Service Provider (CSP), cloud users, knowledge base and confidentiality policy roles. FCDAC, it’s an access policy determined by our MAS architecture, not by the CSPs. A prototype of our proposed FCDAC scheme is implemented using the Java Agent Development Framework Security (JADE-S). Our results in the practical scenario defined formally in this paper, show the Round Trip Time (RTT) for an agent to travel in our system and measured by the times required for an agent to travel around different number of cloud users before and after implementing FCDAC.
文摘This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).
