The biggest software development companies conduct daily more than hundreds deployments which influence currently operating IT (Information Technology) systems. This is possible due to the availability of automatic mechanisms which are providing their functional testing and later applications deployment. Unfortunately, nowadays, there are no tools or even a set of good practices related to the problem on how to include IT security issues into the whole production and deployment processes. This paper describes how to deal with this problem in the large mobile telecommunication operator environment.
We introduce two new Kirchhoff-law-Johnson-noise (KLJN) secure key distribution schemes which are generalizations of the original KLJN scheme. The first of these, the Random-Resistor (RR-) KLJN scheme, uses random resistors with values chosen from a quasi-continuum set. It is well-known since the creation of the KLJN concept that such a system could work in cryptography, because Alice and Bob can calculate the unknown resistance value from measurements, but the RR-KLJN system has not been addressed in prior publications since it was considered impractical. The reason for discussing it now is the second scheme, the Random Resistor Random Temperature (RRRT-) KLJN key exchange, inspired by a recent paper of Vadai, Mingesz and Gingl, wherein security was shown to be maintained at non-zero power flow. In the RRRT-KLJN secure key exchange scheme, both the resistances and their temperatures are continuum random variables. We prove that the security of the RRRT-KLJN scheme can prevail at a non-zero power flow, and thus the physical law guaranteeing security is not the Second Law of Thermodynamics but the Fluctuation-Dissipation Theorem. Alice and Bob know their own resistances and temperatures and can calculate the resistance and temperature values at the other end of the communication channel from measured voltage, current and power-flow data in the wire. However, Eve cannot determine these values because, for her, there are four unknown quantities while she can set up only three equations. The RRRT-KLJN scheme has several advantages and makes all former attacks on the KLJN scheme invalid or incomplete.
Recently, Gunn, Allison and Abbott (GAA) [http://arxiv.org/pdf/1402.2709v2.pdf] proposed a new scheme to utilize electromagnetic waves for eavesdropping on the Kirchhoff-law-Johnson-noise (KLJN) secure key distribution. We proved in a former paper [Fluct. Noise Lett. 13 (2014) 1450016] that GAA’s mathematical model is unphysical. Here we analyze GAA’s cracking scheme and show that, in the case of a loss-free cable, it provides less eavesdropping information than in the earlier (Bergou)-Scheuer-Yariv mean-square-based attack [Kish LB, Scheuer J, Phys. Lett. A 374:2140-2142 (2010)], while it offers no information in the case of a lossy cable. We also investigate GAA’s claim to be experimentally capable of distinguishing—using statistics over a few correlation times only—the distributions of two Gaussian noises with a relative variance difference of less than 10-8. Normally such distinctions would require hundreds of millions of correlations times to be observable. We identify several potential experimental artifacts as results of poor KLJN design, which can lead to GAA’s assertions: deterministic currents due to spurious harmonic components caused by ground loops, DC offset, aliasing, non-Gaussian features including non-linearities and other non-idealities in generators, and the timederivative nature of GAA’s scheme which tends to enhance all of these artifacts.
The subject of this study is the non-repudiation security service for network communication using TCP/IP stack. Generated evidence, as well as decision-making process of registering a given event, are context-aware. Non-repudiation is equipped with context-awareness by using widely utilized network tools. The aim of this paper is to present timing results for selected tools execution and to complete the evidence generation time. In some applications it is crucial to gather evidence data as fast as possible because of the rapidly changing network environment. For such situations, in case of prolonged execution time, an output from a tool might imprecisely describe the contextual situation from the time of the occurrence of an event.
We introduce seven new versions of the Kirchhoff-Law-Johnson-(like)-Noise (KLJN) classical physical secure key exchange scheme and a new transient protocol for practically-perfect security. While these practical improvements offer progressively enhanced security and/or speed for non-ideal conditions, the fundamental physical laws providing the security remain the same. In the "intelligent" KLJN (iKLJN) scheme, Alice and Bob utilize the fact that they exactly know not only their own resistor value but also the stochastic time function of their own noise, which they generate before feeding it into the loop. By using this extra information, they can reduce the duration of exchanging a single bit and in this way they achieve not only higher speed but also an enhanced security because Eve’s information will significantly be reduced due to smaller statistics. In the "multiple" KLJN (MKLJN) system, Alice and Bob have publicly known identical sets of different resistors with a proper, publicly known truth table about the bit-interpretation of their combination. In this new situation, for Eve to succeed, it is not enough to find out which end has the higher resistor. Eve must exactly identify the actual resistor values at both sides. In the "keyed" KLJN (KKLJN) system, by using secure communication with a formerly shared key, Alice and Bob share a proper time-dependent truth table for the bit-interpretation of the resistor situation for each secure bit exchange step during generating the next key. In this new situation, for Eve to succeed, it is not enough to find out the resistor values at the two ends. Eve must also know the former key. The remaining four KLJN schemes are the combinations of the above protocols to synergically enhance the security properties. These are: the "intelligent-multiple" (iMKLJN), the "intelligent-keyed" (iKKLJN), the "keyed-multiple" (KMKLJN) and the "intelligent-keyed-multiple" (iKMKLJN) KLJN key exchange systems. Finally, we introduce a new transient-protocol offering practically-perfect security without privacy amplification, which is not needed in practical applications but it is shown for the sake of ongoing discussions.
Intensive modernization and reconstruction of the energy sector takes place throughout the world. The EU climate and energy policy will have a huge impact on the development of the energy sector in the coming years. The European Union has adopted ambitious goals of transforming towards a low-carbon economy and the integration of the energy market. In June 2015, the G7 countries announced that they will move away from coal fired energy generation. Germany, which has adopted one of the most ambitious energy transformation programs among all industrialized countries, is leading these transformations. The long-term strategy, which has been implemented for many years, allowed for planning the fundamental transformation of the energy sector; after the Fukushima Daiichi nuclear disaster, Germany opted for a total withdrawal from nuclear energy and coal in favor of renewable energy. The German energy transformation is mainly based on wind and solar energy. Germany is the fifth economic power in the world and the largest economy in Europe. Therefore, the German energy policy affects the energy policy of the neighboring countries. The article presents the main assumptions of the German energy policy (referred to as Energiewende). It also presents the impact of changes in the German energy sector on the development of energy systems in selected European countries.
Dependence Between the Residential Area Type and the Sense of Security. The Case of Poznań. The need for safety is one of the most important needs of every person. The sense of security level depends to a great extent on the place of residence. The study aims at showing the relationship between the residential area type and the sense of security in Poznań. The author uses the results of the survey on the crime risk conducted among Poznań inhabitants and assess the sense of security level of the following types of residential area: tenement houses area, blockhouses area, dettached houses area and the city center. In the opinion of inhabitants, the highest sense of security level was in the dettached house area. The following positions included: the city center and the blockhouses area. The lowest sense of security level was characteristic for the tenement houses area. The time of the day was at great importance in the context of respondents assessments, during the day the sense of security level was higher than at night, regardless to the residential area type.
Due to increase in threats posed by offshore foundries, the companies outsourcing IPs are forced to protect their designs from the threats posed by the foundries. Few of the threats are IP piracy, counterfeiting and reverse engineering. To overcome these, logic encryption has been observed to be a leading countermeasure against the threats faced. It introduces extra gates in the design, known as key gates which hide the functionality of the design unless correct keys are fed to them. The scan tests are used by various designs to observe the fault coverage. These scan chains can become vulnerable to sidechannel attacks. The potential solution for protection of this vulnerability is obfuscation of the scan output of the scan chain. This involves shuffling the working of the cells in the scan chain when incorrect test key is fed. In this paper, we propose a method to overcome the threats posed to scan design as well as the logic circuit. The efficiency of the secured design is verified on ISCAS’89 circuits and the results prove the security of the proposed method against the threats posed.
There is an ongoing debate about the fundamental security of existing quantum key exchange schemes. This debate indicates not only that there is a problem with security but also that the meanings of perfect, imperfect, conditional and unconditional (information theoretic) security in physically secure key exchange schemes are often misunderstood. It has been shown recently that the use of two pairs of resistors with enhanced Johnsonnoise and a Kirchhoff-loop ‒ i.e., a Kirchhoff-Law-Johnson-Noise (KLJN) protocol ‒ for secure key distribution leads to information theoretic security levels superior to those of today’s quantum key distribution. This issue is becoming particularly timely because of the recent full cracks of practical quantum communicators, as shown in numerous peer-reviewed publications. The KLJN system is briefly surveyed here with discussions about the essential questions such as (i) perfect and imperfect security characteristics of the key distribution, and (ii) how these two types of securities can be unconditional (or information theoretical).
Visible Light Communication (VLC) is a technique for high-speed, low-cost wireless data transmission based on LED luminaries. Wireless LAN environments are a major application of VLC. In these environments, VLC is used in place of traditional systems such as Wi-Fi. Because of the physical characteristics of visible light, VLC is considered to be superior to traditional radio-based communication in terms of security. However, as in all wireless systems, the security of VLC with respect to eavesdropping, signal jamming and modification must be analyzed. This paper focuses on the aspect of jamming in VLC networks. In environments where multiple VLC transmitters are used, there is the possibility that one or more transmitters will be hostile (or “rogue”). This leads to communication disruption, and in some cases, the hijacking of the legitimate data stream. In this paper we present the theoretical system model that is used in simulations to evaluate various rogue transmission scenarios in a typical indoor environment. The typical approach used so far in jamming analysis assumes that all disruptive transmissions may be modeled as Gaussian noise, but this assumption may be too simplistic. We analyze and compare two models of VLC jamming: the simplified Gaussian and the exact model, where the full characteristics of the interfering signal are taken into account. Our aim is to determine which methodology is adequate for studying signal jamming in VLC systems.
In this article, authors analyze methods of the analysis of data integrity, security and availability loss results for business processes. Assessing those results, one can judge the importance of a process in organization; thus, determine which business process requires more attention. The importance of those processes can be determined with Business Impact Analysis (BIA). In article, first phase of BIA is presented – in specific, a construction of Business Impact Category Tables, Loss Levels and process weight calculation methods. A variety of weight calculating methods is presented. Authors also present their proposed method – square sum percentage – as a solution eliminating problems of other weight calculation methods in business impact analysis.
The production of domestic protein for feed in Poland is insufficient. The import of feed raw materials, especially soybean, which is genetically modified (GM) is necessity. In 2016, Poland imported about 2 million tonnes of GM soybean. In Poland was introduced a ban for using and production of GM feed (Law – animal feed from 2006). This ban has already been suspended few times, mainly due to the fact, that the complete replacement of imported GM soybean meal with other components was impossible. The Minister of Agriculture and Rural Development appointed “Team for alternative sources of protein”, responsible for finding solutions that will impact on reducing imports and will increase the share of domestic sources of protein in animal feed. To achieve this aim research are needed to indicate plants and their possibilities for using. The aim of the article is to analyse selected feed components such as: soybean and rapeseed meal, sunflower meal and oilcakes. This analysis concerns the area of cultivation of soybean, rapeseed and sunflower, purchase costs of meals and oilcakes, properties of these components and foreign trade in Poland.
The paper looks at the issues of operation safety of the national power grid and the characteristics of the national power grid in the areas of transmission and distribution. The issues of operation safety of the national transmission and distribution grid were discussed as well as threats to operation safety and security of the electricity supply related to these grids. Failures in the transmission and distribution grid in 2017, caused by extreme weather conditions such as: a violent storm at the night of 11/12.08.2017, hurricane Ksawery on 5–8.10.2017, and hurricane Grzegorz on 29–30.10.2017, the effects of which affected tens of thousands of electricity consumers and led to significant interruptions in the supply of electricity were presented. At present, the national power (transmission and distribution) grid does not pose a threat to the operation safety and security of the electricity supply, and is adapted to the current typical conditions of electricity demand and the performance of tasks during a normal state of affairs, but locally may pose threats, especially in extreme weather conditions. A potentially high threat to the operation safety of the national power grid is closely linked to: age, technical condition and the degree of depletion of the transmission and distribution grids, and their high failure rate due to weather anomalies. Therefore, it is necessary to develop and modernize the 400 and 220 kV transmission grids, cross-border interconnections, and the 110 kV distribution grid (especially in the area of large urban agglomerations), and the MV distribution grid (especially in rural areas). The challenges faced by the transmission and distribution grid operators within the scope of investment and operating activities, with a view to avoiding or at least reducing the scale of grid failures in the case of future sudden high-intensity atmospheric phenomena, are presented.
A recent IEEE Access Paper by Gunn, Allison and Abbott (GAA) proposed a new transient attack against the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system. The attack is valid, but it is easy to build a defense for the KLJN system. Here we note that GAA’s paper contains several invalid statements regarding security measures and the continuity of functions in classical physics. These deficiencies are clarified in our present paper, wherein we also emphasize that a new version of the KLJN system is immune against all existing attacks, including the one by GAA.
The data aggregation process of wireless sensor networks faces serious security problems. In order to defend the internal attacks launched by captured nodes and ensure the reliability of data aggregation, a secure data aggregation mechanism based on constrained supervision is proposed for wireless sensor network, which uses the advanced LEACH clustering method to select cluster heads. Then the cluster heads supervise the behaviors of cluster members and evaluate the trust values of nodes according to the communication behavior, data quality and residual energy. Then the node with the highest trust value is selected as the supervisor node to audit the cluster head and reject nodes with low trust values. Results show that the proposed mechanism can effectively identify the unreliable nodes, guarantee the system security and prolong the network lifetime.
The support for the stable functioning of business entities with focus on their further development is impossible without an effective system of financial security, because any time there is a danger of implementing a variety of risks that can lead to the onset of the crisis. It should be noted that the implementation of measures to ensure financial security is most effective when they are applied long before the crisis - it makes business entities able to recognize early trends of crises and have time for preparedness. In the case when it comes to the global economic crisis, which cannot be prevented, timely measures to ensure financial security can minimize its negative effects, and if the crisis is expected at the level of the enterprise, it will be able to avoid it altogether. The study clarified the theoretical basis of ensuring the business entity financial security - namely, the definition of "financial security" and a list of its tasks, functions and principles. The existing problem of providing financial security are researched. A qualitative and quantitative methods for assessing the financial condition of a business entity are showed. The research has established that the main problems of ensuring the financial security of business entity need to be addressed at the state level, but the early assessment of external and internal environment of economic units significantly reduces the risk of certain threats and thus increases financial security of business entities. The showed methods of assessing the financial situation can be used in practice of national business entities.
In its history, Poland was usually more oriented to land than to the sea. For many centuries we have not been able to see the opportunities and potential created by the coastal location of our country. In the current strategic documents in Poland, there are also no proper references to the maritime security of the state, although we are a member of both NATO and the European Union. The article presents the creation process in 2015–2017 and the content of a unique document devoted to this issue: Poland’s Strategic Concept for Maritime Security, which was born thanks to the efforts of “enthusiasts” of maritime affairs from the Naval Academy, Shipbuilding Council and the Institute of General Józef Haller under the leadership of the National Security Bureau. In the authors opinion, the document is to form the basis for work on the future maritime security strategy of our country, and also become the “engine” of public discussion in Poland on maritime security issues and the effective use of the coastal position of the state for economic development.
The increasing threat of terrorist attacks in Europe and social demands for governmental actions towards facilitating an information exchange between the national authorities responsible for public security, lead to the spectacular shift towards collection of passengers’ data. Initially, the idea had concerned mainly aviation passengers’ data and was limited to international flights only. But soon it was extended in order to include the Passenger Name Records (PNR) from domestic transport. Recently, we can see tensions to expand the PNR collection scheme to other means of transport including maritime routes. The paper studies the most developed system created in Belgium and assesses its influence on possible all-European solutions. When presenting the main problems connected with profiling the passengers and data sharing between institutions, it discusses a lack of precise privacy impact assessment and the need for necessity and proportionality studies to be carried out both at the level of Member States and in the EU discussion on the implementation of the so called PNR Directive and on the new requirements for the digital registration of passengers and crew sailing on board European passenger ships included in 2017 amendments to Directive 98/41/EC.
The model is developed for the intellectualized decision-making support system on financing of cyber security means of transport cloud-based computing infrastructures, given the limited financial resources. The model is based on the use of the theory of multistep games tools. The decision, which gives specialists a chance to effectively assess risks in the financing processes of cyber security means, is found. The model differs from the existing approaches in the decision of bilinear multistep quality games with several terminal surfaces. The decision of bilinear multistep quality games with dependent movements is found. On the basis of the decision for a one-step game, founded by application of the domination method and developed for infinite antagonistic games, the conclusion about risks for players is drawn. The results of a simulation experiment within program implementation of the intellectualized decision-making support system in the field of financing of cyber security means of cloudbased computing infrastructures on transport are described. Confirmed during the simulation experiment, the decision assumes accounting a financial component of cyber defense strategy at any ratios of the parameters, describing financing process.
The paper presents a new ontology-based approach to the elaboration and management of evidences prepared by developers for the IT security evaluation process according to the Common Criteria standard. The evidences concern the claimed EAL (Evaluation Assurance Level) for a developed IT product or system, called TOE (Target of Evaluation), and depend on the TOE features and its development environment. Evidences should be prepared for the broad range of IT products and systems requiring assurance. The selected issues concerning the author’s elaborated ontology are discussed, such as: ontology domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and their properties, creation of instances, and an ontology validation process. This work is aimed at the development of a prototype of a knowledge base representing patterns for evidences.
We address one of the weaknesses of the RSA ciphering systems i.e. the existence of the private keys that are relatively easy to compromise by the attacker. The problem can be mitigated by the Internet services providers, but it requires some computational effort. We propose the proof of concept of the GPGPU-accelerated system that can help detect and eliminate users’ weak keys. We have proposed the algorithms and developed the GPU-optimised program code that is now publicly available and substantially outperforms the tested CPU processor. The source code of the OpenSSL library was adapted for GPGPU, and the resulting code can perform both on the GPU and CPU processors. Additionally, we present the solution how to map a triangular grid into the GPU rectangular grid – the basic dilemma in many problems that concern pair-wise analysis for the set of elements. Also, the comparison of two data caching methods on GPGPU leads to the interesting general conclusions. We present the results of the experiments of the performance analysis of the selected algorithms for the various RSA key length, configurations of GPU grid, and size of the tested key set.
The Kirchhoff-law-Johnson-noise (KLJN) secure key exchange scheme offers unconditional security, however it can approach the perfect security limit only in the case when the practical system’s parameters approach the ideal behavior of its core circuitry. In the case of non-ideal features, non-zero information leak is present. The study of such leaks is important for a proper design of practical KLJN systems and their privacy amplifications in order to eliminate these problems.
The article presents the question of solidarity in relation to the energy policy of the European Union. This topic seems particularly important in the context of the crisis of the European integration process, which includes, in particular, economic problems, the migration crisis and the withdrawal of the United Kingdom from the European Union (Brexit). The issue of solidarity was analyzed from the legal and formal, institutional, and functional and relational points of view. The aim of the article is to show to what extent the theoretical assumptions, resulting from the provisions of European law on the solidarity, correspond with the actions of the Member States in the energy sector. The practice of the integration process indicates that the particular national economic interests in the energy sector are more important for the Member States than working towards European solidarity. Meanwhile, without a sense of responsibility for the pan-European interest, it is not possible to effectively implement the EU’s energy policy. The European Commission – as the guardian of the treaties – confronts the Member States with ambitious challenges to be undertaken “in the spirit of solidarity”. In the verbal sphere, this is supported by by capitals of the individual countries, but in practice, the actions taken divide the Member States into opposing camps instead of building a sense of the European energy community. This applies in particular to such issues as: the management of the energy union, investments in the gas sector (e.g. Nord Stream I and Nord Stream II), and the position towards third countries – suppliers of energy raw materials to the EU (in particular towards the Russian Federation). Different views on the above problems make it extremely difficult for Member States to take action “in the spirit of energy solidarity”. Thus, the energy problem becomes another reason for the weakening of European unity.
The judgments delivered by the European Court of Human Rights in Al-Nashiri v. Poland and Husayn (Abu Zubaydah) v. Poland highlight the potential tension that may arise between states’ broad reliance on national security grounds to withhold disclosure of secret files and compliance with their obligations under the European Convention on Human Rights. The present article examines the above-mentioned judgments, focusing, in particular, on how (and to what extent) the withholding of secret information may infringe on the right to the truth and, as far as proceedings before the European Court of Human Rights are concerned, the state’s duty to cooperate with it.
The Kirchhoff-law-Johnson-noise (KLJN) scheme is a statistical/physical secure key exchange system based on the laws of classical statistical physics to provide unconditional security. We used the LTSPICE industrial cable and circuit simulator to emulate one of the major active (invasive) attacks, the current injection attack, against the ideal and a practical KLJN system, respectively. We show that two security enhancement techniques, namely, the instantaneous voltage/current comparison method, and a simple privacy amplification scheme, independently and effectively eliminate the information leak and successfully preserve the system’s unconditional security.