Cloud information security : a higher education perspective

Van der Schyff, Karl Izak

January 2014

In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.

Cloud computing -- Security measures

Data protection

Internet in higher education

A methodology for measuring and monitoring IT risk

Tansley, Natalie Vanessa

January 2007

The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.

Information resources management

Penetrační testování bezpečnosti informačních systémů / Information systems security penetration testing

Klíma, Tomáš

January 2012

The aim of this dissertation thesis is to develop new methodology of information systems penetration testing based on analysis of current methodologies and the role of penetration tests in context of IS/IT governance. Integral part of this aim is evaluation of the methodology. The first part of the thesis is devoted to the presentation of history and current state of research in selected area, definiton of basic terms and introduction of role of the penetration tests. This part is followed by the review of relevant sources and comparative study of current methodologies with a goal to identify their weaknesses. Results from this study are further used as a basis for new methodology development. Classification of IS penetration tests types and testing scenarios are also included. The second part includes design of new methodology, at first its history, structure and principles are presented, then its framework is decribed in high level of detail. In the third part the reader can find (theoretical and practical) validation. The biggest scientific contribution is the methodology itself focused on managment of penetration tests (which is the area currently not sufficiently descibed). Secondary contribution is the extensive review and the comparative analysis of current methodologies. Contribution to the economic and technical (practical) application we can mainly see in the development of new methodology which enables companies to improve management of penetration tests (especially planning, operational management and implementation of countermeasures).

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification

Urban, Petr

January 2012

This thesis is focused on the information systems; it describes the available innovations applied on the established information systems. It describes the methods that are suitable for testing the effectiveness of the information systems. The practical part includes the current state of the chosen information system of a company, further it tests the effectiveness of the information system and finally it evaluates the received information and recommends the possible changes that would lead to the higher effectiveness of the work of the information system.

Provable Protection of Confidential Data in Microkernel-Based Systems

Völp, Marcus

31 January 2011

Although modern computer systems process increasing amounts of sensitive, private, and valuable information, most of today’s operating systems (OSs) fail to protect confidential data against unauthorized disclosure over covert channels. Securing the large code bases of these OSs and checking the secured code for the absence of covert channels would come at enormous costs. Microkernels significantly reduce the necessarily trusted code. However, cost-efficient, provable confidential-data protection in microkernel-based systems is still challenging. This thesis makes two central contributions to the provable protection of confidential data against disclosure over covert channels: • A budget-enforcing, fixed-priority scheduler that provably eliminates covert timing channels in open microkernel-based systems; and • A sound control-flow-sensitive security type system for low-level operating-system code. To prevent scheduling-related timing channels, the proposed scheduler treats possibly leaking, blocked threads as if they were runnable. When it selects such a thread, it runs a higher classified budget consumer. A characterization of budget-consumer time as a blocking term makes it possible to reuse a large class of existing admission tests to determine whether the proposed scheduler can meet the real-time guarantees of all threads we envisage to run. Compared to contemporary information-flow-secure schedulers, significantly more real-time threads can be admitted for the proposed scheduler. The role of the proposed security type system is to prove those system components free of security policy violating information flows that simultaneously operate on behalf of differently classified clients. In an open microkernel-based system, these are the microkernel and the necessarily trusted multilevel servers. To reduce the complexity of the security type system, C++ operating-system code is translated into a corresponding Toy program, which in turn is complemented with calls to Toy procedures describing the side effects of interactions with the underlying hardware. Toy is a non-deterministic intermediate programming language, which I have designed specifically for this purpose. A universal lattice for shared-memory programs enables the type system to check the resulting Toy code for potentially harmful information flows, even if the security policy of the system is not known at the time of the analysis. I demonstrate the feasibility of the proposed analysis in three case studies: a virtual-memory access, L4 inter-process communication and a secure buffer cache. In addition, I prove Osvik’s countermeasure effective against AES cache side-channel attacks. To my best knowledge, this is the first security-type-system-based proof of such a countermeasure. The ability of a security type system to tolerate temporary breaches of confidentiality in lock-protected shared-memory regions turned out to be fundamental for this proof.

info:eu-repo/classification/ddc/004

ddc:004

Betriebssystem

Cryptographic Key Extraction and Neural Leakage Estimation

Bergström, Didrik

January 2024

We investigate the extraction of cryptographic keying material from nano-scale variations of digital circuit outputs by using nested polar codes and neural leakage estimators. A runtime-efficient algorithm is developed to simulate such a system. A certain family of digital circuit outputs are known to be a source of randomness that can be used as a unique identifier for each output. By generating secret keys from these unique outputs, one can apply cryptographic methods by using the secret keys as the seed. One is required to store extra helper data generated first time the outputs are measured, since there is noise in digital circuit outputs, to be able to reconstruct the same key from every measurement of the same digital circuit. The generation of the secret keys and helper data follow a nested polar code construction, and they are generated in this thesis to estimate the Shannon entropy of the secret key and secrecy leakage to a passive attacker using neural networks. The estimators used illustrate, for the first time, that the system generates secret keys of almost maximum entropy and negligible secrecy leakage for practical cryptographic systems if the digital circuit outputs can be preprocessed to obtain almost independent and identically distributed (i.i.d.) random outputs distributed according to a binary uniform distribution. The algorithm design is evaluated and improvements for lower runtime are suggested. Ideas for future research are presented.

Information theoretic security

machine learning

Shannon entropy estimation

mutual information estimation

Elektroteknik och elektronik

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Basani, Mandla

02 1900

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science)

Information security professionals,

ICT security auditors,

Regulatory officials

Framework

Role players

Information security programme

Corporate governance

IT governance

COBIT

005.80968

The governance of significant enterprise mobility security risks

Brand, Johanna Catherina

12 1900

Thesis (MComm)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous risks originate from using mobile devices for business-related tasks and most of these risks pose a significant security threat to organisations’ information. Organisations should therefore apply due care during the process of governing the significant enterprise mobility security risks to ensure an effective process to mitigate the impact of these risks. Information technology (IT) governance frameworks, -models and -standards can provide guidance during this governance process to address enterprise mobility security risks on a strategic level. Due to the existence of the IT gap these risks are not effectively governed on an operational level as the IT governance frameworks, -models and -standards do not provide enough practical guidance to govern these risks on a technical, operational level. This study provides organisations with practical, implementable guidance to apply during the process of governing these risks in order to address enterprise mobility security risks in an effective manner on both a strategic and an operational level. The guidance given to organisations by the IT governance frameworks, -models and -standards can, however, lead to the governance process being inefficient and costly. This study therefore provides an efficient and cost-effective solution, in the form of a short list of best practices, for the governance of enterprise mobility security risks on both a strategic and an operational level. / AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir sake-verwante take en meeste van hierdie risiko's hou 'n beduidende sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie risiko’s te beperk. Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op ‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke, -modelle en -standaarde nie die nodige praktiese leiding gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie. Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese, implementeerbare leiding aan organisasies wat tydens die bestuursproses van hierdie risiko’s toegepas kan word. Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, - modelle en -standaarde, kan egter tot’n ondoeltreffende en duur risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak.

Dissertations -- Accountancy

Theses -- Accountancy

Dissertations -- Computer auditing

Theses -- Computer auditing

Computer security -- Management

Mobile computing -- Security measures

Key Agreement over Wiretap Models with Non-Causal Side Information

Zibaeenejad, Ali

January 2012

The security of information is an indispensable element of a communication system when transmitted signals are vulnerable to eavesdropping. This issue is a challenging problem in a wireless network as propagated signals can be easily captured by unauthorized receivers, and so achieving a perfectly secure communication is a desire in such a wiretap channel. On the other hand, cryptographic algorithms usually lack to attain this goal due to the following restrictive assumptions made for their design. First, wiretappers basically have limited computational power and time. Second, each authorized party has often access to a reasonably large sequence of uniform random bits concealed from wiretappers. To guarantee the security of information, Information Theory (IT) offers the following two approaches based on physical-layer security. First, IT suggests using wiretap (block) codes to securely and reliably transmit messages over a noisy wiretap channel. No confidential common key is usually required for the wiretap codes. The secrecy problem investigates an optimum wiretap code that achieves the secrecy capacity of a given wiretap channel. Second, IT introduces key agreement (block) codes to exchange keys between legitimate parties over a wiretap model. The agreed keys are to be reliable, secure, and (uniformly) random, at least in an asymptotic sense, such that they can be finally employed in symmetric key cryptography for data transmission. The key agreement problem investigates an optimum key agreement code that obtains the key capacity of a given wiretap model. In this thesis, we study the key agreement problem for two wiretap models: a Discrete Memoryless (DM) model and a Gaussian model. Each model consists of a wiretap channel paralleled with an authenticated public channel. The wiretap channel is from a transmitter, called Alice, to an authorized receiver, called Bob, and to a wiretapper, called Eve. The Probability Transition Function (PTF) of the wiretap channel is controlled by a random sequence of Channel State Information (CSI), which is assumed to be non-causally available at Alice. The capacity of the public channel is C_P₁∈[0,∞) in the forward direction from Alice to Bob and C_P₂∈[0,∞) in the backward direction from Bob to Alice. For each model, the key capacity as a function of the pair (C_P₁, C_P₂) is denoted by C_K(C_P₁, C_P₂). We investigate the forward key capacity of each model, i.e., C_K(C_P₁, 0) in this thesis. We also study the key generation over the Gaussian model when Eve's channel is less noisy than Bob's. In the DM model, the wiretap channel is a Discrete Memoryless State-dependent Wiretap Channel (DM-SWC) in which Bob and Eve each may also have access to a sequence of Side Information (SI) dependent on the CSI. We establish a Lower Bound (LB) and an Upper Bound (UB) on the forward key capacity of the DM model. When the model is less noisy in Bob's favor, another UB on the forward key capacity is derived. The achievable key agreement code is asymptotically optimum as C_P₁→ ∞. For any given DM model, there also exists a finite capacity C⁰_P₁, which is determined by the DM-SWC, such that the forward key capacity is achievable if C_P₁≥ C⁰_P₁. Moreover, the key generation is saturated at capacity C_P₁= C⁰_P₁, and thus increasing the public channel capacity beyond C⁰_P₁ makes no improvement on the forward key capacity of the DM model. If the CSI is fully known at Bob in addition to Alice, C⁰_P₁=0, and so the public channel has no contribution in key generation when the public channel is in the forward direction. The achievable key agreement code of the DM model exploits both a random generator and the CSI as resources for key generation at Alice. The randomness property of channel states can be employed for key generation, and so the agreed keys depend on the CSI in general. However, a message is independent of the CSI in a secrecy problem. Hence, we justify that the forward key capacity can exceed both the main channel capacity and the secrecy capacity of the DM-SWC. In the Gaussian model, the wiretap channel is a Gaussian State-dependent Wiretap Channel (G-SWC) with Additive White Gaussian Interference (AWGI) having average power Λ. For simplicity, no side information is assumed at Bob and Eve. Bob's channel and Eve's channel suffer from Additive White Gaussian Noise (AWGN), where the correlation coefficient between noise of Bob's channel and that of Eve's channel is given by ϱ. We prove that the forward key capacity of the Gaussian model is independent of ϱ. Moreover, we establish that the forward key capacity is positive unless Eve's channel is less noisy than Bob's. We also prove that the key capacity of the Gaussian model vanishes if the G-SWC is physically degraded in Eve's favor. However, we justify that obtaining a positive key capacity is feasible even if Eve's channel is less noisy than Bob's according to our achieved LB on the key capacity for case (C_P₁, C_P₂)→ (∞, ∞). Hence, the key capacity of the Gaussian model is a function of ϱ. In this thesis, an LB on the forward key capacity of the Gaussian model is achieved. For a fixed Λ, the achievable key agreement code is optimum for any C_P₁∈[0,∞) in both low Signal-to-Interference Ratio (SIR) and high SIR regimes. We show that the forward key capacity is asymptotically independent of C_P₁ and Λ as the SIR goes to infinity, and thus the public channel and the interference have negligible contributions in key generation in the high SIR regime. On the other hand, the forward key capacity is a function of C_P₁ and Λ in the low SIR regime. Contributions of the interference and the public channel in key generation are significant in the low SIR regime that will be illustrated by simulations. The proposed key agreement code asymptotically achieves the forward key capacity of the Gaussian model for any SIR as C_P₁→ ∞. Hence, C_K(∞,0) is calculated, and it is suggested as a UB on C_K(C_P₁,0). Using simulations, we also compute the minimum required C_P₁ for which the forward key capacity is upper bounded within a given tolerance. The achievable key agreement code is designed based on a generalized version of the Dirty Paper Coding (DPC) in which transmitted signals are correlated with the CSI. The correlation coefficient is to be determined by C_P₁. In contrast to the DM model, the LB on the forward key capacity of a Gaussian model is a strictly increasing function of C_P₁ according to our simulations. This fact is an essential difference between this model and the DM model. For C_P₁=0 and a fixed Λ, the forward key capacity of the Gaussian model exceeds the main channel capacity of the G-SWC in the low SIR regime. By simulations, we show that the interference enhances key generation in the low SIR regime. In this regime, we also justify that the positive effect of the interference on the (forward) key capacity is generally more than its positive effect on the secrecy capacity of the G-SWC, while the interference has no influence on the main channel capacity of the G-SWC.

Channel with Random State

Gaussian Interference Channel

Key Capacity

Wiretap Channel

Key Agreement

Channel Coding

Information-Theoretic Security

Physical-Layer Security

Electrical and Computer Engineering

Key Agreement over Wiretap Models with Non-Causal Side Information

Zibaeenejad, Ali

January 2012

The security of information is an indispensable element of a communication system when transmitted signals are vulnerable to eavesdropping. This issue is a challenging problem in a wireless network as propagated signals can be easily captured by unauthorized receivers, and so achieving a perfectly secure communication is a desire in such a wiretap channel. On the other hand, cryptographic algorithms usually lack to attain this goal due to the following restrictive assumptions made for their design. First, wiretappers basically have limited computational power and time. Second, each authorized party has often access to a reasonably large sequence of uniform random bits concealed from wiretappers. To guarantee the security of information, Information Theory (IT) offers the following two approaches based on physical-layer security. First, IT suggests using wiretap (block) codes to securely and reliably transmit messages over a noisy wiretap channel. No confidential common key is usually required for the wiretap codes. The secrecy problem investigates an optimum wiretap code that achieves the secrecy capacity of a given wiretap channel. Second, IT introduces key agreement (block) codes to exchange keys between legitimate parties over a wiretap model. The agreed keys are to be reliable, secure, and (uniformly) random, at least in an asymptotic sense, such that they can be finally employed in symmetric key cryptography for data transmission. The key agreement problem investigates an optimum key agreement code that obtains the key capacity of a given wiretap model. In this thesis, we study the key agreement problem for two wiretap models: a Discrete Memoryless (DM) model and a Gaussian model. Each model consists of a wiretap channel paralleled with an authenticated public channel. The wiretap channel is from a transmitter, called Alice, to an authorized receiver, called Bob, and to a wiretapper, called Eve. The Probability Transition Function (PTF) of the wiretap channel is controlled by a random sequence of Channel State Information (CSI), which is assumed to be non-causally available at Alice. The capacity of the public channel is C_P₁∈[0,∞) in the forward direction from Alice to Bob and C_P₂∈[0,∞) in the backward direction from Bob to Alice. For each model, the key capacity as a function of the pair (C_P₁, C_P₂) is denoted by C_K(C_P₁, C_P₂). We investigate the forward key capacity of each model, i.e., C_K(C_P₁, 0) in this thesis. We also study the key generation over the Gaussian model when Eve's channel is less noisy than Bob's. In the DM model, the wiretap channel is a Discrete Memoryless State-dependent Wiretap Channel (DM-SWC) in which Bob and Eve each may also have access to a sequence of Side Information (SI) dependent on the CSI. We establish a Lower Bound (LB) and an Upper Bound (UB) on the forward key capacity of the DM model. When the model is less noisy in Bob's favor, another UB on the forward key capacity is derived. The achievable key agreement code is asymptotically optimum as C_P₁→ ∞. For any given DM model, there also exists a finite capacity C⁰_P₁, which is determined by the DM-SWC, such that the forward key capacity is achievable if C_P₁≥ C⁰_P₁. Moreover, the key generation is saturated at capacity C_P₁= C⁰_P₁, and thus increasing the public channel capacity beyond C⁰_P₁ makes no improvement on the forward key capacity of the DM model. If the CSI is fully known at Bob in addition to Alice, C⁰_P₁=0, and so the public channel has no contribution in key generation when the public channel is in the forward direction. The achievable key agreement code of the DM model exploits both a random generator and the CSI as resources for key generation at Alice. The randomness property of channel states can be employed for key generation, and so the agreed keys depend on the CSI in general. However, a message is independent of the CSI in a secrecy problem. Hence, we justify that the forward key capacity can exceed both the main channel capacity and the secrecy capacity of the DM-SWC. In the Gaussian model, the wiretap channel is a Gaussian State-dependent Wiretap Channel (G-SWC) with Additive White Gaussian Interference (AWGI) having average power Λ. For simplicity, no side information is assumed at Bob and Eve. Bob's channel and Eve's channel suffer from Additive White Gaussian Noise (AWGN), where the correlation coefficient between noise of Bob's channel and that of Eve's channel is given by ϱ. We prove that the forward key capacity of the Gaussian model is independent of ϱ. Moreover, we establish that the forward key capacity is positive unless Eve's channel is less noisy than Bob's. We also prove that the key capacity of the Gaussian model vanishes if the G-SWC is physically degraded in Eve's favor. However, we justify that obtaining a positive key capacity is feasible even if Eve's channel is less noisy than Bob's according to our achieved LB on the key capacity for case (C_P₁, C_P₂)→ (∞, ∞). Hence, the key capacity of the Gaussian model is a function of ϱ. In this thesis, an LB on the forward key capacity of the Gaussian model is achieved. For a fixed Λ, the achievable key agreement code is optimum for any C_P₁∈[0,∞) in both low Signal-to-Interference Ratio (SIR) and high SIR regimes. We show that the forward key capacity is asymptotically independent of C_P₁ and Λ as the SIR goes to infinity, and thus the public channel and the interference have negligible contributions in key generation in the high SIR regime. On the other hand, the forward key capacity is a function of C_P₁ and Λ in the low SIR regime. Contributions of the interference and the public channel in key generation are significant in the low SIR regime that will be illustrated by simulations. The proposed key agreement code asymptotically achieves the forward key capacity of the Gaussian model for any SIR as C_P₁→ ∞. Hence, C_K(∞,0) is calculated, and it is suggested as a UB on C_K(C_P₁,0). Using simulations, we also compute the minimum required C_P₁ for which the forward key capacity is upper bounded within a given tolerance. The achievable key agreement code is designed based on a generalized version of the Dirty Paper Coding (DPC) in which transmitted signals are correlated with the CSI. The correlation coefficient is to be determined by C_P₁. In contrast to the DM model, the LB on the forward key capacity of a Gaussian model is a strictly increasing function of C_P₁ according to our simulations. This fact is an essential difference between this model and the DM model. For C_P₁=0 and a fixed Λ, the forward key capacity of the Gaussian model exceeds the main channel capacity of the G-SWC in the low SIR regime. By simulations, we show that the interference enhances key generation in the low SIR regime. In this regime, we also justify that the positive effect of the interference on the (forward) key capacity is generally more than its positive effect on the secrecy capacity of the G-SWC, while the interference has no influence on the main channel capacity of the G-SWC.

Channel with Random State

Gaussian Interference Channel

Key Capacity

Wiretap Channel

Key Agreement

Channel Coding

Information-Theoretic Security

Physical-Layer Security

Electrical and Computer Engineering