Spelling suggestions: "subject:"forminformation security"" "subject:"informationation security""
171 |
Fair Transaction Protocols Based on Electronic CashLiang, Yu-kuang 25 July 2005 (has links)
Due to the growing interest in electronic commerce, more and more transactions now happen online. Thus, fair transactions between customers and merchants are getting important. To gain the fairness of the exchange of digital items, fair exchange protocols have been proposed and well studied. Most of the traditional fair exchange protocols are concerned about the exchange of digital items, such as digital signatures, contracts, and documents. Recently, researchers pay attention to the exchange of digital goods along with electronic cash, and have proposed some fair transaction protocols based on electronic cash.
To buy digital contents via electronic cash through network, the anonymity property as traditional cash possesses must be guaranteed. It means that the payment information of the customer cannot be revealed to anyone else including the trusted third party (TTP) who helps the customer and the merchant with resolving possible disputes in the protocol.
Since the customer and the merchant may not trust each other in an electronic transaction. In a fair exchange protocol, a TTP is employed to achieve true fairness. An on-line TTP has to take part in all transactions while they are proceeding. Despite it can gain true fairness, it is inefficient due to on-line interaction with the TTP. On the other hand, an off-line TTP does not need to join in the transaction protocol in normal cases. Instead, it participates in the protocol only when disputes happen. It is efficient and fair, and more feasible in practical situations.
In this thesis, we propose a fair transaction protocol based on electronic cash. With the extended research on electronic cash, we have designed a fair transaction protocol that is suitable for any electronic cash system. By using an off-line TTP, the protocol is more efficient and practical. Furthermore, payment information of the customer cannot be known to anyone else including the TTP, and thus, the anonymity of the customer is protected completely in our protocol.
|
172 |
Customer Efficient Electronic Cash ProtocolsLin, Bo-Wei 27 July 2005 (has links)
The technology of electronic cash makes it possible to transmit digital money over communication networks during electronic transactions. Owing to the untraceability and unforgeability properties, electronic cash can protect the privacy of customers and guarantee the security of payments in the transactions. This manuscript introduces an efficient electronic cash protocol where it only requires minimal storage for each customer to withdraw w dollars from the bank and spend the w dollars in a sequence of transactions. Compared with traditional electronic cash protocols, the proposed method greatly reduces not only the storage required for the customers but the communication traffic in the transactions as well. Furthermore, the computation cost of the entire protocol is lower than the traditional ones and it also achieves the customer efficiency property. It turns out that the proposed protocol is much more suitable for the storage-limited or hardware-limited environments, such as smart card computing or mobile commerce, than the traditional electronic cash protocols in a sequence of payments. In addition, we examine the security of the proposed electronic cash protocol from the customer¡¦s, the shop¡¦s, and the bank¡¦s points of view, respectively. Since the proposed protocol is based on a generic partially blind signature scheme, it can be implemented by any partially blind signature scheme as long as it is secure and user efficient.
|
173 |
Uncoercible Anonymous Electronic Voting SystemSun, Wei-zhe 25 July 2006 (has links)
Due to convenience and efficiency, electronic voting (e-voting) techniques gradually replace traditional paper-based voting activities in some developed countries. A secure anonymous e-voting system has to satisfy many properties, such as completeness, tally correctness, and uncoercibility, where the uncoercibility property is the most difficult one to be achieved. Since each voter can obtain a voting receipt in an electronic voting system, coercion and bribe (vote-buying and vote-selling are included) become more and more serious in electronic voting environments than traditional paper-based voting environments. Unfortunately, most of the solutions, like receipt-freeness or untappable channels, proposed in the literature, are impractical owing to lack of efficiency or too complicated to be implemented. It will make uncoercible e-voting systems unacceptable by the people. In order to cope with the drawbacks of the previous schemes, this thesis will present a generic idea, which is independent of the underlying cryptographic components, on electronic voting to achieve the uncoercibility property and other requirements. The proposed method is an efficient and quite practical solution to match the current environments of electronic voting.
|
174 |
A Study of Information Security for Computerized Process ControlChen, Pao-Tien 12 June 2008 (has links)
In manufacturing industrial, for example, petrochemical plant, the promotion of technology makes manufacturing process computerization to be possible. The systems which control the manufacturing process are called Process Control System. Enterprises introduce the projects of process improvement to reduce the operation cost and enhance the product quality. It is necessary to have comprehensive information and technology to support the success of project for process improvement. Thus, it is a trend to setup the connections among Process Control Network, Process Information Network and Intranet. Due to the connections among networks, Process Control System is facing the threats of computer viruses, worms, attackers, and other malicious codes. Process Control System controls the manufacturing process base on the instructions issued from operators to maintain plant operations in a safe condition. Process Control System is the kernel of process operations. If Process Control System is being attacked or infected by computer viruses, the impacts would be the disclosure of critical business information, the failure of servers/workstations for monitoring process, or Process Control System fails totally that result in the plant operations with risky. The worst case would be an incident about pollution of environment, explosion, properties destroyed, or life lost. Therefore, enterprise should focus on reinforcing the information security mechanism of Process Control System to ensure plant operations reliably and safely.
The objectives of this study are: a) To realize the challenges and threats that Process Control System is facing by the way of literature review. b) To discuss information security management related issues and resolutions of Process Control System base on physical, network, and servers respectively. c) To discuss the efficiency of the model of information security management that has been implemented in the enterprise. d) To make this study as a reference for related industries.
|
175 |
Information Security Risk Assessment Model ¡V A Case Study of a Semiconductor Assembly CompanyHu, Ruei-shian 30 July 2008 (has links)
The information security incidents have most often been reported. The loss of enterprise operation is more and more serious because of information security incidents. There are more and more operation risks happening inside the enterprise because of such informational and electronic transformation. Consequently, the requirement to have an effective management framework of information security is more and more urgent.
The research adopts the international standard ISO 27001 as the foundation of the information security management framework. And then, risk assessment is the main process of the informational security management framework. This process includes five stages: identification and classification of information assets, value evaluation of information assets, vulnerability assessment of information assets, threats assessment of information assets, and measurement of information security risks. The operational definition, implementation steps and measurement of the information security risks are worked out through review of relevant literature and interview with experts in the semiconductor assembly company. Finally, the experts of the consulting firm of the informational security are entrusted to verify the availability of the model. The result of this informational security risk assessment model will be used as the basis for future improvement.
It is hoped that this research can offer a guideline for the information security risk assessment suitable for the semiconductor company and can be used as a reference for internal auditors and management.
|
176 |
En undersökning kring informationssäkerhet i datalager : En litteratur- och fältstudieCrnic, Enes January 2010 (has links)
<p>Allt hårdare konkurrens har medfört att det är desto viktigare att beslutsansvariga i ett företag fattar snabba och korrekta beslut. För att förbättra och effektivisera beslutsfattandet och samtidigt skapa sig fördelar i förhållande till marknadskonkurrenterna, kan beslutsansvariga använda sig av ett datalager. Datalagret kan genom enorma mängder data som är insamlade från ett stort antal olika system, generera stora fördelar för ett företag. Men detta gäller dock endast under förutsättningen att datalagret är skyddat på ett lämpligt vis. Syftet med studien är att undersöka vilka lämpliga skyddsåtgärder som kan användas för att uppnå och bibehålla ett säkert datalager.<em> </em>För att besvara frågeställningen genomfördes en litteraturstudie och två intervjuer med företag som använder sig av datalager. Resultatet av den teoretiska undersökningen visar att fyra administrativa och fem logiska skyddsåtgärder är lämpliga att användas i syfte med att uppnå och bibehålla god informationssäkerhet i ett datalager. Den empiriska undersökningen bekräftar det sistnämnda, dock med vissa undantag.</p>
|
177 |
Assessment of Enterprise Information Security : - How to make it Credible and EfficientJohansson, Erik January 2005 (has links)
<p>Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.</p><p>This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.</p><p>The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.</p><p>The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.</p><p>It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.</p><p>The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.</p><p>The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.</p><p>The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.</p>
|
178 |
Low-complexity methods for image and video watermarkingCoria Mendoza, Lino Evgueni 05 1900 (has links)
For digital media, the risk of piracy is aggravated by the ease to copy and distribute the content. Watermarking has become the technology of choice for discouraging people from creating illegal copies of digital content. Watermarking is the practice of imperceptibly altering the media content by embedding a message, which can be used to identify the owner of that content. A watermark message can also be a set of instructions for the display equipment, providing information about the content’s usage restrictions. Several applications are considered and three watermarking solutions are provided.
First, applications such as owner identification, proof of ownership, and digital fingerprinting are considered and a fast content-dependent image watermarking method is proposed. The scheme offers a high degree of robustness against distortions, mainly additive noise, scaling, low-pass filtering, and lossy compression. This method also requires a small amount of computations. The method generates a set of evenly distributed codewords that are constructed via an iterative algorithm. Every message bit is represented by one of these codewords and is then embedded in one of the image’s 8 × 8 pixel blocks. The information in that particular block is used in the embedding so as to ensure robustness and image fidelity.
Two watermarking schemes designed to prevent theatre camcorder piracy are also presented. In these methods, the video is watermarked so that its display is not permitted if a compliant video player detects the watermark. A watermark that is robust to geometric distortions (rotation, scaling, cropping) and lossy compression is required in order to block access to media content that has been recorded with a camera inside a movie theatre. The proposed algorithms take advantage of the properties of the dual-tree complex wavelet transform (DT CWT). This transform offers the advantages of both the regular and the complex wavelets (perfect reconstruction, approximate shift invariance and good directional selectivity). Our methods use these characteristics to create watermarks that are robust to geometric distortions and lossy compression. The proposed schemes are simple to implement and outperform comparable methods when tested against geometric distortions.
|
179 |
Elektroninių paslaugų informacijos saugumo politika valstybinėje mokesčių inspekcijoje / Data Security Policy of Electronic Services in the State Tax InspectoratePtakauskas, Vytautas 17 May 2005 (has links)
The European Committee introduced Action project „e Europe 2005: an information society for all” settled a cause for EU countries to encourage on-line public service (e. government, e. health security and e. business) and to develop secure telecommunication facility. Secure e. public service implementation is a keystone and for Lithuania Government which has confirmed an e-Government Conception.
Then we talk about information security we often talk only about technological, technical and with programs security their advantages and disadvantages related problems. Actually that is one of the reasons why it is not given enough attention to organization implements such us policy of information security, its conception and tactic of development or security of information resources and etc. The main goal of this work is to define the basic requirements which are necessary to follow if we want in our organization to encourage the development of information security system which would guarantee secure e. public services for taxpayers. The determination of principals and purposes of this system will let us guarantee information confidentiality, entity and accessibility.
A hypothesis at the end was certified - the crucial factors such us understanding the subsequences of information destruction or creation of information security culture, will let State Tax Inspectorate (STI) to achieve the successful system of information security and save e. public services. According to... [to full text]
|
180 |
Informacijos saugumo valdymas X organizacijoje / Management of Information Security in X OrganizationKranauskienė, Regina 18 May 2005 (has links)
In 2001, the Lithuanian Government, considering EU’s eEurope 2005 and eEurope+ Action Plans, approved Lithuania’s strategic plan of information society development, which set a goal to ensure the IT security at public institutions and offices. The same year saw the State’s strategy of technological security approved, which enforced legal regulation of general data security requirements. On December 31st, 2002, the General data security requirements treat information security policy as a sum of different documents (rules and detailed instructions), while commercial IT providers offer organizations only one general document of IT security policy, which reflects ISO/IEC standard 17799 word-to-word, but is not approvable by the order of organization’s head. Therefore the problem is how to use projects prepared by commercial companies, meet the accepted standards and, without contradicting the existing legal acts, create the organization’s security management structure, plus approve the information security policy or rules, usable by organization’s heads and staff. This written work is aimed to analyze Lithuanian and EU legal requirements for information security at public administration institutions and present the student‘s own suggestions on the desirable ideal of organization‘s information security management structure, strategy and policies; administrative, organizational and technological tools of bringing these policies‘ to reality.
|
Page generated in 0.1045 seconds