Secure Remote Access to Telemetry: A Study in How to Allow Remote Access to Satellite Telemetry Data

McClinton, Arthur T., Jr.

10 1900

ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / The need to allow remote access to telemetry data from closed networks has long existed. To ensure the correct engineers are available for anomaly resolution, NOAA developed the Secure Remote Access Server (SRAS) to allow transfer of satellite telemetry to an external secure server. SRAS uses one-way links to protect the ground system and secure communications for all communications with the user. After the SRAS was developed, a similar system was developed to support file transfers. This paper provides an overview of these systems and lessons learned in the development of one-way fiber systems.

secure remote access

one-way link

OWL

Inside stories : children in secure accommodation; a gendered exploration of locked institutional care for children in trouble

O'Neill, Teresa

January 1998

No description available.

150

Crossing the 'threshold of risk' : a study of local secure accommodation decision making in Scotland

Roesch-Marsh, Autumn Ellen

January 2011

Secure accommodation is locked residential child care for children, usually under the age of 16, who may represent a risk to themselves and/ or others. This thesis examines the findings of a study into decision making processes which determine the provision and legitimacy of secure accommodation for young people in one local authority area in Scotland. The thesis begins by investigating the legislative and policy context, arguing that policy confusion in this area means secure accommodation is likely to face an uncertain future. It goes on to provide an overview of relevant research and contends that there is a need to better understand the processes and factors influencing local decision making. The case study methodology employed is explicated which included the use of interviews, questionnaires, observations, and focus groups in order to gain the perspectives of managers, social workers, children’s panel members, residential workers and young people. The thesis explores the range of factors which were found to influence local decision makers including: their role in the decision making system and the operation of that system; their use of legislation and guidance; their subjective understanding of risk and risk assessment; their personal and collective ‘thresholds of risk’ which were linked to ideas about gender, age and vulnerability; the quality of ‘evidence’ about risks and needs which was influenced by who and how this ‘evidence’ of risk was presented; available resources and perceptions about the suitability of those resources to meet the needs of particular young people and the resident group already in secure placement. Participant conceptualisations of risk are analysed. In contrast to adult decision makers, this thesis demonstrates that young people often understand their own ‘risky’ behaviour as an attempt to communicate with social work systems within which they feel disempowered. The thesis concludes by making a number of recommendations for improvements to decision making policy and practice, including the need for greater transparency in relation to decision making systems and processes and more opportunities for service user participation at every level of local decision making.

361

Dual Function Transponder: A Data Link for the Next Generation

DeViso, Hans, Troth, Bill

10 1900

International Telemetering Conference Proceedings / October 17-20, 1994 / Town & Country Hotel and Conference Center, San Diego, California / Future U.S. Navy at-sea and littoral battle group training range instrumentation requires a new, secure, high data rate link This link must be capable of providing the ranges with the capacity to increase the number of players, increase the amount of threat simulation, and allow an improved Global Positioning System (GPS) based position tracking system to be implemented This paper describes a Dual Function Transponder (DFT) capable of operating on any R-CUBED (Relay, Reporter, Responder) based range as well as any TACTS/ACMI range without modification of either range type. In addition, the DFT provides a new increased data rate capability for use by planned future ranges, enabling a dramatic increase in the number of participants as well as significantly increasing the quantity of data that can be communicated by each player. Miniaturization and programmability are the keys to this development and many of the methods used are described.

Training

Range

Instrumentation

Secure Communications

GPS Positioning

Um mecanismo para distribuição segura de vídeo MPEG. / A mechanism for secure MPEG video distribution.

Margi, Cíntia Borges

20 December 2000

Com a evolução das aplicações disponíveis na Internet, o uso de multimídia torna-se cada vez mais comum. Dentro deste contexto, o vídeo está sendo cada vez mais utilizado, principalmente com conteúdos valiosos, como é o caso do ensino a distância, às vezes com fins comerciais. Assim, a discussão dos aspectos de segurança envolvidos torna-se um assunto muito importante. Este trabalho tem como objetivo levantar os principais aspectos envolvidos na distribuição segura de material multimídia, mais especificamente de vídeo MPEG, propor um mecanismo de distribuição e reprodução de vídeos MPEG que atenda a estes requisitos, e demonstrar a sua viabilidade. Para identificar os requisitos de segurança necessários ao mecanismo proposto, este trabalho faz uma análise dos diversos métodos de criptografia para vídeos MPEG propostos em outros centros de pesquisa. A partir dos principais requisitos, um mecanismo para distribuição segura de vídeo MPEG é proposto. Este mecanismo consiste de um visualizador, o S/Viewer, de um servidor de vídeo, o S/Server, e de um protocolo para a comunicação entre ambos. Após a especificação do mecanismo proposto, a sua viabilidade pode ser verificada através da implementação do protótipo. / With the evolution of the Internet applications, the use of multimedia is even more common. In this context, video is being much used, mainly with valuable contents, as distance learning, sometimes in a commercial environment. So, discussing security characteristics becomes an important issue. This work has as goals to identify the main characteristics in secure multimedia distribution, mainly video MPEG, propose a mechanism for MPEG video distribution and reproduction that agree with these requirements, and demonstrate its viability. In order to identify these security requirements, an analysis from several encryption methods developed in other research center is done. From these requirements, \"A Secure Video Distribution Mechanism\" is proposed. A player, S/Viewer, the server, S/Server, and the communication protocol between them compose this mechanism. After the specification, its viability can be verified with the prototype implementation.

Multimídia (Segurança)

Protocols

Secure

Vídeo

Video distribution

Um mecanismo para distribuição segura de vídeo MPEG. / A mechanism for secure MPEG video distribution.

Cíntia Borges Margi

20 December 2000

Com a evolução das aplicações disponíveis na Internet, o uso de multimídia torna-se cada vez mais comum. Dentro deste contexto, o vídeo está sendo cada vez mais utilizado, principalmente com conteúdos valiosos, como é o caso do ensino a distância, às vezes com fins comerciais. Assim, a discussão dos aspectos de segurança envolvidos torna-se um assunto muito importante. Este trabalho tem como objetivo levantar os principais aspectos envolvidos na distribuição segura de material multimídia, mais especificamente de vídeo MPEG, propor um mecanismo de distribuição e reprodução de vídeos MPEG que atenda a estes requisitos, e demonstrar a sua viabilidade. Para identificar os requisitos de segurança necessários ao mecanismo proposto, este trabalho faz uma análise dos diversos métodos de criptografia para vídeos MPEG propostos em outros centros de pesquisa. A partir dos principais requisitos, um mecanismo para distribuição segura de vídeo MPEG é proposto. Este mecanismo consiste de um visualizador, o S/Viewer, de um servidor de vídeo, o S/Server, e de um protocolo para a comunicação entre ambos. Após a especificação do mecanismo proposto, a sua viabilidade pode ser verificada através da implementação do protótipo. / With the evolution of the Internet applications, the use of multimedia is even more common. In this context, video is being much used, mainly with valuable contents, as distance learning, sometimes in a commercial environment. So, discussing security characteristics becomes an important issue. This work has as goals to identify the main characteristics in secure multimedia distribution, mainly video MPEG, propose a mechanism for MPEG video distribution and reproduction that agree with these requirements, and demonstrate its viability. In order to identify these security requirements, an analysis from several encryption methods developed in other research center is done. From these requirements, \"A Secure Video Distribution Mechanism\" is proposed. A player, S/Viewer, the server, S/Server, and the communication protocol between them compose this mechanism. After the specification, its viability can be verified with the prototype implementation.

Multimídia (Segurança)

Vídeo

Protocols

Secure

Video distribution

Secure Mobile Service-Oriented Architecture

Zhang, Feng

January 2012

Mobile transactions have been in development for around ten years. More and more initiatives and efforts are invested in this area resulting in dramatic and rapid development and deployment of mobile technologies and applications. However, there are still many issues that hinder wider deployment and acceptance of mobile systems, especially those handling serious and sensitive mobile transactions. One of the most important of them is security.This dissertation is focused on security architecture for mobile environments. Research issues addressed in this dissertation are based on three currently important groups of problems: a) lack of an open, comprehensive, adaptable and secure infrastructure for mobile services and applications; b) lack of standardized solutions for secure mobile transactions, compliant with various regulatory and user requirements and applicable to different types of popular mobile devices and hardware/software mobile platforms; and c) resource limitations of mobile devices and mobile networks.The main contribution of this dissertation is large-scale, secure service-oriented architecture for mobile environments. The architecture structures secure mobile transaction systems into seven layers, called trusted stack, which is equivalent to ISO/OSI layered networking model. These layers are, starting from the bottom: 1) secure element (chip) layer, 2) applets layer, 3) middleware layer, 4) mobile applications layer, 5) communication layer, 6) services broker layer, and 7) mobile service provider layer. These seven layers include all necessary components required for implementation and operations of secure mobile transaction systems and therefore provide a framework for designing and implementing such systems.Besides the architecture, four types of security services necessary and critical for serious mobile transactions, have also been designed and described in the dissertation. These services are: (1) mobile registration and identity management; (2) mobile PKI; (3) mobile authentication and authorization; and (4) secure messaging. These services are lightweight, therefore suitable for mobile environments, technologies and applications, and also compliant with existing Internet security standards.Finally, as the proof of correctness of the proposed concept and methodology, a prototype system was also developed based on the designed security architecture. The system provides comprehensive security services mentioned above to several types of mobile services providers: mobile banking, mobile commerce, mobile ticketing, and mobile parking. These types of providers have been selected only as currently the most popular and representative, since the architecture is applicable to any other type of mobile service providers.

Secure

Mobile

Service-Oriented Architecture (SOA)

A General Framework for Multiparty Computations

Reistad, Tord Ingolf

January 2012

Multiparty computation is a computation between multiple players which want to compute a common function based on private input. It was first proposed over 20 years ago and has since matured into a well established science. The goal of this thesis has been to develop efficient protocols for different operations used in multiparty computation and to propose uses for multiparty computation in real world systems. This thesis therefore gives the reader an overview of multiparty computation from the simplest primitives to the current state of software frameworks for multiparty computation, and provides ideas for future applications. Included in this thesis is a proposed model of multiparty computation based on a model of communication complexity. This model provides a good foundation for the included papers and for measuring the efficiency of multiparty computation protocols. In addition to this model, a more practical approach is also included, which examines different secret sharing schemes and how they are used as building blocks for basic multiparty computation operations. This thesis identifies five basic multiparty computation operations: sharing, recombining, addition, multiplication and negation, and shows how these five operations can be used to create more complex operations. In particular two operations “less-than” and “bitwise decomposition” are examined in detail in the included papers. “less-than” performs the “<” operator on two secret shared values with a secret shared result and “bitwise decomposition” takes a secret shared value and transforms it into a vector of secret shared bitwise values. The overall goal of this thesis has been to create efficient methods for multiparty computation so that it might be used for practical applications in the future.

Secure multiparty computation

distributed systems

secret sharing

Information-Theoretically Secure Communication Under Channel Uncertainty

Ly, Hung Dinh

2012 May 1900

Secure communication under channel uncertainty is an important and challenging problem in physical-layer security and cryptography. In this dissertation, we take a fundamental information-theoretic view at three concrete settings and use them to shed insight into efficient secure communication techniques for different scenarios under channel uncertainty. First, a multi-input multi-output (MIMO) Gaussian broadcast channel with two receivers and two messages: a common message intended for both receivers (i.e., channel uncertainty for decoding the common message at the receivers) and a confidential message intended for one of the receivers but needing to be kept asymptotically perfectly secret from the other is considered. A matrix characterization of the secrecy capacity region is established via a channel-enhancement argument and an extremal entropy inequality previously established for characterizing the capacity region of a degraded compound MIMO Gaussian broadcast channel. Second, a multilevel security wiretap channel where there is one possible realization for the legitimate receiver channel but multiple possible realizations for the eavesdropper channel (i.e., channel uncertainty at the eavesdropper) is considered. A coding scheme is designed such that the number of secure bits delivered to the legitimate receiver depends on the actual realization of the eavesdropper channel. More specifically, when the eavesdropper channel realization is weak, all bits delivered to the legitimate receiver need to be secure. In addition, when the eavesdropper channel realization is strong, a prescribed part of the bits needs to remain secure. We call such codes security embedding codes, referring to the fact that high-security bits are now embedded into the low-security ones. We show that the key to achieving efficient security embedding is to jointly encode the low-security and high-security bits. In particular, the low-security bits can be used as (part of) the transmitter randomness to protect the high-security ones. Finally, motivated by the recent interest in building secure, robust and efficient distributed information storage systems, the problem of secure symmetrical multilevel diversity coding (S-SMDC) is considered. This is a setting where there are channel uncertainties at both the legitimate receiver and the eavesdropper. The problem of encoding individual sources is first studied. A precise characterization of the entire admissible rate region is established via a connection to the problem of secure coding over a three-layer wiretap network and utilizing some basic polyhedral structure of the admissible rate region. Building on this result, it is then shown that the simple coding strategy of separately encoding individual sources at the encoders can achieve the minimum sum rate for the general S-SMDC problem.

Channel uncertainty

secure communication

MIMO secure communication

security embedding

secure distributed storage systems

physical-layer security

Key Management for Secure Group Communications with Heterogeneous Users in Wireless Networks

Chiang, Yi-tai

25 July 2007

The key update cost is an important parameter of the performance evaluation of the secure group communications in the wireless networks. It is a very public issue to reduce the key update cost. In the tree-based multicast key management scheme, a user is randomly assigned to one of the all leaf nodes. In this thesis, we divide the users into two groups which are new call users and handoff call users. Then, we propose that new call users are assigned to some of the special leaf nodes in the key tree and the handoff call users are assigned to others. This scheme is called class-based multicast key management scheme. We analyze this two multicast key management schemes for secure group communications. This thesis shows that class-based scheme could reduce the key update cost in some special case.

Secure Group Communications

Centralized Key Management