Message Authentication Code Based On Parikh Matrices
by Adrian ATANASIU, Radu ATANASIU
Faculty of Mathematics and Computer Science,
Bucharest University
Romania
aadrian[at]gmail.com, radu19[at]yahoo.com
Abstract: Using the Parikh matrix mapping associated to a binary sequence, together with the Israil morphism, the authors are proposing the construction of a MAC for messages authentication. Although almost all tests have been performed for multimedia files (jpeg and mp3), this MAC may be also well used with other types of messages.
Statistical Cryptanalytics Techniques and New Methods of Test Results Integration
by Emil SIMION, Gheorghe SIMION, Andrei-George OPRINA
Institute of Mathematics ”Simion Stoilow” of the Romanian Academy, University Politehnica of Bucharest,
Romania,
esimion[at]fmi.unibuc.ro, gheorghesimion[at]hotmail.com, oandrei22[at]yahoo.com
Abstract:This paper presents some useful testing procedures for identification of the language used in plain text version of a cipher text and also the cryptographic system used. The procedures are based only on the knowledge of the cipher text and the tests identifies substitution (monographic and polygraphic) systems, transpositions systems and polyalphabetic ciphers. The tests functions are universal and can be easy applied to other types of ciphers systems. Also in the final of the paper we present some new methods of statistical tests integrations.
A Study about Biometric Encoding Systems
by Ioana LIVADARIU, Victor-Valeriu PATRICIU, Anas Abou El Kalam
Military Technical Academy, Military Techinical Academy, INP Toulouse
Romania, France
ilivadariu[at]mta.ro, vip[at]mta.ro
Abstract:Biometric systems offer, probably, one of the best security system; but these system are not without flaws. One of these is represented by the possibility of an intrusion attack on the biometric database. By compromising the database, all of the biometric templates will be compromised too. One solution for these problems is offered by fuzzy cryptography. Our paper studies and ameliorates a bio-encoding system.
Secure Architecture for E-Money Transfer – SA4EMT
by Cristian TOMA
Faculty of Cybernetics and Economic Informatics
Academy of Economic Studies Bucharest,
Romania
cristian.toma[at]ie.ase.ro
Abstract: The paper presents a secure architecture used for e-coins transfer between electronic wallets. Because the architecture is used in GSM networks, the first part of the paper highlights the security issues in GSM networks. The second part shows the proposed architectures and the protocol used in e-money transfer.
Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks
by Mihai-Lica PURA, Victor-Valeriu PATRICIU
Military Electronic and Informatics Systems Faculty
Military Technical Academy
Romania
puramihai[at]yahoo.com, vip[at]mta.ro
Abstract: Ad hoc networks are a relative new technology build with the need for ubiquitous connectivity in mind. All the things around us are coming to life. They are being equipped with computing and communication devices. But for this equipment to achieve its goals, interconnectivity is needed. Here is where ad hoc networks come into place, offering communications with out any preinstalled infrastructure. Here is where security comes into place too, because the data exchanged has to be made safe. In common networks, security is assured using PKI. Are classic solutions suitable for this new type of network?
DC++ and DDoS Attacks
by Adrian FURTUNA
Computer Science Department
Military Technical Academy
Romania
adif2k8[at]google.com
Abstract: The usage of peer-to-peer networks in massive distributed denial of service attacks is well known since the beginning of year 2007 when this kind of attack has often been observed against many public servers. At the date of this article’s writing (July 2008) there were not so frequent DC++ generated DDoS attacks reported. But the big danger still remains because a great number of the DC++ hubs around the world are owned by people whose ethics is questionable and who could (any time) generate such an attack. This article discusses in great depth the anatomy of a DC++ based DDoS attack and shows some measures that could be used to defend against it, including a tool to detect the attacker hubs. The ideas presented in this article are based on practical experience during a confrontation with this type of attack.
N-Tier Distributed Applications Dependable Construction
by Cosmin TOMOZEI
Department of Mathematics and Computer Science
University of Bacău,
Romania
cosmin.tomozei[at]ub.ro
Abstract: This paper’s purpose is to expose the results of the research made regarding distributed systems dependability and disseminate partial results, gathered by the author as a member in the Distributed Systems Research Team, at the Mathematics and Computer Science Department in Bacau State University, Romania. Trustworthy distributed software applications are built having in consideration software engineering and reengineering techniques, in order to fulfil the objectives with least errors and disagreements between objectives and results
Security Benefits of Cloud Computing
by Felician ALECU
Economy Informatics Department
Academy of Economic Studies, Bucharest,
Romania
alecu.felician[at]ie.ase.ro
Abstract: The nature of the Internet is dramatically changing, from a place used to surf the Web to an environment that allows running software applications. Simply speaking, the cloud means the Internet. The term is derived from the way in which the Internet is represented into the network diagrams. . Cloud computing is a paradigm that incorporates the concept of software as a service. This means the software and data are stored on servers that can be accessed over the Internet. Google Apps, for example, is a free service that can be used to make the first step to the cloud. In these conditions, the security of data and applications becomes a very major issue. Fortunately, there are a lot of security benefits that make the cloud computing very attractive.
An Adaptive Authorization Model Based On RBAC
by Radu CONSTANTINESCU and Lucian CORLAN
Academy of Economic Studies, Business Informatics Dept.,
UTI Group, R&D Dept,
Romania
radu.constantinescu[at]ie.ase.ro,lcorlan[at]gmail.com
Abstract: In the article we present a data model and a possible implementation suited to allow proper access control in a system. In order to do that, we started from the extended RBAC model which is focused on roles which are associated to different functions existing in the system. The access control is implemented not just for some application’s functionalities but also for granulated data details, like data attributes.
Pool-site E-voting Security
by Ciprian STANICA-EZEANU
Cybernetics and Economic Informatics Faculty,
The Bucharest Academy of Economic Studies,
Romania
cystanica[at]yahoo.com
Abstract: The aim of this paper is to present e-voting procedure describing its advantages and disadvantages. Conventional security measures such as firewalls or SSL communications are necessary but not sufficient to guarantee the specific security requirements of e-voting. Besides these conventional security measures, it is also necessary to implement an additional layer of specialized security technology to address the specific risks posed by electronic voting and guarantee critical security requirements such as voters’ privacy, vote integrity and voter-verifiability. Analyzing the security of Diebold AccuVote-TS voting machine it was observed the vulnerabilities of this machine to different classes of attacks like: vote-stealing attack, Denial-of-Service (DoS) attack and injecting attack code.
Framework for Compilers’ Security Audit
by Marius POPA
Department of Computer Science in Economics
Academy of Economic Studies, Bucharest,
Romania
marius.popa[at]ase.ro
Abstract: Information systems are complex constructions. The software is an important part of such systems. The software is developed with special and complex informatics applications called compilers. At present, compilers are included in IDEs – Integrated Development Environments together with other tools to develop complex and performance software. To assure a high-level of the quality for information systems, it must be deployed audit processes on tools that help in the development process. The paper describes the main characteristics of the audit processes, compilers, vulnerabilities of such kind of software and how the audit process helps to prevent the vulnerability exploitation.
Secure Mobile Architecture for E-Signature of Documents – SMA4ESD
by Cristian TOMA, Mihai DOINEA
Faculty of Cybernetics and Economic Informatics
Academy of Economic Studies Bucharest,
Romania
cristian.toma[at]ie.ase.ro, mihai.doinea[at]ie.ase.ro
Abstract: The prerequisites tests before the mobile architecture for e-signature were to develop an application for digitally signature of PDF files (invoices, corporate papers and documents) using JCOP smart card and Java web applet technology. After these tests are ok, the host application have been transformed in a MIDlet (app for Mobile Phones – see the mobile section in this book) and the JCOP smart card application have been transformed into SIM application (see smart card sections from this book). The interaction between MIDlet and SIM application has been realized with JSR 177 specifications.
Mobile Application Security Frameworks
by Cristian TOMA, Catalin BOJA
Faculty of Cybernetics and Economic Informatics
Academy of Economic Studies Bucharest,
Romania
cristian.toma[at]ie.ase.ro, catalin.boja[at]ie.ase.ro
Abstract: The paper presents various security frameworks used for mobile application deployment in a secure manner. The two most important architectures are analyzed. First is the architecture from Symbian and the second the one proposed for the Java Micro Edition Platform. Both of them are used in real applicpions distributions since 2007.
The Data Vulnerability at The Workstation
by Emil BURTESCU
University of Pitesti,
Romania
emil.burtescu[at]yahoo.com
Abstract: The data vulnerability analysis at a work station represents the final stage in security risk analysis. This has as a main element the employee and his interaction with the assets of the company. The corporations that want an efficient analysis of the risk and an effective management don’t have to ignore the landing from a subjective point of view of the data security.
Quality Of The Data Obtained In The Acquisition Process
Adrian Grigorovici, Ion Ivan, Gheorghe Noşca
Department Computer Science in Economics
Academy of Economic Studies, Bucharest,
Romania
ionivan[at]ase.ro
Abstract: Defining the data quality concept. Building a data acquisition system and identifying acquisition processes. Developing the data quality control system. Establishing the risks and errors that affect the acquired data quality.
Key Management In A Transparent Database Encryption Environment
by Stefan OLARU
Faculty of Economic Cybernetics, Statistics and Informatics
The Bucharest Academy of Economic Studies
Romania
stefan4[at]gmail.com
Abstract: Database management systems (DBMS) today, are widely used in a distributed environment for better scalability and better performance in terms of responding to queries and modifying stored data. An important security feature for database security is the encryption feature. Scrambling the stored data is crucial for keeping it out of unauthorized access. Each DBMS has its own tool for managing the keys used to encrypt data. This paper presents and analysis the methods used by DBMS for managing encryption keys and the available, more efficient, third party solutions.
Principles of IT Risk Management and Assurance
by Nicoleta Stanciu
Romania
nicoleta_stanciu[at]yahoo.com
Abstract: In this article are briefly presented you risk management methodology, principles, concepts, process of risk management methodology. There are presented risk assessment, risk treatment, risk management plan.
The Role of an Information Security Management System (ISMS)
by Dan Constantin TOFAN
Bucharest Academy of Economic Studies,
Romania
tofandan[at]yahoo.com
Abstract: The scope of an information security management system (ISMS) for an organization is to design, implement and maintain a coherent suite of processes and systems for effectively managing information accessibility, thus ensuring the confidentiality, integrity and availability of information assets and minimizing information security risks. An ISMS is a formal, controlled set of processes and procedures dealing with the management of information security within an organization. The implementation of an ISMS is a key step that any organization in possession of valuable information assets should consider. This article offers an overview of the implementation process, and explains the benefits of an ISMS.
Risk Management & Risk Assessment Methods. EBIOS Method
by Dan Constantin TOFAN
Bucharest Academy of Economic Studies,
Romania
tofandan[at]yahoo.com
Abstract: This article offers a perspective of what risk management means to an organization. It also refers to a special phase of the risk management process – risk assessment. After an introduction to the risk management domain a RM&RA method is explicitly described – EBIOS. The method completed by a free software tool represents an approach for assessing and treating risks in the field of information systems security.