An Algorithm for Synthesis of Convolutional Codes

by Adriana BORODZHIEVA, Valentin MUTKOV, Aleksandar MILEV

University of Ruse “Angel Kanchev”,
University of Shumen “Bishop Konstantin Preslavsky”,
BULGARIA
aborodjieva[at]ecs.ru.acad.bg, vmutkov[at]ecs.ru.acad.bg, alex_milev[at]yahoo.com

Abstract: The forward correcting codes have great impact in the successes of space sciences, because they have made possible the connection with very remote space sondes and automatic devices. Due to this reason, an algorithm for synthesis of convolutional codes is presented in the paper. The exploration of this problem is motivated by the fact that the best known today convolutional codes have relatively small code constraint lengths and have been obtained by exhaustive computational researches. With regard to this, the most positive feature of the proposed algorithm is the ability for creating convolutional codes with arbitrary long code constraint lengths.
The algorithm is essentially based on the peculiarities of the so-named Golay’s sequences.
The substantiated in the paper algorithm can be useful in the process of development of new effective forward correcting techniques.

 

Some Results on Algebraic Cryptanalysis of A5/2 Algorithm

by Adela MIHAITA

Faculty of Mathematics and Computer Science, University of Bucharest
ROMANIA

Abstract: Algebraic cryptanalysis of A5/2 cipher is the is the subject of this article. Recovering the secret key isreduced to solving a system with several hundreds of quadratic equations for which various methods have been proposed during years. This paper presents some experimental results (concerning the time and the number of frames needed) using di_erent implementations of Groebner basis algorithm for solving the system.

Coding Theory and Cryptography

by Andrei-George OPRINA, Emil SIMION, Gheorghe SIMION

“Simion Stoilow” Institute of Mathematics of the Romanian Academy,
University Politehnica of Bucharest,
ROMANIA
oandrei22[at]yahoo.com, esimion[at]fmi.unibuc.ro, gheorghesimion[at]hotmail.com

Abstract: This paper present coding theory techniques used in construction of modern symmetric blocks cipher: construction of S-box and D-box tables. In the final of the paper are presented the confusion and the diffusion properties of AES.

Image Processing Oriented to Security Optimization

by Ion IVAN, Adrian VISOIU, Mihai DOINEA

Economic Informatics Department, Academy of Economic Studies
ROMANIA
ionivan[at]ase.ro, adrian.visoiu[at]csie.ase.ro, mihai.doinea[at]ie.ase.ro

Abstract: This paper presents the main aspects of the digital content security. It describes the content of watermarking, presenting the steganography concept. SteganoGraphy application is presented and the algorithm used is analyzed. Optimization techniques are introduces to minimize the risk of discovering the information embedded into digital content by means of invisible watermarking. Techniques of analyzing the digital content results and identify the possible countermeasures for optimizing the steganography algorithm are presented.

Proposal of a Model for the Protection of Digital Classified Information

by Radu TOMOIAGA, Mircea STRATULAT 

Faculty of Automatics and Computers, University Politehnica of Timisoara,
ROMANIA
radugam[at]mailcity.com, mircea_stratulat[at]yahoo.com

Abstract: The information security is a well discussed and debated subject. There are fields of information security, many experts in these fields and a lot of studies, analysis and research projects adjacent to these fields. Here are some examples of different fields of security: networks security with its domains, computers security (also with its domains), documents security (with domains), ramifications and intercalations between them. There are, of course, other fields, but for the subject we shall analyze, we’ll try to stick only to the followings presented and to create a pattern, which will assure the security of a corporation.

WiMAX Security Issues in E-learning Systems 

by Felician ALECU, Paul POCATILU, Sergiu CAPISIZU

Economic Informatics Department, Academy of Economic Studies
ROMANIA
alecu.felician[at]ie.ase.ro, ppaul[at]ase.ro, capisizu[at]mb.euroweb.ro 

Abstract: WiMAX (Worldwide Interoperability for Microwave Access) is a point-to-multipoint wireless network based on IEEE 802.16 standard. The WiMAX signal is broadcasted from a base station to the wide-geographically spread receivers. WiMAX enabled mobile devices become very popular due to the fact the network connections can be easily maintained on move. Regarding the network security, WiMAX provides strong user authentication, access control, data privacy and data integrity using sophisticated encryption technology. WiMAX technology is the only solution for isolated locations where e-learning distributed platforms need to be used. This paper focuses on security issues for e-learning solutions, especially when WiMAX technology is used.

Generalization of the Self Shrinking Generator in the Galois Field GF(pn)

by Zhaneta TASHEVA, Aleksandar MILEV

Communication and Computer Technique Department, National Military University “Vasil Levski”
Department of Computer Systems and Technologies, University of Shumen “Bishop Konstantin Preslavsky”
BULGARIA
tashevi86[at]yahoo.com, alex_milev[at]yahoo.com

Abstract: Wireless WLAN and WMAN technologies are gained the most popularity because of their benefits such as portability and flexibility, increased productivity and lower installation costs. The main problem in these networks is security related not only to the information but for authentication as well. The strength of the encryption algorithm is as better as the non-linearity of generated encrypted data is mach increased. The architecture of the non-binary Generalized Self-Shrinking Generator (GSSG) is proposed in this paper. It is shown that generated sequence has non-linear and it is hard to be recognized by attackers. A method for transformation of non-binary self-shrunken sequence into balanced binary sequence is given. The properties of generated sequence are analyzed. The GSSG applications ensure confidentiality of the transmitted data in wireless networks and it can increase the security level by using a second additional encryption level with GSSG in networks.

Security Engineering and Reengineering on Windows 2008 Server Based Distributed Systems

by Cosmin TOMOZEI

Department of Computer Science, University of Bacau
ROMANIA
cosmin.tomozei[at]ub.ro

Abstract: The objective of this paper is to reflect on the processes of Security Engineering and Reengineering in Distributed Systems, focused being also about the Windows 2008 Servers. It is very important to provide security and integrity to software applications, hardware and data. We will have in consideration the ways of making reengineering process efficient, including optimization of the encryption and authentication stages.

Secure Communications Using Data Tunneling

by Paul BĂLĂNOIU

Academy of Economic Studies,
ROMANIA
paul[at]balanoiu.com

Abstract: This paper addresses the issue of unsecure communication protocols used over the internet and suggests a generic approach on securing such protocols, regardless of the network configuration and without affecting either the client application or the server application involved in the unsecure communication. The approach allows not only to secure the communication, but also to add authentication support for any unsecure protocol, using public key certificates. A proof of concept implementation is also provided, with full source code, on the reference implementation web site.

Chess Cryptosystem

by Alexandru Miron GATEJ

Faculty of Mathematics and Computer Science, Bucharest University,
ROMANIA
alexandrugatej[at]gmail.com

Abstract: In this paper we discuss about a cryptosystem based on chess automata. First we introduce the general notions about the chess games. After that we describe the chess automata that is the main tool for building the key. Finally we describe the operation for encryption process and decryption process, an with that we can present the algorithm.

Bubble Tag – Signature Extraction and “1 to many” Authentication Protocol

by Viorica PATRAUCEAN, Victor-Valeriu PATRICIU, Pierre GURDJOS, Jean CONTER

University of Toulouse,
FRANCE,
Military Technical Academy,
ROMANIA
vpatrauc[at]enseeiht.fr, vip[at]mta.ro, gurdjos[at]irit.fr, conter[at]irit.fr

Abstract: Biometric systems are omnipresent nowadays in fields that require user authentication (e.g.: access control, banking operations), due to the main attributes of the biometric characteristics: uniqueness, permanence, collectability. In the products world, a solution that could achieve the same performance as a biometric system could be represented by a “Bubble Tag” – based system. The advantages and the difficulties specific to biometric systems are equally encountered in the Bubble Tag technique. In this article we propose solutions for signature extraction and for “1 to many” authentication protocol applicable to the Bubble Tag. We briefly present a signature extraction method that is invariant under perspective. The “1 to many” authentication protocol relies on an LSH (locality sensitive hashing) approach. Tests carried out on randomly computer-generated images gave promising results and indicated leads to be followed for real images.

Analysis of the Recent Cyberspace Attacks

by Ion BICA, Ioana LIVADARIU

Military Technical Academy,
ROMANIA
ibica[at]mta.ro, ilivadariu[at]mta.ro

Abstract: Networks is currently one of the fastest growing domains in the computer industry. With the expanding technology of networking, the digital and communication infrastructure is becoming the primary medium for sharing and accessing data. It comes as no surprise that network security, and more precisely, the cyberspace security is becoming an acute issue. This paper proposes the analysis of two important security cyberspace events: the 2007 cyberspace attacks that occurred in Estonia and the 2008 Georgian cyber conflict.

Security in SPGBP – Simulation of Protein Generation Bioinformatic Project

by Cristian TOMA, Elena PURCARU

Cybernetics and Economic Informatics Faculty,
Academy of Economic Studies Bucharest
“CarolDavila” University of Medicine and Pharmacy
ROMANIA
cristian.toma[at]ie.ase.ro, elena.purcaru[at]gmail.com

Abstract: Bioinformatics has known a rapid growth in the last decade, along with the development of the genomic projects worldwide. The Human Genome Project alone offers the sequences for 70 000 – 100 000 genes, as terra bytes of information. The major challenge nowadays is to process this huge amount of data. This paper comes to suggest a solution for the retrieval and processing of biological data. The main objective of this section is to point a direction in the development of tools that enable manipulation and efficient access to different types of biological data. Also, the major challenge is to use security in the proposed distributed architecture and to import concepts from bioinformatics into cryptography and IT&C security.

Survey of Data Security Practices for J2ME Platform

by Catalin BOJA

Academy of Economic Studies Bucharest,
ROMANIA
catalin.boja[at]ie.ase.ro

Abstract: The paper describes the concept of data security in a mobile environment. The objective is to develop Java software applications, MIDlets for mobile devices, which implement data protection at different levels. Existing and proposed solutions are described by defining security models and architectures. From the software development point of view, the paper describes two API’s, JSR 177 [1] and Bouncy Castle Crypto APIs [2] that provide methods to reach needed security levels. The paper is a survey of security practices for J2ME software platform describing the goals and the means to reach them.

A Comparative Analysis of the Secure Virtual Private Network Tunneling Protocols

by Gabriel POPESCU

Master of Information Technology Security, Military Technical Academy,
ROMANIA
gabriel.popescu[at]gmail.com

Abstract: In this paper, a comparative analysis of the major modern tunneling protocols used for secure virtual private network implementations based on the Internet infrastructure will be elaborated.  The purpose of the paper is to help specialists to choose proper protocols for the specific practical implementations. The need for virtual private networks is explained as an introduction. The technical considerations are iterated, and a full classification of all types of virtual private networks is made, by providing the criteria used. The major tunneling protocols of interest and their advantages and disadvantages are described next. The comparative analysis is presented as a table showing the relevant characteristics of each tunneling protocol. Finally, real world best practices of the tunneling protocols iterated are shown as a conclusion.

Secure Authentication and Encryption Scheme for E-Ticketing System

by Cristian TOMA

Cybernetics and Economic Informatics Faculty,
Academy of Economic Studies Bucharest
ROMANIA
cristian.toma[at]ie.ase.ro

Abstract: The paper presents a secure authentication and encryption scheme for an automatic ticketing system based on symmetric and asymmetric cryptography. Some concepts and terms used in development of secure automatic ticketing system are presented. It is depicted an architecture of the secure automatic ticketing system with its components and their roles in this architecture. The section five presents the authentication and encryption scheme used for secure information from RFID cards. The authentication scheme is based on RSA and AES algorithms and it is inspired from SSL. Parts of this paper are in publishing process in [6], but the authentication and encryption scheme is described exclusivelly in this paper. The necessity of authentication and encryption scheme is given by the attack described in [7].

Integrating e-Payment Services with RIA Applications

by Mihai PRICOPE, Radu CONSTANTINESCU

Adobe Solutions,
Economic Informatics Department,
Academy of Economic Studies Bucharest,
ROMANIA
mpricope[at]adobe.com, radu.constantinescu[at]ie.ase.ro

Abstract: Given the expansion of RIA technologies, it is highly important to deliver a set of best practices for developers in order to integrate e-business applications with e-payment systems. In this article we present a solution for the integration of PayPal Express with a RIA application developed on Flex. We focus both on security and functionality issues.

InvoSAFE – An e-invoicing trust service

by Florin TENE, Mihai TOGAN

CERTSIGN, 
Military Technical Academy,
ROMANIA
florin.tene[at]gmail.com, mtogan[at]mta.ro

Abstract: One of the most remarkably innovations in communication field is the internet. The continuous improvements lead to development of new “eServices” which minimize the costs and optimize the process. Electronic invoice has the purpose to avoid the overhead created by the transactional and management of invoices on standard paper support, to minimize the costs, optimize the flows and obtain a semi or fully automated invoice managed system. The switch to eInvoice requires the existence of a standardization in order to assure the interoperability and to overcome the existence of technical and economic barriers in the field. This paper has the purpose of presenting and analyzing the eInvoice systems through the description of some existing implementations in different countries around the Europe and by presenting a technical secure solution of issuing and management invoices in digital form according to the current legislation.

Design and Implementation of a Cyber-Defense Exercise

by Adrian FURTUNA

Computer Science Department, Military Technical Academy,
ROMANIA
adif2k8[at]gmail.com

Abstract: Learning by practice is a very effective way of education in some activity domains, including information security. The article explores this idea by showing how a cyber-defense exercise can be designed and implemented in order to reach its educational goals.

Implementing graphic passwords in Directory Services Systems

by Emanuil REDNIC, Andrei TOMA

Economical Informatics Department, Academy of Economic Studies,
ROMANIA
emanuil.rednic[at]oracle.com, andrei.toma[at]ie.ase.ro

Abstract: This paper presents the necessary steps for the implementation of multimedia password support within Directory Services. The trend of using multimedia mechanisms is quite new and furthermore relatively unused in authentication as well authorization. Implementing this type of password is justified by the increased level of security within the identity management of directory services.

Applied Information System Security for IT Life Cycle

by Mohamed Mostafa MOHAMED ABD EL-RAZEK, Emad El DIN MAHMOOD ALI EID

Advanced Solution & Consultant (ASCON),
El-Zarka Academy Egypt,
EGYPT
mohd_most[at]hotmail.com, emadeid1973[at]hotmail.com

Abstract: Information system security is defined that all information contained in the system to be totally secured. In this paper we describe past and contemporary security technologies based on the knowledge provided from the servers in the Internet. It’s impossible to secure what isn’t measured. Without an accurate depiction of your network, the ability to identify real-world security threats and evaluate your organization’s ability to respond, there’s no way to improve, let alone understand, the true security posture of your infrastructure. More and more, companies seeking to better manage complex threats and increased regulatory demands are enhancing their security efforts by establishing effective and sustainable vulnerability and risk management programs that quantify their security progress to maintain the confidentiality integrity, and availability of business data and networks. We can verify different three different information security system one generated by the most popular company in the computer fields Microsoft company the second one generated by the leader company in the database field Oracle the third by a multi national software company in the ERP field ASCON Software company.

WLAN and WMAN Security Problems

by Aleksandar MILEV, Zhaneta TASHEVA, Todor TASHEV

University of Shumen “Bishop Konstantin Preslavsky”,
National Military University “Vasil Levski”,
BULGARIA
alex_milev[at]yahoo.com, tashevi86[at]yahoo.com, todor_tashev[at]yahoo.com

Abstract: Nowadays, the wireless WLAN and WMAN technologies are gained the most popularity
because of their benefits such as portability and flexibility, increased productivity and lower installation costs. The mesh networks using WiMAX as a backhaul function and the local WiFi hotspots to provide the wireless broadcast are the feature networks for mobile citywide access. Their success will depend on the level of security being offered. The aim of this paper is to make a survey of the security problems in most used wireless WLAN and WMAN technologies. The paper is organized as follows. First, the tree basic security services in WiFi technologies are described. Then the particular security weaknesses and the known attacks in WLANs are investigated and analyzed. Second, the same security problems in WiMAX technologies are shown. Finally, the WLAN and WMAN security services are compared.

Aspects of European Electronic Signature Interoperability

by Victor-Valeriu PATRICIU

Military Technical Academy of Bucharest,
ROMANIA
vip[at]mta.ro

Testing and Evaluation of Cryptographic Devices

by Emil SIMION

“Simion Stoilow” Institute of Mathematics of the Romanian Academy,
ROMANIA
esimion[at]fmi.unibuc.ro

Abstract: In this paper we present the connections between the cryptographic standard FIPS 140-2 (Security requirements for cryptographic modules), developed by National Institute of Standards and Technology (NIST), and ISO 15408 (Common Criteria for information Technologies Security Evaluation).

Data Gathering Sample for Risk Analysis

by Emil BURTESCU

University of Pitesti,
ROMANIA
emil.burtescu[at]upit.ro

Abstract: The collection of data, regardless of the tools and risk analysis method used, is an essential process. Data collection is a starting process in the risk analysis, which is the main supplier of data. Accuracy of the information collected in this first phase depends largely on the tools used by experienced team. In addition an important role is the phase which clearly defines the project. What can be done when the data volume that must be collected is too large?

Requirements for Development of an Assessment System for IT&C Security Audit

by Marius POPA

Department of Computer Science in Economics,
Academy of Economic Studies,
ROMANIA
marius.popa[at]ase.ro

Abstract: IT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.

The Cost Influence on Reliability and Security of the Software Systems

by Marian Pompiliu CRISTESCU, Corina Ioana CRISTESCU, Laura CACOVEAN, Florin MARTIN

Economic Informatics Department,
“Lucian Blaga” University of Sibiu,
ROMANIA
mp_cristescu[at]yahoo.com, ci_cristescu[at]yahoo.com, laura_lali2005[at]yahoo.com, florin.martin[at]ulbsibiu.ro

Abstract: Although, direct economic information’s are, in general, difficult to obtain through reason connected of confidentialities. Currently is observe the relation cost-benefit in the case of the using the software engineering reliability can be from one to six or upwards. More, the software engineering reliability it was credited with the incidents abatement considering to security software related, as well as the costs of servicing.

Web Security in University Curricula

by Cristian OPINCARU

Thales Rail Signalling Solutions,
ROMANIA
cristian[at]opincaru.ro

Abstract: While Web applications and Web services gain more and more ground, the academic curriculum is not always keeping the pace. This paper presents the content of a course focused on Web security; as such it starts by defining the goals of the course, then defines the topics for the course units and finally describes the topics and the setup for laboratory units. The paper brings its contribution through the design of a course covering security aspects for both Web applications and Web services and through the detailed description of practical units and laboratory setup.

Key Recovery for Certification Authorities

by Eduard TRIC

Vexilla, Bucharest,
ROMANIA
ed[at]vexilla.org

Abstract: The root key is the most important asset of a certification authority. There are several ways to protect it and to make a secure backup copy. We are describing one of the most elegant protection techniques that will be used by a real Certification Authority.