NBI Technologies最新文献_第7页

Comparison of Requirements of Regulators of the Russian Federation and the United States of America to Automatic Control Systems of Technological Processes of Critical Objects 俄罗斯联邦和美利坚合众国监管机构对关键对象工艺过程自动控制系统要求的比较

NBI Technologies Pub Date : 2019-10-01 DOI: 10.15688/nbit.jvolsu.2019.2.5

V. Shevtsov, E. Abramov

{"title":"Comparison of Requirements of Regulators of the Russian Federation and the United States of America to Automatic Control Systems of Technological Processes of Critical Objects","authors":"V. Shevtsov, E. Abramov","doi":"10.15688/nbit.jvolsu.2019.2.5","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2019.2.5","url":null,"abstract":"There are requirements for AMS TP CO based on federal laws, the presidential decree, the FSTEC decree and documents, other information security conceptions, state standards in the Russian Federation and requirements for ICS based on other security strategies, the FISMA Act, NIST, IEEE, GAO documents and others in the Unitet States of America.\u0000\u0000The main FSTEC document for information security AMS TP CO is the decree of March 14, 2014 no. 31. The main FIPS document for information security ICS is Special Publication 800-82 Rev 2.\u0000\u0000The FIPS document Special Publication 800-82 Rev 2 is more detailed than the FSTEC document in realization control levels, components, objects of ICS protection. The Special Publication includes base operations in ICS main components and enterprises network, ICS system review, USA critical object feature description.\u0000\u0000Special Publication 800-82 Rev 2 shows more quality performance than the FSTEC document. It has more pages, system descriptions, recommendation for the life cycle security system of ICS, a lot of network contents.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117017632","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The Analysis of Modern Data Storage Systems 现代数据存储系统分析

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.5

V. Shevtsov, E. Abramov

引用次数: 0

The Analysis of the Properties and Characteristics of Passwords for a Hardware Manager Based on Arduino Microcontroller 基于Arduino单片机的硬件管理器密码特性分析

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.3

A. Lebedenko, Evgeny Vasilyev

{"title":"The Analysis of the Properties and Characteristics of Passwords for a Hardware Manager Based on Arduino Microcontroller","authors":"A. Lebedenko, Evgeny Vasilyev","doi":"10.15688/nbit.jvolsu.2019.1.3","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2019.1.3","url":null,"abstract":"The use of passwords is one of the most popular ways to authenticate users on the Internet. Because of the specificity of storing passwords, developers are forced to impose restrictions on which passwords are safer to use. For example, most often a password must contain at least 8 characters, have letters of different registers, contain special characters, etc. It can be stated that over time, these restrictions only increase, and this in turn complicates the choice of a secure and at the same time easy-to-remember password. For example, the most secure password will contain 128 characters with maximum entropy.\u0000\u0000The article is devoted to user authentication, password entropy and valid passwords for websites, methods for improving authentication by developing a hardware password manager based on Arduino microcontroller.\u0000\u0000Thus, a password generated randomly has more entropy than a password generated by the user. The algorithm of the device includes functions of generating a password from the permissible characteristics and maximum entropy, storing the password on the device, improving security by confirming actions, reading the password from the device to the input line, and using the pin-code protection.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114444115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The Development of Secure Protocol in Smart Technologies for Schema-based One-time Pads Using the System of Near-field Actions 基于近场作用系统的基于模式的一次性pad智能技术安全协议的开发

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.6

I. Shumeiko, Andrey Pasechnik

{"title":"The Development of Secure Protocol in Smart Technologies for Schema-based One-time Pads Using the System of Near-field Actions","authors":"I. Shumeiko, Andrey Pasechnik","doi":"10.15688/nbit.jvolsu.2019.1.6","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2019.1.6","url":null,"abstract":"Interacting with modern technology using the Internet provides a large number of remote control mechanisms. All of them somehow work with packet data transmission, but differ from each other by algorithms of packet formation, their transmission, as well as encryption methods. Remote access tools are mechanisms for communication both locally and globally (on the Internet). The purpose of this article is to develop a secure Protocol for “smart home” remote control technology. In the course of the study, a method was developed to control the devices of the “Internet of things” using the channel of information transmission in the form of instant messaging system on the Internet. The result of this work is a developed mechanism for secure data exchange between the client and the “smart home” server.\u0000\u0000This Protocol is a unique solution for protecting information exchange channels in the field of “Internet of things” devices, as well as the whole concept of “smart home”. The implementation of the tasks is fully achieved, and this Protocol can be used in real conditions. The relevance of protecting information in “smart homes” is a fundamental point in developing this technology.\u0000\u0000Developing this Protocol allows you to bring the information security of homes to a new level. The project can be used in mass use, and the safe mechanism can become an integral part in the homes of the future.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126839007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Basics of Adaptive Information Security Systems 自适应信息安全系统基础

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.2

Anastasia Kalita, M. Ozhiganova, Evgeny Tishchenko

{"title":"Basics of Adaptive Information Security Systems","authors":"Anastasia Kalita, M. Ozhiganova, Evgeny Tishchenko","doi":"10.15688/nbit.jvolsu.2019.1.2","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2019.1.2","url":null,"abstract":"Over the past few decades, there has been a tendency to minimize the participation of the human factor in various production and other processes. This process is implemented through the mass introduction of automated systems. Man-machine complexes are currently the most common and productive model of activity.\u0000\u0000At the current stage of technology development, the process of human activity automation is only an intermediate link on the way to excluding human intervention. This direction is the most relevant for systems that have a potential and real threat to human health and life (for example, manufacturing plants) or systems that are threatened by a person (for example, transport systems). The second group includes the sphere of information security. There is a need to move to the next level of excluding the human factor – introducing adaptive systems that will transfer the process of information protection in a completely different plane.\u0000\u0000The organization of adaptive information security systems is based on applying existing methods of adaptation from other areas of scientific knowledge in relation to information security issues. Features of such application of the generalized principles of adaptation reflect the specifics of the subject area without violating generally accepted norms.\u0000\u0000This article discusses the general principles of adaptive systems. It investigates the existing approaches to the organization of adaptive information security systems as well.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123976153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Protecting the Management Channel of Robotic Systems 保护机器人系统的管理通道

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.1

V. Baranov, E. Aliyev

{"title":"Protecting the Management Channel of Robotic Systems","authors":"V. Baranov, E. Aliyev","doi":"10.15688/nbit.jvolsu.2019.1.1","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2019.1.1","url":null,"abstract":"Automated and robotic systems have an indissoluble connection between computing and physical elements included in them. Today, the representatives of such systems can be found in a wide variety of areas – space, automotive, chemical technology, civil infrastructure, energy, health, manufacturing, transportation, and consumer devices. This class of systems is often considered as cyberphysical systems.\u0000\u0000The article presents an example of creating a robotic complex, as an element of the CBS, with a secure control system based on the AES encryption algorithm, which is currently the most crypto-resistant.\u0000\u0000In addition, to protect against a brute-force attack on a cryptographic key, the management system must implement a key distribution algorithm to generate a new key each time before executing the command.\u0000\u0000The article developed a robotic complex and a system that allows you to manage this complex for a reliable cryptographically stable connection. The main element of this system is the STM32F415 cryptographic chip. It allows you to reduce the load on the CPU to perform control algorithms, freeing it from cryptographic operations, thereby ensuring a gain in time.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"135 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121399576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The Features of the Technique of Practical Training on “Fundamentals of Simulation of Automated Systems» Discipline “自动化系统仿真基础”学科实训技术的特点

NBI Technologies Pub Date : 2019-08-01 DOI: 10.15688/nbit.jvolsu.2019.1.4

A. Rodionov, A. Zhuchkov, Victoria Pekut

引用次数: 0

Video Capture Systems as a Means of Investigating Information Security Incidents at the Enterprise 视频捕捉系统作为调查企业信息安全事件的一种手段

NBI Technologies Pub Date : 2019-02-01 DOI: 10.15688/nbit.jvolsu.2018.4.6

Egor Zhuykov, E. Maksimova

{"title":"Video Capture Systems as a Means of Investigating Information Security Incidents at the Enterprise","authors":"Egor Zhuykov, E. Maksimova","doi":"10.15688/nbit.jvolsu.2018.4.6","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2018.4.6","url":null,"abstract":"Today’s trend is the growth of information security incidents. Confirmation of this is the data of the company InfoWatch, according to which the number of leaks of confidential information in the first half of 2017 has increased by 10% as compared to the same period of 2016, and equals to 925 cases. However, 53% out of these 925 cases of diversion were sold by company employees, and 1.7% – by potential insiders. In the modern world, an insider is a very common concept. It is applicable in different spheres of economic activity. In a general sense, an insider is a natural or legal person who, due to his or her position, has access to valuable (mainly, of course, from an economic point of view) information.\u0000\u0000Valuable information is also called insider information. The article is devoted to the consideration of video capture systems that can help prevent leakage of information from personal computers in the enterprise.\u0000\u0000The proposed scheme of expert evaluation of video capture allows you to determine the system based on the selected criteria and specified weight coefficients, and lets the user make the best choice in the decision-making process of a specific problem.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115343590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Protocol SS7 and the Security of Mobile Networks SS7协议与移动网络安全

NBI Technologies Pub Date : 2019-02-01 DOI: 10.15688/nbit.jvolsu.2018.4.1

K. Guzhakovskaya, Yuriy Umnitsyn

{"title":"Protocol SS7 and the Security of Mobile Networks","authors":"K. Guzhakovskaya, Yuriy Umnitsyn","doi":"10.15688/nbit.jvolsu.2018.4.1","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2018.4.1","url":null,"abstract":"The paper considers Global System for Mobile Communications, which plays the important role in contemporary society and carries new forms of dialog in the modern world. It is shown, that GSM-nets play two roles: firstly, they serve as communication tools for people who are in any point of world, and secondly, they can be used as tools for confidential data theft due to the old technology for telephone exchange setting, created as early as in the 1970s.\u0000\u0000Attacks using SS7 are often executed by hackers. After all, the attacker does not have to be close to the subscriber, and the attack can be made from anywhere on the planet. Therefore, to calculate the attacker is almost impossible, through this vulnerability can be hacked through almost any phone in the world. It will not be difficult to eavesdrop on conversations, intercept SMS, get access to the mobile Bank, social networks because of the vulnerability in the SS7 telephone infrastructure, through which service commands of cellular networks are transmitted. Due to the fact that the vulnerability with the Protocol SS7 is on the side of the operator, protection from such an attack is impossible. Until mobile operators are able to abandon this technology, this threat in the field of information security will remain relevant.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121644628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The Model of Information Security Control in State Information Systems 国家信息系统中的信息安全控制模型

NBI Technologies Pub Date : 2019-02-01 DOI: 10.15688/nbit.jvolsu.2018.4.3

A. Babenko, S. Kozunova

{"title":"The Model of Information Security Control in State Information Systems","authors":"A. Babenko, S. Kozunova","doi":"10.15688/nbit.jvolsu.2018.4.3","DOIUrl":"https://doi.org/10.15688/nbit.jvolsu.2018.4.3","url":null,"abstract":"The control of information protection in state information systems is relevant due to the requirements of the legislation of the Russian Federation, to the value of the information processed in them, to its increasing role in the formation of the modern information society in the Russian Federation, as well as the increasing need for procedures for combining information flows of organizations and enterprises. The article deals with the issues related to the control of information security in state information systems. The analysis of works on this subject reveals a solution to particular problems. Therefore, an integrated formalized approach to solving the problem of protecting information in state information systems, taking into account their specifics, threats and requirements of regulators, is relevant. The information leaks, leakage channels in such systems, as well as threats to information security breaches in state information systems have been analyzed. The most likely threats are cyber-attacks, natural disasters, structural failures and human errors. A formalized model for managing information security in state information systems has been developed, which defines an effective set of protection tools in accordance with the requirements of technical protection measures that can be used to automate the process of monitoring. The formal model aimed at solving the problem of optimizing the used protection mechanisms in relation to the overlapping threats has been proposed. The prospects for the development of this study have been determined.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127472962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0