Digital Technology Security最新文献

{"title":"Application of SDR (Software Defined Radio) technology for recovery of signals of side electromagnetic radiation of video tract","authors":"Andrey Ivanov, Igor A. Ognev, Elizaveta Nikitina, Lev Merkulov","doi":"10.17212/2782-2230-2021-4-72-90","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-4-72-90","url":null,"abstract":"This article presents the results of recovering signals of spurious electromagnetic radiation of a video path using an SDR receiver. This work demonstrates the existence of a potential risk of leakage of confidential information through a technical channel of information leakage due to spurious electromagnetic radiation of a video path, bypassing traditional cryptographic and physical methods of information protection. An attack can be carried out by an attacker without special technical knowledge and special professional expensive equipment. The presented stand makes it possible to simplify research related to spurious electromagnetic radiation, as well as to apply this technology to build a learning process in this domain. In the course of the work, a description of the concept of a technical channel of information leakage and a brief description of the side electromagnetic radiation of the video path are given. The following briefly describes the SDR technology, the selected USRP B210 receiver, and the cross-platform open source GNU Radio software package. The demonstration stand is described in detail and the results of image reconstruction are given. In addition, two stages of the development of a demonstration stand are considered: using a simulation signal and a real intercepted signal. A demonstration stand with simulation signals serves to develop a user's understanding of the properties of spurious electromagnetic radiation, as well as possible obstacles to converting an intercepted signal into an image. The studies of the real intercepted signal were carried out on a monitor with a set resolution of 1280×1024 and a screen refresh rate of 60 Hz. An analog VGA (Video Graphics Array) interface was used to connect the monitor. The dependence of the quality of the reconstructed image on the set sampling frequency of the SDR receiver is shown.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126397635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Features of detection and measurement of broadband TEMPEST signals","authors":"Andrey Ivanov, Svetlana Kopylova, S. Rozhkov","doi":"10.17212/2782-2230-2021-4-54-71","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-4-54-71","url":null,"abstract":"The article is devoted to the technical channels of Transient Electromagnetic Pulse Emanation (TEMPEST) information leakage. Methods of detection and measurement of TEMPEST, as well as broadband signals in general cases are briefly presented. The features of detection and measurement of broadband TEMPEST signals of modern digital interfaces (for example, DVI, HDMI, DisplayPort) are considered. These digital interfaces are selected as the most relevant at the moment, against analog ones that are coming out of mass use (VGA). The review of the main approaches to the identification of such signals is carried out. Detection and measurement of broadband TEMPEST signals is a non-trivial task, since both TEMPEST signals and broadband signals themselves have a low signal-to-noise ratio. A laboratory stand (an alternative measuring platform) is described in detail, where practical studies were carried out to identify and measure the broadband TEMPEST using the example of the HDMI interface. The influence of the shield camera on the results of research in cases of complete and partial screening of the object under study is demonstrated. The influence of the bandwidth value during measurements of the broadband TEMPEST on the displayed spectrum of such a signal is shown. After reaching a certain value of this bandwidth, the displayed spectrum becomes clearly distinguishable against the background of noise. The measurement of the signal levels of the broadband TEMPEST was carried out in two ways. The first method assumed that the spectrum of the broadband TEMPEST signal is continuous. In the second method, it was assumed that the spectrum of such a signal is discrete. Based on the results of these measurements, a conclusion was made about the actual nature of the spectrum of the signals of the broadband TEMPEST.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123033708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of threats to information security and data protection in the “Smart house systems”","authors":"I. Reva, A. Arkhipova, Roman Samoylenko","doi":"10.17212/2782-2230-2021-4-20-36","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-4-20-36","url":null,"abstract":"The idea of smart homes has been around for several decades and has been described by different authors many times since then. However, there are almost always three aspects in the definitions of the last 20 years. First, home devices must be connected, not only to each other, but also to the Internet. Second, an intelligent way to manage the system is needed, such as a central gateway or smart smartphone apps. Finally, there must be some degree of home automation in the system. A hardware and software complex that meets these requirements can be called a “smart home” system. The system of ensuring the security of the \"smart home\" is now of great practical importance, which should include measures to protect the IT infrastructure, ensuring the personal safety of residents, ensuring their health, the sanitary condition of the premises, as well as the safety of material assets. It follows from this that the problem of the lack of a thorough study of information security threats and the elaboration of protection of the entire software and hardware complex of the \"smart home\" system is quite urgent. When solving this problem, an analysis of the main types and characteristics of smart home systems was carried out, and their key vulnerabilities were identified. Also, a study of vulnerabilities in the hardware of smart home systems was carried out; A qualitative assessment of the information security risks of a \"smart home\" has been carried out and protective measures have been developed to reduce them; A prototype of a fragment of the “smart home” security system has been developed and studied. In an experimental study of threats and vulnerabilities of the developed prototype of a fragment of the \"smart home\" system, the threat of interception of critical information of the system was studied in detail. Based on the results of the development and research of the Security Inspector, conclusions were drawn about the effectiveness of the use of the intrusion detection module.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128184913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Modeling of a hardware and software complex “Poligraf” based on freely distributable microcontroller platforms","authors":"Viktor Mashtakov, Viktor M. Belov","doi":"10.17212/2782-2230-2021-4-9-19","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-4-9-19","url":null,"abstract":"This article is devoted to the modeling of the software and hardware complex (SHC) “Polygraph” on the basis of freely distributed microcontroller platforms. In the work, the analysis of primary sources was carried out and the most promising microcontroller platform for the purposes of visual modeling and training to work on such devices was chosen. Within the framework of modeling tasks, on the basis of a number of criteria, the most optimal automated system for the design of devices has been determined. Using the chosen toolkit, the authors modeled the first educational test version of “Polygraph” with the ability to display some parameters measured by real SHC. The article considered the connection of the following sensors of the SHC “Polygraph”: pulse, body temperature and respiratory rate. Based on the work done, it was concluded that this development is promising and relevant for design purposes and training in work on devices such as “Polygraph”.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127484492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Development of the laboratory bench for studying intrusion detection systems","authors":"N. Kukushkina, A. Novokhrestov","doi":"10.17212/2782-2230-2021-4-37-53","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-4-37-53","url":null,"abstract":"The research object of this article is network-based and host-based intrusion detection systems. The aim of the study is to obtain an overview of intrusion detection systems, as well as to build a constructive version of a virtual laboratory bench intended for teaching students (studying the test characteristics of intrusion detection systems). The article provides a brief reference on intrusion detection systems, taking into account the classification by the method of monitoring and the technology of detecting attacks. Today, intrusion detection system is a necessary element of a comprehensive network protection system for both small and large organizations. They improve network security by protecting against external and internal intruders. Therefore, the need to acquire skills in installing, configuring and administering intrusion detection systems is an important part of training information security specialists, which necessitates continuous updating and modernization of training tools. In this paper, we propose a virtual laboratory bench designed to study intrusion detection systems. Its architecture and functioning parameters are described. In order to select an intrusion detection system for a virtual laboratory bench, a comparative analysis of free and commercial intrusion detection systems on the market was carried out. Network-based and host-based intrusion detection systems were considered separately. For both types, their advantages and disadvantages are described. As a result, the functions and operation mechanism are described for the intrusion detection system selected based on the analysis results. In addition, examples of custom rules for handling security events are discussed.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128564557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"About the role of public organizations in the structure of the housing and communal services system","authors":"D. Kosov","doi":"10.17212/2782-2230-2021-3-68-92","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-3-68-92","url":null,"abstract":"The practice of public associations entering various spheres of activity in the territories of the state shows that many associations do not fulfill their missions to ensure a comfortable stay for the citizens of the territories, but are engaged in consumer extremism. They solve their consumer tasks and systematically do not participate in the processes of constructive interaction between the authorities, producers and consumers of services. In this article, for the first time, the issues of interaction of public associations in the housing and communal services system with all the elements available in it are considered. The existing structure of the housing and communal services system is shown, which includes such elements as: federal, regional authorities, resource-supplying, related organizations, regional operators in the field of housing and communal services, performers of housing and communal services, public associations and homeowners and tenants. The stages of the organization of public associations are defined, a block diagram of the algorithm of state registration and registration of a legal entity for public associations is constructed. The internal organizational and managerial structure of associations is shown, their functions and their place in the housing and communal services management system are considered. It should be emphasized that the influence of public organizations is carried out through internal and external management in the housing and communal services system to solve the tasks of promoting the formation of housing self-government as an important institution of civil society and an effective tool for improving the housing and communal industry. It is revealed that an essential tool in the management of the housing and communal services system is the presence of public microstructures in the majority of its elements, interaction with which makes it possible to exert a controlling influence on the entire system as a whole, thereby obtaining positive results in protecting the rights of consumers of housing and communal services.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134572200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of the detection of an attack based on SQL injection using an impulse artificial neural network","authors":"A. Arkhipova, P. Polyakov","doi":"10.17212/2782-2230-2021-3-57-67","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-3-57-67","url":null,"abstract":"This article presents the results of testing to create a specialized system that helps prevent cyberattacks, thus popularizing the construction of intelligent applications. Based on the results obtained, it can be argued that the tests carried out are satisfactory. The mathematical basis for building a neural network model is the HESADM model (Hybrid Artificial Intelligence Framework). The presented system allows you to form a set of rules using fuzzy logical neurons. This paper presents an approach to the formation of a fuzzy neural network used for detecting SQL injection attacks. The methodology used in this paper is an impulse artificial neural network (SANN), which uses an evolving neural network system (eCOS) and a multi-layer approach of an impulse artificial neural network to classify the exact type of intrusion or network anomaly with minimal computational potential. The impulse artificial neural system forms itself continuously, adapting to the input data, being in a functioning or not state, being under the supervision of an administrator. This system finds application to several other complex problems of the real world, proving its efficiency, including in the field of information security. The considered model is a hybrid evolving pulse anomaly detection model (HESADM), which works on impulses that occur in the system, while neurons are used to monitor the algorithm using a single training pass. In the system, traffic-oriented data is used by importing classes that use variable encoding. The data used is obtained by converting the real characteristics of network traffic into certain time stamps.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124062705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Polynomial method for the synthesis of regulators for the special case of multichannel objects with one input variable and several output values","authors":"A. Voevoda, V. Filiushov, Viktor Shipagin","doi":"10.17212/2782-2230-2021-3-21-42","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-3-21-42","url":null,"abstract":"Currently, an urgent task in control theory is the synthesis of regulators for objects with a smaller number of input values compared to output ones, such objects are described by matrix transfer functions of a non-square shape. A particular case of a multichannel object with one input variable and two / three / four output variables is considered; the matrix transfer function of such an object has not a square shape, but one column and two / three / four rows. To calculate the controllers, a polynomial synthesis technique is used, which consists in using a polynomial matrix description of a closed-loop control system. A feature of this approach is the ability to write the characteristic matrix of a closed multichannel system through the polynomial matrices of the object and the controller in the form of a matrix Diophantine equation. By solving the Diophantine equation, the desired poles of the matrix characteristic polynomial of the closed system are set. There are many options for solving the Diophantine equation and one of them is to represent the polynomial matrix Diophantine equation as a system of linear algebraic equations in matrix form, where the matrix of the system is the Sylvester matrix. The choice of the order of the polynomial matrix controller and the order of the characteristic matrix is carried out on the basis of the theorem given in the works of Chi-Tsong Chen, which always holds for controlled objects. If the minimum order of the controller is chosen in accordance with this theorem, and the Sylvester matrix has not full rank, then this means that there are more unknown elements in the system of linear algebraic equations than there are equations. In this case, the solution corresponding to the selected basic minor has free parameters, which are the parameters of the regulators. Free parameters of regulators can be set arbitrarily, which is used to set or exclude some zeros in a closed system. Thus, using various examples of objects with a non-square matrix transfer function, a polynomial synthesis technique is illustrated, which allows not only specifying the poles of a closed system, but also some zeros, which is a significant advantage, especially when synthesizing controllers for multichannel objects.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134146682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Calculation of the regulator for the object with a delay","authors":"A. Voevoda, Viktor Shipagin, V. Filiushov","doi":"10.17212/2782-2230-2021-3-9-20","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-3-9-20","url":null,"abstract":"The task of managing some systems is complicated due to the fact that real technical objects contain delay links. That is, there is a certain period of time when there is no reaction from the object of regulation to the control action. Usually, the presence of a delay link negatively affects the quality of management of such a system. There are various ways to synthesize a control system for such systems. These include: Smith predictors, specialized control tuning algorithms, the use of self-adjusting systems with active adaptation. However, they impose additional requirements on the dynamics of the system or are complex in technical implementation and configuration. Within the framework of this article, an attempt is made to calculate the regulator by the polynomial method for an object with a delay. The mathematical model of the delay is obtained by approximating the delay link next to the Pade. To ensure the necessary dynamics of the transition process from the system, we require the preservation of the poles of the delay link. Then the regulator, calculated for a system with a delay link in the form of a series of Pads, is applied to a system with an \"ideal\" delay. For clarity of the calculations carried out, an object in the form of a combination of aperiodic and integrating links connected in different ways is taken as an example. The integrating link is necessary to give the system astatic properties. As a delay, we will use the approximation of the range of different orders. The link of delay gives the system a non-stable character.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127424667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Methodology for constructing a neural fuzzy network in the field of information security","authors":"A. Arkhipova, P. Polyakov","doi":"10.17212/2782-2230-2021-3-43-56","DOIUrl":"https://doi.org/10.17212/2782-2230-2021-3-43-56","url":null,"abstract":"This paper proposes the use of hybrid models based on neural networks and fuzzy systems to build intelligent intrusion detection systems based on the theory of fuzzy rules. The presented system will be able to generate rules based on the results using fuzzy logic neurons. To avoid oversaturation and assist in determining the necessary network topology, training models based on extreme learning machine and regularization theory will be used to find the most significant neurons. In this paper, a type of SQL injection cyberattack is considered, which actively exploits errors in systems that communicate with the database via SQL commands, and for this reason is considered a kind of straightforward attack. The fuzzy neural network architecture used in detecting SQL injection attacks is a multi-component structure. The first two layers of the model are considered as a fuzzy inference system capable of extracting knowledge from data and transforming it into fuzzy rules. These rules help build automated systems for detecting SQL injection attacks. The third layer consists of a simple neuron that has an activation function called a leaky ReLU. The first layer consists of fuzzy neurons, the activation functions of which are Gaussian membership functions of fuzzy sets, defined in accordance with the partitioning of the input variables. The technique uses the concept of a simple linear regression model to solve the problem of choosing the best subsets of neurons. To perform model selection, the paper used the widely used least angular regression (LARS) algorithm.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115345553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}