2016 IEEE International Carnahan Conference on Security Technology (ICCST)最新文献

{"title":"An Internet of Everything based integrated security system for smart archaeological areas","authors":"F. Garzia, L. Papi","doi":"10.1109/CCST.2016.7815684","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815684","url":null,"abstract":"The purpose of this paper is to illustrate an Internet of Everything based integrated security system for archaeological areas capable of ensuring visitors security, cultural heritage preservation/protection and great usability for visitors, with particular reference to visitors with disabilities. Genetic Algorithms (GAs) have been used to design the integrated security system, in particular for fields elements such as Wi-Fi Access Points, CCTV cameras, installation poles (to respect the archaeological vincula of the site) to ensure a reduction of final costs and a high level of reliability and resilience of the system itself, keeping, into consideration, the typical vincula and restrictions of archaeological areas The proposed system, together with the GAs based optimization technique, thanks to its flexibility, can be used in any kind of archaeological area or any kind of cultural site by means of a proper adaption.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"02 1","pages":"1-8"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86076387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Limit state earned value analysis impact on network security project management decisions","authors":"Michael Staley","doi":"10.1109/CCST.2016.7815689","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815689","url":null,"abstract":"Limit State Earned Value Management (LSEVM) has increased project managers' abilities to identify network security project performance issues and select appropriate corrective actions. Limit State Earned Value Management (LSEVM) is an evolution of traditional Earned Value Management (EVM) that incorporates active management through prescriptive interpretation of performance indicators that provides insight to the development of corrective actions. Traditional EVM-analysis does not have the capacity to identify all possible performance states. Our study indicates that project managers struggle to identify project performance and select appropriate corrective actions from project analysis alone. Limit State EVM solves these issues by re imagining the role of EVM-analysis around the identification of project performance and not simply the computation of mathematical variances. The LSEVM solution is built on: a) Inspection of project S-curves, revealing that traditional EVM-analysis does not capture all project performance states. b) Enhancement of EVM-analysis methodology by adding a Budget Variance (BV) to capture missing performance states. This variance is defined as the difference between planned value and actual cost. From this, we can create a mathematical relationship between the EVM variances CV, BV, and SV. c) Demonstrating that the number of total potential project performance states captured by the addition of this BV is 27: three variances with three results each (+,0,-). d) Reducing the number of performance states to only those 13 combinations of (SV, CV, BV) that satisfy the mathematical relationship above. e) Grouping the 13 performance states by common failure modalities to define 7 Limit States. f) Mapping the failure modalities to a suite of appropriate corrective actions. In the Fall of 2012, an introduction to Limit State EVM was added to a PMP® Exam prep course. A statistical analysis was performed to determine if the learning gains were statistically significant or a matter of chance. Eleven (11) assessment topics were presented to 258 corporate project managers as part of a pre-test and post-test assessment instrument using a paired, two tailed t-test with a confidence interval of 95% (P=.025). The p-values indicated that the mean learning gains were statistically significant in every category. Much larger gains were observed in the applied EVM questions and met or marginally met the threshold of competency applying EVM to real world problems. LSEVM significantly enhances a project manager's ability to identify network security project performance and select appropriate corrective actions. The project managers studied were able to make better data-driven decisions.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"10 1","pages":"1-7"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83888821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A modern approach to security: Using systems engineering and data-driven decision-making","authors":"L. Cano","doi":"10.1109/CCST.2016.7815727","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815727","url":null,"abstract":"This paper describes a method for integrating security system data with systems engineering principles to increase the effectiveness and efficiency of security systems being designed and implemented. It defines various levels of security which require different methods of integrating security systems with operational activities to provide effective security while balancing risk. It also proposes that human intelligence is a complement to technology intelligence, which is not often properly considered when designing and implementing security systems.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"192 1","pages":"1-5"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83542603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evidence of correlation between fingerprint quality and skin attributes","authors":"R. Hancock, S. Elliott","doi":"10.1109/CCST.2016.7815708","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815708","url":null,"abstract":"The purpose of this paper is to find whether there is any evidence of correlation between fingerprint quality and the factors of skin texture, keratin level, skin pigmentation, skin color, skin temperature, elasticity, and finger minutiae. In simpler terms, the goal was to see if and which finger characteristics affected the readability of the fingerprint. To achieve this goal, about 8000 random samples were collected from the fingers of 80 different subjects. The sensors collected data involving skin texture, keratin level, skin pigmentation, skin color, temperature, elasticity, and the amount of minutiae present on the finger. The sensors also collected the image quality of each fingerprint. This measurement is highly correlated with fingerprint scanner effectiveness and was therefore used as a representation of fingerprint readability in the experiment. A best subset test was run between the aforementioned factors and image quality in Minitab. This function tests all of the possible linear models that could be created by combining the factors against image quality and gives 2 results. The 1st result are the determined best models and the second are the statistics that tell the user how effective the models are. A model using all of the factors except pigmentation was used as the best model. However, this model only had an R2 value of 2.4, which meant that the model could only explains 2.4% of the image quality data. This provides strong evidence that there is no linear relationship between the factors and fingerprint image quality, and therefore fingerprint scanner effectiveness. In order to address the possibility of a nonlinear relationship between the factors and image quality, each factor was plotted on a graph against image quality. If the variable had a nonlinear relationship with image quality, a pattern would appear on the graph. No convincing pattern appeared on any of the graphs, which gave evidence that there is also no nonlinear relationship between the finger factors and image quality. This, combined with the previous finding concerning linear relationships, allows us to state that there is strong evidence that the factors do not correlate with fingerprint scanner effectiveness.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"16 1","pages":"1-4"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84344209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Covert ground and port surveillance using Hyperbox®: Rayleigh backscattering from fiber optics","authors":"J. Odhner","doi":"10.1109/CCST.2016.7815726","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815726","url":null,"abstract":"A fiber optic interrogator has been developed with software (SAV) that will detect people walking, vehicles and digging across a 100 m swath around a buried fiber optic cable. These activities cause minute pressure waves that transmit through the ground to the buried fiber. The pressure waves then hit the fiber causing minute changes in the fiber index. Rayleigh backscattering is extremely sensitive to these index changes. The three activities are distinguished from each other with SAV and the activities can be located within a few meters along the fiber. The temporal frequency of this backscatter allows discrimination of the targets. The resultant system is analogous to an array of geophones where the number and sensitivity of the geophones is programmable. The interrogator was field tested with 40 Km of buried fiber providing definitive discrimination of all three target types. This system was designed for maximum versatility with SAV controlled variable pulse width to improve target location, SAV controlled variable pulse rate and data sampling to optimize storage requirements, and SAV controlled variable output power to allow increased sensitivity at longer ranges. The buried fiber GPS coordinates are correlated with Google maps to allow the events to be overlaid onto a topographical map. The result is a color coded real time pictorial of events over the entire fiber length (>80 Km) fused with a map of the area giving operators total situational awareness. The entire interrogator and processing computer have been packaged into a portable ruggedized 19” rack. Data is transmitted across an Ethernet connection for analysis at a central location. This system is suitable for use on any border. For the US Northern border: There are only 2,200 U.S. agents (4 agents/10 Km average). For the U.S. Southern border: there are 17,659 US agents (56 agents/10 Km average). The Hyperbox® would reduce the number of required agents by providing a force multiplier with a few dozen installations and 24/7 coverage at a price that is the lowest cost/Km of any other available surveillance technology.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"38 1","pages":"1-5"},"PeriodicalIF":0.0,"publicationDate":"2016-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80900649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Consensus forecasting of zero-day vulnerabilities for network security","authors":"David C. Last","doi":"10.1109/CCST.2016.7815718","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815718","url":null,"abstract":"Network defenders are locked in a constant race with attackers as they try to defend their networks. The defenders suffer from a huge disadvantage: they lack knowledge of the existence of zero-day vulnerabilities that have not been yet been discovered or publically disclosed, but that are still weakening the security of their networks. It would be a huge advantage to these defenders if they had some idea of where and when these vulnerabilities would appear and how severe they would be. The research presented here is directed towards producing accurate forecasts of the location and severity of zero-day vulnerabilities that will be discovered in the next 12-24 months. Forecasts of future zero-day vulnerabilities can be incorporated into Attack Surface security metrics that calculate the security posture of a network. Incorporating yet-to-be-discovered vulnerabilities into these calculations will alert network defenders to potential areas of weakness before they become a problem. In this research, three distinct forecasting model suites based on regression models and machine learning are used. These forecast model suites are applied to zero-day vulnerability discovery at the global and category (web browser, operating system, and video player) levels. Preliminary results demonstrate, as expected, that different models provide better forecasts at different times, but that it is difficult to predict which models will perform better under which circumstances. Therefore, the outputs of the forecast models are combined using consensus models based on Quantile Regression Averaging (QRA) and other techniques. These consensus models are expected to perform better than most individual forecast models over time, and experimental results demonstrate the strength of these consensus models. It is also important to understand the margin of error in these forecasts. QRA and other methods generate 68% and 95% confidence bounds around the forecasts, which give network defenders an idea of the best- and worst-case scenarios for which they should prepare. Experimental results generated by the consensus models demonstrate the strength of the forecasts and the confidence bounds. The results make a strong case for continuing this work by applying it to individual software applications.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"1 1","pages":"1-8"},"PeriodicalIF":0.0,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89753780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Supervised classification methods applied to keystroke dynamics through mobile devices","authors":"Ignacio de Mendizábal-Vázquez, D. Santos-Sierra, J. Casanova, C. S. Ávila","doi":"10.1109/CCST.2014.6987033","DOIUrl":"https://doi.org/10.1109/CCST.2014.6987033","url":null,"abstract":"Keystroke dynamics biometrics through computers are based in the time that users need to press and hold keys and often present too small amount of information. This limitation is eliminated in the environment of mobile devices due to a variety of sensors (accelerometers, gyroscopes, pressure and finger size) can be used to acquire useful information from users. These data have been acquired within the scenario of typing a 4-digit PIN in order to analyze the possibilites of reinforcing the security of mobile devices. A database with keystroke dynamics patterns has been analysed. Data has been acquired in a constrained environment, where users must hold the phone in a fixed position, and other with the data taken in unconstrained conditions. Features as pressure, finger size, times, linear an angular acceleration are extracted and processed. Supervised classification methods are widely used in different kind of biometrics. A discussion about their use in keystroke biometrics is presented. A preprocessing of the acquired data is performed using Linear Discriminant Analysis (LDA) and a reduction of the amount of information applying Principal Components Analysis (PCA). This preprocessing enhances considerably the results obtained in classification. We conclude claiming that biometric systems through keystroke dynamics with 4-digit PIN are promising.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"11 3","pages":"1-6"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72629361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automatic optical reading of passport information","authors":"F. M. Rodríguez","doi":"10.1109/CCST.2014.6987041","DOIUrl":"https://doi.org/10.1109/CCST.2014.6987041","url":null,"abstract":"","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"18 1","pages":"1-4"},"PeriodicalIF":0.0,"publicationDate":"2014-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76446410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Computer network security: Then and now","authors":"E. L. Witzke","doi":"10.1109/CCST.2016.7815710","DOIUrl":"https://doi.org/10.1109/CCST.2016.7815710","url":null,"abstract":"In 1986, this author presented a paper at a conference, giving a sampling of computer and network security issues, and the tools of the day to address them. The purpose of this current paper is to revisit the topic of computer and network security, and see what changes, especially in types of attacks, have been brought about in 30 years. This paper starts by presenting a review of the state of computer and network security in 1986, along with how certain facets of it have changed. Next, it talks about today's security environment, and finally discusses some of today's many computer and network attack methods that are new or greatly updated since 1986. Many references for further study are provided. The classes of attacks that are known today are the same as the ones known in 1986, but many new methods of implementing the attacks have been enabled by new technologies and the increased pervasiveness of computers and networks in today's society. The threats and specific types of attacks faced by the computer community 30 years ago have not gone away. New threat methods and attack vectors have opened due to advancing technology, supplementing and enhancing, rather than replacing the long-standing threat methods.","PeriodicalId":6510,"journal":{"name":"2016 IEEE International Carnahan Conference on Security Technology (ICCST)","volume":"19 1","pages":"1-7"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84230650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}