Computer security Books

Book SynopsisChristopher J Hodson is Chief Security Officer for Cyberhaven where he oversees all facets of security to protect Cyberhaven customers and employees, including cloud and application security, security operations, and risk management. In addition, Chris serves as a board advisor at the workforce development platform, Cybrary, and is a fellow of the Chartered Institute of Information Security. He has previously held CISO positions with Contentful, Zscaler, and Tanium. He is a guest lecturer at Royal Holloway, University of London where he also holds a master's degree in computer and information systems security.Trade Review"This is an excellent book. Christopher Hodson writes as he speaks, with passion and clear understanding of a profession of which he has extensive experience and loves. Cyber Risk Management is extremely well researched and provides the reader with a simple-to-follow, guided journey through the cyber issues we face and the approaches we should be taking to cope with them. Hodson's pragmatic style demystifies complex issues making this a great read for both experienced security professionals and non-professionals alike. This is required reading for anyone who wants to intelligently manage cyber risk, whether a CISO, CFO or CEO!" * Amanda Finch, CEO, Chartered Institute of Security Professionals *"In the fast-paced world of cybersecurity, Cyber Risk Management is a guiding light. This book combines expertise with a friendly touch, making it easy for readers to tackle security challenges, no matter their technical background. Christopher Hodson has a knack for unravelling cybersecurity jargon and presenting complex ideas in a way that anyone can understand. He effortlessly blends theory with practical examples, ensuring readers not only grasp the basics but also gain insights into real-world scenarios. Throughout the book, Hodson expertly covers the essentials of cybersecurity risk management, offering a solid framework for prioritizing threats, spotting vulnerabilities, and implementing effective controls. His conversational tone and patient approach make this book a valuable resource for both seasoned practitioners and newcomers." * Dana Wolf, CEO and Co-Founder, YeshID *"Everyone in the cybersecurity universe is experiencing a pace of change and complexity which is simply unprecedented. Christopher Hodson has captured our universe as it is today. He covers the meteoric rise of LLMs and changes in social appetite to technology, with the keen insight, deep expertise and humour that we expect from him. He gives us a reason to feel optimistic about these changes. Whilst so much is changing, the importance of understanding cybersecurity remains paramount and constant." * Phil Owen MBE, VP/Chief Security Officer, Telus Health *"Cyber Risk Management serves as both a valuable playbook for security leaders building out their programs, and a much-needed reference for their key business and technical partners across the organization. Christopher Hodson reinforces and enriches each topic by drawing upon a diverse set of examples from emerging technologies, geopolitical and regulatory forces, historical events, and noteworthy incidents." * Ryan Kazanciyan, CISO, Wiz *Table of Contents Section - PART ONE: Contextualizing cybersecurity risk; Chapter - 01: Why now? The only constant is change; Chapter - 02: Technologies and security challenges; Chapter - 03: Data breaches; Section - PART TWO: Cybersecurity programme management; Chapter - 04: What are cybersecurity and cybercrime?; Chapter - 05: Establishing a cybersecurity programme; Section - PART THREE: Actors, events and vulnerabilities; Chapter - 06: Threat actors; Chapter - 07: Threat events; Chapter - 08: Vulnerabilities; Chapter - 09: Controls; Section - PART FOUR: Conclusion: the cybersecurity risk equation explained; Chapter - 10: Cyber risk management: a conclusion;

Read more less

Book SynopsisJessica Barker is the co-founder and co-CEO of Cygenta, a leading consultancy which advices businesses such as Mastercard, Microsoft and Cisco on their cybersecurity and cyber risk. She is also a prominent thought leader on the topics of cybersecurity and cybercrime and was named as the 'Cyber Citizen of the Year 2022' by the National Cyber Awards. She is the author of Confident Cyber Security (also published by Kogan Page). She is based in Las Vegas.

Read more less

Book SynopsisKeith Martin is a Professor of Information Security at Royal Holloway, University of London, UK, and director of the EPSRC Centre for Doctoral Training in Cyber Security for the Everyday. Jassim Happa is a Senior Lecturer in Information Security at Royal Holloway, University of London, UK.Konstantinos Mersinas is a Senior Lecturer in Information Security at Royal Holloway, University of London, UK. Guido Schmitz is an Assistant Professor in Computer Science and Cyber Security at Lancaster University, UK.

Read more less

Book SynopsisThe book describes data-driven approach to optimal monitoring and alerting in distributed computer systems. It interprets monitoring as a continuous process aimed at extraction of meaning from system's data. The resulting wisdom drives effective maintenance and fast recovery - the bread and butter of web operations.

Read more less

Book SynopsisThe design of cryptographic systems must be based on firm foundations, whereas ad hoc approaches and heuristics are a very dangerous way to go. These foundations were developed in works -authored by Shafi Goldwasser and/or Silvio Micali. This book celebrates these works, and reproduces some of them.Table of Contents Preface Acknowledgments Photo and Text Credits PART I BIOGRAPHIES, INTERVIEWS, AND AWARD LECTURES A Story Behind Every Problem: A Brief Biography of Shafi Goldwasser One Obsession at a Time: A Brief Biography of Silvio Micali An Interview with Shafi Goldwasser An Interview with Silvio Micali The Cryptographic Lens: Shafi Goldwasser's Turing Lecture Proofs, According to Silvio: Silvio Micali's Turing Lecture PART II ORIGINAL PAPERS Probabilistic Encryption The Knowledge Complexity of Interactive Proof Systems How to Generate Cryptographically Strong Sequences of Pseudorandom Bits How to Construct Random Functions A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks Proofs that Yield Nothing but Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems How to Play Any Mental Game: A Completeness Theorem for Protocols with Honest Majority Non-Interactive Zero-Knowledge (NIZK) Proof Systems Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions PART III PERSPECTIVES On the Foundations of Cryptography On the Impact of Cryptography on Complexity Theory On Some Noncryptographic Works of Goldwasser and Micali Fundamentals of Fully Homomorphic Encryption Interactive Proofs for Lattice Problems Following a Tangent of Proofs A Tutorial on Concurrent Zero-Knowledge Doubly Efficient Interactive Proofs Computational Entropy A Survey of Leakage-Resilient Cryptography Editor and Author Biographies

Read more less

Book SynopsisThe design of cryptographic systems must be based on firm foundations, whereas ad hoc approaches and heuristics are a very dangerous way to go. These foundations were developed in works -authored by Shafi Goldwasser and/or Silvio Micali. This book celebrates these works, and reproduces some of them.Table of Contents Preface Acknowledgments Photo and Text Credits PART I BIOGRAPHIES, INTERVIEWS, AND AWARD LECTURES A Story Behind Every Problem: A Brief Biography of Shafi Goldwasser One Obsession at a Time: A Brief Biography of Silvio Micali An Interview with Shafi Goldwasser An Interview with Silvio Micali The Cryptographic Lens: Shafi Goldwasser's Turing Lecture Proofs, According to Silvio: Silvio Micali's Turing Lecture PART II ORIGINAL PAPERS Probabilistic Encryption The Knowledge Complexity of Interactive Proof Systems How to Generate Cryptographically Strong Sequences of Pseudorandom Bits How to Construct Random Functions A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks Proofs that Yield Nothing but Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems How to Play Any Mental Game: A Completeness Theorem for Protocols with Honest Majority Non-Interactive Zero-Knowledge (NIZK) Proof Systems Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions PART III PERSPECTIVES On the Foundations of Cryptography On the Impact of Cryptography on Complexity Theory On Some Noncryptographic Works of Goldwasser and Micali Fundamentals of Fully Homomorphic Encryption Interactive Proofs for Lattice Problems Following a Tangent of Proofs A Tutorial on Concurrent Zero-Knowledge Doubly Efficient Interactive Proofs Computational Entropy A Survey of Leakage-Resilient Cryptography Editor and Author Biographies

Read more less

Book SynopsisWhile other books have documented the development of public key cryptograpy, this is the first to provide a comprehensive insiders’ perspective on the full impacts of public key cryptography, including six original chapters by nine distiguished scholars.

Read more less

Book SynopsisWhile other books have documented the development of public key cryptograpy, this is the first to provide a comprehensive insiders’ perspective on the full impacts of public key cryptography, including six original chapters by nine distiguished scholars.

Read more less

Book SynopsisUse this hands-on, introductory guide to understand and implement digital forensics to investigate computer crime using Windows, the most widely used operating system. This book provides you with the necessary skills to identify an intruder''s footprints and to gather the necessary digital evidence in a forensically sound manner to prosecute in a court of law.Directed toward users with no experience in the digital forensics field, this book provides guidelines and best practices when conducting investigations as well as teaching you how to use a variety of tools to investigate computer crime. You will be prepared to handle problems such as law violations, industrial espionage, and use of company resources for private use.Digital Forensics Basics is written as a series of tutorials with each task demonstrating how to use a specific computer forensics tool or technique. Practical information is provided and users can read a task and then implement it diTable of Contents

Read more less

Book SynopsisTable of Contents

Read more less

Book SynopsisUse the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.This oTable of ContentsIntroduction Explain the book’s focus, audience, organization, and contents. Chapter 1: Rationalize Cybersecurity for your Business Landscape Describes the six cybersecurity priority focus areas. Chapter 2: Identify and Empower Security-Related Roles Explains how the people in the business each contribute to the secure operation of the business and its digital systems. Chapter 3: Establish a Control Baseline Combs through control frameworks such as ISO 27001 and the NIST Cybersecurity Framework to select controls providing a minimum viable program (MVP) for many businesses. It also details how to align people, process, and technology for these controls; how to scale the implementation for different types of businesses; and how to sure share responsibility for delivering the controls with third parties. Chapter 4: Simplify and Rationalize IT and Security Argues that security leaders have a stake in developing an effective IT strategy, what that strategy might look like, and how security leaders – who don’t own IT - can still engage IT functions to help develop and deliver on the strategy. Chapter 5: Manage Risk in the Language of Business Clarifies why risk management literally must be the brains of the security program. It must analyze, monitor, and communicate what potential losses or circumstances constitute the business’s top risk scenarios. An effective tiered risk analysis process can efficiently address the myriad secondary risk issues that arise through processes and prioritize controls or other risk treatments. Chapter 6: Create a Strong Security Culture Brings the cultural subtext that can make or break a cybersecurity environment into the foreground. It analyzes the components of security culture and provides guidance on how to devise a security culture improvement process and measure its effectiveness. User awareness, training, and appropriate day to day engagement with the business can all play a part in forging a constructive security culture. Chapter 7: Put the Right Governance Model in Place Contrasts basic security governance structures that businesses can use, and provides guidance on how to select one and make it work. It describes core elements of the security program such as steering committees and security policy life cycle management. It also offers guidance on where the CISO should report in an organization. Chapter 8: Control Access with Minimal Drag on the Business Explains why access is the critical balance beam for the business, compliance mandates, and the security program. It addresses the need for information classification, data protection, and identity and access management (IAM) controls to implement access restrictions as required to reduce risk or attain regulatory compliance but do so in a way that enables appropriate digital relationships and data sharing with internal and external users. Chapter 9: Institute Resilience, Detection, and Response Guides readers on how to formulate contingency plans and strategies for detection, response, and recovery which together comprise cyber-resilience. Chapter 10: Putting the Pieces Together Summarizes guidance given throughout the book in the “keys” for aligning with the business. It reiterates guidance on how to scale security programs and the way they align to the business based on business size, complexity, and other factors.

Read more less

Book SynopsisPart I: Overview.- Chapter 1: Introduction.- Chapter 2: What Is Zero Trust?.- Chapter 3: Zero Trust Architectures.- Chapter 4: Zero Trust in Practice.- Part II: Zero Trust and Enterprise Architecture Components.- Chapter 5: Identity and Access Management.- Chapter 6: Network Infrastructure.- Chapter 7: Network Access Control.- Chapter 8: Intrusion Detection and Prevention Systems.- Chapter 9: Virtual Private Networks.- Chapter 10: Next-Generation Firewalls.- Chapter 11: Security Operations.- Chapter 12: Privileged Access Management.- Chapter 13: Data Protection.- Chapter 14: Infrastructure and Platform as a Service.- Chapter 15: Software as a Service.- Chapter 16: IoT Devices and Things.- Part III: Putting It All Together.- Chapter 17: A Zero Trust Policy Model.- Chapter 18: Zero Trust Scenarios.- Chapter 19: Making Zero Trust Successful.- Chapter 20: Conclusion.- Chapter 21: Afterword.- Appendix A: Further Reading.-Table of Contents

Read more less

Book SynopsisThis book is your complete guide to Snowflake security, covering account security, authentication, data access control, logging and monitoring, and more. It will help you make sure that you are using the security controls in a right way, are on top of access control, and making the most of the security features in Snowflake. Snowflake is the fastest growing cloud data warehouse in the world, and having the right methodology to protect the data is important both to data engineers and security teams. It allows for faster data enablement for organizations, as well as reducing security risks, meeting compliance requirements, and solving data privacy challenges. There are currently tens of thousands of people who are either data engineers/data ops in Snowflake-using organizations, or security people in such organizations. This book provides guidance when you want to apply certain capabilities, such as data masking, row-level security, column-level security, tackling rolehierarchy, buildTable of ContentsChapter 1. Introduction to Snowflake What’s happening to data Where Snowflake fits in Building your first Snowflake Data Warehouse Chapter 2. Account Security Security Best Practices for Snowflake Private Link Connection Chapter 3. Authentication Authentication in Snowflake overview Setting Up MFA Setting Up OAuth Setting Up SSO Connecting through a 3rd party SSO Connecting through a custom OAuth Authentication Service Network Access Control Managing Roles Through SCIM Chapter 4. Data Access Control Introduction to Data Access Controls Snowflake Security Model Designing roles architecture Custom Data Access Control Column Based Access Control Using Abstraction Using Dynamic Masking Row Based Access Control Using Abstraction Using Row Based Policies Custom Access Control Chapter 5. Logging & Monitoring Introduction Snowflake Metadata Account Usage vs Information Schema Main Views for Security Limitations SnowAlert Building a Custom Security Dashboard Setting Things Up Dashboard Incident Response Chapter 6. Epilogue Recap What’s Coming Up

Read more less

Book SynopsisImplement cloud security with Azure security tools, configurations and policies that address the needs of businesses and governments alike. This book introduces you to the most important security solutions available in Azure and provides you with step-by-step guidance to effectively set up security and deploy an application on top of Azure platform services, as well as on top of Azure infrastructure.Author Pushpa Herath begins by teaching you the fundamentals of Azure security. An easy to follow exploration of management groups, subscriptions, management locks and Azure policies further elaborate the concepts underlying Azure cloud security. Next, you will learn about Azure Active Directory (AAD) and the utilization of AAD in application and infrastructure security. Essential aspects of maintaining secure application keys and certificates are further explained in the context of Azure Key Vault. New application security implementations such as Azure configuratTable of ContentsChapter 1: Understanding the Importance of Data/Application Security Chapter Goal: Give general overview on importance of data security No of pages: 5 Sub -Topics 1. Introduction to security 2. Introduction to Azure security fundamentals Chapter 2: Overview of Basic Azure Security Components Chapter Goal: Introduction to various security components in Azure and how to utilize them. No of pages: 15 Sub - Topics 1. Introduction to Azure Management groups and subscriptions 2. Azure Management locks 3. Introduction to Azure policies Chapter 3: Introduction to Azure Active Directory Chapter Goal: Lessons to provide hand-on guidance on user access control of the organization using Azure Active Directory. No of pages : 30 Sub - Topics: 1. Adding users and groups to the AD 2. Manage External Identities 3. Enable two factor authentications 4. Roles and Administrative units in Azure AD 5. Managing Enterprise applications 6. Introduction to AD devices 7. Azure AD app registration 8. Adding custom domains Chapter 4: Working with Azure Key vault Chapter Goal: Step by step guidance to setting up and using azure key vault to achieve several security requirements in the organization. No of pages: 15 Sub - Topics: 1. Setting up Key vault 2. Key vault access control 3. Using KV to save Keys 4. Using KV to secure Secrets 5. Using KV to keep certificates 6. Key vault access policies 7. KV networking and security Chapter 5: Ensure Azure Application security Chapter Goal: Step by step guidance to setting up various security components which helps to secure application hosted in Azure No of pages: 40 Sub - Topics: 1. Keep configurations in central location using Azure Configuration 2. Authentication and authorization in Azure App Service 3. How to secure application with web application firewall in Azure 4. Application Security groups Chapter 6: Ensure Data Security with Azure Storages Chapter Goal: Overview on how data storage security works in Azure No of pages: 30 Sub - Topics: 1. Setting up azure storage 2. Azure storage encryption 3. Azure defender for azure storage Chapter 7: Ensure Security using Azure Virtual Networks Chapter Goal: Step by step guide on how to setup virtual networks to enhance the security of the data and infrastructure. No of pages: 40 Sub - Topics: 1. Network security groups 2. Azure VPN gateways 3. Azure Load balancer 4. Azure Subnets Chapter 8: Working with Azure Application Gateway Chapter Goal: Hands on lessons on implementing Azure Application gateway to enhance the security of the data Sub - Topics: 1. Setting up Azure Application gateway 2. Secure Web App using App gateway 3. Secure Virtual Machine using App gateway Chapter 9: Securing data with Azure Firewall Chapter Goal: Step by step guidance to setting up azure firewall and configure it to secure data No of pages: 40 Sub - Topics: 1. Setting up Azure Firewall 2. Setting up policies 3. Setting up rules Chapter 10: Creating App Service Environment to enhance security Chapter Goal: Step by step guidance to setting up App service environment and using it to secure applications No of pages: 50 Sub - Topics: 1. Setting up Azure Application service environment 2. Deploy applications to app service environment Chapter 11: Secure Infrastructures in Azure Chapter Goal: Explains different security features available with few of the azure resources No of pages: 30 Sub - Topics: 1. Secure Azure Virtual machine using Bastian 2. Secure Azure Virtual machine using encrypted firewall rules 3. Azure SQL server security components

Read more less

Book SynopsisIn introducing the National Security Commission on AI''s final report, Eric Schmidt, former Google CEO, and Robert Work, former Deputy Secretary of Defense, wrote: The human talent deficit is the government''s most conspicuous AI deficit and the single greatest inhibitor to buying, building, and fielding AI-enabled technologies for national security purposes. Drawing upon three decades of leading hundreds of advanced analytics and AI programs and projects in government and industry, Chris Whitlock and Frank Strickland address in this book the primary variable in the talent deficit, i.e., large numbers of qualified AI leaders.The book quickly moves from a case for action to leadership principles and practices for effectively integrating AI into programs and driving results in AI projects. The chapters convey 37 axioms - enduring truths for developing and deploying AI - and over 100 leader practices set among 50 cases and examples, 40 of which focus on AI iTable of ContentsForewordIntroduction Chapter 1. The Three Imperatives to Develop AI Leaders Chapter 2. How Leaders Should Think and Talk About AI Chapter 3. Leading the Program Chapter 4. Government Programming and Budgeting for AI Leaders Chapter 5. Leading the Project Chapter 6. Data Science for AI Leaders Chapter 7. Leading the People Chapter 8. Leading the Technology Endnotes About AI Leaders

Read more less

Book SynopsisThe contemporary IT landscape is littered with various technologies that vendors claim will solve an organization's cybersecurity challenges. These technologies are powerful and, in the right context, can be very effective. But misunderstood and misused, they either do not provide effective protection or do not protect the right things. This results in unnecessary expenditures, false beliefs of security, and interference with an organization's mission.This book introduces major technologies that are employed in today's cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives. What You Table of ContentsChapter 1: The Psychology of Cybersecurity Technology Chapter 2: Authentication Tech Foundations of Authentication The Big Three – Something You Know, Have, or Are Secure Password Storage How Hackers “Crack” Password Lists Chapter 3: Access Control Tech Foundations of Access Controls Mandatory vs Discretionary Access Controls BLP, BIBA, and Other Models RBAC and ABAC Chapter 4: Core Cryptography Tech Foundations of Cryptography Symmetric Cryptography Asymmetric Cryptography Certificates and PKI Chapter 5: Cryptography Application Tech Foundations of Cryptographic Applications Securing Data-At-Rest Securing Data-In-Motion Securing Data-In-Use Securing Composite States Chapter 6: Classical Host Security Tech Foundations of Host Security Malware: Viruses, Trojans, Ransomware Host Hardening Host IDS Technological Limits Chapter 7: Classical Network Security Tech Foundations of Network Security Border Security: Gateways, Firewalls, Proxies Virtual Private Network (VPN) Network IDS and IPS Physical Security Technological Limits Chapter 8: Web Security Tech Foundations of Web Security TLS Cookies, State, and Session Defenses API Security Domain Name Security Chapter 9: Email and Social Media Security Tech Foundations of Overlay Security Email-borne Malware Spam, Phishing, and Other Email Threats Social Media Threats Chapter 10: Cloud Security Tech Foundations of Cloud Security Authenticating and Authorizing Across Domains Multitenancy Security for Storage and Operations Availability Incident Response Chapter 11: Modern Security Tech Foundations of Classic Security Limitations Advanced Persistent Threats Zero-trust Networking Deception Technologies Data Privacy Techniques Chapter 12: Blockchain Tech Foundations of Blockchain Technology Peer-to-Peer Technology Distributed Ledgers Public and Private Ledgers Limitations of the Technology Cryptocurrencies Chapter 13: Current Events and Future Trends TODO: Decided closer to end-of-book Appendix A: Review of Computer Basics Appendix B: Review of Networking Basics

Read more less

Book SynopsisWe are at the threshold of a new area of the internet that promises to transform the way we engage financially and take the power of data and privacy back from big corporations and give it to the individual through decentralization. This is sometimes called Web 3.0. While Web 1.0 transformed information sharing and commerce and brought us giants like Google and Amazon and Web 2.0 unlocked the social potential of the internet and created Facebook, Twitter, and Snapchat, exactly what will come of Web 3.0 remains to be seen. It is indisputable that the seed of Web 3.0 is the technological, social, and economic innovations that came together in Bitcoin and the blockchain technology it created. But where the first web iterations were relatively straightforward to understand, the inner workings of Web 3.0 remain more opaque and shrouded in mystique. Current voices on Bitcoin and the blockchain revolution fall squarely into one of two camps; either technological experts who are all also invTable of ContentsIntroduction Part 1 - Genealogy of bitcoin technology The technological developments leading to bitcoin. This part is a technological history that reviews the technological developments that Bitcoin builds on. There are a few strands that developed more or less independently that combine into Bitcoin. Once they are explained it is possible to give a deeper explanation of how Bitcoin works. This understanding will inform the remaining parts of the book. Chapter 1: Cryptography The purpose of cryptography is to keep information private by preserving confidentiality, integrity and access to it. Public private key encryption Hashing Zero knowledge proof Chapter 2: Virtual Money In this chapter we will go into the history of electronic or virtual money before bitcoin. Digicash E gold Bitgold b Money Hash cash Chapter 3: Peer-to-peer technology The internet of today is a centralized type of computing working through a number of web servers that function in a hierarchy. Properties of p2p networks Discovering a peer Secure sharing File Sharing from Napster to BitTorrent Chapter 4: Proof of work An inherent problem with the networked world is that accessing and processing information is essentially free, which makes certain types of disruptive behavior easy, which we see in denial of service attacks, spam mail and robocalling. This brings new problems that did not exist when it cost significant money to send a letter, read a paper or book or make a phone call. DDoS Spam Money transactions Chapter 5: Public record Since the time of the code of Hammurabi, the purpose of a public record has been clear: to establish indisputable truth. While this is seemingly the opposite of the privacy and confidentiality entailed by cryptography it serves the purpose of making information shared and immutable. Historical technologies of public record The purpose of public records The accounting revolution and the development of ledgers, double entry bookkeeping to triple entry bookkeeping Chapter 6: Bitcoin From the previous chapters we are now able to piece together how bitcoin and the block chain works. Virtual money - The Bitcoin Encrypting for privacy - The Wallet Public record - The Blockchain Peer to peer network - The Miners Proof of work - Transactions (cryptographic proof and the consensus algorithm) Part 2 - Still searching for Satoshi - who is the historical Satoshi Nakamoto? Much writing about Bitcoin has focused on who the historical person or persons behind Satoshi Nakamoto is. This part will apply a historical critical perspective to this question and sift through the evidence in order to create a better understanding of what we can and cannot say about the identity of Satoshi Nakamoto. Chapter 7: Who dunnit? A review of previous identifications of the person behind Satoshi. This has previously taken the shape of investigative journalism in the style of true crime reporting Joshua Davis, The New Yorker 2011 Adam Penenberg, Fast Company 2011 Alec Liu, Vice 2013 John Markoff, New York Times 2013 Andy Greenberg, Forbes 2014 Leah McGrath Goodman, Newsweek 2014 Skye Grey, blog 2014 Dominic Frisby, Bitcoin the future of money 2014 Nathaniel Popper, New York Time 2015 Andy Greenberg, Gwern Branwen, Wired 2015 Sam Biddle, Gizmodo 2015 Izabella Kasminska, Financial Times 2016 Evan Ratliff, Wired 2019 Other sources - twitter, youtube, tv Chapter 8: Ad fontes-What do the sources say? By focusing on the sources we are able to extract a number of key characteristics to look for: Historical analysis - establishes a couple of key points for historical analysis The bitcoin whitepaper - the most crucial piece of evidence The forums - the p2p forum and later the bitcoin forum are sources where Satoshi discussed with peers about bitcoin The code - the code in itself may also contain clues The blockchain - the record of transactions also provides an insight into the origin of bitcoin Summary - what can the sources tell us? Chapter 9: Motives What were the motives behind the creation of bitcoin Ideology - what can be said about the ideology of the author based on extant sources? Why the synonym? - what could be the reason for the initial and continued secrecy surrounding the inventor? Summary - why did the inventor invent bitcoin and in this particular way? Chapter 10: The social network of early bitcoin Who were the people involved in the beginning of Bitcoin p2p forum communication Bitcoin forum communication Blockchain transactions Summary - what can we learn from looking at the bitcoin initial network Chapter 11: The usual suspects? Rather than pointing definitively to one or another suspect we will try to integrate the knowledge we have gained with the list of known suspects. An evaluation framework - developing an evaluation framework against which to measure the likelihood of any candidate being Satoshi Nakamoto Prime suspects - the suspects that have gained most attention · Hal Finney · Nick Szabo · Dorian Sakamoto · Craig Wright and David Kleiman · Paul Leroux Secondary suspects - suspects that have gained some attention · Vili Lehdonum and Michael Clear · Neal King, Vladimir Oksman, Charles Bry · Hal Finney, Nick Szabo and Adam Back · Shinichi Mochizuki · Ross Ulbricht · Adam Back · Gavin Andresen · Jed McCaleb · Elon Musk · Len Sassaman · Someone else A new primary suspect - as in the movie The Usual Suspects, careful analysis points towards a surprising suspect who is not in the primary field of suspects. Part 3 - Bitcoin in context How is bitcoin viewed in the wider context of human civilization? Bitcoin does not exist in a technological bubble addressing only technological issues. It is firmly situated in a web of themes that are and have been central to human civilization. This may account for its notoriety but needs to be put in context. Chapter 12: Money Since prehistoric times humans have engaged in exchange. This falls in a continuum from barter, through intermediaries as cowry shells, gold and silver coins to purely symbolic means of exchange. The history of money Medium of exchange Unit of account Standard of deferred payment Store of value Types of money · Commodity · Representative money · Fiat · Digital money · Deposits The politics of money Money as a bridge between domains of value Chapter 13: Ownership Proving that you own something has been a central feature of human societies for millenia and disputes have fueled more than its share of violence and conflict. Owners · Private · Public · Corporate · Communal Property · Tangible · Intangible Establishing and policing ownership · National · Transnational Chapter 14: Social organization Human societies have always been characterized by some sort of social organization. The different options have been debated since classical antiquity. This chapter will take a look at the space of social organization and narrow it down to the particular types associated with bitcoin and blockchain. An ancient discussion: Monarchy, Oligarchy and Democracy - and anarchy Centralization vs decentralization Types of social organization in human groups Open source Cypher punks Chapter 15: Religion A rarely debated issue are the religious aspects surrounding Bitcoin and the blockchain movement. But these aspects are nothing new when it comes to human cultures. Understanding this helps explain a lot of the seemingly strange behavior of bitcoin believers without claiming that Bitcoin is an actual religion. The prophet - Satoshi Nakamoto Sacred scriptures- The Bitcoin whitepaper and the forum posts Believers and heathens Cargo cults Millenarianism Part 4 - Blockchain and the future Where can blockchain technology be applied? Where, if anywhere, might we see cryptocurrencies and the blockchain in the future and how might it affect our lives? A case could be made that we are only in the beginning phases of the blockchain now, sometimes called Web3, where the worst of the teething problems are gone and the wild west ethos is receding. Where not to use blockchain - First let us consider a number of areas where blockchain is currently suggested that might not be particularly relevant. Parameters to be tweaked - Bitcoin was the first version of blockchain technology and certain choices were made. But subsequent and future blockchains need not make the same choices. We need to understand how this can be done in order to ascertain the future utility of the blockchain. Transaction speed Energy consumption Degree of centralization Public availability Mining rewards Banking - even though Bitcoin at its outset was antithetical to the banking industry there are particularly good use cases here. Payment - bitcoin may not in itself have been very successful as a payments solution so far but there is no reason why another cryptocurrency will not be. Current payment systems are slow and expensive compared to what the blockchain can offer. International payments Remittance Peer to peer payments Micropayments Certification - building on the ability to serve as a public record there are good reasons that a blockchain can serve as a public record for information about ownership NFTs Real estate Media Contracts - the ability to establish indisputable truth makes it possible to build contracts that automatically execute according to some logic. This can be used for escrow services and delivery of other services as well as insurance. Regulatory compliance - the immutability of the blockchain makes it good for a great number of use cases where fraud has previously been an issue Forensics - the public nature of the blockchain makes it a valuable tool for law enforcement, especially international law enforcement, which has already proven its worth in a number of high profile cases. Supply chain - the blockchain is well suited for keeping track of things movement across time and place. Health - keeping track of health trackers and personal health records could be done on a blockchain Government - in government there are also areas where blockchain may be useful Special purpose tokens Voting Identity Glossary Key concepts described

Read more less

Book SynopsisThis practical book not only shows Hadoop administrators and security architects how to protect Hadoop data from unauthorized access, it also shows how to limit the ability of an attacker to corrupt or modify data in the event of a security breach.

Read more less

Book SynopsisIf you're involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical guide shows you how to apply the scientific method when assessing techniques for protecting your information systems.

Read more less

Book SynopsisWritten by members of Cisco's Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

Read more less

Book SynopsisThis compendium of research on insider threats is essential reading for all personnel with accountabilities for security; it shows graphically the extent and persistence of the threat that all organizations face and against which they must take preventive measures. Roger Howsley, Executive Director, World Institute for Nuclear SecurityHigh-security organizations around the world face devastating threats from insiders—trusted employees with access to sensitive information, facilities, and materials. From Edward Snowden to the Fort Hood shooter to the theft of nuclear materials, the threat from insiders is on the front page and at the top of the policy agenda. Insider Threats offers detailed case studies of insider disasters across a range of different types of institutions, from biological research laboratories, to nuclear power plants, to the U.S. Army. Matthew Bunn and Scott D. Sagan outline cognitive and organizational biases that lead organTrade ReviewInsider Threats is well-written, even literary. Its chief lesson: organizations are rarely designed to catch the insider, and much work needs to be done to protect them. -- Ross Johnson * Security Management *

Read more less

Book SynopsisAs threats to the security of information pervade the fabric of everyday life, A Vulnerable System describes how, even as the demand for information security increases, the needs of society are not being met. The result is that the confidentiality of our personal data, the integrity of our elections, and the stability of foreign relations between countries are increasingly at risk.Andrew J. Stewart convincingly shows that emergency software patches and new security products cannot provide the solution to threats such as computer hacking, viruses, software vulnerabilities, and electronic spying. Profound underlying structural problems must first be understood, confronted, and then addressed.A Vulnerable System delivers a long view of the history of information security, beginning with the creation of the first digital computers during the Cold War. From the key institutions of the so-called military industrial complex in the 1950s to STrade ReviewStewart has written an easy-to-read history of computer security. He continues his marvelous story telling, covering human weaknesses, perhaps the most reliable way of gaining access to networks, then to massive data breaches. Altogether, I consider this book very much worth reading. * Login *The author writes in an easily accessible style, allowing the reader to gain a good overview of computer security at various stages of development, from the mid-20th-century events to the late 2010s, and to delve deeper by following the notes at the back of the book (there are over 70 pages of them!). Most topics are covered this way and this lends a curious reader to complement their scientific knowledge with amusing or eye-opening anecdotes. * Cipher Newsletter *A Vulnerable System provides an accessible and engaging overview of many major developments in the history of computer security. It should be useful for teaching courses on the history of computer security, as well as for providing historical perspective to information security practitioners and general readers. * Technology and Culture *Andrew J. Stewart's A Vulnerable System: The History of Information Security in the Computer Age is a comprehensive review of the evolution of information security within the overall context of the remarkable level of information technological advancement in the twentieth century. Using carefully researched sources combined with an insightful analysis, Stewart takes readers on a journey through the history of safeguarding digital systems. * California History *Table of ContentsIntroduction: Three Stigmata 1. A "New Dimension" for the Security of Information 2. The Promise, Success, and Failure of the Early Researchers 3. The Creation of the Internet and the Web, and a Dark Portent 4. The Dot-Com Boom and the Genesis of a Lucrative Feedback Loop 5. Software Security and the "Hamster Wheel of Pain" 6. Usable Security, Economics, and Psychology 7. Vulnerability Disclosure, Bounties, and Markets 8. Data Breaches, Nation-State Hacking, and Epistemic Closure 9. The Wicked Nature of Information Security Epilogue: The Past, Present, and a Possible Future

Read more less

Book Synopsis

Read more less

Book SynopsisInformation security is at the forefront of timely IT topics, due to the spectacular and well-publicized breaches of personal information stored by companies. To create a secure IT environment, many steps must be taken, but not all steps are created equal. There are technological measures that increase security, and some that do not do, but overall, the best defense is to create a culture of security in the organization.The same principles that guide IT security in the enterprise guide smaller organizations and individuals. The individual techniques and tools may vary by size, but everyone with a computer needs to turn on a firewall and have antivirus software. Personal information should be safeguarded by individuals and by the firms entrusted with it. As organizations and people develop security plans and put the technical pieces in place, a system can emerge that is greater than the sum of its parts.

Read more less

Book SynopsisAs society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldomadopted.In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today.Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner.Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

Read more less

Book SynopsisThe aim of cryptography is to design primitives and protocols that withstand adversarial behavior. Information theoretic cryptography, how-so-ever desirable, is extremely restrictive and most non-trivial cryptographic tasks are known to be information theoretically impossible. In order to realize sophisticated cryptographic primitives, we forgo information theoretic security and assume limitations on what can be efficiently computed. In other words we attempt to build secure systems conditioned on some computational intractability assumption such as factoring, discrete log, decisional Diffie-Hellman, learning with errors, and many more.In this work, based on the 2013 ACM Doctoral Dissertation Award-winning thesis, we put forth new plausible lattice-based constructions with properties that approximate the sought after multilinear maps. The multilinear analog of the decision Diffie-Hellman problem appears to be hard in our construction, and this allows for their use in cryptography. These constructions open doors to providing solutions to a number of important open problems.Table of Contents Introduction Survey of Applications Multilinear Maps and Graded Encoding Systems Preliminaries I: Lattices Preliminaries II: Algebraic Number Theory Background The New Encoding Schemes Security of Our Constructions Preliminaries III: Computation in a Number Field Survey of Lattice Cryptanalysis One-Round Key Exchange Generalizing Graded Encoding Systems Bibliography Author's Biography

Read more less

Book SynopsisThe aim of cryptography is to design primitives and protocols that withstand adversarial behavior. Information theoretic cryptography, how-so-ever desirable, is extremely restrictive and most non-trivial cryptographic tasks are known to be information theoretically impossible. In order to realize sophisticated cryptographic primitives, we forgo information theoretic security and assume limitations on what can be efficiently computed. In other words we attempt to build secure systems conditioned on some computational intractability assumption such as factoring, discrete log, decisional Diffie-Hellman, learning with errors, and many more.In this work, based on the 2013 ACM Doctoral Dissertation Award-winning thesis, we put forth new plausible lattice-based constructions with properties that approximate the sought after multilinear maps. The multilinear analog of the decision Diffie-Hellman problem appears to be hard in our construction, and this allows for their use in cryptography. These constructions open doors to providing solutions to a number of important open problems.Table of Contents Introduction Survey of Applications Multilinear Maps and Graded Encoding Systems Preliminaries I: Lattices Preliminaries II: Algebraic Number Theory Background The New Encoding Schemes Security of Our Constructions Preliminaries III: Computation in a Number Field Survey of Lattice Cryptanalysis One-Round Key Exchange Generalizing Graded Encoding Systems Bibliography Author's Biography

Read more less

Book SynopsisBuilding a successful cybersecurity team is no longer optional.Cyberthreats evolve at a staggering pace, and effective cybersecurity operations depend on successful teams. Unfortunately, statistics continue to illustrate that employers are not finding the people they need.The Can. Trust. Will. system guides the C-Suite, HR professionals and talent acquisition to build unbeatable cybersecurity teams through advanced hiring processes and focused on-boarding programs. Additionally, this book details how successful cybersecurity ecosystems are best built and sustained, with expert analysis from high-level government officials, Fortune 500 CSOs and CISOs, risk managers, and even a few techies.Those already in the field (and newbies) will glean invaluable knowledge about how to find their most effective position within a cybersecurity ecosystem. In a tech-driven environment, cybersecurity is fundamentally a human problem: and the first step is to hire for the human element.

Read more less

Book SynopsisThe damaging effects of cyberattacks to an industry like the Cooperative Connected and Automated Mobility (CCAM) can be tremendous. From the least important to the worst ones, one can mention for example the damage in the reputation of vehicle manufacturers, the increased denial of customers to adopt CCAM, the loss of working hours (having direct impact on the European GDP), material damages, increased environmental pollution due e.g., to traffic jams or malicious modifications in sensors’ firmware, and ultimately, the great danger for human lives, either they are drivers, passengers or pedestrians.Connected vehicles will soon become a reality on our roads, bringing along new services and capabilities, but also technical challenges and security threats. To overcome these risks, the CARAMEL project has developed several anti-hacking solutions for the new generation of vehicles.CARAMEL (Artificial Intelligence-based Cybersecurity for Connected and Automated Vehicles), a research project co-funded by the European Union under the Horizon 2020 framework programme, is a project consortium with 15 organizations from 8 European countries together with 3 Korean partners. The project applies a proactive approach based on Artificial Intelligence and Machine Learning techniques to detect and prevent potential cybersecurity threats to autonomous and connected vehicles. This approach has been addressed based on four fundamental pillars, namely: Autonomous Mobility, Connected Mobility, Electromobility, and Remote Control Vehicle. This book presents theory and results from each of these technical directions.Trade ReviewThe main goal of the project was the development of a more secure driving experience for the connected and automated vehicles and was built around four innovation pillars: the autonomous vehicle, the connected vehicle, the plug-in electrical vehicle and the remote control vehicle. The project, and hence the book, has delivered exceptional results with significant immediate or potential impact The project has achieved all of its objectives and milestones for the period and went much beyond the dissemination objectives. -- Project ManagerTable of Contents 1. Introduction 2. Autonomous Mobility 3. V2X Connected Mobility 4. Electromobility 5. Remote Control Vehicle Conclusions Index

Read more less

Book SynopsisIn recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains.This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability.In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot.Table of Contents 1. Introduction 2. Security Data Modelling for Configurable Risk Assessment as a Service in IoT Systems 3. Data-Driven IoT Security Using Deep Learning Techniques 4. Privacy awareness, risk assessment and control measures in IoT platforms: BRAIN-IoT approach 5. IoT Network Risk Assessment and Mitigation: The SerIoT Approach 6. CHARIOT Integrated Approach to Safety, Privacy and Security 7. Pattern-driven Security, Privacy, Dependability and Interoperability in IoT 8. Enabling Continuous Privacy Risk Management in IoT Systems 9. Data Protection compliance assessment for the Internet of Things 10. Cybersecurity certification in IoT environments 11. Firmware software analysis at source code and binary levels 12. End-to-end security for IoT 13. Blockchain ledger solution affirming physical, operational and functional changes in an IoT system 14. Leveraging Interledger Technologies in IoT Security Risk Management 15. Epilogue

Read more less

Book SynopsisModern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI).This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well.Table of Contents Part I “Securing Critical Infrastructures of Sensitive Industrial Plants and Sites”: • Chapter 1 “InfraStress approach on risk modelling of cascading events with live data for decision support”. • Chapter 2 “Cyber-physical adversarial attacks and countermeasures for deep learning vision systems on critical infrastructures”.• Chapter 3 “Modelling of interdependencies among and InfraStress approach on risk modelling of cascading events with live data for decision support”. • Chapter 4 “Data Visualisation for Situational Awareness in Industrial Critical Infrastructure: an InfraStress Case Study”.• Chapter 5 “Critical Infrastructures, SIPS and Threat Intelligence: legal and ethical aspects of security research”. Part II “Securing Critical Infrastructures in the Water Sector”: • Chapter 6 “Cyber security importance in the water sector and the contribution of the STOP-IT project”.• Chapter 7 “Cyber-Physical security for critical water infrastructures at strategic and tactical level”. • Chapter 8 “Cyber-physical solutions for real-time detection at operational level”. • Chapter 9 “Applying Machine Learning and Deep Learning algorithms for Anomaly Detection in Critical Water Infrastructures”. Part III “Securing Critical Infrastructures for Air Transport”: • Chapter 10 “Security Challenges for Critical Infrastructures in Air Transport”.• Chapter 11 “Toolkit to enhance cyber-physical security of Critical Infrastructures in Air Transport”.• Chapter 12 “Security ontologies as technological enabler for blended threat detection and enhanced systems interoperability”. Part IV “Securing Critical Infrastructures for Gas”: • Chapter 13 “Conceptual Model and CONOPS for Secure and Resilient Gas CI”.• Chapter 14 “High-Level Reference Architecture (HLRA) for Gas Infrastructures Protection”. • Chapter 15 “The SecureGas Key Performance Indicators for resilient gas critical infrastructures”. • Chapter 16 “Communication of Security-related Incident Information to the Authorities and the Population”. Part V “Securing Critical Infrastructures of the Healthcare Sector”: • Chapter 17 “Security monitoring for medical devices”.• Chapter 18 “User Experience models for threat monitoring and security management in healthcare”. • Chapter 19 “Attacking and defending healthcare building automation networks”.• Chapter 20 “An Intuitive Distributed Cyber Situational Awareness Framework Within a Healthcare Environment”. Part VI “Securing Critical Infrastructures in the Finance Sector”: • Chapter 21 “The FINSEC Platform: End-to-End Data-Driven Cyber-Physical Threat Intelligence for Critical Infrastructures in Finance”. • Chapter 22 “Anomaly detection for critical financial infrastructure protection”. Part VII “Critical Infrastructure Protection and Smart Resilience”: • Chapter 23 “Indicator-based assessment of resilience of critical infrastructures: From single indicators to comprehensive “smart” assessment”.

Read more less

Book SynopsisENACT is a research project funded by the European Commission under its H2020 program. The project consortium consists of twelve industry and research member organisations spread across the whole EU. The overall goal of the ENACT project was to provide a novel set of solutions to enable DevOps in the realm of trustworthy Smart IoT Systems. Smart IoT Systems (SIS) are complex systems involving not only sensors but also actuators with control loops distributed all across the IoT, Edge and Cloud infrastructure. Since smart IoT systems typically operate in a changing and often unpredictable environment, the ability of these systems to continuously evolve and adapt to their new environment is decisive to ensure and increase their trustworthiness, quality and user experience. DevOps has established itself as a software development life-cycle model that encourages developers to continuously bring new features to the system under operation without sacrificing quality. This book reports on the ENACT work to empower the development and operation as well as the continuous and agile evolution of SIS, which is necessary to adapt the system to changes in its environment, such as newly appearing trustworthiness threats.Table of Contents 1. Introduction 2. The ENACT Approach 3. Privacy Issues Control in Continuous Risk Management 4. Model-based Continuous Deployment of SIS 5. A DevOps Toolchain for Managing Actuation Conflicts in Smart IoT Systems 6. Online Reinforcement Learning for Self-Adaptive Smart IoT Systems 7. Security of Smart IoT Systems 8. Validation, Verification and Root-Cause Analysis 9. SIS-based eHealth application: the Tellu use case 10. Intelligent Transport System: the Indra Use Case 11. Smart Building: the Tecnalia KUBIK use case 12. Conclusion

Read more less

Book SynopsisThe information age has opened a new front of adversarial statecraft. The past decades have seen the rise and refinement of conflict enacted in the world of information, with tactics including seeding disinformation, the theft of sensitive data, confusing or obscuring public opinion to forward specific goals, and beyond. Deterrence in the 21st Century asks how, and if it is indeed possible, to deter an enemy in the realm of information warfare.Setting the stage with an overview of key concepts of deterrence in the information age, the book presents new conceptual approaches and their possible applications. Bringing together some of the most respected analysts working today, Deterrence in the 21st Century looks beyond the technical aspects of the use of information and disinformation as adversarial statecraft to seek new avenues to deter the undermining of institutions and societies.Treating deterrence as a concept, a policy, a social challenge, and a series of practical solutions, Deterrence in the 21st Century presents theoretical approaches, conceptual analysis, empirical research, and content analysis. This is a thorough, thoughtful, and expert analysis of one of the most difficult and essential security challenges of our time.With contributions by: Christopher Ankersen, Yair Ansbacher, Oshri Bar-Gill, Stephen J. Cimbala, Maddie D'Agata, Molly Ellenberg, Leandre R. Fabrigar, Rachel Lea Heide, Nicole J. Jackson, Pierre Jolicoeur, Christian Leuprecht, Adam Lowther, Sarah Jane Meharg, Eric Ouellet, Ronald D. Porter, Anthony Seaboyer, Ron Schleifer, Miniqian Shen, Anne Speckhard, Keith Stewart, Joseph Szeman, and Alex Wilner

Read more less

Book SynopsisThe Cyber Certified Professional (CCP) scheme certifies your ability to enforce cyber security knowledge and expertise in real-world situations. The book is designed to help information security professionals understand the CC scheme and how it can be used to evaluate and certify the security of IT products. Whether you are involved in information security management or product development, this book is an essential resource for understanding the CCP scheme and its role in information security.Table of Contents Chapter 1 Introduction to Information Security Chapter 2 The Human Resources of IT Project Management Chapter 3 Budget Management in IT Projects Chapter 4 Stakeholders in IT Project Management Chapter 5 Change Management in IT Project Chapter 6 Methods and Tools in IT Project Management Chapter 7 Challenges in IT Project Management Chapter 8 Prospects in IT Project Management

Read more less

Book SynopsisThis text provides an overview of the principles and practices involved in managing and operating data centers. It covers topics such as data center design, infrastructure management, virtualization, cloud computing, and security. The book is intended for IT professionals and data center managers who are responsible for the operation and maintenance of data centers. It provides valuable insights and best practices for optimizing data center performance, reliability, and efficiency.Table of Contents Chapter 1 Introduction to Data Center Management Chapter 2 Data Center Topologies and Network Architecture Chapter 3 Security and Compliance in Data Protection Chapter 4 Monitoring and Management Tools Chapter 5 Virtualization and Cloud Computing Chapter 6 Importance of Power and Cooling Management Chapter 7 Challenges in Data Center Management Chapter 8 Future Trends in Data Center Management

Read more less

Book SynopsisDigital information and communication technologies can be seen as a threat to privacy, a step forward for freedom of expression and communication, a tool in the fight against terrorism or the source of a new economic wealth. Computerization has unexpectedly progressed beyond our imagination, from a tool of management and control into one of widespread communication and expression. This book revisits the major questions that have emerged with the progress of computerization over nearly half a century, by describing the context in which these issues were formulated. By taking a social and digital approach, the author explores controversial issues surrounding the development of this "digital revolution", including freedom and privacy of the individual, social control, surveillance, public security and the economic exploitation of personal data. From students, teachers and researchers engaged in data analysis, to institutional decision-makers and actors in policy or business, all members of today's digital society will take from this book a better understanding of the essential issues of the current "digital revolution".Table of ContentsIntroduction ix Chapter 1. Technological Surveillance Subjected to Restrictions 1 Chapter 2. Security Over Liberty 21 Chapter 3. A Network Promoting Participation and Exchange 41 Chapter 4. Privitization and Economic Exploitation of Personal Data 65 Chapter 5. Digitalization and Revolution 87 Bibliography 107 Index 117

Read more less

Book SynopsisCyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today’s landscape, organizations need to acquire and develop effective security tools and mechanisms – not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systemsTable of ContentsIntroduction ix Wiem TOUNSI Chapter 1. What Is Cyber Threat Intelligence and How Is It Evolving? 1 Wiem TOUNSI 1.1. Introduction 1 1.2. Background 3 1.2.1. New Generation Threats 3 1.2.2. Analytical Frameworks 6 1.3. Cyber Threat Intelligence 9 1.3.1. Cyber Threat Intelligence Sources 9 1.3.2. Cyber Threat Intelligence Sub-Domains 11 1.3.3. Technical Threat Intelligence (TTI) 13 1.4. Related Work 14 1.5. Technical Threat Intelligence Sharing Problems 16 1.5.1. Benefits of CTI Sharing for Collective Learning 16 1.5.2. Reasons for Not Sharing 17 1.6. Technical Threat Intelligence Limitations 21 1.6.1. Quantity Over Quality 21 1.6.2. IOC-Specific Limitations 22 1.7. Cyber Threat Intelligent Libraries or Platforms 25 1.7.1. Benefits of CTI Libraries Based In the Cloud 26 1.7.2. Reluctance to Use Cloud Services 26 1.8. Discussion 27 1.8.1. Sharing Faster Is Not Sufficient 27 1.8.2. Reducing the Quantity of Threat Feeds 28 1.8.3. Trust to Share Threat Data and to Save Reputation Concerns 30 1.8.4. Standards for CTI Representation and Sharing 31 1.8.5. Cloud-Based CTI Libraries for Collective Knowledge and Immunity 34 1.9. Evaluation of Technical Threat Intelligence Tools 36 1.9.1. Presentation of Selected Tools 37 1.9.2. Comparative Discussion 38 1.10. Conclusion and Future Work 39 1.11. References 40 Chapter 2. Trust Management Systems: A Retrospective Study on Digital Trust 51 Reda YAICH 2.1. Introduction 51 2.2. What Is Trust? 52 2.3. Genesis of Trust Management Systems 54 2.3.1. Access Control Model 54 2.3.2. Identity-Based Access Control 55 2.3.3. Lattice-Based Access Control 57 2.3.4. Role-Based Access Control 58 2.3.5. Organization-Based Access Control 59 2.3.6. Attribute-Based Access Control 61 2.4. Trust Management 62 2.4.1. Definition 62 2.4.2. Trust Management System 64 2.4.3. Foundations 65 2.4.4. Automated Trust Negotiation 70 2.5. Classification of Trust Management Systems 72 2.5.1. Authorization-Based TMSs 73 2.5.2. Automated Trust Negotiation Systems 81 2.6. Trust Management In Cloud Infrastructures 90 2.6.1. Credentials-Based Trust Models 90 2.6.2. SLA-Based Trust Models 90 2.6.3. Feedback-Based Trust Models 91 2.6.4. Prediction-Based Trust Models 92 2.7. Conclusion 93 2.8. References 94 Chapter 3. Risk Analysis Linked to Network Attacks 105 Kamel KAROUI 3.1. Introduction 105 3.2. Risk Theory 107 3.2.1. Risk Analysis Terminology 107 3.2.2. Presentation of the Main Risk Methods 109 3.2.3. Comparison of the Main Methods 116 3.3. Analysis of IS Risk In the Context of IT Networks 120 3.3.1. Setting the Context 120 3.3.2. Risk Assessment 127 3.3.3. Risk Treatment 133 3.3.4. Acceptance of Risks 136 3.3.5. Risk Communication 137 3.3.6. Risk Monitoring 138 3.4. Conclusion 138 3.5. References 138 Chapter 4. Analytical Overview on Secure Information Flow In Android Systems: Protecting Private Data Used By Smartphone Applications 141 Mariem GRAA 4.1. Introduction 142 4.2. Information Flow 143 4.2.1. Explicit Flows 143 4.2.2. Implicit Flows 143 4.2.3. Covert Channels 144 4.3. Data Tainting 145 4.3.1. Interpreter Approach 145 4.3.2. Architecture-Based Approach 146 4.3.3. Static Taint Analysis 146 4.3.4. Dynamic Taint Analysis 147 4.4. Protecting Private Data In Android Systems 149 4.4.1. Access Control Approach 149 4.4.2. Preventing Private Data Leakage Approach 153 4.4.3. Native Libraries Approaches 157 4.5. Detecting Control Flow 160 4.5.1. Technical Control Flow Approaches 160 4.5.2. Formal Control Flow Approaches 162 4.6. Handling Explicit and Control Flows In Java and Native Android Appsʼ Code 164 4.6.1. Formal Specification of the Under-Tainting Problem 164 4.6.2. Formal Under-Tainting Solution 166 4.6.3. System Design 175 4.6.4. Handling Explicit and Control Flows In Java Android Appsʼ Code 176 4.6.5. Handling Explicit and Control Flows In Native Android Appsʼ Code 180 4.6.6. Evaluation 184 4.6.7. Discussion 187 4.7. Protection Against Code Obfuscation Attacks Based on Control Dependencies In Android Systems 188 4.7.1. Code Obfuscation Definition 188 4.7.2. Types of Program Obfuscations 189 4.7.3. Obfuscation Techniques 189 4.7.4. Code Obfuscation In Android System 190 4.7.5. Attack Model 191 4.7.6. Code Obfuscation Attacks 192 4.7.7. Detection of Code Obfuscation Attacks 194 4.7.8. Obfuscation Code Attack Tests 195 4.8. Detection of Side Channel Attacks Based on Data Tainting In Android Systems 198 4.8.1. Target Threat Model 199 4.8.2. Side Channel Attacks 200 4.8.3. Propagation Rules for Detecting Side Channel Attacks 203 4.8.4. Implementation 205 4.8.5. Evaluation 207 4.9. Tracking Information Flow In Android Systems Approaches Comparison: Summary 210 4.10. Conclusion and Highlights 215 4.11. References 216 List of Authors 227 Index 229

Read more less

Book SynopsisCountries are increasingly introducing data localization laws and data export restrictions, threatening digital globalization and inhibiting cloud computing's adoption despite its acknowledged benefits. Through a cloud computing lens, this multi-disciplinary book examines the personal data transfers restriction under the EU Data Protection Directive (including the EUUS Privacy Shield and General Data Protection Regulation). It covers historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data and control of access to data through security measures. The book further discusses data localization laws' failure to solve concerns regarding the topical and contentious issue of mass state surveillance. Its arguments are also relevant to other data localization laws, cross-border transfers of non personal data and transfers not involving cloud computing. Comprehensive yet accessible, this book is of great value to academics in law, policy, computer science and technology. It is also highly relevant to cloud computing/technology organisations and other businesses in the EU and beyond, data privacy professionals, policymakers and regulators.Trade Review'Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.' --Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law'[D]isplaying great originality and rigour, (this book) makes the case that location-based personal data protection should have that ''Frankenrule'' replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.' --Dr Chris Marsden, Professor of Media Law, University of Sussex, UK'It should be read by every data protection supervisory authority and law-maker in Europe.' --Rosemary Jay, Author, Data Protection Law and PracticeTable of ContentsContents: Foreword by Rosemary Jay Foreword by Christopher Kuner 1. Background 2. Legislative history and objectives 3. The ‘transfer’ concept 4. Assumptions 5. Mechanisms and derogations 6. Compliance and enforcement 7. Access and security 8. Summary and recommendations Index

Read more less

Book SynopsisToday, more than 80% of the data transmitted over networks and archived on our computers, tablets, cell phones or clouds is multimedia data – images, videos, audio, 3D data. The applications of this data range from video games to healthcare, and include computer-aided design, video surveillance and biometrics. It is becoming increasingly urgent to secure this data, not only during transmission and archiving, but also during its retrieval and use. Indeed, in today’s "all-digital" world, it is becoming ever-easier to copy data, view it unrightfully, steal it or falsify it. Multimedia Security 2 analyzes issues relating to biometrics, protection, integrity and encryption of multimedia data. It also covers aspects such as crypto-compression of images and videos, homomorphic encryption, data hiding in the encrypted domain and secret sharing.Table of ContentsForeword by Gildas Avoine xi Foreword by Cédric Richard xiii Preface xvWilliam PUECH Chapter 1 Biometrics and Applications 1Christophe CHARRIER, Christophe ROSENBERGER and Amine NAIT-ALI 1.1 Introduction 1 1.2 History of biometrics 3 1.3 The foundations of biometrics 6 1.3.1 Uses of biometrics 7 1.3.2 Definitions 7 1.3.3 Biometric modalities 8 1.4 Scientific issues 10 1.4.1 Presentation attacks 10 1.4.2 Acquisition of new biometric data or hidden biometrics 12 1.4.3 Quality of biometric data 14 1.4.4 Efficient representation of biometric data 19 1.4.5 Protecting biometric data 22 1.4.6 Aging biometric data 24 1.5 Conclusion 25 1.6 References 26 Chapter 2 Protecting Documents Using Printed Anticopy Elements 31Iuliia TKACHENKO, Alain TREMEAU and Thierry FOURNEL 2.1 Introduction 31 2.2 Document authentication approaches: an overview 33 2.3 Print test shapes 35 2.3.1 Print test signatures 36 2.3.2 Glyphs 38 2.3.3 Guilloches 39 2.4 Copy-sensitive graphical codes 41 2.4.1 Copy detection pattern 42 2.4.2 Two-level barcodes 44 2.4.3 Watermarked barcodes 47 2.4.4 Performance of CSGC authentication 48 2.5 Conclusion 52 2.6 References 52 Chapter 3 Verifying Document Integrity 59Petra GOMEZ-KRAMER 3.1 Introduction 59 3.2 Fraudulent manipulation of document images 62 3.2.1 Imitation 62 3.2.2 Copy-and-paste of a region from the same document 62 3.2.3 Copy-and-paste of a region from another document 63 3.2.4 Deleting information 63 3.3 Degradation in printed and re-scanned documents 64 3.3.1 Degradations linked to the print process 65 3.3.2 Degradations linked to scanning 66 3.3.3 Degradation models 67 3.4 Active approaches: protection by extrinsic fingerprints 68 3.4.1 Watermarking a document 68 3.4.2 Digital signatures 73 3.5 Passive approaches: detecting intrinsic characteristics 76 3.5.1 Printer identification 77 3.5.2 Detecting graphical clues 80 3.5.3 Other approaches 81 3.6 Conclusion 82 3.7 References 82 Chapter 4 Image Crypto-Compression 91Vincent ITIER, Pauline PUTEAUX and William PUECH 4.1 Introduction 91 4.2 Preliminary notions 93 4.2.1 The JPEG image format 93 4.2.2 Introduction to cryptography 96 4.3 Image encryption 100 4.3.1 Naive methods 102 4.3.2 Chaos-based methods 104 4.3.3 Encryption-then-compression 105 4.4 Different classes of crypto-compression for images 106 4.4.1 Substitution-based crypto-compression 108 4.4.2 Shuffle-based crypto-compression 108 4.4.3 Hybrid crypto-compression 110 4.5 Recompressing crypto-compressed JPEG images 113 4.5.1 A crypto-compression approach robust to recompression 114 4.5.2 Recompression of a crypto-compressed image 117 4.5.3 Decoding a recompressed version of a crypto-compressed JPEG image 119 4.5.4 Illustration of the method 122 4.6 Conclusion 124 4.7 References 124 Chapter 5 Crypto-Compression of Videos 129Cyril BERGERON, Wassim HAMIDOUCHE and Olivier DEFORGES 5.1 Introduction 129 5.1.1 Background 129 5.1.2 Video compression 130 5.1.3 Video security 131 5.2 State of the art 131 5.2.1 Naive encryption 132 5.2.2 Partial encryption 133 5.2.3 Perceptual encryption 134 5.2.4 Crypto-compression methods 134 5.2.5 Selective encryption methods 135 5.3 Format-compliant selective encryption 136 5.3.1 Properties 136 5.3.2 Constant bitrate format compliant selective encryption 139 5.3.3 Standardized selective encryption 140 5.3.4 Locally applied selective encryption 143 5.3.5 Decrypting selective encryption 149 5.4 Image and video quality 150 5.4.1 Experiments on encryption solutions 151 5.4.2 Video quality: experimental results 154 5.4.3 CSE: a complete real-time solution 162 5.5 Perspectives and directions for future research 163 5.5.1 Versatile Video Coding 163 5.5.2 Immersive and omnidirectinal video 164 5.6 Conclusion 165 5.7 References 166 Chapter 6 Processing Encrypted Multimedia Data Using Homomorphic Encryption 173Sebastien CANARD, Sergiu CARPOV, Caroline FONTAINE and Renaud SIRDEY 6.1 Context 173 6.2 Different classes of homomorphic encryption systems 176 6.2.1 Partial solutions in classic cryptography 176 6.2.2 Complete solutions in cryptography using Euclidean networks 178 6.3 From theory to practice 181 6.3.1 Algorithmics 183 6.3.2 Implementation and optimization 183 6.3.3 Managing and reducing the size of encrypted elements 189 6.3.4 Security 191 6.4 Proofs of concept and applications 193 6.4.1 Facial recognition 193 6.4.2 Classification 196 6.4.3 RLE and image compression 201 6.5 Conclusion 207 6.6 Acknowledgments 207 6.7 References 207 Chapter 7 Data Hiding in the Encrypted Domain 215Pauline PUTEAUX and William PUECH 7.1 Introduction: processing multimedia data in the encrypted domain 215 7.1.1 Applications: visual secret sharing 216 7.1.2 Applications: searching and indexing in encrypted image databases 217 7.1.3 Applications: data hiding in the encrypted domain 218 7.2 Main aims 219 7.2.1 Digital rights management 220 7.2.2 Cloud storage 220 7.2.3 Preserving patient confidentiality 220 7.2.4 Classified data 220 7.2.5 Journalism 220 7.2.6 Video surveillance 221 7.2.7 Data analysis 221 7.3 Classes and characteristics 221 7.3.1 Properties 221 7.3.2 Classic approaches to encryption 223 7.3.3 Evaluation criteria 227 7.4 Principal methods 231 7.4.1 Image partitioning 231 7.4.2 Histogram shifting 232 7.4.3 Encoding 234 7.4.4 Prediction 235 7.4.5 Public key encryption 237 7.5 Comparison and discussion 237 7.6 A high-capacity data hiding approach based on MSB prediction 239 7.6.1 General description of the method 239 7.6.2 The CPE-HCRDH approach 243 7.6.3 The EPE-HCRDH approach 245 7.6.4 Experimental results for both approaches 249 7.7 Conclusion 253 7.8 References 253 Chapter 8 Sharing Secret Images and 3D Objects 259Sebastien BEUGNON, Pauline PUTEAUX and William PUECH 8.1 Introduction 259 8.2 Secret sharing 261 8.2.1 Classic methods 262 8.2.2 Hierarchical aspects 264 8.3 Secret image sharing 272 8.3.1 Principle 272 8.3.2 Visual cryptography 273 8.3.3 Secret image sharing (polynomial-based) 274 8.3.4 Properties 275 8.4 3D object sharing 276 8.4.1 Principle 276 8.4.2 Methods without format preservation 276 8.4.3 Methods with format preservation 277 8.5 Applications for social media 280 8.6 Conclusion 287 8.7 References 288 List of Authors 293 Index 295

Read more less

Book SynopsisThe Internet of Things (IoT) has contributed greatly to the growth of data traffic on the Internet. Access technologies and object constraints associated with the IoT can cause performance and security problems. This relates to important challenges such as the control of radio communications and network access, the management of service quality and energy consumption, and the implementation of security mechanisms dedicated to the IoT.In response to these issues, this book presents new solutions for the management and control of performance and security in the IoT. The originality of these proposals lies mainly in the use of intelligent techniques. This notion of intelligence allows, among other things, the support of object heterogeneity and limited capacities as well as the vast dynamics characterizing the IoT.Table of ContentsChapter 1 Multicriteria Selection of Transmission Parameters in the IoT 1Sinda BOUSSEN, Mohamed-Aymen CHALOUF and Francine KRIEF 1.1 Introduction 1 1.2 Changing access network in the IoT 2 1.3 Spectrum handoff in the IoT 3 1.4 Multicriteria decision-making module for an effective spectrum handoff in the IoT 4 1.4.1 General architecture 4 1.4.2 Decision-making flowchart 9 1.4.3 Performances evaluation 15 1.5 Conclusion 22 1.6 References 22 Chapter 2 Using Reinforcement Learning to Manage Massive Access in NB-IoT Networks 27Yassine HADJADJ-AOUL and Soraya AIT-CHELLOUCHE 2.1 Introduction 27 2.2 Fundamentals of the NB-IoT standard 29 2.2.1 Deployment and instances of use 29 2.2.2 Transmission principles 30 2.2.3 Radio resource random access procedure 33 2.3 State of the art 37 2.4 Model for accessing IoT terminals 39 2.5 Access controller for IoT terminals based on reinforcement learning 42 2.5.1 Formulating the problem 42 2.5.2 Regulation system for arrivals 44 2.6 Performance evaluation 46 2.7 Conclusion 51 2.8 References 51 Chapter 3 Optimizing Performances in the IoT: An Approach Based on Intelligent Radio 57Badr BENMAMMAR 3.1 Introduction 57 3.2 Internet of Things (IoT) 58 3.2.1 Definition of the IoT 58 3.2.2 Applications of the IoT 59 3.2.3 IoT challenges 60 3.2.4 Enabling technologies in the IoT 61 3.3 Intelligent radio 64 3.3.1 Definition of intelligent radio 64 3.3.2 Motivations for using intelligent radio in the IoT 66 3.3.3 Challenges in using intelligent radio in the IoT 68 3.4 Conclusion 71 3.5 References 73 Chapter 4 Optimizing the Energy Consumption of IoT Devices 77Ahmad KHALIL, Nader MBAREK and Olivier TOGNI 4.1 Introduction 77 4.2 Energy optimization 78 4.2.1 Definitions 78 4.3 Optimization techniques for energy consumption 79 4.3.1 The A* algorithm 79 4.3.2 Fuzzy logic 80 4.4 Energy optimization in the IoT 82 4.4.1 Characteristics of the IoT 82 4.4.2 Challenges in energy optimization 84 4.4.3 Research on energy optimization in the IoT 84 4.5 Autonomous energy optimization framework in the IoT 86 4.5.1 Autonomous computing 86 4.5.2 Framework specification 89 4.6 Proposition of a self-optimization method for energy consumption in the IoT 90 4.6.1 Fuzzy logic model 91 4.6.2 Decision-making algorithm 95 4.6.3 Evaluating energy self-optimization in the IoT 97 4.7 Conclusion 101 4.8 References 101 Chapter 5 Toward Intelligent Management of Service Quality in the IoT: The Case of a Low Rate WPAN 105Guillaume LE GALL, Georgios Z PAPADOPOULOS, Mohamed-Aymen CHALOUF and Olivier TOGNI 5.1 Introduction 106 5.2 Quick overview of the IoT 108 5.2.1 The micro-IPv6 stack 108 5.2.2 Technologies for the IoT 110 5.2.3 IoT and quality of service 114 5.3 IEEE 802.15.4 TSCH approach 115 5.4 Transmission scheduling 117 5.4.1 General considerations 117 5.4.2 Scheduling in the literature 118 5.5 Routing and RPL 120 5.5.1 Routing 120 5.5.2 RPL 121 5.5.3 Multipath 122 5.6 Combined approach based on 802.15.4 TSCH and multipath RPL 123 5.6.1 Automatic Repeat reQuest 125 5.6.2 Replication and Elimination 125 5.6.3 Overhearing 127 5.7 Conclusion 127 5.8 References 128 Chapter 6 Adapting Quality of Service of Energy-Harvesting IoT Devices 133Matthieu GAUTIER and Olivier BERDER 6.1 Toward the energy autonomy of sensor networks 135 6.1.1 Energy harvesting and management 135 6.1.2 State-of-the-art energy managers 138 6.2 Fuzzyman: use of fuzzy logic 141 6.2.1 Design of Fuzzyman 141 6.2.2 Evaluating Fuzzyman 145 6.2.3 Conclusion 146 6.3 RLMan: using reinforcement learning 148 6.3.1 Formulating the problem of managing the harvested energy 148 6.3.2 RLMan algorithm 150 6.3.3 Evaluation of RLMan 153 6.3.4 Conclusion 155 6.4 Toward energy autonomous LoRa nodes 155 6.4.1 Multisource energy-harvesting architecture 157 6.4.2 Applying energy management to LoRa nodes 157 6.5 Conclusion 157 6.6 References 160 Chapter 7 Adapting Access Control for IoT Security 163Ahmad KHALIL, Nader MBAREK and Olivier TOGNI 7.1 Introduction 163 7.2 Defining security services in the IoT 164 7.2.1 Identification and authentication in the IoT 164 7.2.2 Access control in the IoT 165 7.2.3 Confidentiality in the IoT 166 7.2.4 Integrity in the IoT 166 7.2.5 Non-repudiation in the IoT 167 7.2.6 Availability in the IoT 167 7.3 Access control technologies 168 7.4 Access control in the IoT 172 7.4.1 Research on the extension of access control models for the IoT 172 7.4.2 Research on adapting access control systems and technologies for the IoT 173 7.5 Access control framework in the IoT 176 7.5.1 IoT architecture 177 7.5.2 IoT-MAAC access control specification 179 7.6 Conclusion 193 7.7 References 194 Chapter 8 The Contributions of Biometrics and Artificial Intelligence in Securing the IoT 197Amal SAMMOUD, Omessaad HAMDI, Mohamed-Aymen CHALOUF and Nicolas MONTAVONT 8.1 Introduction 197 8.2 Security and privacy in the IoT 198 8.3 Authentication based on biometrics 199 8.3.1 Biometrics 199 8.3.2 Biometric techniques 199 8.3.3 The different properties of biometrics 200 8.3.4 Operating a biometric system 201 8.3.5 System performances 202 8.4 Multifactor authentication techniques based on biometrics 202 8.4.1 Multifactor authentication 203 8.4.2 Examples of multifactor authentication approaches for securing the IoT 204 8.4.3 Presentation of the approach of Sammoud et al (2020c) 205 8.5 Authentication techniques based on biometrics and machine learning 213 8.5.1 Machine learning algorithms 213 8.5.2 Examples of authentication approaches based on biometrics and machine learning 214 8.5.3 Authentication approaches based on ECG and machine learning 215 8.6 Challenges and limits 217 8.6.1 Quality of biometric data 217 8.6.2 Non-revocability of biometric data 218 8.6.3 Security of biometric systems 218 8.7 Conclusion 218 8.8 References 218 Chapter 9 Dynamic Identity and Access Management in the IoT: Blockchain-based Approach 223Léo MENDIBOURE, Mohamed-Aymen CHALOUF and Francine KRIEF 9.1 Introduction 223 9.2 Context 224 9.2.1 Intelligent identity and access management 225 9.2.2 Blockchain 226 9.3 Blockchain for intelligent identity and access management 227 9.3.1 A new architecture integrating blockchain 228 9.3.2 The different benefits 229 9.4 Challenges 234 9.4.1 Scaling up 235 9.4.2 Blockchain security 235 9.4.3 Energy consumption 236 9.4.4 Definition of consensus algorithms based on artificial intelligence 236 9.5 Conclusion 237 9.6 References 237 Chapter 10 Adapting the Security Level of IoT Applications 243Tidiane SYLLA, Mohamed-Aymen CHALOUF and Francine KRIEF 10.1 Introduction 243 10.2 Definitions and characteristics 244 10.2.1 Definitions 244 10.2.2 Characteristics 244 10.3 IoT applications 246 10.4 IoT architectures 246 10.5 Security, trust and privacy protection in IoT applications 247 10.5.1 General remarks 248 10.5.2 Security services 248 10.5.3 Communication security 251 10.5.4 Trust 252 10.5.5 Privacy 253 10.6 Adapting the security level in the IoT 254 10.6.1 Context-awareness 255 10.6.2 Context-aware security 256 10.6.3 Context-aware security architecture and privacy protection designed using the “as a service” approach 258 10.7 Conclusion 261 10.8 References 261 Chapter 11 Moving Target Defense Techniques for the IoT 267Renzo E NAVAS, Laurent TOUTAIN and Georgios Z PAPADOPOULOS 11.1 Introduction 268 11.2 Background 269 11.2.1 Brief chronology of Moving Target Defense 269 11.2.2 Fundamental technical and taxonomic principles of MTD 270 11.3 Related works 271 11.3.1 Surveys on MTD techniques 271 11.3.2 Frameworks for IoT systems linked to the concept of MTD 271 11.4 LMTD for the IoT: a qualitative survey 272 11.4.1 Data: MTD mechanism against side-channel channel attacks based on renegotiating cryptographic keys 272 11.4.2 Software 272 11.4.3 Runtime environment 273 11.4.4 Platform: diversifying by reconfiguring the IoT node firmware 275 11.4.5 Networks 275 11.4.6 Section summary 278 11.5 Network components in the IoT: a vast domain for MTD 279 11.5.1 Physical layer 280 11.5.2 Link layer 281 11.5.3 OSI network layer 281 11.5.4 Transport layer 282 11.5.5 Application layer 283 11.5.6 Section summary 284 11.6 An MTD framework for the IoT 284 11.6.1 Proposition: components 284 11.6.2 Instantiation: UDP port hopping 286 11.7 Discussion and avenues for future research 287 11.8 Conclusion 288 11.9 References 288 List of Authors 293 Index 295

Read more less

Book SynopsisFaced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.Trade Review"This book is to ISO27002 what ISO27002 is to ISO27001 - it is the guidance to the standard's guidance. As such, it is the most impressively comprehensive guide to implementing ISO27001-level InfoSec in your organisation. It gives detailed understanding and insight about the motivation and purpose of the different controls that will help build a fit-for-purpose ISMS. Because of this, I chose it as the set book for the very popular Open University Introduction to InfoSec module." * Dr Jon Hall, Open University InfoSec Module Chair and Author *"A well-structured and informative book that deserves a place on the bookshelf of any ISMS lead implementer and an invaluable reference for organisations seeking accredited third-party certification." * Alastair Hunter - UKAS Information Assurance Technical Focus *Table of Contents Chapter - 01: Why is information security necessary?; Chapter - 02: The UK combined code, the FRC risk guidance and Sarbanes–Oxley; Chapter - 03: ISO27001; Chapter - 04: Organizing information security; Chapter - 05: Information security policy and scope; Chapter - 06: The risk assessment and Statement of Applicability; Chapter - 07: Mobile devices; Chapter - 08: Human resources security; Chapter - 09: Asset management; Chapter - 10: Media handling; Chapter - 11: Access control; Chapter - 12: User access management; Chapter - 13: System and application access control; Chapter - 14: Cryptography; Chapter - 15: Physical and environmental security; Chapter - 16: Equipment security; Chapter - 17: Operations security; Chapter - 18: Controls against malicious software (malware); Chapter - 19: Communications management; Chapter - 20: Exchanges of information; Chapter - 21: System acquisition, development and maintenance; Chapter - 22: Development and support processes; Chapter - 23: Supplier relationships; Chapter - 24: Monitoring and information security incident management; Chapter - 25: Business and information security continuity management; Chapter - 26: Compliance; Chapter - 27: The ISO27001 audit

Read more less

Book SynopsisOver recent years, the amount of mobile equipment that needs to be connected to corporate networks remotely (smartphones, laptops, etc.) has increased rapidly. Innovative development perspectives and new tendencies such as BYOD (bring your own device) are exposing business information systems more than ever to various compromising threats. The safety control of remote access has become a strategic issue for all companies. This book reviews all the threats weighing on these remote access points, as well as the existing standards and specific countermeasures to protect companies, from both the technical and organizational points of view. It also reminds us that the organization of safety is a key element in the implementation of an efficient system of countermeasures as well. The authors also discuss the novelty of BYOD, its dangers and how to face them. Contents 1. An Ordinary Day in the Life of Mr. Rowley, or the Dangers of Virtualization and Mobility. 2.Threats and Attacks. 3. Technological Countermeasures. 4. Technological Countermeasures for Remote Access. 5. What Should Have Been Done to Make Sure Mr Rowley’s Day Really Was Ordinary. About the Authors Dominique Assing is a senior security consultant and a specialist in the management and security of information systems in the banking and stock markets sectors. As a security architect and risk manager, he has made information security his field of expertise. Stephane Calé is security manager (CISSP) for a major automobile manufacturer and has more than 15 years of experience of putting in place telecommunications and security infrastructures in an international context.Table of ContentsIntroduction ix Chapter 1. An Ordinary Day in the Life of Mr. Rowley, or the Dangers of Virtualization and Mobility 1 1.1. A busy day 1 1.2. The ups and downs of the day 3 1.3. What actually happened? 3 Chapter 2. Threats and Attacks 7 2.1. Reconnaissance phase 9 2.1.1. Passive mode information gathering techniques 10 2.1.2. Active mode information gathering techniques 14 2.2. Identity/authentication attack 22 2.2.1. ARP spoofing 22 2.2.2. IP spoofing 22 2.2.3. Connection hijacking 29 2.2.4. Man in the middle 29 2.2.5. DNS spoofing 30 2.2.6. Replay attack 31 2.2.7. Rebound intrusion 31 2.2.8. Password hacking 32 2.2.9. The insecurity of SSL/TLS 34 2.3. Confidentiality attack 38 2.3.1. Espionage software 39 2.3.2. Trojans 41 2.3.3. Sniffing 43 2.3.4. Cracking encrypted data 44 2.4. Availability attack 49 2.4.1. ICMP Flood 50 2.4.2. SYN Flood 50 2.4.3. Smurfing 52 2.4.4. Log Flood 52 2.4.5. Worms 53 2.5. Attack on software integrity 55 2.6. BYOD: mixed-genre threats and attacks 57 2.7. Interception of GSM/GPRS/EDGE communications 61 Chapter 3. Technological Countermeasures 65 3.1. Prevention 66 3.1.1. Protection of mobile equipment 67 3.1.2. Data protection 71 3.2. Detection 81 3.2.1. Systems of intrusion detection 81 3.2.2. Honeypot 88 3.2.3. Management and supervision tools 91 3.3. Reaction 95 3.3.1. Firewall 95 3.3.2. Reverse proxy 102 3.3.3. Antivirus software 104 3.3.4. Antivirus software: an essential building block but in need of completion 107 3.4. Organizing the information system’s security 108 3.4.1. What is security organization? 109 3.4.2. Quality of security, or the attraction of ISMS 110 Chapter 4. Technological Countermeasures for Remote Access 113 4.1. Remote connection solutions 114 4.1.1. Historic solutions 115 4.1.2. Desktop sharing solutions 115 4.1.3. Publication on the Internet 116 4.1.4. Virtual Private Network (VPN) solutions 118 4.2. Control of remote access 137 4.2.1. Identification and authentication 139 4.2.2. Unique authentication 155 4.3. Architecture of remote access solutions 157 4.3.1. Securing the infrastructure 157 4.3.2. Load balancing/redundancy 161 4.4. Control of conformity of the VPN infrastructure 162 4.5. Control of network admission 166 4.5.1. Control of network access 166 4.5.2. ESCV (Endpoint Security Compliancy Verification) 167 4.5.3. Mobile NAC 170 Chapter 5. What Should Have Been Done to Make Sure Mr Rowley’s Day Really Was Ordinary 173 5.1. The attack at Mr Rowley’s house 173 5.1.1. Securing Mr Rowley’s PC 173 5.1.2. Securing the organizational level 174 5.1.3. Detection at the organizational level 175 5.1.4. A little bit of prevention 175 5.2. The attack at the airport VIP lounge while on the move 176 5.3. The attack at the café 176 5.4. The attack in the airport VIP lounge during Mr Rowley’s return journey 178 5.5. The loss of a smartphone and access to confidential data 180 5.6. Summary of the different security solutions that should have been implemented 181 Conclusion 187 APPENDICES 189 Appendix 1 191 Appendix 2 197 Bibliography 223 Index 233

Read more less

Book SynopsisCyberdefense has become, over the past five years, a major issue on the international scene. China, by the place it occupies, is the subject of attention: it is observed, criticized, and designated by many states as a major player in the global cyber-insecurity. The United States is building their cyberdefense strategy against what they call the "Chinese threat." It is therefore important to better understand today's challenges related to cyber dimension in regard of the rise of China.Contributions from international researchers provide cross perspectives on China, its strategies and policies for cybersecurity and cyberdefense. These issues have now gained major strategic dimension: Is Cyberspace changing the scene of international relations? How China does apprehend cybersecurity and cyberdefense? What are the issues, challenges? What is the role of China in the global cyberspace?Table of ContentsAuthor Biographies xi Introduction xv Chapter 1 China's Internet Development and Cybersecurity - Policies and Practices 1Xu Longdi 1.1 Introduction 1 1.2 Internet development in China: an overview 2 1.3 China's policies towards Internet development 5 1.4 Cyber legislation and Internet administration 9 1.5 Cybersecurity and diplomacy: an international perspective 27 1.6 A cybersecurity strategy in the making? 41 1.7 Conclusion 53 Chapter 2 PLA Views on Informationized Warfare, Information Warfare and Information Operations 55Dean Cheng 2.1 The evolution of chinese military thinking 56 2.2 The growing importance of information 59 2.3 Information operations 64 2.4 Key types of information operations 72 2.5 Computer network warefare and information operations 79 Chapter 3 China's Adaptive Internet Management Strategy After the Emergence of Social Networks 81Alice Ekman 3.1 Weibo: the turning point 82 3.2 Latest adjustments under Xi Jinping 89 3.3 Bibliography 99 Chapter 4 India's Cybersecurity - The Landscape 101Cherian Samuel 4.1 A snapshot of Asian cyberspace 102 4.2 The Indian cyber landscape 114 4.3 The China challenge: a case study 117 4.4 Responses 121 4.5 Creating an institutional framework 123 4.6 Takeaways 126 Chapter 5 China and Southeast Asia: Offline Information Penetration and Suspicions of Online Hacking - Strategic Implications from a Singapore Perspective 129Alan Chong 5.1 Offline sphere: latent "diasporic" information power and official Chinese soft power 133 5.2 The online sphere: hacktivism as mostly projections 149 5.3 Conclusion: offline politics strategically obscure online projections 152 5.4 Bibliography 153 Chapter 6 Impact of Monogolia's Choices in International Politics on Cybersecurity 157Daniel Ventre 6.1 Mongolia's cyberspace 158 6.2 Cyberspace and political stakes 160 6.3 Information-space security policy 168 Chapter 7 China-Iran-Russia - A Cybercommunity of Information? 177Thomas Flichy De La Neuville 7.1 The hall marks of cyber-cooperation 178 7.2 The geopolitical bases for the cyber-mongol empire 181 7.3 Order in cyberspace: an absolute necessity within China 194 Chapter 8 Discourse Regarding China: Cyberspace and Cybersecurity 199Daniel Ventre 8.1 Identification of prevailing themes 203 8.2 The evolution of American discourse about China, cybersecurity and cyber defense 247 8.3 Conclusion 277 General Conclusion 283 List of Authors 295 Index 297

Read more less

Book SynopsisCyberspace is one of the major bases of the economic development of industrialized societies and developing. The dependence of modern society in this technological area is also one of its vulnerabilities. Cyberspace allows new power policy and strategy, broadens the scope of the actors of the conflict by offering to both state and non-state new weapons, new ways of offensive and defensive operations. This book deals with the concept of "information war", covering its development over the last two decades and seeks to answer the following questions: is the control of the information space really possible remains or she a utopia? What power would confer such control, what are the benefits? Table of ContentsIntroduction ix Chapter 1. The United States 1 1.1. Information warfare in the 1990s 1 1.1.1. Points of view from security experts 1 1.1.2. US Air Force Doctrine: AFDD 2-5 (1998) 7 1.1.3. The doctrine of the Joint Chiefs of Staff committee: JP 3-13 (1998) 10 1.1.4. Components of information warfare 14 1.2. Information warfare in the 2000s 23 1.2.1. Dictionary of the Department of Defense 23 1.2.2. US Air Force: AFDD 2-5 (2005) and AFPD 10-7 (2006) 24 1.2.3. The doctrine of the Joint Chiefs of Staff committee: JP 3-13 (2006) 26 1.3. Information warfare in the 2010s 28 1.4. Important concepts and reflections 43 1.4.1. Information operations 44 1.4.2. Information superiority 51 1.4.3. The “value” of information 62 1.4.4. Information system 65 1.4.5. Command and control warfare: C2W 66 1.4.6. Effect-based operations (EBOs) 68 1.4.7. The OODA loop 69 1.4.8. RMA 70 1.4.9. C4ISR 72 1.4.10. Network centric warfare (NCW) 73 1.4.11. ISR: intelligence, surveillance, reconnaissance 74 1.4.12. Cyberwar 75 1.4.13. Netwar 89 Chapter 2. China 91 2.1. Significant publications 91 2.2. Strategic and doctrinal thinking about information warfare. Genesis 96 2.2.1. General Wang Pufeng: one of the pioneers 97 2.2.2. Wang Baocun and Li Fei 100 2.2.3. Wei Jincheng 104 2.2.4. Colonels Qiao Liang and Wang Xiangsui: unrestricted warfare 105 2.2.5. General Dai Qingmin and Wang Baocun 111 2.2.6. General Niu Li, Colonel Li Jiangzhou and Major Xu Dehui 114 2.2.7. 2004 White Paper on national defense 115 2.3. Recent policies and strategies on information and cyber security 117 2.3.1. The Science of Military Strategy 2013 118 2.3.2. Defense White Paper 2013 118 2.3.3 Sino-Russian cybersecurity agreement 2015 119 2.3.4. PLA Daily editorial on 20 May 2015 121 2.3.5. Defense White Paper of 26 May 2015 122 2.3.6. The national cybersecurity bill of July 2015 125 2.4. Reflections 125 2.4.1. The American perspective on Chinese information warfare, modernization and informatization of the PLA 125 2.4.2. Evolution of analyses and discourse about Chinese strategy 163 2.4.3. China as a “victim” 172 2.4.4. The strategy of active defense 173 Chapter 3. Russia 177 3.1. Military doctrines and national security strategies 180 3.2. Information warfare in practice 185 3.2.1. Cyber attacks against Estonia. Who is the culprit? 186 3.2.2. The Russia–Georgia conflict 194 3.2.3. Ukraine 214 3.3. Comments 220 3.3.1. Characteristics of the Russian idea of information warfare 220 3.3.2. Aggressiveness 222 3.3.3. Type of Cold War 223 3.3.4. Challenges, objectives and targets 224 3.3.5. Psychological information warfare 229 3.3.6. Players of information warfare 233 3.3.7. Hybrid warfare and information warfare 236 3.3.8. Information warfare: what is new… 240 Chapter 4. Concepts and Theories: Discussions 247 4.1. Doctrines 247 4.2. Information warfare: definitions, models 256 4.2.1. The information environment 257 4.2.2. Definitions and models for information warfare 261 4.3. Information warfare or data warfare? 281 4.3.1. Defining data 284 4.3.2. Some theories about data 289 4.3.3. Visualization 296 4.3.4. Data warfare? 306 Conclusion 325 Index 329

Read more less

Book SynopsisWritten by security experts at the forefront of this dynamic industry, this book teaches state-of-the-art smart contract security principles and practices.Smart contracts are an innovative application of blockchain technology. Acting as decentralized custodians of digital assets, they allow us to transfer value and information more effectively by reducing the need to trust a third party. By eliminating the need for intermediaries, smart contracts have the potential to massively scale the world economy and unleash the potential for faster and more efficient solutions than traditional systems could ever provide. But there's one catch: while blockchains are secure, smart contracts are not. Security vulnerabilities in smart contracts have led to over $250 million USD in value to be lost or stolen. For smart contract technology to achieve its full potential, these security vulnerabilities need to be addressed. Written by security experts at the forefront of this dynamic industry, this book teaches state-of-the-art smart contract security principles and practices. Help us secure the future of blockchain technology and join us at the forefront today!Trade ReviewNow you don't have to be a researcher at MIT or a professional security auditor to understand how to build smart contracts, as their new book on Fundamentals of Smart Contract Security explains precisely how to secure smart contracts yourself! Also, as an added benefit, cutting-edge techniques such as symbolic execution are also given an excellent treatment." - Harry Halpin, blockchain researcher at MIT and Inria de Paris"I hope that Fundamentals of Smart Contract Security will draw more cybersecurity minded individuals to work in the blockchain space and enable developers to think more actively about programming defensively enabling them to stay on top of security best practices." - Joseph Lubin, Founder of ConsenSys, Co-founder of Ethereum

Read more less

Book SynopsisThis textbook covers security controls and management. It is for courses in cyber security education that follow National Initiative for Cybersecurity Education (NICE) work roles and framework that adopt the Competency-Based Education (CBE) method. The book follows the CBE general framework, meaning each chapter contains three sections, knowledge and questions, and skills/labs for skills and sbilities. The author makes an explicit balance between knowledge and skills material in information security, giving readers immediate applicable skills. The book is divided into several parts, including: Information Assurance / Encryption; Information Systems Security Management; Information Systems / Network Security; Information Technology Management; IT Management; and IT Risk Management.Table of ContentsIntroduction.- Information Assurance / Encryption.- Information Systems Security Management.- IT Risk and Security Management.- Criminal Law.- Network Management.- Risk Management.- Software Management.- System Administration.- System Architecture.- Threat Analysis.- Training, Education, and Awareness.- Conclusion.

Read more less

Book SynopsisHash functions are the cryptographer’s Swiss Army knife. Even though they play an integral part in today’s cryptography, existing textbooks discuss hash functions only in passing and instead often put an emphasis on other primitives like encryption schemes. In this book the authors take a different approach and place hash functions at the center. The result is not only an introduction to the theory of hash functions and the random oracle model but a comprehensive introduction to modern cryptography.After motivating their unique approach, in the first chapter the authors introduce the concepts from computability theory, probability theory, information theory, complexity theory, and information-theoretic security that are required to understand the book content. In Part I they introduce the foundations of hash functions and modern cryptography. They cover a number of schemes, concepts, and proof techniques, including computational security, one-way functions, pseudorandomness and pseudorandom functions, game-based proofs, message authentication codes, encryption schemes, signature schemes, and collision-resistant (hash) functions. In Part II the authors explain the random oracle model, proof techniques used with random oracles, random oracle constructions, and examples of real-world random oracle schemes. They also address the limitations of random oracles and the random oracle controversy, the fact that uninstantiable schemes exist which are provably secure in the random oracle model but which become insecure with any real-world hash function. Finally in Part III the authors focus on constructions of hash functions. This includes a treatment of iterative hash functions and generic attacks against hash functions, constructions of hash functions based on block ciphers and number-theoretic assumptions, a discussion of privately keyed hash functions including a full security proof for HMAC, and a presentation of real-world hash functions.The text is supported with exercises, notes, references, and pointers to further reading, and it is a suitable textbook for undergraduate and graduate students, and researchers of cryptology and information security.Trade Review“The authors put a lot of work to create this 788-page book – the text has been edited even after the layout to insert links with page numbers, there are exercises and a website for errata and discussions.” (Jaak Henno, zbMATH 1490.94001, 2022)“Arno Mittelbach and Marc Fischlin did a good job at producing this book with a collection of ideas on the Theory of Hash Functions and Random Oracles, focusing in-depth on these two areas enabling the student, the practitioner, and the researcher, to deepen their knowledge. The book is a great add-on for a modern cryptography course or for 'light summer reading' for those interested in learning more about these two topics.” (Sven Dietrich, IEEE Cipher, July 20, 2021)Table of ContentsIntroduction.- Preliminaries: Cryptographic Foundations.- Part I: Foundations.- Computational Security.- Pseudorandomness and Computational Indistinguishability.- Collision Resistance.- Encryption Schemes.- Signature Schemes.- Non-cryptographic Hashing.- Part II: The Random Oracle Methodology.- The Random Oracle Model.- The Full Power of Random Oracles.- Random Oracle Schemes in Practice.- Limitations of Random Oracles.- The Random Oracle Controversy.- Part III: Hash Function Constructions.- Iterated Hash Functions.- Constructing Compression Functions.- Iterated Hash Functions in Practice.- Constructions of Keyed Hash Functions.- Constructing Random Oracles: Indifferentiability.- Constructing Random Oracles: UCEs.- Index.

Read more less

Book SynopsisThis book contains selected papers presented at the 15th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, held in Maribor, Slovenia, in September 2020.*The 13 full papers included in this volume were carefully reviewed and selected from 21 submissions. Also included is a summary paper of a tutorial. As in previous years, one of the goals of the IFIP Summer School was to encourage the publication of thorough research papers by students and emerging scholars. The papers combine interdisciplinary approaches to bring together a host of perspectives, such as technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives.*The summer school was held virtually.Table of ContentsTutorial Paper.- Don’t Tell Them now (or at all) – End User Notification Duties under GDPR and NIS Directive.- Selected Student Papers.- Ethical Principles for Designing Responsible Offensive Cyber Security Training.- Longitudinal collection and analysis of mobile phone data with local differential privacy.- Privacy-preserving IDS for In-Car-Networks with Local Differential Privacy.- Strong customer authentication in online payments under GDPR and PSD2: a case of cumulative application.- Privacy in Payment in the Age of Central Bank Digital Currency.- Analysing drivers’ preferences for privacy enhancing car-to-car communication systems.- Learning Analytics and Privacy - Respecting Privacy in Digital Learning Scenarios.- Preserving Privacy in Caller ID Applications.- “Identity management by design” with a technical Mediator under the GDPR.- Open about the open-rate? State of email tracking in marketing emails and its effects on user's privacy.- Privacy Respecting Data Sharing and Communication in mHealth: A Case Study.- Privacy-preserving Analytics for Data Markets using MPC.- Towards models for privacy preservation in the face of metadata exploitation.

Read more less