Computer security Books

Book SynopsisThe information infrastructure – comprising computers, embedded devices, networks and software systems – is vital to operations in every sector: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials and waste, transportation systems, and water and wastewater systems. Global business and industry, governments, indeed society itself, cannot function if major components of the critical information infrastructure are degraded, disabled or destroyed.Critical Infrastructure Protection XVI describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: Industrial Control Systems Security; Telecommunications Systems Security; Infrastructure Security.This book is the 16th volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of 11 edited papers from the Fifteenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, held as a virtual event during March, 2022.Critical Infrastructure Protection XVI is an important resource for researchers, faculty members and graduate students, as well as for policy makers, practitioners and other individuals with interests in homeland security.

Read more less

Book SynopsisThis book provides an opportunity for researchers, scientists, government officials, strategist and operators and maintainers of large, complex and advanced systems and infrastructure to update their knowledge with the state of best practice in the challenging domains whilst networking with the leading representatives, researchers and solution providers. The ongoing pandemic has created a new level of threats which presents new challenges around privacy, data protection, malicious application, unprotected networks or networks with basic protection that are being used as a gateway to larger infrastructure with complicated architecture, and unintentional misuse such as those associated with algorithmic bias. All these have increased the number of attack vectors that can be used to attack such networks. Drawing on 13 years of successful events on information security, digital forensics and cyber-crime, the 14th ICGS3-22 conference aims to provide attendees with an information-packed agenda with representatives from across the industry and the globe. The challenges of complexity, rapid pace of change and risk/opportunity issues associated with modern products, systems, special events and infrastructures. In an era of unprecedented volatile, political and economic environment across the world, computer-based systems face ever more increasing challenges, disputes and responsibilities, and whilst the Internet has created a global platform for the exchange of ideas, goods and services, it has also created boundless opportunities for cyber-crime. This volume presents new materials and contribute to knowledge through the technological advances that are being made across artificial intelligence (AI), machine learning, blockchain and quantum computing. These technologies driven by a digital revolution are expected to be disruptive and provide major digital transformation in the way societies operate today. As result, although these advances provide social and economic benefits, but, also, provide new challenges that security industry need to raise their game to combat them.Table of Contents1. Cyber Defence.- 2. Cyber Intelligence and Operation.- 3. Cyber Criminology.- 4. Ethics in Smart and AI driven societies.- 5. Information Systems Security Management.- 6. Digital Forensics investigation.

Read more less

Book SynopsisThis book aims at updating the relevant computer science-related research communities, including professors, researchers, scientists, engineers and students, as well as the general reader from other disciplines, on the most recent advances in applications of methods based on Fusing Machine Learning Paradigms. Integrated or Hybrid Machine Learning methodologies combine together two or more Machine Learning approaches achieving higher performance and better efficiency when compared to those of their constituent components and promising major impact in science, technology and the society. The book consists of an editorial note and an additional eight chapters and is organized into two parts, namely: (i) Recent Application Areas of Fusion of Machine Learning Paradigms and (ii) Applications that can clearly benefit from Fusion of Machine Learning Paradigms. This book is directed toward professors, researchers, scientists, engineers and students in Machine Learning-related disciplines, as the hybridism presented, and the case studies described provide researchers with successful approaches and initiatives to efficiently address complex classification or regression problems. It is also directed toward readers who come from other disciplines, including Engineering, Medicine or Education Sciences, and are interested in becoming versed in some of the most recent Machine Learning-based technologies. Extensive lists of bibliographic references at the end of each chapter guide the readers to probe further into the application areas of interest to them.Table of ContentsEditorial Note.- Artificial Intelligence as Dual-Use Technology.- Diabetic Retinopathy Detection using Transfer and Reinforcement Learning with effective image preprocessing and data augmentation techniques.

Read more less

Book SynopsisThis book provides insights on blockchain technology and its applications in real-world business, supply chain, health care, education, HRM, retail, logistics and transport industries. This book grants a comprehensive understanding of how this technology is functioning within modern real-world applications and how it can influence the future of the real-world applications in industry. The chapters cover the case study, applications of blockchain, benefits and challenges, disruptive innovations in real-world applications, privacy and security concerns, and the recent trends of blockchain in real-world applications. It is ideally intended for marketers, advertisers, brand managers, executives, managers, IT specialists and consultants, researchers, businesses, practitioners, stakeholders, academicians, and students interested in blockchain technology and its role in supply chain, health care, education, HRM, retail, logistics and transport industries.Table of ContentsAn Introduction to Blockchain Technology: Recent Trends.- Bitcoin: Beginning of the Cryptocurrency Era.- HR Digital Transformation: Blockchain for Business.- Securing Electronic Health Record System in Cloud Environment Using Blockchain Technology.- Blockchain: The foundation of trust in Metaverse.- Survey on Blockchain Technology and Security Facilities in Online Education.- A Govern Chain – Integration of Government Function with Blockchain Technology.- Blockchain in Healthcare: A Review.- Blockchain: A Study of New Business Model.- Understanding the Blockchain Technology Adoption in Transportation Management: Application in Trucking Industry.

Read more less

Book SynopsisThis book discusses understand cybersecurity management in decentralized finance (DeFi). It commences with introducing fundamentals of DeFi and cybersecurity to readers. It emphasizes on the importance of cybersecurity for decentralized finance by illustrating recent cyber breaches, attacks, and financial losses. The book delves into understanding cyber threats and adversaries who can exploit those threats. It advances with cybersecurity threat, vulnerability, and risk management in DeFi. The book helps readers understand cyber threat landscape comprising different threat categories for that can exploit different types of vulnerabilities identified in DeFi. It puts forward prominent threat modelling strategies by focusing on attackers, assets, and software. The book includes the popular blockchains that support DeFi include Ethereum, Binance Smart Chain, Solana, Cardano, Avalanche, Polygon, among others. With so much monetary value associated with all these technologies, the perpetrators are always lured to breach security by exploiting the vulnerabilities that exist in these technologies. For simplicity and clarity, all vulnerabilities are classified into different categories: arithmetic bugs, re-Entrancy attack, race conditions, exception handling, using a weak random generator, timestamp dependency, transaction-ordering dependence and front running, vulnerable libraries, wrong initial assumptions, denial of service, flash loan attacks, and vampire Since decentralized finance infrastructures are the worst affected by cyber-attacks, it is imperative to understand various security issues in different components of DeFi infrastructures and proposes measures to secure all components of DeFi infrastructures. It brings the detailed cybersecurity policies and strategies that can be used to secure financial institutions. Finally, the book provides recommendations to secure DeFi infrastructures from cyber-attacks.Table of Contents

Read more less

Book SynopsisThis volume constitutes the refereed proceedings of the 5th International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2022, held in Copenhagen, Denmark, on September 30, 2022, co-located with ESORICS 2022.The revised 8 full papers presented together with one invited paper were carefully reviewed and selected from 10 submissions. They cover topics such as: new techniques for biometric and behavioral based authentication, authentication and authorization in the IoT and in distributed systems in general, including the smart home environment. Table of ContentsAn Ontology-based Approach for Setting Security Policies in Smart Homes.- Clap Auth: A Gesture-based User-Friendly Authentication Scheme to Access a Secure Infrastructure.- User Authentication on Headset-like Devices By Bio-Acoustic Signals.-The measurable Environment as Nonintrusive Authentication Factor On the Example of WiFi Beacon Frames.- Protecting FIDO Extensions against Man-in-the-Middle Attacks.- Authentication, Authorization and Selective Disclosure for IoT Data Sharing using Verifiable Credentials and Zero-Knowledge Proofs.- Privacy-Preserving Speaker Verification and Speech Recognition.- An E-Voting System Based on Tornado Cash.- Linking Contexts from Distinct Data Sources in Zero Trust Federation.

Read more less

Book SynopsisIn today's digital transformation environments, a rigorous cybersecurity approach to effective risk managementincluding contingency planning, outlining immediate actions, preparing post-breach responsesis central to defending organizations' interconnected computer systems, networks, and infrastructure resources from malicious cyber-attacks. Specifically, cybersecurity technologies, processes, and practices need to be generalized and applied to intrusion detection and prevention measures.This entails analyzing profiles of cyber-attackers and building cyber-attack models for behavior simulation that can effectivelycountersuch attacks. This comprehensive volume aims to cover all essential aspects of cybersecurity in digital transformation and to provide a framework for considering the many objectives and requirements involved.In addition to introducing theoretical foundations, the work also offers practical techniques for defending against malicious cybercriminals. Topics and features:Explores cybersecurity's impact on the dynamics of interconnected, complex cyber- and physical systems, infrastructure resources, and networksProvides numerous examples of applications and best practicesConsiders methods that organizations can use to assess their cybersecurity awareness and/or strategyDescribes anomaly intrusion detection, a key tool in thwarting both malware and theft (whether by insiders or external parties) of corporate dataAddresses cyber-attacker profiles, cyber-attack models and simulation, cybersecurity ontology, access-control mechanisms, and policies for handling ransomware attacksDiscusses the NIST Cybersecurity Framework, MITRE Adversarial Tactics, Techniques and Common Knowledge, CIS Critical Security Controls, and the ISA/IEC 62442 Cybersecurity StandardGathering all the relevant information, this practical guide is eminently suitable as a self-study resource for engineers, scientists, computer scientists, and chief information officers. Further, with its many examples of best practices, it can serve as an excellent text for graduate-level courses and research into cybersecurity. Dietmar P. F. Möller, a retired full professor, is affiliated with the Institute for Mathematics at Clausthal University of Technology, Germany. He was an author of several other Springer titles, includingGuide to Automotive Connectivity and Cybersecurity.

Read more less

Book SynopsisThis book presents innovative ideas, cutting-edge findings, and novel techniques, methods, and applications in a broad range of cybersecurity and cyberthreat intelligence areas. As our society becomes smarter, there is a corresponding need to secure our cyberfuture. The book describes approaches and findings that are of interest to business professionals and governments seeking to secure our data and underpin infrastructures, as well as to individual users.Table of ContentsTOPSIS Model Establishment in the Context of Internet Finance.- An Analysis of Internet Financial Risk Prevention Strategies from the Perspective of Network Security.- Prediction of Transaction Risk in Financial Market Based on Neural Network Model.- Intelligent Business Model Data Analysis Based on Particle Swarm Optimization.- Multi-dimensional Data Perception and Intelligent Analysis Framework Design of Management Information System.- Resource Transaction Management System Based on PageRank Algorithm.- Research on Intelligent Student Management Evaluation Information System Based on Data Mining Algorithm.- Purchasing Management System Based on Genetic Algorithm.- Credit Risk Prediction Model of Digital Rural Finance Based on PSO-SVM.- Cache High Availability Intelligent Stall Management System Based on Redis Sentinel Mechanism Architecture.- The Application of BIM Technology in the Construction of Project Construction Management Platform.- Innovation of Financing Mode for Small and Micro Enterprises on Digital Finance Technology Algorithm.- Coal Energy Management Estimation System Based on Artificial Intelligence Algorithm.- Establishment of Enterprise Management Information System Based on Big Data Information Technology.- Application Analysis of Intelligent Information Technology in Transaction Management System.- Design of Management Cloud Information System for Residential Buildings Based on High-Performance Computing and Face Recognition Technology.- Development of Student Management System Based on WeChat Public Platform.- Application of Artificial Intelligence Technology in Human Resource Delicacy Management System.- Application of Data Mining Technology (DMT) in Human Resources Assessment Management System.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 5th International Conference on Security and Privacy in New Computing Environments, SPNCE 2022, held in Xi’an, china, in December 30-31, 2022. The 12 full papers were selected from 38 submissions and are grouped in thematical parts as: authentication and key agreement; data security; network security.Table of ContentsAuthentication and key agreement.- User Authentication Using Body Vibration Characteristics.- An Improved Authenticated Key Agreement Protocol for IoT and Cloud Server.- Efficient two-party authentication key agreement protocol using reconciliation mechanism from lattice.- Anonymous and Practical Multi-Factor Authentication for Mobile Devices Using Two-Server Architecture.- Data security.- Cross-chain Data Auditing for Medical IoT Data.- Outsourced Privacy-Preserving SVM Classifier Model over Encrypted Data in IoT.- A Scheme of Anti Gradient Leakage of Federated Learning Based on Blockchain.- Analysis of a New Improved AES S-box Structure Rong.- Network security.- Social Internet of Tings trust management based on implicit social relationship.- Romeo: SGX-based Software Anti-Piracy Framework.- P-TECS: An Energy Balance Algorithm for Opportunistic Networks Integrating Multiple Node Attributes.- Network Situation Awareness Model based on Incomplete Information Game.

Read more less

Book SynopsisThis book constitutes the proceedings of the 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022, which took place in Sousse, Tunesia, during December 7-9, 2022. The 14full papers and 4 short papers included in this volume were carefully reviewed and selected from 39 submissions. The papers detail security issues in internet-related applications, networks and systems.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 4th International Conference on Codes, Cryptology and Information Security, C2SI 2023, held in Rabat, Morocco, during May 29–31, 2023. The 21 full papers included in this book were carefully reviewed and selected from 62 submissions. They were organized in topical sections as follows: Invited Papers, Cryptography, Information Security, Discrete Mathematics, Coding Theory.Table of ContentsInvited Papers.- Cryptologists should not ignore the history of Al-Andalusia.- Compact Post-Quantum Signatures from Proofs of Knowledge leveraging Structure for the PKP, SD and RSD Problems.- On Catalan Constant Continued Fractions.- Cryptography.- Full Post-Quantum Datagram TLS Handshake in the Internet of Things.- Moderate Classical McEliece keys from quasi-Centrosymmetric Goppa codes.- QCB is Blindly Unforgeable.- A Side-Channel Secret Key Recovery Attack on CRYSTALS-Kyber Using k Chosen Ciphertexts.- A new keyed hash function based on Latin squares and error-correcting codes to authenticate users in smart home environments.- Attack on a Code-based Signature Scheme from QC-LDPC Codes.- Computational results on Gowers U2 and U3 norms of known S-Boxes.- Multi-Input Non-Interactive Functional Encryption: Constructions and Applications.- Indifferentiability of the Confusion-Diffusion Network and the Cascade Block Cipher.- Quantum Cryptanalysis of 5 rounds Feistel schemes and Benes schemes.- Lattice-based accumulator with constant time list update and constant time verification.- Information Security.- Malicious JavaScript detection based on AST analysis and key feature re-sampling in realistic environments.- Searching for Gemstones: Flawed Stegosystems May Hide Promising Ideas.- A Study for Security of Visual Cryptography.- Forecasting Click Fraud via Machine Learning Algorithms.- An Enhanced Anonymous ECC-based Authentication for Lightweight Application in TMIS.- Discrete Mathematics.- Symmetric 4-adic complexity of quaternary sequences with period 2p n.- Weightwise perfectly balanced functions and nonlinearity.- Chudnovsky-type algorithms over the projective line using generalized evaluation maps.- Coding Theory.- Security enhancement method using shortened error correcting codes.- An Updated Database of Z4 Codes and an Open Problem about Quasi-Cyclic Codes.

Read more less

Book SynopsisIn recent years, wireless networks communication has become the fundamental basis of our work, leisure, and communication life from the early GSM mobile phones to the Internet of Things and Internet of Everything communications. All wireless communications technologies such as Bluetooth, NFC, wireless sensors, wireless LANs, ZigBee, GSM, and others have their own challenges and security threats. This book addresses some of these challenges focusing on the implication, impact, and mitigations of the stated issues. The book provides a comprehensive coverage of not only the technical and ethical issues presented by the use of wireless networks but also the adversarial application of wireless networks and its associated implications. The authors recommend a number of novel approaches to assist in better detecting, thwarting, and addressing wireless challenges and threats. The book also looks ahead and forecasts what attacks can be carried out in the future through the malicious use of the wireless networks if sufficient defenses are not implemented. The research contained in the book fits well into the larger body of work on various aspects of wireless networks and cyber-security. The book provides a valuable reference for cyber-security experts, practitioners, and network security professionals, particularly those interested in the security of the various wireless networks. It is also aimed at researchers seeking to obtain a more profound knowledge in various types of wireless networks in the context of cyber-security, wireless networks, and cybercrime. Furthermore, the book is an exceptional advanced text for Ph.D. and master’s degree programs in cyber-security, network security, cyber-terrorism, and computer science who are investigating or evaluating a security of a specific wireless network. Each chapter is written by an internationally-renowned expert who has extensive experience in law enforcement, industry, or academia. Furthermore, this book blends advanced research findings with practice-based methods to provide the reader with advanced understanding and relevant skills.Table of Contents1. Key-Pre Distribution for the Internet of Things.- 2. Approaches and Methods for Regulation of Security Risks in 5G and 6G.- 3. Investigating Gesture Control of Smart Cities.- 4. Safety And Security Issues in Employing Drones.- 5. Security Threats of Unmanned Aerial Vehicles.- 6. A Machine Learning Based Approach to Detect Cyber-Attacks on Connected and Autonomous Vehicles (CAVs).- 7. Security and Privacy Concerns in Next-Generation Networks using Artificial Intelligence-based Solutions: A Potential Use Case.- 8. A Blockchain-enabled Approach for Secure Data Sharing in 6G-based Internet of Things Networks.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 17th International Conference on Critical Information Infrastructures Security, CRITIS 2022, which took place in Munich, Germany, during September 14–16, 2022.The 16 full papers and 4 short papers included in this volume were carefully reviewed and selected from 26 submissions. They are organized in topical sections as follows: protection of cyber-physical systems and industrial control systems (ICS); C(I)IP organization, (strategic) management and legal aspects; human factor, security awareness and crisis management for C(I)IP and critical services; and future, TechWatch and forecast for C(I)IP and critical services.Table of ContentsProtection of Cyber-Physical Systems and Industrial Control Systems.- Root Cause Analysis of Software Aging in Critical Information Infrastructure.- Threat-driven Dynamic Security Policies for Cyber-Physical Infrastructures.- High Data Throughput Exfiltration through Video Cable Emanations.- Design and Justification of a Cybersecurity Assessment Framework for IoT-based Environments.- An Empirical Evaluation of 4.0 CNC Machines.- Dataset Report : LID-DS 2021.- Analytics, Strategic Management.- Strategic Anticipation in Crisis Management through the Lens of Societal Values - The SANCTUM Project.- An Assessment Model for Prioritizing CVEs in CRITIS in the Context of Time and Fault Criticality.- Towards a Layer Model for Digital Sovereignty: A Holistic Approach.- Building Collaborative Cybersecurity for Critical Infrastructure Protection: Empirical Evidence of Collective Intelligence Information-Sharing Dynamics on ThreatFox.- Automatic Concrete Bridge Crack Detection from Strain Measurements: a Preliminary Study.- Mapping and Simulating Cyber-Physical Threats for Critical Infrastructures.- Identifying Residential Areas based on Open Source Data: a Multi Criteria Holistic Indicator to Optimize Resource Allocation During a Pandemic.- Security Awareness and Crisis Management for C(I)IP.- Modeling Hierarchical Structure of Effective Communication Factors in Cyber Incident Response.- Energy Security in the Context of Hybrid Threats: The Case of the European Natural Gas Network.- Cybersecurity in the German Railway Sector.- The Understanding of Vulnerability of Critical Infrastructure.- Is there a Relationship between Cybersecurity Level and Electricity Outages in Norway?.- Emerging Importance of Cybersecurity in Electric Power Sector as a Hub of Interoperable Critical Infrastructure Protection in the Greater Metropolitan Areas in Japan.- A Water Security Plan to Enhance Resilience of Drinking Water Systems.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 28th Australasian Conference on Information Security and Privacy, ACISP 2023, held in Brisbane, QLD, Australia, during July 5-7, 2023. The 27 full papers presented were carefully revised and selected from 87 submissions. The papers present and discuss different aspects of symmetric-key cryptography, public-key cryptography, post-quantum cryptography, cryptographic protocols, and system security.Table of ContentsSymmetric-Key Cryptography.- Improved Differential Cryptanalysis on SPECK Using Plaintext Structures.- Linear Cryptanalysis and Its Variants with Fast Fourier Transformation Technique on MPC/FHE/ZK-Friendly Fp-based Ciphers.- A New Correlation Cube Attack Based on Division Property.- The Triangle Differential Cryptanalysis.- Key Recovery Attacks on Grain-like Keystream Generators with Key Injection.- Related-Cipher Attacks: Applications to Ballet and ANT.- Cryptanalysis of SPEEDY.- Reconsidering Generic Composition: the modes A10, A11 and A12 are insecure.- Exploring Formal Methods for Cryptographic Hash FunctionImplementations.- Public-Key Cryptography.- A Tightly Secure ID-Based Signature Scheme under DL Assumption in AGM.- Compact Password Authenticated Key Exchange from Group Actions.- Multi-key Homomorphic Secret Sharing from LWE without Multi-key HE.- Identity-Based Encryption from Lattices Using Approximate Trapdoors.- Homomorphic Signatures for Subset and Superset Mixed Predicates and Its Applications.- Adaptively Secure Identity-Based Encryption from Middle-Product Learning with Errors.- Post-Quantum Cryptography.- Quantum-access Security of Hash-based Signature Schemes.- Tightly Secure Lattice Identity-Based Signature in the Quantum Random Oracle Model.- Ghidle: Efficient Large-State Block Ciphers for Post-Quantum Security.- Quantum Algorithm for Finding Impossible Differentials and Zero-Correlation Linear Hulls of Symmetric Ciphers.- Memory-Efficient Quantum Information Set Decoding Algorithm.- Cryptographic Protocols.- CSI-SharK: CSI-FiSh with Sharing-friendly Keys.- Practical Verifiable Random Function with RKA Security.- Statistically Consistent Broadcast Authenticated Encryption withKeyword Search Adaptive Security from Standard Assumptions.- Modular Design of KEM-Based Authenticated Key Exchange.- Reusable, Instant and Private Payment Guarantees for Cryptocurrencies.- System Security.- BinAlign: Alignment Padding based Compiler Provenance Recovery.- Encrypted Network Traffic Classiffication with Higher Order Graph Neural Network.

Read more less

Book SynopsisThis book presents the proceedings of the International Conference on Applied Cyber Security 2023 (ACS23), held in Dubai on the April 29, containing seven original contributions. Cybersecurity is continuously attracting the world’s attention and has gained in awareness and media coverage in the last decade. Not a single week passes without a major security incident that affects a company, sector, or governmental agencies. Most of the contributions are about applications of machine learning to accomplish several cybersecurity tasks, such as malware, network intrusion, and spam email detection. Similar trends of increasing AI applications are consistent with the current research and market trends in cybersecurity and other fields. We divided this book into two parts; the first is focused on malicious activity detection using AI, whereas the second groups AI applications to tackle a selection of cybersecurity problems.This book is suitable for cybersecurity researchers, practitioners, enthusiasts, as well as fresh graduates. It is also suitable for artificial intelligence researchers interested in exploring applications in cybersecurity. Prior exposure to basic machine learning concepts is preferable, but not necessary.

Read more less

Book SynopsisThis book constitutes the refereed post-conference proceedings of the 28th International Workshop on Security Protocols, held in Cambridge, UK, during March 27–28, 2023. Thirteen papers out of 23 submissions were selected for publication in this book, presented together with the respective transcripts of discussions. The theme of this year's workshop was “Humans in security protocols — are we learning from mistakes?” The topics covered are securing the human endpoint and proving humans correct.Table of ContentsSleepwalking into Disaster? Requirements Engineering for Digital Cash.- Transporting a Secret Using Destructively-Read Memory.- Authentication of IT Professionals in the Wild - A Survey.- Incentives and Censorship Resistance for Mixnets Revisited.- Can’t Keep them Away: The Failures of Anti-Stalking Protocols in Personal Item Tracking Devices.- Who is Benefiting from Your Fitness Data? A Privacy Analysis of Smartwatches.- Trusted Introductions for Secure Messaging.- Choosing Your Friends: Shaping Ethical Use of Anonymity Networks.- One Protocol to Rule them All? On Securing Interoperable Messaging.- If it’s Provably Secure, it Probably isn’t: Why Learning from Proof Failure is Hard.- Towards Human-Centric Endpoint Security.- Determining an Economic Value of High Assurance for Commodity Software Security.- Blind Auditing and Probabilistic Access Controls.

Read more less

Book SynopsisThis book constitutes the proceedings of the 19th International Workshop on Security and Trust Management, STM 2023, co-located with the 28th European Symposium on Research in Computer Security, ESORICS 2023, held in The Hague, The Netherlands, during September 28th, 2023 The 5 full papers together with 4 short papers included in this volume were carefully reviewed and selected from 15 submissions. The workshop presents papers with topics such as security and privacy, trust models, security services, authentication, identity management, systems security, distributed systems security, privacy-preserving protocols.Table of ContentsImpact of Consensus Protocols on the Efficiency of Registration and Authentication process in Self-Sovereign Identity.- Biometric-Based Password Management.- ‘State of the Union’: Evaluating Open Source Zero Trust Components.- Secure Stitch: Unveiling the Fabric of Security Patterns for the Internet of Things.- Towards a unified abstract architecture to coherently and generically describe security goals and risks of AI systems.- Decentralized Global Trust Registry Platform for trust discovery and verification of e-Health credentials using TRAIN: COVID-19 Certificate use case.- Privacy-Preserving NN for IDS: A Study on the impact of TFHE restrictions.- Analyzing and Improving Eligibility Verifiability of the Proposed Belgian Remote Voting System.- Consent as mechanism to preserve information privacy: Its origin, evolution, and current relevance.​

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the19th International Conference on Information Systems Security, ICISS 2023, held in Raipur, India, during December 16–20, 2023. The 18 full papers and 10 short papers included in this book were carefully reviewed and selected from 78 submissions. They are organized in topical sections as follows: systems security, network security, security in AI/ML, privacy, cryptography, blockchains. Table of ContentsSystems Security.- A Security Analysis of Password Managers on Android.- The Design and Application of a Unified Ontology for Cyber Security.- Big Data Forensics on Apache Kafka.- A Survey on Security Threats and Mitigation Strategies for NoSQL Databases MongoDB as a Use Case.- Theoretical Enumeration of Deployable Single-output Strong PUF Instances based on Uniformity and Uniqueness Constraints.- Network Security.- Detection and Hardening Strategies to Secure an Enterprise Network.- Attack Graph Based Security Metrics For Dynamic Networks.- An Energy-conscious surveillance scheme for intrusion detection in underwater sensor networks using Tunicate swarm optimization.- Security in AI/ML.- STN-Net: A Robust GAN-Generated Face Detector.- MDLDroid: Multimodal Deep Learning based Android Malware Detection.- A Cycle-GAN Based Image Encoding Scheme for Privacy Enhanced Deep Neural Networks.- Secure KNN Computation On Cloud.- A Multi-Stage Multi-Modal Classification Model for DeepFakes Combining Deep Learned and Computer Vision Oriented Features.- Privacy.- Security and Privacy in Machine Learning.- Attack on the Privacy-Preserving Carpooling Service TAROT.- Democracy in Your Hands!: Practical Multi-Key Homomorphic E-Voting.- Cryptography.- Secured Collaboration with Ciphertext Policy Attribute Based Signcryption in a Distributed Fog Environment for Medical Data Sharing.- Verifiable Timed Accountable Subgroup Multi-signatures.- Verifiable Timed Accountable Subgroup Multi-signatures.- Blockchains.- Ensuring Data Security in the Context of IoT Forensics Evidence Preservation with Blockchain and Self-Sovereign Identities.- Analysis of Optimal Number of Shards using ShardEval, A Simulator for Sharded Blockchains.- SoK: Digital Signatures and Taproot Transactions in Bitcoin.- BCTPV-NIZK: Publicly-verifiable non-interactive zero-knowledge proof system from minimal blockchain assumptions.- Proof-of-Variable-Authority: A blockchain consensus mechanism for securing IoT networks.- An Efficient Two-Party ECDSA Scheme for Cryptocurrencies.- Secure Smart Grid Data Aggregation Based on Fog Computing and Blockchain Technology.- Crypto-Ransomware Detection: A Honey-file based approach using chi-square test.- PSDP: Blockchain-Based Computationally Efficient Provably Secure Data Possession.- Private and Verifiable Inter-bank Transactions and Settlements on Blockchain.

Read more less

Book SynopsisThis book constitutes the proceedings of the 26th International Conference on Information Security, ISC 2023, which took place in Groningen, The Netherlands, in November 2023.The 29 full papers presented in this volume were carefully reviewed and selected from 90 submissions. The contributions were organized in topical sections as follows: privacy; intrusion detection and systems; machine learning; web security; mobile security and trusted execution; post-quantum cryptography; multiparty computation; symmetric cryptography; key management; functional and updatable encryption; and signatures, hashes, and cryptanalysis.Table of ContentsPrivacy: Exploring Privacy-Preserving Techniques on Synthetic Data as a Defense against Model Inversion Attacks.- Privacy-preserving Medical Data Generation using Adversarial Learning.- Balanced Privacy Budget Allocation for Privacy-Preserving Machine Learning.- Intrusion Detection and Systems: SIFAST: An Efficient Unix Shell Embedding Framework for Malicious Detection.- VNGuard: Intrusion Detection System for In-Vehicle Networks.- RLTrace: Synthesizing High-Quality System Call Traces for OS Fuzz Testing.- Machine Learning: Loss and Likelihood Based Membership Inference of Diffusion Models.- Symmetry Defense Against CNN Adversarial Perturbation Attacks.- Web Security: Load-and-Act: Increasing Page Coverage of Web Applications.- From Manifest V2 to V3: A Study on the Discoverability of Chrome Extensions.- Mobile Security and Trusted Execution: Libra : Library Identification in Obfuscated Android Apps.- Certificate reuse in Android applications.- TC4SE: A High-performance Trusted Channel Mechanism for Secure Enclave-based Trusted Execution Environments.- Post-Quantum Cryptography: Performance Impact of PQC KEMs on TLS 1.3 under Varying Network Characteristics.- Protecting Private Keys of Dilithium using Hardware Transactional Memory.- Multiparty Computation: Mercury: Constant-Round Protocols for Multi-Party Computation with Rationals.- Evolving Conditional Disclosure of Secrets.- Symmetric Cryptography: Permutation-Based Deterministic Authenticated Encryption with Minimum Memory Size.- Impossible Differential Cryptanalysis of the FBC Block Cipher.- Fregata: Faster Homomorphic Evaluation of AES via TFHE.- Key Management: Efficient Forward Secrecy for TLS-PSK from Pure Symmetric Cryptography.- On the Privacy-preserving Infrastructure for Authenticated Key Exchange.- Hybrid Group Key Exchange with Application to Constrained Networks.- Functional and Updatable Encryption.- Dynamic Multi-Server Updatable Encryption.- Trace-and-Revoke Quadratic Functional Encryption.- Function-Hiding Zero Predicate Inner Product Functional Encryption from Pairings.- Signatures, Hashes, and Cryptanalysis: Robust Property-Preserving Hash Meets Homomorphism.- Withdrawable Signature: How to Call off a Signature.- An Improved BKW Algorithm for Solving LWE with Small Secrets.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 14th International Conference on Decision and Game Theory for Security, GameSec 2023, held in Avignon, France, during October 18–20, 2023.The 19 full papers and 4 short papers included in this book were carefully reviewed and selected from 33 submissions. They were organized in topical sections as follows: Mechanism design and imperfect information, Security Games, Learning in security games, Cyber deception, Economics of security, Information and privacy and Short articles.Table of ContentsMechanism design and imperfect information.- Observable Perfect Equilibrium.- Playing Repeated Coopetitive Polymatrix Games with Small Manipulation Cost.- Rule Enforcing Through Ordering.- Security Games.- Multi-defender Security Games with Schedules.- Asymmetric Centrality Game against Network Epidemic Propagation.- Shades of Grey: Strategic Bimatrix Stopping Games for Modelling (Un)Ethical Hacking Roles.- Learning in security games.- Characterizing and Improving the Robustness of Predict-Then-Optimize Frameworks.- Quantisation Effects in Adversarial Cyber-Physical GamesTakuma Adams.- Scalable Learning of Intrusion Responses through Recursive Decomposition.- Cyber deception.- Honeypot Allocation for Cyber Deception in Dynamic Tactical Networks: A Game Theoretic Approach.- Optimal Resource Allocation for Proactive Defense with Deception in Probabilistic Attack Graphs.- The Credential is Not Enough: Combining Honeypots and Fake Credentials for Cyber-Defense.- Economics of security.- Does Cyber-insurance Benefit the Insured or the Attacker? -- A Game of Cyber-Insurance.- Rational Broadcast Protocols against Timid Adversaries.- FlipPath Game to Counter Stealthy Attacks in SDN-based Tactical Networks.- Information and privacy.- Double-sided Information Asymmetry in Double Extortion Ransomware.- Opacity-enforcing active perception and control against eavesdropping attacks.- A Game-Theoretic Analysis of Auditing Differentially Private Algorithms with Epistemically Disparate Herd.- Modeling and Analysis of a Nonlinear Security Game with Mixed Armament.- Short articles.- Incentive-Based Software Security: Fair Micro-Payments for Writing Secure Code.- Using Game Theory Approach for COVID-19 Risk Analysis and Medical Resource Allocation.- Shapley Value to Rank Vulnerabilities on Attack Graphs: Applications to Cyberdeception.- Solving security models with perfect observability.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 7th International Conference on Cognitive Computing, ICCC 2023, held in Shenzhen, China, during December 17–18, 2023.The 9 full papers in this book were carefully reviewed and selected from 14 submissions. They are organized in topical sections as follows: Cognitive Computing Technologies and Infrastructure, Cognitive Computing Applications, Sensing Intelligence, Cognitive Analysis, Mobile Services, Cognitive Computing on Smart Home, and Cognitive Computing on Smart City.Table of Contents​Research Track.- High-Precision Detection of Suicidal Ideation on Social Media Using Bi-LSTM and BERT Models.- P-Reader: A Clue-inspired Model for Machine Reading Comprehension.- An Unsupervised Method for Sarcasm Detection with Prompts.- ENER: Named Entity Recognition Model for Ethnic Ancient Books Based on Entity Boundary Detection.- An Enhanced Opposition-Based Golden-Sine Whale Optimization Algorithm.- T4S: Two-stage Screenplay Synopsis Summary Generation with Turning Points.- Application Track.- Multi-factor Water Level Prediction Based on InnRNN-Attention.- Ethereum Public Opinion Analysis Based on Attention Mechanism.- Prompt Tuning Models on Sentiment-Aware for Explainable Recommendation.

Read more less

Book SynopsisThis two-volume set LNCS 14398 and LNCS 14399 constitutes the refereed proceedings of eleven International Workshops which were held in conjunction with the 28th European Symposium on Research in Computer Security, ESORICS 2023, in The Hague, The Netherlands, during September 25-29, 2023. The 22 regular papers included in these proceedings stem from the following workshops:9th International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2023, which accepted 8 papers from 18 submissions;18th International Workshop on Data Privacy Management, DPM 2023, which accepted 11 papers from 18 submissions;7th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2023, which accepted 6 papers from 20 submissions;7th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2023, which accepted 4 papers from 7 submissions. 4th International Workshop onCyber-Physical Security for Critical Infrastructures P

Read more less

Book SynopsisIntroduction.- Dawn of the Machine Cryptography.- Mechanical Challenge.- Flying Start.- Codebreakers.- Breakthrough Time.- Race.- Transfusion of Hope.- First Game.- In the Darkness.- Concerto Without Audience.- Bombe.- Britannia Rules the Waves.- Sikorski's Tourists.- Relatives Come to the Fore.- Ocean Hunting.- Mediterranean Interlude.- The Americans Are Coming.- Black Hole.- Danger.- Intelligence Factory.- Postscriptum: Men, Machines, Ideas.- Index.- Bibliography.

Read more less

Book SynopsisIntroduction.- Reconfigurable Hardware.- Security Administration & Planning.- Auditing.- Monitoring & Analysis.- Risk, Response and Recovery.- Control and Countermeasures.- AI/ML in Cyber-Security.- Digital Forensics.- Tutorial for Hands on Reconfigurable Hardware: System Design, Attacks, Security.

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisPreface.- Chapter 1 Introduction to Federated Learning.- Chapter 2 Core Concepts of Federated Learning.- Chapter 3 Fundamentals of Cybersecurity.- Chapter 4 Cyber Security Intelligent Systems Based on Federated Learning.- Chapter 5 Closing Thoughts, and Future Directions in Federated Cyber Intelligence.

Read more less

Book SynopsisEncryption & Secret Sharing: Registered Matchmaking Encryption.- Sum-Preserving Encryption: Improved Bounds and Constructions for Long Vectors.- Fully Secure Searchable Encryption from PRFs, Pairings, and Lattices.- Pre-Constructed Publicly Verifiable Secret Sharing and Applications. Blockchains & Decentralized Systems: HCC: A Language-Independent Hardening Contract Compiler for Smart Contracts.- Double Auction Meets Blockchain: Consensus from Scored Bid-Assignment.- SoK: Measuring Blockchain Decentralization.- Automated Selfish Mining Analysis for DAG-Based PoW Consensus Protocols.- Sassafras: Effcient Batch Single Leader Election. Multi-Party Computation: Oblivious suffx sorting: A multi-party computation scheme for secure and effcient suffx sorting.- Share&Shrink: Effcient and Delegatable MPC in one Broadcast then Asynchrony.- Delayed-Input Multi-Party Computation.- Quantum-Safe Public Key Blinding from MPC-in-the-Head Signature Schemes. Network Security: Opening Pandora’s Packet: Expose IPv6 Implementations Vulnerabilities Using Differential Fuzzing.- TAU: Trust via Asynchronous Updates for Satellite Network Resiliency. Cryptographic primitives and protocols: Spilling-Cascade: an Optimal PKE Combiner for KEM Hybridization.- Distributed Asynchronous Remote Key Generation.- Anonymous Authenticated Key Exchange.- Key Recovery Attacks on Unpatched MEGA from Four Queries: Solving Approximate Divisor Problem with Help of Approximation of Squared Divisor.- Tighter provable security for TreeKEM.

Read more less

Book SynopsisThe present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community.Table of ContentsOverview of Critical Information Infrastructure Protection.-The Art of CIIP Strategy: Tacking Stock of Content and Processes.-Infrastructure Sectors and the Information Infrastructure.-Understanding Cyber Threats and Vulnerabilities. Modelling Approaches.-Anomaly Detection in Water Management Systems.-Security Aspects of SCADA and DCS Environments.-SCADA Protocol Vulnerabilities.-Protection of SCADA Communication Channels.-Cyber Vulnerability in Power Systems Operation and Control.-Sector-Specific Information Infrastructure Issues in the Oil, Gas, and Petrochemical Sector.-Telecommunications.-Financial Services Industry.-Transportation.The Art of CIIP Strategy: Tacking Stock of Content and Processes.-Infrastructure Sectors and the Information Infrastructure.-Understanding Cyber Threats and Vulnerabilities. Modelling Approaches.-Anomaly Detection in Water Management Systems.-Security Aspects of SCADA and DCS Environments.-SCADA Protocol Vulnerabilities.-Protection of SCADA Communication Channels.-Cyber Vulnerability in Power Systems Operation and Control.-Sector-Specific Information Infrastructure Issues in the Oil, Gas, and Petrochemical Sector.-Telecommunications.-Financial Services Industry.-Transportation.

Read more less

Book SynopsisDiese Dokumentation schlägt eine Schneise durch das Dickicht des Versicherungsmarktes der Cyber-Policen. Versicherungen gegen Cyberkriminalität werden zunehmend wichtiger: Angriffe auf die Informationstechnik von Unternehmen können Schäden in Millionenhöhe hinterlassen, beispielsweise wenn sensible Datensätze gestohlen oder Seiten von Online-Shops lahmgelegt werden. Inzwischen bietet die deutsche Versicherungswirtschaft mit speziellen „Cyber-Policen“ Schutz gegen eine Vielzahl von IT-Risiken. Doch wie schlagkräftig ist ein solcher Schutz? Welche Versicherer bieten spezielle Cyber-Policen an? Welche Gefahren können versichert werden? Welche Rolle spielt der Versicherungsvertrieb und worauf sollten Vermittler und Makler achten? Das sind nur einige der Fragen, denen Umar Choudhry nachgeht.Trade ReviewAus den Rezensionen: “... Das Buch richtet sich an Fach- und Führungskräfte in Versicherungsunternehmen, Versicherungsmakler und -vermittler, Aktuare, Underwriter,Versicherungseinkäufer aus der Industrie sowie Fachanwälte.“ (in: Die Versicherungs Praxis, Heft 1, 2015)Table of Contents​Der Markt der Cyber-Versicherungen in Deutschland.- Wie sieht die Zukunft der Cyber-Versicherungen aus?.- Wenn Versicherer zur Zielscheibe von Cyber-Attacken werden.- Versicherer mit einem Produkt gegen Cyber-Risiken.

Read more less

Book SynopsisIn diesem Buch geht es um den AKS-Algorithmus, den ersten deterministischen Primzahltest mit polynomieller Laufzeit. Er wurde benannt nach den Informatikern Agrawal, Kayal und Saxena, die ihn 2002 entwickelt haben. Primzahlen sind Gegenstand vieler mathematischer Probleme und spielen im Zusammenhang mit Verschlüsselungsmethoden eine wichtige Rolle. Das vorliegende Buch leitet den AKS-ALgorithmus in verständlicher Art und Weise her, ohne wesentliche Vorkenntnisse zu benötigen, und ist daher bereits für interessierte Gymnasialschüler(innen) zugänglich. Außerdem eignet sich das Buch von Studienbeginn an für Lehrveranstaltungen im Mathematik- oder Informatikstudium. Es kann schon in den ersten Semestern als Grundlage für zweistündige Vorlesungen oder (Pro-)Seminare dienen, ohne auf andere Lehrveranstaltungen (wie z. B. Zahlentheorie) zurückzugreifen, und ist daher im Bachelor- und Lehramtsstudium gut einsetzbar. Es gibt viele Aufgaben und weiterführende Anmerkungen sowie Lösungshinweise am Ende des Buches. Table of ContentsNatürliche Zahlen und Primzahlen.- Algorithmen und Komplexität.- Zahlentheoretische Grundlagen.- Primzahlen und Kryptographie.- Der Ausgangspunkt: Fermat für Polynome.- Der Satz von Agrawal, Kayal und Saxena.- Der Algorithmus.- Offene Fragen über Primzahlen.- Lösungen und Hinweise zu wichtigen Aufgaben.

Read more less

Book SynopsisIn diesem Buch erfahren Wirtschaftswissenschaftler, wie Firmen nach Hackerangriffen vom Markt verschwinden und wie Hacker Aktienkurse beeinflussen können. Lernen Sie, wie Homo oeconomicus beim Thema Cyber Security zum Homo carens securitate wird und wie es gelingt, mithilfe der wirtschaftswissenschaftlichen „Brille“ (oder: Perspektive/Sicht) ganz neue Lösungsansätze und Sichtweisen im Kampf gegen Wirtschaftsspione, Hacker und Cyber-Kriminelle zu erkennen. Cyber Security bzw. IT-Sicherheit ist ein Zukunftsthema, an dem kaum jemand vorbeikommt. Dieses Buch beschreibt anhand aktueller Vorfälle – ohne technisches Grundwissen vorauszusetzen –, was Ökonomen wissen müssen, um sich am Gespräch über eines der wichtigsten Zukunftsthemen unserer Zeit beteiligen zu können.Table of ContentsWas ist Cyber Security?.- Wichtige Begriffe anhand aktueller Vorfälle erklärt.- Wirtschaftswissenschaftliche Sicht auf die Cyber Security.- Homo oeconomicus vs. Homo carens securitate.

Read more less

Book SynopsisThorsten Walter beschreibt die technischen und juristischen Fallstricke sogenannter „Bring your own device“-Modelle und stellt die arbeitsrechtlichen Regelungsinstrumente für den Umgang mit BYOD vor. Darüber hinaus werden die verschiedenen technischen Lösungen zur Umsetzung von BYOD im Unternehmen in leicht verständlicher Form einander gegenübergestellt. Der Autor gibt praktische Empfehlungen zur Gestaltung von Regelungen in Nutzungsvereinbarungen. Table of ContentsWas Sie in diesem Essential finden können.- Schöne neue Welt.- Die Kehrseite.- Überschneidung von beruflicher und Privatsphäre.- Technische Umsetzung.- Handlungsempfehlungen.- Was Sie aus diesem Essential mitnehmen können.

Read more less

Book SynopsisDas Buch vermittelt umfassende Kenntnisse über den Einsatz von mobilen Anwendungen in Unternehmen. Die Autoren stellen sowohl Grundlagen als auch Konzepte dar, um betriebliche Einsatzszenarien zu entwickeln, zu nutzen und zu bewerten. Schwerpunkte sind Software Engineering mobiler Anwendungen, ihre Sicherheit und der Einsatz in Form von konkreten Anwendungsbeispielen. Dieser Herausgeberband basiert auf Fragestellungen aus der unternehmerischen Praxis. Er wendet sich sowohl an Berater und Projektverantwortliche als auch an Studierende und Lehrende.Table of ContentsTerminologie und Technologie - Betriebswirtschaftlicher Nutzen und mobiles Ecosystem - Software Engineering mobiler Anwendungen - Sicherheit mobiler Anwendungen - Anwendungsszenarien mobiler Apps

Read more less

Book SynopsisDominik Herrmann zeigt, dass die Betreiber von Nameservern, die im Internet zur Auflösung von Domainnamen in IP-Adressen verwendet werden, das Verhalten ihrer Nutzer detaillierter nachvollziehen können als bislang gedacht. Insbesondere können sie maschinelle Lernverfahren einsetzen, um einzelne Internetnutzer an ihrem charakteristischen Verhalten wiederzuerkennen und über lange Zeiträume unbemerkt zu überwachen. Etablierte Verfahren eignen sich allerdings nicht zur Anonymisierung der Namensauflösung. Daher schlägt der Autor neue Techniken zum Selbstdatenschutz vor und gibt konkrete Handlungsempfehlungen.Table of ContentsGrundlagen des Domain Name System, relevante Bedrohungen und etablierte Sicherheitsmechanismen.- Beobachtungsmöglichkeiten im Domain Name System: Rekonstruktion der besuchten Webseiten und der verwendeten Software sowie verhaltensbasierte Verkettung von Sitzungen.- Techniken zum Schutz vor Beobachtung und Verkettung mittels datenschutzfreundlicher Techniken.

Read more less

Book SynopsisIn diesem Buch beleuchten Autoren aus der Politik, Wirtschaft und Forschung das Thema Security: Was wird sie kosten und wer wird sie anbieten? Wird Security vielleicht sogar Spaß machen? Das Internet der Dinge wird nicht einmal zehn Jahre brauchen, um 2020 mehr als 50 Milliarden Geräte zu vernetzen. Digitalisierung rast durch alle Bereiche der Wirtschaft und des Lebens. Sie bringt Geschwindigkeit und Kosteneffizienz, aber sie vergrößert auch unsere Angriffsfläche – der Menschen und unserer Unternehmen. Im Ergebnis wird erst Security zum Möglichmacher sicherer Digitalisierung, in der Daten, Netze, Rechenzentren und Endgeräte künftig maximal möglich geschützt werden. Security muss in Zukunft ganz einfach zu bedienen sein. Und zwar für alle: vom Rentner über die Hausfrau und den Studenten bis zum Mittelstand und Großunternehmen. Table of ContentsSecurity: Die echte Herausforderung für die Digitalisierung.- Sicherheitspolitik: Regeln für den Cyberraum.- Datenschutz-Empowerment.- Red Teaming und Wargaming: Wie lassen sich Vorstände und Aufsichtsräte stärker in das Thema Cyber Security involvieren?.- CSP statt 007: Integrierte Qualifizierung im Bereich Cyber Security.- Sicher und einfach: Security aus der Steckdose.- Cyber Security – What's next?.

Read more less

Book SynopsisDieses Lehrbuch bietet Grundlagenwissen zum Thema Informationssicherheit sowie Informationssicherheitsmanagement. Neben der Erklärung aktueller und relevanter Grundbegriffe bietet es Definitionen und skizziert methodische und rechtliche Rahmen. Die optimale praktische Gestaltung des Informationssicherheitsmanagements wird unter Berücksichtigung zweier gängiger Standards zur Informationssicherheit, des Grundschutzhandbuches und ISO 27001, dargelegt. Damit gibtdie Autorin konkrete Antworten auf Fragen der Risikobewertung und Gefahrenanalyse, derSicherheits- und Datenschutzkontrollen sowie zum Incident Management und dem Security Audit und -Monitoring. Darüber hinaus werden auch Aspekte der Cyber- und Computerkriminalität, derIT-Forensik und des Security Intelligence betrachtet. Damit ist das Buch für alle interessant, die ihren Fokus auf die Prävention von Sicherheitsvorfällen, aber auch auf deren Detektion und die angemessene Reaktion legen.Table of ContentsBegriffe rund um Informationssicherheit - Management der Informationssicherheit als Prozess - Schichten und Prozessphasen des Informationssicherheitsmanagements - Risikomanagement und Gefährdungsanalyse - Sicherheitskontrollen – Datenschutzkontrollen – TOMs - Incident Management und Notfallvorsorge - Security Audit, Monitoring und Reporting - Cyber- und Computerkriminalität - Bewerten – verbessern – optimieren

Read more less

Book SynopsisAndreas Gadatsch und Markus Mangiapane erläutern zentrale Aspekte der Digitalisierung und der IT-Sicherheit, ohne die digitale Geschäftsmodelle und -prozesse nicht realisierbar sind. Die Autoren möchten den Leser für aktuelle Trends im Informationsmanagement und deren Auswirkungen auf IT-Sicherheit sensibilisieren. Wenn man von jedem Punkt der Welt aus einen Prozess nutzen kann, so kann man ihm auch jederzeit von jedem Ort aus schaden, ihn stoppen, verändern oder Daten manipulieren. IT-Sicherheit ist daher die Grundlage zur Realisierung digitaler Prozesse.Table of ContentsVorgehensweise bei der Geschäftsprozessdigitalisierung und die Abhängigkeit der Unternehmen von der IT.- Vier Dimensionen der IT-Sicherheit und das Herausarbeiten der Sicherheitsanforderungen.- Handlungsempfehlungen für das Management, Schutzbedarfsanalyse, Praxis-Tipps.- Business Continuity als Königsdisziplin.

Read more less

Book SynopsisErnst Piller gibt praktische Hinweise zum Beschaffungsvorgang von IT-sicherer Soft- und Hardware für die eigene Infrastruktur bzw. die Produktion. Dabei beschränkt sich ‚Hardware‘ nicht nur auf IKT-Produkte, sondern impliziert auch alle Geräte, Maschinen, Steuerungen, Fahrzeuge und Produktionskomponenten aus allen Branchen, die eine Software enthalten. Der Autor behandelt Themen wie IT-Sicherheitsanforderungen, Vertrauen in Hersteller, beschaffungsrelevante Informationssysteme für IT-Sicherheit und Gütezeichen. Abgerundet wird das essential mit der Vorstellung einer herstellerunabhängigen und kostenfreien Plattform zur Unterstützung des Beschaffungsprozesses für den Einkauf von Soft- und Hardware unter Berücksichtigung der IT-Sicherheit.Table of ContentsRisikoanalyse, Schutzbedarfsfeststellung und IT-Sicherheitsanforderungen.- Herkunft IT-sicherheitskritischer Komponenten, juristische Aspekte, IT-Sicherheitsgütezeichen.- Vorstellung einer unabhängigen Beschaffungsplattform.

Read more less

Book SynopsisBei der heutigen Datenflut, die auf Speichermedien und im Internet kursiert, ist die Kompression digitaler Daten nach wie vor ein immens wichtiger Aspekt bei Datenübertragung und -speicherung. Dieses essential erläutert ohne theoretischen Überbau und mit elementaren mathematischen und informatischen Methoden die wichtigsten Kompressionsverfahren, so unter anderem die Entropiecodierungen von Shannon-Fano und von Huffman, sowie die Wörterbuchcodierungen der Lempel-Ziv-Familie. Ausführlich eingegangen wird auch auf Irrelevanzreduktion und die Quantisierung bei optischen und akustischen Signalen, die die Unzulänglichkeiten des menschlichen Auges und Ohres zur Datenkompression ausnutzen. Illustriert wird das Ganze anhand gängiger Praxisanwendungen aus dem alltäglichen Umfeld. Die Aufbereitung erlaubt den Einsatz beispielsweise in Arbeitsgruppen an MINT-Schulen, bei Einführungskursen an Hochschulen und ist auch für interessierte Laien geeignet.Table of ContentsDatenübertragung und - speicherung.- Digitalisierung.- Überblick über Methoden der Datenkompression.- Entropiecodierungen.- Wörterbuchcodierungen.- Quantisierung

Read more less

Book SynopsisThis book explores the combination of Reinforcement Learning and Quantum Computing in the light of complex attacker-defender scenarios. Reinforcement Learning has proven its capabilities in different challenging optimization problems and is now an established method in Operations Research. However, complex attacker-defender scenarios have several characteristics that challenge Reinforcement Learning algorithms, requiring enormous computational power to obtain the optimal solution. The upcoming field of Quantum Computing is a promising path for solving computationally complex problems. Therefore, this work explores a hybrid quantum approach to policy gradient methods in Reinforcement Learning. It proposes a novel quantum REINFORCE algorithm that enhances its classical counterpart by Quantum Variational Circuits. The new algorithm is compared to classical algorithms regarding the convergence speed and memory usage on several attacker-defender scenarios with increasing complexity. In addition, to study its applicability on today's NISQ hardware, the algorithm is evaluated on IBM's quantum computers, which is accompanied by an in-depth analysis of the advantages of Quantum Reinforcement Learning.Table of ContentsMotivation: Complex Attacker-Defender Scenarios - The eternal conflict., The Information Game - A special Attacker-Defender Scenario., Reinforcement Learning and Bellman’s Principle of Optimality., Quantum Reinforcement Learning - Connecting Reinforcement Learning and Quantum Computing.- Approximation in Quantum Computing.- Advanced Quantum Policy Approximation in Policy Gradient Rein-forcement Learning.- Applying Quantum REINFORCE to the Information Game.- Evaluating quantum REINFORCE on IBM’s Quantum Hardware.- Future Steps in Quantum Reinforcement Learning for Complex Scenarios.- Conclusion.

Read more less

Book SynopsisMit diesem Handbuch identifizieren Sie Risiken, bauen wegweisendes effizienzförderndes Handlungswissen auf und sichern so Ihr Unternehmen sowie seine Prozesse, Ressourcen und die Organisation ab. Der Autor führt Sie von den gesetzlichen, regulatorischen, normativen und geschäftspolitischen Sicherheits-, Kontinuitäts- und Risikoanforderungen bis zu Richtlinien, Konzepten und Maßnahmen. Die dreidimensionale Sicherheitsmanagementpyramide V sowie die innovative und integrative RiSiKo-Management-Pyramide V liefern ein durchgängiges, praxisorientiertes und systematisches Vorgehensmodell für den Aufbau und die Weiterentwicklung des Sicherheits-, Kontinuitäts- und Risikomanagements. Beispiele und Checklisten unterstützen Sie. Der Online-Service des Autors bietet Ihnen zusätzliche News, Links und ergänzende Beiträge.Table of ContentsUnternehmensweites integratives Sicherheits-, Kontinuitäts- und Risikomanagement – RiSiKo-Pyramide mit Lebenszyklus – Gesetze, Normen, Standards, Practices – Compliance, Haftung – Managementsysteme – Geschäftsprozesse, Ressourcen, Interdependenzen, Organisation – Von der RiSiKo-Politik bis zu Maßnahmen – Sicherheitsprinzipien, Sicherheitsschalenmodell – Business Continuity Management, Sourcing – Firewall, Schadsoftwarescanner, Datensicherung, Verschlüsselung, Mobile Device Management, BYOD, Cloud-Computing – Arbeits-, Betriebs- und Angriffssicherheit – Kennzahlen, Reporting, Balanced Pyramid Scorecard®

Read more less

Book SynopsisEin qualifiziertes Management der Informationssicherheit ist heutzutage für jede Organisation unverzichtbar. Die Normenreihe ISO 27000 ist dabei ein anerkannter „Wegweiser“ zu diesem Ziel. Im internationalen Kontext ist ihre Erfüllung für viele Organisationen ein wichtiger Wettbewerbsfaktor. Auch in Deutschland hat diese Normenreihe Eingang in Vorgaben, Regelungen und Gesetze zum Thema Informationssicherheit gefunden.Das vorliegende Buch kommentiert vor diesem Hintergrund die aktuellen Normen ISO 27001 und ISO 27002 (Ausgabe 2022/2023): Nach einer Einführung in die Normenreihe und ihren Fachbegriffen werden die Anforderungen an das Managementsystem für Informationssicherheit (ISMS) detailliert erklärt und mit zahlreichen Hinweise zur Umsetzung versehen. Im Anhang der ISO 27001 sind die sog. Controls aufgeführt, die in der neuen Normfassung komplett umstrukturiert und an vielen Stellen geändert wurden. Das Buch behandelt ausführlich alle Controls und gibt viele Beispiele für ihre Anwendung.Mit dem Erscheinen der neuen Normfassungen müssen sich viele Organisationen entsprechend umstellen – nicht zuletzt auch im Zusammenhang mit Zertifizierungen. Das Buch bietet hier einen ausführlichen Fahrplan zur Migration auf die neuen Normen.Table of ContentsDie Anforderungen an ein Informationssicherheits-Managementsystem (ISMS).- Die Controls der neuen Normen und ihre Systematik.- Praxis: Übergang von den alten zu den neuen Normfassungen.- Audits zielorientiert vorbereiten und durchführen.

Read more less

Book SynopsisNicht nur im privaten Umfeld, auch im beruflichen sind Computer, Smartphones und das Internet Begleiter unseres täglichen Lebens. Dabei spielt der Schutz von Informationen eine wichtige Rolle. Über 70% aller Cyber-Angriffe zielen auf den Nutzer ab, lediglich ein kleiner Teil auf die tatsächlichen Systeme. Daher sind geschulte und aufmerksame Mitarbeiter ein unabdingbarer Bestandteil der allgemeinen Sicherheitsstrategie zum Schutz der Informationen. Das Ziel ist dabei der Aufbau einer Kultur der Cyber-Sicherheit, einer sogenannten human firewall.Table of ContentsEinführung.- Aufmerksame Mitarbeiter: der beste Schutz.- Pre-Phase.- Durchführung.- Post-Phase.- Kennzahlen und dauerhafte Implementierung.- Fazit.

Read more less

Book SynopsisAn increasing number of countries develop capabilities for cyber-espionage and sabotage. The sheer number of reported network compromises suggests that some of these countries view cyber-means as integral and well-established elements of their strategical toolbox. At the same time the relevance of such attacks for society and politics is also increasing. Digital means were used to influence the US presidential election in 2016, repeatedly led to power outages in Ukraine, and caused economic losses of hundreds of millions of dollars with a malfunctioning ransomware. In all these cases the question who was behind the attacks is not only relevant from a legal perspective, but also has a political and social dimension.Attribution is the process of tracking and identifying the actors behind these cyber-attacks. Often it is considered an art, not a science.This book systematically analyses how hackers operate, which mistakes they make, and which traces they leave behind. Using examples from real cases the author explains the analytic methods used to ascertain the origin of Advanced Persistent Threats.Table of ContentsAdvanced Persistent Threats.- The attribution process.-Analysis of malware.- Attack infrastructure.- Analysis of control servers.- Geopolitical analysis.- Telemetry - data from security products.- Methods of intelligence agencies.- Doxing.- False flags.- Group set-ups.- Communication.- Ethics of attribution.

Read more less

Book SynopsisIn diesem Open-Access-Buch stehen die wirtschaftliche Verwertung von Daten und die dazu gehörenden technischen und organisatorischen Prozesse und Strukturen in Unternehmen im Fokus. Es behandelt Themen wie Datenmonetarisierung, Datenverträge, Data Governance, Informationssicherheit, Datenschutz und die Vertrauenswürdigkeit von Daten.Seit Jahren wird davon gesprochen, dass „Daten das neue Öl“ sind. Expertinnen und Experten sind sich einig: Das Wertschöpfungspotential von Daten ist enorm und das über fast alle Branchen und Geschäftsfelder hinweg. Und dennoch bleibt ein Großteil dieses Potentials ungehoben. Deshalb nimmt dieser Sammelband konkrete Innovationshemmnisse, die bei der Erschließung des wirtschaftlichen Werts von Daten auftreten können, in den Blick. Er bietet praktische Lösungsansätze für diese Hürden an den Schnittstellen von Ökonomie, Recht, Akzeptanz und Technik. Dazu folgen die Autorinnen und Autoren einem interdisziplinären Ansatz und greifen aktuelle Diskussionen aus der Wissenschaft auf, adressieren praxisnahe Herausforderungen und geben branchenunabhängige Handlungsempfehlungen. Den Leserinnen und Lesern soll eine transparente Informationsbasis angeboten werden und damit die Teilnahme an der Datenwirtschaft erleichtert werden. Dieses Buch richtet sich an Entscheidungsträgerinnen und Entscheidungsträger in Unternehmen sowie an Entwicklerinnen und Entwickler datenbasierter Dienste und Produkte. Der Band ist ebenfalls für Fachkräfte der angewandten Forschung wie auch für interdisziplinär Studierende z.B. der Wirtschaftsinformatik, der technikorientierten Rechtswissenschaft oder der Techniksoziologie relevant.Table of ContentsEinleitung: Wie aus Daten Wert entsteht - Datenwirtschaft und Datentechnologie.- Teil 1 - Daten als Wirtschaftsgut: Einleitung: Daten als Wirtschaftsgut.- Grenzkostenfreie IoT-Services in den Datenmarktplätzen der Zukunft.- Besonderheiten datenbasierter Geschäftsmodellentwicklung.- Das Dilemma der Preisbildung datenbasierter Geschäftsmodelle in der produzierenden Industrie.- Bewertung von Unternehmensdatenbeständen: Wege zur Wertermittlung des wertvollsten immateriellen Vermögensgegenstandes.- Teil 2 - Datenrecht: Einleitung: Datenrecht.- Compliant Programming - Rechtssicherer Einsatz von Blockchains und anderen Datentechnologien.- Data Governance und Datenökonomie - Datenteilung in Ökosystemen rechtskonform gestalten.- Herausforderung und Grenzen bei der Gestaltung von Datenverträgen.- Vertragsdurchführung mit Smart Contracts - rechtliche Rahmenbedingungen und Herausforderungen.- Teil 3 - Kontrolle über Daten: Einleitung: Kontrolle über Daten.- Datenhoheit und Datenschutz aus Nutzer-, Verbraucher- und Patientenperspektive.- Verfahren zur Anonymisierung und Pseudonymisierung von Daten.- Datensouveränität in Digitalen Ökosystemen: Daten nutzbar machen, Kontrolle behalten.- Teil 4 - Vertrauen in Daten: Einleitung: Vertrauen in Daten.- Unternehmensdaten - Informationen aus gewachsenen, komplexen Systemen herausarbeiten.- Datenqualitätssicherung entloang der Datenwertschöpfungskette im Industriekontext.- Nationale und internationale Standardisierung und Zertifizierung von Datendiensten.

Read more less

Book SynopsisDieses Lehrbuch bietet einen fundierten Überblick über manche klassische hin zu modernen bis zu brandaktuellen kryptografischen Verfahren. Die Voraussetzungen, die ein Leser mitbringen sollte, konzentrieren sich auf wenige Inhalte der linearen Algebra und Analysis, die im ersten Studienjahr vermittelt werden. Das Buch umfasst im Wesentlichen einen Themenkreis, der in einer vierstündigen Vorlesung angesprochen werden kann. Es zeichnet sich durch mathematische Präzision, zahlreiche Beispiele und viele Algorithmen aus. Bei den Algorithmen wird eine verständliche Darstellung bevorzugt, die die Prinzipien klar und leicht nachvollziehbar macht. Wegen der ausführlichen Erklärungen kann das Buch auch zum Selbststudium empfohlen werden. Die Kapitel sind in kleine Lerneinheiten unterteilt. Die Leser werden so Schritt für Schritt von den Anfängen der Kryptologie in der Antike hin zu modernen Verfahren im Internetzeitalter geführt.Trade Review"[Das Buch] ist [...] ein gelungenes, empfehlenswertes Stück in der großen Auswahl an Büchern zur Kryptologie." www.math.uni-rostock.de/rho, 08.06.2010Table of ContentsKlassische Verfahren - Das One-Time-Pad und perfekte Sicherheit - Block-Chiffren: AES und DES - Komplexität und Einwegfunktionen - Symmetrische Authentifikation - Exponentiationschiffren - Das RSA-Verfahren - Primzahltests - Das Verfahren von Diffie-Hellmann, ElGamal und Rabin - Diskrete Logarithmen - Faktorisierung - Signaturverfahren - Elliptische Kurven - Anwendungen elliptischer Kurven in der Kryptologie

Read more less