The biggest software development companies conduct daily more than hundreds deployments which influence currently operating IT (Information Technology) systems. This is possible due to the availability of automatic mechanisms which are providing their functional testing and later applications deployment. Unfortunately, nowadays, there are no tools or even a set of good practices related to the problem on how to include IT security issues into the whole production and deployment processes. This paper describes how to deal with this problem in the large mobile telecommunication operator environment.
Recently, Gunn, Allison and Abbott (GAA) [http://arxiv.org/pdf/1402.2709v2.pdf] proposed a new scheme to utilize electromagnetic waves for eavesdropping on the Kirchhoff-law-Johnson-noise (KLJN) secure key distribution. We proved in a former paper [Fluct. Noise Lett. 13 (2014) 1450016] that GAA’s mathematical model is unphysical. Here we analyze GAA’s cracking scheme and show that, in the case of a loss-free cable, it provides less eavesdropping information than in the earlier (Bergou)-Scheuer-Yariv mean-square-based attack [Kish LB, Scheuer J, Phys. Lett. A 374:2140-2142 (2010)], while it offers no information in the case of a lossy cable. We also investigate GAA’s claim to be experimentally capable of distinguishing—using statistics over a few correlation times only—the distributions of two Gaussian noises with a relative variance difference of less than 10-8. Normally such distinctions would require hundreds of millions of correlations times to be observable. We identify several potential experimental artifacts as results of poor KLJN design, which can lead to GAA’s assertions: deterministic currents due to spurious harmonic components caused by ground loops, DC offset, aliasing, non-Gaussian features including non-linearities and other non-idealities in generators, and the timederivative nature of GAA’s scheme which tends to enhance all of these artifacts.
We introduce two new Kirchhoff-law-Johnson-noise (KLJN) secure key distribution schemes which are generalizations of the original KLJN scheme. The first of these, the Random-Resistor (RR-) KLJN scheme, uses random resistors with values chosen from a quasi-continuum set. It is well-known since the creation of the KLJN concept that such a system could work in cryptography, because Alice and Bob can calculate the unknown resistance value from measurements, but the RR-KLJN system has not been addressed in prior publications since it was considered impractical. The reason for discussing it now is the second scheme, the Random Resistor Random Temperature (RRRT-) KLJN key exchange, inspired by a recent paper of Vadai, Mingesz and Gingl, wherein security was shown to be maintained at non-zero power flow. In the RRRT-KLJN secure key exchange scheme, both the resistances and their temperatures are continuum random variables. We prove that the security of the RRRT-KLJN scheme can prevail at a non-zero power flow, and thus the physical law guaranteeing security is not the Second Law of Thermodynamics but the Fluctuation-Dissipation Theorem. Alice and Bob know their own resistances and temperatures and can calculate the resistance and temperature values at the other end of the communication channel from measured voltage, current and power-flow data in the wire. However, Eve cannot determine these values because, for her, there are four unknown quantities while she can set up only three equations. The RRRT-KLJN scheme has several advantages and makes all former attacks on the KLJN scheme invalid or incomplete.
We introduce seven new versions of the Kirchhoff-Law-Johnson-(like)-Noise (KLJN) classical physical secure key exchange scheme and a new transient protocol for practically-perfect security. While these practical improvements offer progressively enhanced security and/or speed for non-ideal conditions, the fundamental physical laws providing the security remain the same.
In the "intelligent" KLJN (iKLJN) scheme, Alice and Bob utilize the fact that they exactly know not only their own resistor value but also the stochastic time function of their own noise, which they generate before feeding it into the loop. By using this extra information, they can reduce the duration of exchanging a single bit and in this way they achieve not only higher speed but also an enhanced security because Eve’s information will significantly be reduced due to smaller statistics.
In the "multiple" KLJN (MKLJN) system, Alice and Bob have publicly known identical sets of different resistors with a proper, publicly known truth table about the bit-interpretation of their combination. In this new situation, for Eve to succeed, it is not enough to find out which end has the higher resistor. Eve must exactly identify the actual resistor values at both sides.
In the "keyed" KLJN (KKLJN) system, by using secure communication with a formerly shared key, Alice and Bob share a proper time-dependent truth table for the bit-interpretation of the resistor situation for each secure bit exchange step during generating the next key. In this new situation, for Eve to succeed, it is not enough to find out the resistor values at the two ends. Eve must also know the former key.
The remaining four KLJN schemes are the combinations of the above protocols to synergically enhance the security properties. These are: the "intelligent-multiple" (iMKLJN), the "intelligent-keyed" (iKKLJN), the "keyed-multiple" (KMKLJN) and the "intelligent-keyed-multiple" (iKMKLJN) KLJN key exchange systems.
Finally, we introduce a new transient-protocol offering practically-perfect security without privacy amplification, which is not needed in practical applications but it is shown for the sake of ongoing discussions.
Intensive modernization and reconstruction of the energy sector takes place throughout the
world. The EU climate and energy policy will have a huge impact on the development of the energy
sector in the coming years. The European Union has adopted ambitious goals of transforming
towards a low-carbon economy and the integration of the energy market. In June 2015, the G7 countries
announced that they will move away from coal fired energy generation. Germany, which
has adopted one of the most ambitious energy transformation programs among all industrialized
countries, is leading these transformations. The long-term strategy, which has been implemented
for many years, allowed for planning the fundamental transformation of the energy sector; after the
Fukushima Daiichi nuclear disaster, Germany opted for a total withdrawal from nuclear energy and
coal in favor of renewable energy. The German energy transformation is mainly based on wind and
solar energy. Germany is the fifth economic power in the world and the largest economy in Europe.
Therefore, the German energy policy affects the energy policy of the neighboring countries. The
article presents the main assumptions of the German energy policy (referred to as Energiewende).
It also presents the impact of changes in the German energy sector on the development of energy
systems in selected European countries.
Due to increase in threats posed by offshore foundries, the companies outsourcing IPs are forced to protect their designs from the threats posed by the foundries. Few of the threats are IP piracy, counterfeiting and reverse engineering. To overcome these, logic encryption has been observed to be a leading countermeasure against the threats faced. It introduces extra gates in the design, known as key gates which hide the functionality of the design unless correct keys are fed to them. The scan tests are used by various designs to observe the fault coverage. These scan chains can become vulnerable to sidechannel attacks. The potential solution for protection of this vulnerability is obfuscation of the scan output of the scan chain. This involves shuffling the working of the cells in the scan chain when incorrect test key is fed. In this paper, we propose a method to overcome the threats posed to scan design as well as the logic circuit. The efficiency of the secured design is verified on ISCAS’89 circuits and the results prove the security of the proposed method against the threats posed.
Visible Light Communication (VLC) is a technique for high-speed, low-cost wireless data transmission based on LED luminaries. Wireless LAN environments are a major application of VLC. In these environments, VLC is used in place of traditional systems such as Wi-Fi. Because of the physical characteristics of visible light, VLC is considered to be superior to traditional radio-based communication in terms of security. However, as in all wireless systems, the security of VLC with respect to eavesdropping, signal jamming and modification must be analyzed. This paper focuses on the aspect of jamming in VLC networks. In environments where multiple VLC transmitters are used, there is the possibility that one or more transmitters will be hostile (or “rogue”). This leads to communication disruption, and in some cases, the hijacking of the legitimate data stream. In this paper we present the theoretical system model that is used in simulations to evaluate various rogue transmission scenarios in a typical indoor environment. The typical approach used so far in jamming analysis assumes that all disruptive transmissions may be modeled as Gaussian noise, but this assumption may be too simplistic. We analyze and compare two models of VLC jamming: the simplified Gaussian and the exact model, where the full characteristics of the interfering signal are taken into account. Our aim is to determine which methodology is adequate for studying signal jamming in VLC systems.
There is an ongoing debate about the fundamental security of existing quantum key exchange schemes. This debate indicates not only that there is a problem with security but also that the meanings of perfect, imperfect, conditional and unconditional (information theoretic) security in physically secure key exchange schemes are often misunderstood. It has been shown recently that the use of two pairs of resistors with enhanced Johnsonnoise and a Kirchhoff-loop ‒ i.e., a Kirchhoff-Law-Johnson-Noise (KLJN) protocol ‒ for secure key distribution leads to information theoretic security levels superior to those of today’s quantum key distribution. This issue is becoming particularly timely because of the recent full cracks of practical quantum communicators, as shown in numerous peer-reviewed publications. The KLJN system is briefly surveyed here with discussions about the essential questions such as (i) perfect and imperfect security characteristics of the key distribution, and (ii) how these two types of securities can be unconditional (or information theoretical).
The paper looks at the issues of operation safety of the national power grid and the characteristics
of the national power grid in the areas of transmission and distribution. The issues of
operation safety of the national transmission and distribution grid were discussed as well as threats
to operation safety and security of the electricity supply related to these grids. Failures in the
transmission and distribution grid in 2017, caused by extreme weather conditions such as: a violent
storm at the night of 11/12.08.2017, hurricane Ksawery on 5–8.10.2017, and hurricane Grzegorz on
29–30.10.2017, the effects of which affected tens of thousands of electricity consumers and led to
significant interruptions in the supply of electricity were presented. At present, the national power
(transmission and distribution) grid does not pose a threat to the operation safety and security of
the electricity supply, and is adapted to the current typical conditions of electricity demand and the
performance of tasks during a normal state of affairs, but locally may pose threats, especially in
extreme weather conditions. A potentially high threat to the operation safety of the national power
grid is closely linked to: age, technical condition and the degree of depletion of the transmission and
distribution grids, and their high failure rate due to weather anomalies. Therefore, it is necessary
to develop and modernize the 400 and 220 kV transmission grids, cross-border interconnections,
and the 110 kV distribution grid (especially in the area of large urban agglomerations), and the MV
distribution grid (especially in rural areas). The challenges faced by the transmission and distribution
grid operators within the scope of investment and operating activities, with a view to avoiding
or at least reducing the scale of grid failures in the case of future sudden high-intensity atmospheric
phenomena, are presented.
The data aggregation process of wireless sensor networks faces serious security problems. In order to defend the internal attacks launched by captured nodes and ensure the reliability of data aggregation, a secure data aggregation mechanism based on constrained supervision is proposed for wireless sensor network, which uses the advanced LEACH clustering method to select cluster heads. Then the cluster heads supervise the behaviors of cluster members and evaluate the trust values of nodes according to the communication behavior, data quality and residual energy. Then the node with the highest trust value is selected as the supervisor node to audit the cluster head and reject nodes with low trust values. Results show that the proposed mechanism can effectively identify the unreliable nodes, guarantee the system security and prolong the network lifetime.
A recent IEEE Access Paper by Gunn, Allison and Abbott (GAA) proposed a new transient attack against the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system. The attack is valid, but it is easy to build a defense for the KLJN system. Here we note that GAA’s paper contains several invalid statements regarding security measures and the continuity of functions in classical physics. These deficiencies are clarified in our present paper, wherein we also emphasize that a new version of the KLJN system is immune against all existing attacks, including the one by GAA.
The production of domestic protein for feed in Poland is insufficient. The import of feed raw materials, especially soybean, which is genetically modified (GM) is necessity. In 2016, Poland imported about 2 million tonnes of GM soybean. In Poland was introduced a ban for using and production of GM feed (Law – animal feed from 2006). This ban has already been suspended few times, mainly due to the fact, that the complete replacement of imported GM soybean meal with other components was impossible. The Minister of Agriculture and Rural Development appointed “Team for alternative sources of protein”, responsible for finding solutions that will impact on reducing imports and will increase the share of domestic sources of protein in animal feed. To achieve this aim research are needed to indicate plants and their possibilities for using. The aim of the article is to analyse selected feed components such as: soybean and rapeseed meal, sunflower meal and oilcakes. This analysis concerns the area of cultivation of soybean, rapeseed and sunflower, purchase costs of meals and oilcakes, properties of these components and foreign trade in Poland.
The model is developed for the intellectualized decision-making support system on financing of cyber security means of transport cloud-based computing infrastructures, given the limited financial resources. The model is based on the use of the theory of multistep games tools. The decision, which gives specialists a chance to effectively assess risks in the financing processes of cyber security means, is found. The model differs from the existing approaches in the decision of bilinear multistep quality games with several terminal surfaces. The decision of bilinear multistep quality games with dependent movements is found. On the basis of the decision for a one-step game, founded by application of the domination method and developed for infinite antagonistic games, the conclusion about risks for players is drawn. The results of a simulation experiment within program implementation of the intellectualized decision-making support system in the field of financing of cyber security means of cloudbased computing infrastructures on transport are described. Confirmed during the simulation experiment, the decision assumes accounting a financial component of cyber defense strategy at any ratios of the parameters, describing financing process.
We address one of the weaknesses of the RSA ciphering systems i.e. the existence of the private keys that are relatively easy to compromise by the attacker. The problem can be mitigated by the Internet services providers, but it requires some computational effort. We propose the proof of concept of the GPGPU-accelerated system that can help detect and eliminate users’ weak keys. We have proposed the algorithms and developed the GPU-optimised program code that is now publicly available and substantially outperforms the tested CPU processor. The source code of the OpenSSL library was adapted for GPGPU, and the resulting code can perform both on the GPU and CPU processors. Additionally, we present the solution how to map a triangular grid into the GPU rectangular grid – the basic dilemma in many problems that concern pair-wise analysis for the set of elements. Also, the comparison of two data caching methods on GPGPU leads to the interesting general conclusions. We present the results of the experiments of the performance analysis of the selected algorithms for the various RSA key length, configurations of GPU grid, and size of the tested key set.
The Kirchhoff-law-Johnson-noise (KLJN) secure key exchange scheme offers unconditional security, however it can approach the perfect security limit only in the case when the practical system’s parameters approach the ideal behavior of its core circuitry. In the case of non-ideal features, non-zero information leak is present. The study of such leaks is important for a proper design of practical KLJN systems and their privacy amplifications in order to eliminate these problems.