Cybersecurity: Education, Science, Technique

Journal Information
EISSN : 2663-4023
Current Publisher: Borys Grinchenko Kyiv University (10.28925)
Total articles ≅ 118
Current Coverage

Latest articles in this journal

Cybersecurity: Education, Science, Technique; doi:10.28925/2663-4023

Volodymyr Mokhor, Oksana Tsurkan, Rostyslav Herasymov, Olha Kruk, Valeriia Pokrovska
Cybersecurity: Education, Science, Technique, Volume 4, pp 165-173; doi:10.28925/2663-4023.2020.8.165173

Socio-technical systems as education with technical and social subsystems are considered. The directions for ensuring their safety have been established and among them the use of technical capabilities has been singled out, taking into account user behavior. Attention is paid to their vulnerabilities to the realisability of sociotechnical threats, in particular, the influence of social engineering. The orientation of such an influence on the manipulation of weaknesses, needs, mania (passions), user hobbies is shown. This leads to the insolvency of socio-technical systems to counteract the influence of social engineering. This can be prevented by analyzing the user's vulnerabilities regarding the forms of manipulation of their consciousness. The approaches to counteracting the use of social engineering are compared. For each of them, the application features, advantages, and disadvantages are analyzed. Given this, it is proposed to use fuzzy directed social graphs to set a model for analyzing the vulnerabilities of socio-technical systems. This was preceded by the definition of the concepts of the social network, actor, relationships. This view allows us to take into account the characteristics of the social engineering influence. In particular, the numbers of input and output arcs distinguish varieties of actors from the social engineer, user, manipulative form, vulnerability. While the importance of each of them is determined using the characteristics of centrality and prestige. At the same time, the levels of the actor, dyad, and the triad of vulnerabilities analysis of socio-technical systems to the effects of social engineering are highlighted. This will make it possible to determine the ways of such impacts taking into account the peculiarities of their realizability through user vulnerabilities and, as a result, to counteract them. In further research, it is planned to develop a method for analyzing the vulnerability of socio-technical systems to the impacts of social engineering based on the proposed model.
Hennadii Hulak
Cybersecurity: Education, Science, Technique, Volume 3, pp 153-164; doi:10.28925/2663-4023.2020.7.153164

The components of ensuring the warranty of automated systems, which are subject to increased requirements in connection with their use in many sensitive areas of public activity, including national security and defense, critical industrial technologies, energy and communications, banking, environmental protection , technologies of legitimate distance learning, etc. Certain components can significantly affect the quality and reliability of information services in regulatory conditions. In particular, the special role of the functional security of the cryptographic subsystem in terms of supporting the performance of the automated system for its tasks and functions in general, as well as in terms of ensuring the confidentiality and integrity of information. The components of the cryptographic subsystem have been identified, the poor or incorrect operation of which negatively affects the security of these subsystems. The types of the most dangerous attacks on these subsystems are analyzed, their classification from the point of view of possibility of realization in modern scientific and technical conditions and depending on capacity of available computing means and technologies on the basis of which the most real and dangerous variant of realization of remote attacks on software implementation of cryptographic subsystem is defined. . Based on the analysis, a method for evaluating the quality of cryptographic transformations based on a modified algorithm for solving the problem of finding solutions of systems of linear equations with distorted right-hand parts using the so-called decoding based on "lists" of first-order "shortened" Reed-Muller codes is proved. the correctness of the proposed algorithm.
Valeriy Lakhno, Dmytrо Kasatkin , Maksym Misiura, Borys Husiev
Cybersecurity: Education, Science, Technique, Volume 4, pp 135-148; doi:10.28925/2663-4023.2020.8.135148

The article presents the results of research performed in the process of designing an expert system (ES) designed to assess the threats to information security (IS) of critical information facilities (CIF). The approach to designing of expert system on the basis of syllogisms and logic of predicates, and also a method of meaningful identification of objects of knowledge base (KB) is offered. The essence of the method is that each object of the database of the projected EU, is matched by a tuple of keywords (ToK), the significance of which is determined by experts. Thus, each database object is placed in accordance with the element of the finite fuzzy topological space of the database objects. Meaningful identification takes place on the distance between the objects of the database. The approach proposed in the work, in comparison with the decisions of other authors, has a number of advantages. Namely, it allows: to model different variants of cyber threat scenarios for CIF and their consequences; determine the contribution of each of the factors or components of the architecture of the IS CIF to the overall picture of the probability of a cyber threat to the CIF; model the interaction of all IS factors and, if necessary, visualize this interaction; calculate and further rank the values of cyber threat probabilities for CIF for specific threat scenarios; automate the processes of threat modeling through the use of developed software and significantly reduce the time for audit of threats. It is shown that the use of the method of meaningful identification allows to increase the adequacy of the models of the selected subject area, as well as to prevent erroneous introduction of the same judgments of experts and goals in the EU database, in particular by combining hierarchies of goals formed by different expert groups. It is shown that the method can also be used to find the goals of the hierarchy, the exact wording of which, according to keywords, is unknown.
Anna Ilyenko , Sergii Ilyenko, Diana Kvasha
Cybersecurity: Education, Science, Technique, Volume 1, pp 24-36; doi:10.28925/2663-4023.2020.9.2436

Considering computer-integrated aviation systems that provide a link between civil aviation activities within the ground-to-air and air-to-air channels, the question of the safe operation of such aviation systems from an ever-increasing cyber threats, and the decline in cybersecurity for the aviation industry as a whole. The protection status of ground-to-air and air-to-air channels in such aviation systems is at different levels and depends directly on the activity of all components of aviation activity (airport-aircraft-information network-air traffic management, etc.). To date, some communication channels are not secure at all and are in an open state, which provokes a rapid growth of cyber-attacks and requires the introduction and application of modern information and communication technologies in such communication channels. In view of the ever-increasing cyber statistics on the work of civil aviation worldwide, the authors of the article highlighted the current state of cyber security and protection of ground-to-air and air-to-air channels of the aircraft fleet of Ukrainian airlines, and take a closer look at the world experience. The authors comprehensively covered all components of the aviation system, with particular attention given to aircraft designed by Antonov Design Bureau with the time evolution of tire development and data networks of the world's leading aviation industry leaders (such as Airbus and Boeing). Also, attention is given to the present state and mechanisms of data transmission of the ground-to-air and air-to-air channels and the architecture of the modern air-network of computer-integrated aviation systems. The authors plan a number of scientific and technical solutions for the development and implementation of effective methods and means to ensure the requirements, principles and sub-approaches to ensure cyber security and the organization of protection of ground-to-air and air-to-air channels in experimental computer-integrated aviation systems.
Oleksandr Pliushch
Cybersecurity: Education, Science, Technique, Volume 1, pp 126-139; doi:10.28925/2663-4023.2020.9.126139

An approach is proposed to design of noise immune and concealed data transfer channel for telecommunication networks. Attention is paid to securing hidden information transmission, as well as its protection from interception by rogue actors. The approach is based on the desired bits spectrum spreading and their additional scrambling by using pseudo noise coding sequences derived from primitive polynomials of eighth and fifteenth orders, which possess good auto and inter correlation properties. It is studied performance of the telecommunication channel that includes frames of 128 bit length, each of which is spectrally spread 256 times with the help of a synthesized pseudo noise coding sequence. The second 32768 chip-long pseudo noise coding sequence is used to mark the frame duration and perform additional information scrambling. Computer simulation is used to study performance of the designed telecommunication channel. The computer simulation helped to establish that the processing of the additive mixture of the desired signal and interfering ones, which surpass the desired signal two times in terms of power, by the matched filters permits to confidently reveal the information frame structure being transmitted by determining frame beginning pulse and establish the bit values of the desired information. Further improvement of information protection from interception is proposed to achieve by using cyclic shifts of 32768 chip-long pseudo noise coding sequence. Computer simulation helped to find out that ignorance of the cyclic shift leads to inability of information interception by the rogue elements. Research results, obtained in this paper, permit to claim that the designed telecommunication channel, with cyclic shifts according to a secret rule, could be successfully used in practical implementations of noise immune and concealed telecommunication networks.
Sergiy Gnatyuk, Viktoriia Sydorenko, Yuliia Sotnichenko
Cybersecurity: Education, Science, Technique, Volume 1, pp 170-181; doi:10.28925/2663-4023.2020.9.170181

The rapid development of information and communication technologies has increased the vulnerabilities of various networks, systems and objects as well as made it much more difficult to ensure their reliable protection and security. All these factors have led to the fact that the world's leading countries have begun to pay considerable attention to cybersecurity and critical information infrastructure protection. However, the protection of various types of information with restricted access (in particular, confidential information) at critical infrastructure objects remains unexplored. With this in mind, the paper analyzes the existing approaches of the world's leading countries to the confidential information protection at critical infrastructure. The analysis revealed that today there are no comprehensive, multifunctional methods of protecting confidential information at critical information infrastructure. In addition, the classification of critical information infrastructure objects according to information security requirements is developed. This classification by determining the type of processing information, possible access modes and criticality category, allows to ensure unity of approaches to protection of these objects belonging to different types, including information systems, automated control systems and information-telecommunication networks.
Hennadii Hulak
Cybersecurity: Education, Science, Technique, Volume 1, pp 6-23; doi:10.28925/2663-4023.2020.9.623

The complexity of the algorithm of communication of the system of linear levels with open regular parts by means of list decoding of "shortened" codes of reed painters which are intended for use in methods of an estimation of functional safety of cryptographic algorithms of cryptographic subsystems of the guaranteed automated systems creating on objects of critical infrastructure and socially important objects. This paper proposes solving problems to assess the complexity of the proposed algorithm. As a result, the upper estimates of the average labor productivity for the general case and the maximum complexity of the proposed algorithm for many special reviews related to the restoration of the formed linear results of the maximum period over a field of two elements. The achievable upper part of the list, which is formed using the proposed algorithm, is also indicated. The obtained results indicate that with certain collaborations between the parameters of the previously proposed algorithm, the time complexity was changed in comparison with the previously known deterministic algorithm for a similar purpose, which is based on the fast Hadamara transformation. This means that a more effective tool can be used to assess the impact of cryptographic subsystems on powerful cyberattacks to obtain a more accurate assessment of their functional security.
Volodymyr Buriachok, Nataliia Korshun, Svitlana Shevchenko, Pavlo Skladannyi
Cybersecurity: Education, Science, Technique, Volume 1, pp 159-169; doi:10.28925/2663-4023.2020.9.159169

The article is devoted to the problem of practical skills building and development of students majoring in 125 "Cybersecurity". An analysis of the professional competencies of future cybersecurity professionals, in particular, related to technical protection of information. It is proved that the use of virtual laboratories in the educational process helps to increase the efficiency of the educational process and allows to form and improve the professional competencies of the future cybersecurity engineer. Education becomes practice-oriented. The possibilities of a virtual laboratory workshop based on the NI Multisim environment are considered in the study of disciplines "Theory of circles and signals in information and cyberspace", "Component base and elements of circuitry in information security systems", "Signals and processes in information security systems". The Multisim system is used as part of the training of future cybersecurity professionals at Borys Grinchenko Kyiv University and has proven its effectiveness in practice.
Volodymyr Barannik , Yuriy Ryabukha, Pavlo Hurzhii, Vitalii Tverdokhlib , Oleh Kulitsa
Cybersecurity: Education, Science, Technique, Volume 3, pp 63-71; doi:10.28925/2663-4023.2020.7.6371

The conceptual basements of constructing an effective encoding method within the bit rate control module of video traffic in the video data processing system at the source level are considered. The essence of using the proposed method in the course of the video stream bit rate controlling disclosed, namely, the principles of constructing the fragment of the frame code representation and approaches for determining the structural units of the individual video frame within which the control is performed. The method focuses on processing the bit representation of the DCT transformants, and at this processing stage transformant was considered as a structural component of the video stream frame at which the encoding is performed. At the same time, to ensure the video traffic bit rate controlling flexibility, decomposition is performed with respect to each of the transformants to the level of the plurality of bit planes. It is argued that the proposed approach is potentially capable to reducing the video stream bit rate in the worst conditions, that is, when component coding is performed. In addition, this principle of video stream fragmen code representation forming allows to control the level of error that can be made in the bit rate control process. However, in conditions where the bit representation of the transformant is encoded, the method is able to provide higher compression rates as a result of the fact that the values of the detection probability of binary series lengths and the values of detected lengths within the bit plane will be greater than in the case of component coding. This is explained by the structural features of the distribution of binary elements within each of the bit planes, which together form the transformer DCT. In particular, high-frequency transformer regions are most often formed by chains of zero elements. The solutions proposed in the development of the encoding method are able to provide sufficient flexibility to control the bit rate of the video stream, as well as the ability to quickly change the bit rate in a wide range of values.
Back to Top Top