Cybersecurity: Education, Science, Technique

Journal Information
EISSN : 2663-4023
Total articles ≅ 184
Current Coverage
DOAJ
Filter:

Latest articles in this journal

Cybersecurity: Education, Science, Technique, Volume 3, pp 175-185; https://doi.org/10.28925/2663-4023.2022.15.175185

Abstract:
The constant development of information technologies, the growing role at the present stage of human potential create new internal threats to the information security of enterprises. The article investigates and analyzes the problems of information security associated with internal violators of companies and their insider activity. Economic reports and analytical materials allowed to determine the relevance and importance of this work. Based on scientific literature, a review of various approaches to the definition of "insider" and "insider information" was carried out. The main key indicators of the insider and signs of insider information are described. The classification of data sources for the study of insider threats is presented, among which real data of the system journal and data from social networks are allocated; analytical information with synthetic anomalies; simulated data due to the formation of stochastic models; theoretical and gaming approach. Insider threat detection algorithms are described depending on intentions, behavior, capabilities of insiders, how resources are used, as well as models involving several algorithms. The normative issues of protection of insider information from unauthorized disclosure and legal responsibility for illegal use of insider information in Ukrainian legislation are covered.
Cybersecurity: Education, Science, Technique, Volume 3, pp 148-163; https://doi.org/10.28925/2663-4023.2022.15.148163

Abstract:
In one of the famous works, an incorrect formulation and an incorrect solution of the implementation problem of the CSIDH algorithm on Edwards curves is discovered. A detailed critique of this work with a proof of the fallacy of its concept is given. Specific properties of three non-isomorphic classes of supersingular curves in the generalized Edwards form is considered: complete, quadratic, and twisted Edwards curves. Conditions for the existence of curves of all classes with the order p+1 of curves over a prime field are determined. The implementation of the CSIDH algorithm on isogenies of odd prime degrees based on the use of quadratic twist pairs of elliptic curves. To this end, the CSIDH algorithm can be construct both on complete Edwards curves with quadratic twist within this class, and on quadratic and twisted Edwards curves forming pairs of quadratic twist. In contrast to this, the authors of a well-known work are trying to prove theorems with statement about existing a solution within one class of curves with a parameter that is a square. The critical analysis of theorems, lemmas, and erroneous statements in this work is given. Theorem 2 on quadratic twist in classes of Edwards curves is proved. A modification of the CSIDH algorithm based on isogenies of quadratic and twisted Edwards curves is presented. To illustrate the correct solution of the problem, an example of Alice and Bob calculations in the secret sharing scheme according to the CSIDH algorithm is considered.
Vladyslav Kyva
Cybersecurity: Education, Science, Technique, Volume 3, pp 53-70; https://doi.org/10.28925/2663-4023.2022.15.5370

Abstract:
У статті розглянуто вплив розвитку та поширення інформаційно-комунікаційних технологій (ІКТ) у вищому військовому навчальному закладі (ВВНЗ), оскільки з одного боку – підвищує ефективність його функціонування та сприяє підготовці висококваліфікованих кадрів (тактичного, оперативного та стратегічного рівня військової освіти) для Сектору безпеки і оборони України, що є вкрай необхідним в умовах протистояння збройній агресії Російської Федерації, а з іншого – робить вразливим його інформаційний простір до кібератак, що актуалізує проблемне питання забезпечення кібербезпеки ВВНЗ. При цьому, автор зосереджує увагу на аналізі кібератак на заклади освіти останніх років, які обумовлені розвитком методів (засобів) їх виконання та широким доступом до них різних користувачів, зокрема зловмисників. До того ж визначено, що розподілена кібератака на відмову в обслуговуванні (Distributed Denial of ServiceDDoS) є найпоширенішою кіберзагрозою міжнародних освітніх закладів, що відображено в аналітичному звіті компанії Netscout (компанія розробник ІКТ рішень для протидії DDoS кібератакам – США). Проаналізовано, що останнім часом зловмисники використовують DDoS кібератаки з метою вимагання грошей. При чому DDoS кібератаки були спрямовані, як на банки, фондові біржі, туристичні агентства, валютні біржі, так і на заклади освіти. Тому, кібербезпека ВВНЗ потребує постійної уваги з боку учасників її забезпечення. Окрім того, проведений аналіз свідчить, що на кібербезпеку будь-якого ВВНЗ впливають зовнішні та внутрішні чинники, що підтверджує актуальність обраного напряму дослідження. У зв’язку з цим кібербезпека ВВНЗ вимагає аналізу чинників, які на неї впливають, з метою вибору кращого варіанту її реалізації. Відповідно у статті визначено сутність та основні особливості впливу чинників на кібербезпеку ВВНЗ та наведено їх характеристику. Зроблено декомпозицію впливу чинників на кібербезпеку ВВНЗ, зокрема за взаємозалежністю та критичністю їх впливу. Обґрунтовано необхідність врахування та постійного моніторингу впливу зовнішніх та внутрішніх чинників на кібербезпеку ВВНЗ, що дає змогу отримати ситуаційну обізнаність сучасного стану кібербезпеки та прийняти керівництву відповідні рішення.
, Nataliia Yakymenko, , Oksana Konoplitska-Slobodeniuk Konoplitska-Slobodeniuk, Serhii Smirnov
Cybersecurity: Education, Science, Technique, Volume 3, pp 85-92; https://doi.org/10.28925/2663-4023.2022.15.8592

Abstract:
This paper investigates the linear transformations of the hash function, which is part of the developed advanced module of cryptographic protection of information, which by capturing information about the user ID, session ID, sending time, message length and sequence number, as well as using a new session key generation procedure for encryption, allows you to ensure the confidentiality and integrity of data in information and communication systems process control. The object of research is the process of ensuring the confidentiality of data in information and communication systems management systems based on cloud technologies. The subject is the study of linear transformations of the proposed hashing function of the advanced module of cryptographic protection in information and communication systems. The purpose of this work is to study the linear transformations of the proposed hashing function of the advanced module of cryptographic protection in information and communication systems for process control based on cloud technologies. To use this module effectively, it is important to choose crypto-resistant encryption and hashing methods, as well as secret key synchronization. Cryptoalgorithms resistant to linear, differential, algebraic, quantum and other known types of cryptanalysis can be used as functions of cryptographic methods of encryption and hashing. The conducted experimental study of linear transformations of the proposed hashing function of the advanced module of cryptographic protection in information and communication systems confirmed the cryptoresistance of the advanced algorithm to linear cryptanalysis.
, Oleksiy Nedashkivskiy
Cybersecurity: Education, Science, Technique, Volume 3, pp 6-34; https://doi.org/10.28925/2663-4023.2022.15.634

Abstract:
This article is devoted to solving the problem of information protection in radio channels, by applying comprehensive measures to protect against possible attacks aimed at intercepting and substituting transmitted data. The aim of the work is to analyze the security of wireless networks, identify methods for their protection and create a model for protecting wireless networks. In order to achieve this goal, the following list of tasks was performed: the existing solutions in the field of information protection through radio networks were analyzed; the description of the offered developed model is made; algorithms, experiments, experiments of this model are described. A means of protecting information through radio networks has been developed, the application of which has a significant increase in the level of information security in the radio channel. The practical value of this development is that the theoretical and practical results are recommended for implementation in organizations that use the radio channel to transmit confidential information with high security requirements
, Victor Smolii, Andrii Blozva, , Tetiana Osypova, Maksym Misiura
Cybersecurity: Education, Science, Technique, Volume 3, pp 135-147; https://doi.org/10.28925/2663-4023.2022.15.135147

Abstract:
The article describes the conceptual model of adaptive management of cybersecurity of the information and educational environment of a modern university (IOSU). Petri nets are used as a mathematical apparatus to solve the problem of adaptive management of access rights of IOS users. A simulation model is proposed and modeling in PIPE v4.3.0 package is performed. The possibility of automating the procedures of user profile adjustment to minimize or neutralize cyber threats in IOS is shown. The model of distribution of tasks of the user in computer networks of IOSU is offered. The model, in contrast to the existing ones, is based on the mathematical apparatus of Petri nets and contains variables that reduce the power of the state space. The method of access control (ICPD) has been supplemented. The additions addressed aspects of the verification of access rights, which are required by the tasks and requirements of the security policy, the degree of coherence of tasks and allowed access to the IOSU nodes. Adjusting security rules and metrics for new tasks or reallocating tasks is described in Petri net notation.
Valery Dudykevych, , Nazariy Dzianyi, Larysa Rakobovchuk, Petro Garanyuk
Cybersecurity: Education, Science, Technique, Volume 3, pp 110-123; https://doi.org/10.28925/2663-4023.2022.15.110123

Abstract:
One of the most vulnerable issues in the technical protection of information is the receipt of data, private or confidential, due to leakage through the optoelectronic channel, the main source of data is laser acoustic intelligence systems or laser microphones. There are active and passive methods of protection against laser acoustic reconnaissance systems (ACS). Active methods use various noisy or vibrating devices that pose a danger to human health. With passive protection, it is recommended to use either special corrugated windows or completely closed shutters, which create some inconvenience now. Detecting a working laser microphone is very difficult and in some cases technically impossible. For example, the removal of information using ACS occurs through glass building structures, usually windows. This article is devoted to the analysis of the principle of operation of laser systems of acoustic intelligence and passive methods of reading acoustic information. Triangulation laser sensors are designed for non-contact measurement and control of position, movement, size, surface profile, deformation, vibration, sorting, recognition of technological objects, measuring the level of liquids and bulk materials. Accordingly, they can be used to study the vibrational properties of glass and films applied to them. It is described the method of working with laser triangulation vibration sensors, which allows to study the deviations of glass from different manufacturers from sound vibrations, thereby investigating the anti-laser properties of existing glass, as well as different types of spraying and films. In addition, this method allows you to conduct and test deviations from sound vibrations for new types of glass, films and spraying, proving the results of spectral studies and their impact on the amplitude of vibration of the glass. The vibration sensor was adjusted and the software parameters were experimentally optimized to obtain the truest deviation values ​​required to work with sprayed samples for passive protection.
Zoreslava Brzhevska, Roman Kyrychok
Cybersecurity: Education, Science, Technique, Volume 3, pp 164-174; https://doi.org/10.28925/2663-4023.2022.15.164174

Abstract:
The conceptual model of information reliability includes information resources, sources of information, factors of information confrontation, sources of factors of information confrontation (threats to authenticity), goals of attackers, functions, methods and means of ensuring reliability, and reliability indicators. The reliability of information (the degree of trust in data) contained in information resources is largely determined by the quality of sources and the ability of individuals to influence information processes. However, the concept of reliability of information is often associated with the categories of integrity and availability of information resources. All this must be ensured in the functioning of the information space in conditions of accidental or intentional informational influences. A necessary condition for achieving the required level of reliability of information is the construction of a comprehensive system for ensuring the reliability of the information. Information space of enterprises exists in the system of commodity-money relations, which is based on the concept of economic efficiency and can not afford to spend uncontrollably and unreasonably material resources for any activities. As a result, the assessment of the level of reliability of information and decision-making on measures to improve it raise the concomitant task of assessing the economic effect of their implementation.
Volodymyr Akhramovich
Cybersecurity: Education, Science, Technique, Volume 3, pp 35-52; https://doi.org/10.28925/2663-4023.2022.15.3552

Abstract:
A mathematical model has been developed and a study of the model of personal data protection from network clustering coefficient and data transfer intensity in social networks has been carried out. Dependencies of protection of the system from the size of the system (and from the amount of personal data); information security threats from the network clustering factor. A system of linear equations is obtained, which consists of the equation: rate of change of information flow from social network security and coefficients that reflect the impact of security measures, amount of personal data, leakage rate, change of information protection from network clustering factor, its size, personal data protection. As a result of solving the system of differential equations, mathematical and graphical dependences of the indicator of personal data protection in the social network from different components are obtained. Considering three options for solving the equation near the steady state of the system, we can conclude that, based on the conditions of the ratio of dissipation and natural frequency, the attenuation of the latter to a certain value is carried out periodically, with decaying amplitude, or by exponentially decaying law. A more visual analysis of the system behavior is performed, moving from the differential form of equations to the discrete one and modeling some interval of the system existence.Mathematical and graphical dependences of the system natural frequency, oscillation period, attenuation coefficient are presented. Simulation modeling for values with deviation from the stationary position of the system is carried out. As a result of simulation, it is proved that the social network protection system is nonlinear.
Leonid Arsenovych
Cybersecurity: Education, Science, Technique, Volume 3, pp 93-109; https://doi.org/10.28925/2663-4023.2022.15.93109

Abstract:
The article analyzes the accrued national and foreign developments regarding the problems of digital competence formation and effective use of information technology in education. The components of digital competence are considered, which provide for a confident, critical and responsible interaction with digital technology for education, work and participation in social activities. The results of a global information security research are presented along with surveys of employees of leading cyber companies around the world, including Ukraine, that testify to the necessity of further application and implementation of an integrated approach to education using organizational measures, software and hardware means and management processes at all activity levels of any organization, as well as using the appropriate tools to raise the digital competence level. The essence of the importance of digital tools in the field of cyber security is formulated, which means a set of Internet tools (resources) to protect network environment entities against various information and cyber threats, ensuring proper organization of countering their effect, formation, functioning and evolution of cyber space and development of educational cyber technology and the information society as a whole. Three main groups of digital cyber security tools were analyzed, identified and proposed (professional cyber tools, education cyber tools and communicative cyber tools) that enable the use, access, filtering, evaluating, creating, programming and communicating digital content, managing and protecting information, content, data and digital identities, as well as working effectively with software, devices, artificial intelligence, robots and more. It is proved that present-day work with digital cyber tools and their content requires a reflective, critical and at the same time inquisitive, open and promising attitude to their development, as well as an ethical, safe, effective and responsible approach to their use
Back to Top Top