Abstract Information security education has traditionally been approached with a variety of tools. Models such as Bell- LaPadula and Clark-Wilson, cryptography, and formal methods seek to design systems without certain classes of vulnerabilities. Red teaming seeks to find vulnerabilities that were missed and security software often removes the vulnerabilities. To a lesser extent, probabilistic risk assessment and game theory have also been applied... Information security education has traditionally been approached with a variety of tools. Models such as Bell- LaPadula and Clark-Wilson, cryptography, and formal methods seek to design systems without certain classes of vulnerabilities. Red teaming seeks to find vulnerabilities that were missed and security software often removes the vulnerabilities. To a lesser extent, probabilistic risk assessment and game theory have also been applied to assess threats. However, on their own, in isolation, these approaches have not “solved” the information security crisis. Internet security in particular is an area of great concern given the plethora of vulnerabilities that enable threats to confidentiality, integrity, availability, non-repudiation, authorization, authentication, and audit ability. A new approach to information security engineering education is necessary that views the Internet as a complex, socio-technical system. A systems perspective acknowledges that security can only be achieved through a holistic model that addresses technological architecture and software processes, organizational behavior, and human factors. This paper suggests a novel method for information security education to identify and characterize current deficiencies in a network security control structure, elucidate the relationship between software/systems engineering and security risks, and inform an architectural description of a secure information system architecture. Read More Read Less

Abstract This paper proposed the use of the Intrusion Prevention Systems (IPS) technique to prohibit network intrusion as well as test its performance in internal attacks. The performance analysis of the network intrusion prevention system via Internet Protocol Television (IPTV) focused on the prevention of Denial of Service (DoS) attacks, which aim to destroy the host computer that is available to users. Snort... This paper proposed the use of the Intrusion Prevention Systems (IPS) technique to prohibit network intrusion as well as test its performance in internal attacks. The performance analysis of the network intrusion prevention system via Internet Protocol Television (IPTV) focused on the prevention of Denial of Service (DoS) attacks, which aim to destroy the host computer that is available to users. Snort was also applied for use in IPTV. From the experimental results, the IPS of TCP protocol attacked over a wired network by using Multicast IP Address displayed the most effective results by detecting up to 39,389 attack packets. Therefore, the IPS can be applied effectively to reduce, delay and prevent network intrusions. Read More Read Less

Abstract Although it has been with us in some form and under different names for many years, the Internet of Things (IoT) is suddenly the thing. The ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet is becoming pervasive, from the factory floor to the hospital operating room to the residential basement. The... Although it has been with us in some form and under different names for many years, the Internet of Things (IoT) is suddenly the thing. The ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet is becoming pervasive, from the factory floor to the hospital operating room to the residential basement. The transition from closed networks to enterprise IT networks to the public Internet is accelerating at an alarming pace—and justly raising alarms about security. As we become increasingly reliant on intelligent, interconnected devices in every aspect of our lives, how do we protect potentially billions of them from intrusions and interference that could compromise personal privacy or threaten public safety. As every player with a stake in IoT is well aware, security is paramount for the safe and reliable operation of IoT connected devices. In this aspect Identity-Based Cryptography which makes use of user identity attributes, such as email addresses or phone numbers, instead of digital certificates, for encryption and signature verification is promising in Internet of Things (IoT) due to its benefits, such as facilitating public key management. However, different aspects on IBC (e.g. the need for bilinear pairing) require attention when applied to IoT in order to meet basic security requirements on these environments. This paper gives a detailed feasibility study of applicability of IBC in IoT. Read More Read Less