Research on Mobile-Based Logistics Information System for Hainan Agricultural Products

The current situation,information technology and problems of logistics for agricultural products were summarized.Some key technologies involved in mobilebased logistics information system for Hainan agricultural products were analyzed,such as information classification and retrieval,user information authentication via QR code,and logistics information services based on WEB and mobile devices.Emphasis was given to study the design idea,content,method for the system.

Distributed Information Flow Verification for Secure Service Composition in Smart Sensor Network

Accelerate processor, efficient software and pervasive connections provide sensor nodes with more powerful computation and storage ability, which can offer various services to user. Based on these atomic services, different sensor nodes can cooperate and compose with each other to complete more complicated tasks for user. However, because of the regional characteristic of sensor nodes, merging data with different sensitivities become a primary requirement to the composite services, and information flow security should be intensively considered during service composition. In order to mitigate the great cost caused by the complexity of modeling and the heavy load of single-node verification to the energy-limited sensor node, in this paper, we propose a new distributed verification framework to enforce information flow security on composite services of smart sensor network. We analyze the information flows in composite services and specify security constraints for each service participant. Then we propose an algorithm over the distributed verification framework involving each sensor node to participate in the composite service verification based on the security constraints. The experimental results indicate that our approach can reduce the cost of verification and provide a better load balance.

An Effective and Secure Quality Assurance System for a Computer Science Program

Improving the quality assurance (QA) processes and acquiring accreditation are top priorities for academic programs. The learning outcomes (LOs)assessment and continuous quality improvement represent core components ofthe quality assurance system (QAS). Current assessment methods suffer deficiencies related to accuracy and reliability, and they lack well-organized processes forcontinuous improvement planning. Moreover, the absence of automation, andintegration in QA processes forms a major obstacle towards developing efficientquality system. There is a pressing need to adopt security protocols that providerequired security services to safeguard the valuable information processed byQAS as well. This research proposes an effective methodology for LOs assessment and continuous improvement processes. The proposed approach ensuresmore accurate and reliable LOs assessment results and provides systematic wayfor utilizing those results in the continuous quality improvement. This systematicand well-specified QA processes were then utilized to model and implement automated and secure QAS that efficiently performs quality-related processes. Theproposed system adopts two security protocols that provide confidentiality, integrity, and authentication for quality data and reports. The security protocols avoidthe source repudiation, which is important in the quality reporting system. This isachieved through implementing powerful cryptographic algorithms. The QASenables efficient data collection and processing required for analysis and interpretation. It also prepares for the development of datasets that can be used in futureartificial intelligence (AI) researches to support decision making and improve thequality of academic programs. The proposed approach is implemented in a successful real case study for a computer science program. The current study servesscientific programs struggling to achieve academic accreditation, and gives rise tofully automating and integrating the QA processes and adopting modern AI andsecurity technologies to develop effective QAS.

Information Security Evaluation of Industrial Control Systems Using Probabilistic Linguistic MCDM Method

Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.

Security-Critical Components Recognition Algorithm for Complex Heterogeneous Information Systems

With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.

Efficient Hardware Design of a Secure Cancellable Biometric Cryptosystem

Biometric security is a growing trend,as it supports the authentication of persons using confidential biometric data.Most of the transmitted data in multi-media systems are susceptible to attacks,which affect the security of these sys-tems.Biometric systems provide sufficient protection and privacy for users.The recently-introduced cancellable biometric recognition systems have not been investigated in the presence of different types of attacks.In addition,they have not been studied on different and large biometric datasets.Another point that deserves consideration is the hardware implementation of cancellable biometric recognition systems.This paper presents a suggested hybrid cancellable biometric recognition system based on a 3D chaotic cryptosystem.The rationale behind the utilization of the 3D chaotic cryptosystem is to guarantee strong encryption of biometric templates,and hence enhance the security and privacy of users.The suggested cryptosystem adds significant permutation and diffusion to the encrypted biometric templates.We introduce some sort of attack analysis in this paper to prove the robustness of the proposed cryptosystem against attacks.In addition,a Field Programmable Gate Array(FPGA)implementation of the pro-posed system is introduced.The obtained results with the proposed cryptosystem are compared with those of the traditional encryption schemes,such as Double Random Phase Encoding(DRPE)to reveal superiority,and hence high recogni-tion performance of the proposed cancellable biometric recognition system.The obtained results prove that the proposed cryptosystem enhances the security and leads to better efficiency of the cancellable biometric recognition system in the presence of different types of attacks.

To Construct High Level Secure Communication System： CTMI Is Not Enough

Public key cryptographic （PKC） algorithms, such as the RSA, elliptic curve digital signature algorithm （ECDSA） etc., are widely used in the secure communication sys- tems, such as OpenSSL, and a variety of in- formation security systems. If designer do not securely implement them, the secret key will be easily extracted by side-channel attacks （SCAs） or combinational SCA thus mitigat- ing the security of the entire communication system. Previous countermeasures of PKC im- plementations focused on the core part of the algorithms and ignored the modular inversion which is widely used in various PKC schemes. Many researchers believe that instead of straightforward implementation, constant time modular inversion （CTMI） is enough to resist the attack of simple power analysis combined with lattice analysis. However, we find that the CTMI security can be reduced to a hidden t-bit multiplier problem. Based on this feature, we firstly obtain Hamming weight of interme- diate data through side-channel leakage. Then, we propose a heuristic algorithm to solve the problem by revealing the secret （partial and full） base of CTMI. Comparing previous nec-essary input message for masking filtering, our procedure need not any information about the secret base of the inversion. To our knowl- edge, this is the first time for evaluating the practical security of CTM! and experimental results show the fact that CTMI is not enough for high-level secure communication systems.

Information Systems Security Threats and Vulnerabilities: A Case of the Institute of Accountancy Arusha (IAA)

All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from harmful occurrences by implementing security procedures, processes, policies, and information system security organisational structures to ensure data security. Despite all the precautions, information security remains a disaster in Tanzania’s learning institutions. The fundamental issue appears to be a lack of awareness of crucial information security factors. Various companies have different security issues due to differences in ICT infrastructure, implementations, and usage. The study focuses on identifying information system security threats and vulnerabilities in public higher learning institutions in Tanzania, particularly the Institute of Accountancy Arusha (IAA). The study involved all employees of IAA, academics, and other supporting staff, which totalled 302, and the sample size was 170. The study utilised a descriptive research design, where the quantitative methodology was used through a five-point Likert scale questionnaire, and found that key factors that affect the security of information systems at IAA include human factors, policy-related issues, work environment and demographic factors. The study proposed regular awareness and training programs;an increase in women’s awareness of information system security;proper policy creation and reviews every 4 years;promote actions that lessen information system security threats and vulnerabilities, and the creation of information system security policy documents independently from ICT policy.

Ensuring Information Security in Electronic Health Record System Using Cryptography and Cuckoo Search Algorithm

In the contemporary era,the abundant availability of health information through internet and mobile technology raises concerns.Safeguarding and maintaining the confidentiality of patients’medical data becomes paramount when sharing such information with authorized healthcare providers.Although electronic patient records and the internet have facilitated the exchange of medical information among healthcare providers,concerns persist regarding the security of the data.The security of Electronic Health Record Systems(EHRS)can be improved by employing the Cuckoo Search Algorithm(CS),the SHA-256 algorithm,and the Elliptic Curve Cryptography(ECC),as proposed in this study.The suggested approach involves usingCS to generate the ECCprivate key,thereby enhancing the security of data storage in EHR.The study evaluates the proposed design by comparing encoding and decoding times with alternative techniques like ECC-GA-SHA-256.The research findings indicate that the proposed design achieves faster encoding and decoding times,completing 125 and 175 iterations,respectively.Furthermore,the proposed design surpasses other encoding techniques by exhibiting encoding and decoding times that are more than 15.17%faster.These results imply that the proposed design can significantly enhance the security and performance of EHRs.Through the utilization of CS,SHA-256,and ECC,this study presents promising methods for addressing the security challenges associated with EHRs.

SOA Information Engineering System Based on Knowledge Grid Applications in Smart Grids

Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover global,unified information systems,which should be adapted to fulf ill the requirements of the characteristics,is essential.This paper presents an service-oriented architecture(SOA)for smart grid information-engineering systems based on knowledge grid,which could form as a service-oriented architecture through business,technology and management;it would extract potentially valuable information from the massive amount of information on the generation side,the grid side,and the electricity side,then share the useful information to improve availability,security and stability.

A Novel High-Efficiency Transaction Verification Scheme for Blockchain Systems

Blockchain can realize the reliable storage of a large amount of data that is chronologically related and verifiable within the system.This technology has been widely used and has developed rapidly in big data systems across various fields.An increasing number of users are participating in application systems that use blockchain as their underlying architecture.As the number of transactions and the capital involved in blockchain grow,ensuring information security becomes imperative.Addressing the verification of transactional information security and privacy has emerged as a critical challenge.Blockchain-based verification methods can effectively eliminate the need for centralized third-party organizations.However,the efficiency of nodes in storing and verifying blockchain data faces unprecedented challenges.To address this issue,this paper introduces an efficient verification scheme for transaction security.Initially,it presents a node evaluation module to estimate the activity level of user nodes participating in transactions,accompanied by a probabilistic analysis for all transactions.Subsequently,this paper optimizes the conventional transaction organization form,introduces a heterogeneous Merkle tree storage structure,and designs algorithms for constructing these heterogeneous trees.Theoretical analyses and simulation experiments conclusively demonstrate the superior performance of this scheme.When verifying the same number of transactions,the heterogeneous Merkle tree transmits less data and is more efficient than traditional methods.The findings indicate that the heterogeneous Merkle tree structure is suitable for various blockchain applications,including the Internet of Things.This scheme can markedly enhance the efficiency of information verification and bolster the security of distributed systems.

Information Security in the Cloud: Emerging Trends and Challenges

This article explores the evolution of cloud computing, its advantages over traditional on-premises infrastructure, and its impact on information security. The study presents a comprehensive literature review covering various cloud infrastructure offerings and security models. Additionally, it deeply analyzes real-life case studies illustrating successful cloud migrations and highlights common information security threats in current cloud computing. The article concludes by offering recommendations to businesses to protect themselves from cloud data breaches and providing insights into selecting a suitable cloud services provider from an information security perspective.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

An Agent Based Model for Ransomware Detection and Mitigation in a Cloud System

The increasing trend toward dematerialization and digitalization has prompted a surge in the adoption of IT service providers, offering cost-effective alternatives to traditional local services. Consequently, cloud services have become prevalent across various industries. While these services offer undeniable benefits, they face significant threats, particularly concerning the sensitivity of the data they handle. Many existing mathematical models struggle to accurately depict the complex scenarios of cloud systems. In response to this challenge, this paper proposes a behavioral model for ransomware propagation within such environments. In this model, each component of the environment is defined as an agent responsible for monitoring the propagation of malware. Given the distinct characteristics and criticality of these agents, the impact of malware can vary significantly. Scenario attacks are constructed based on real-world vulnerabilities documented in the Common Vulnerabilities and Exposures (CVEs) through the National Vulnerability Database. Defender actions are guided by an Intrusion Detection System (IDS) guideline. This research aims to provide a comprehensive framework for understanding and addressing ransomware threats in cloud systems. By leveraging an agent- based approach and real-world vulnerability data, our model offers valuable insights into detection and mitigation strategies for safeguarding sensitive cloud-based assets.

Research on College Network Information Security Protection in the Digital Economy Era

In the era of the digital economy,the informatization degree of various industries is getting deeper and deeper,and network information security has also come into people’s eyes.Colleges and universities are in the position of training applied talents,because of the needs of teaching and education,as well as the requirements of teaching reform,the information construction of colleges and universities has been gradually improved,but the problem of network information security is also worth causing people to ponder.The low security of the network environment will cause college network information security leaks,and even hackers will attack the official website of the university and leak the personal information of teachers and students.To solve such problems,this paper studies the protection of college network information security against the background of the digital economy era.This paper first analyzes the significance of network information security protection,then points out the current and moral problems,and finally puts forward specific countermeasures,hoping to create a safe learning environment for teachers and students for reference.

Design and Implementation of USB Key System Based on Dual-Factor Identity Authentication Protocol

With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.

Incentive mechanism analysis of information security outsourcing based on principal-agent model

In order to solve principal-agent problems caused by interest inconformity and information asymmetry during information security outsourcing, it is necessary to design a reasonable incentive mechanism to promote client enterprises to complete outsourcing service actively. The incentive mechanism model of information security outsourcing is designed based on the principal-agent theory. Through analyzing the factors such as enterprise information assets value, invasion probability, information security environment, the agent cost coefficient and agency risk preference degree how to impact on the incentive mechanism, conclusions show that an enterprise information assets value and invasion probability have a positive influence on the fixed fee and the compensation coefficient; while information security environment, the agent cost coefficient and agency risk preference degree have a negative influence on the compensation coefficient. Therefore, the principal enterprises should reasonably design the fixed fee and the compensation coefficient to encourage information security outsourcing agency enterprises to the full extent.

STRONGER PROVABLE SECURE MODEL FOR KEY EXCHANGE

The key exchange is a fundamental building block in the cryptography. Several provable security models for the key exchange protocol are proposed. To determine the exact properties required by the protocols, a single unified security model is essential, The eCK , eCK and CK models are examined and the result is proved that the eCK＇ model is the strongest provable security model for the key exchange. The relative security strength among these models is analyzed. To support the implication or non-implication relations among these models, the formal proofs and the counter-examples are given.

Green and Near-Infrared Dual-Mode Afterglow of Carbon Dots and Their Applications for Confidential Information Readout

Near-infrared(NIR),particularly NIR-containing dual-/multimode afterglow,is very attractive in many fields of application,but it is still a great challenge to achieve such property of materials. Herein,we report a facile method to prepare green and NIR dual-mode afterglow of carbon dots(CDs) through in situ embedding o-CDs(being prepared from o-phenylenediamine) into cyanuric acid(CA) matrix(named o-CDs@CA). Further studies reveal that the green and NIR afterglows of o-CDs@CA originate from thermal activated delayed fluorescence(TADF) and room temperature phosphorescence(RTP) of o-CDs,respectively. In addition,the formation of covalent bonds between o-CDs and CA,and the presence of multiple fixation and rigid e ects to the triplet states of o-CDs are confirmed to be critical for activating the observed dual-mode afterglow. Due to the shorter lifetime and insensitiveness to human vision of the NIR RTP of o-CDs@CA,it is completely covered by the green TADF during directly observing. The NIR RTP signal,however,can be readily captured if an optical filter(cut-o wavelength of 600 nm) being used. By utilizing these unique features,the applications of o-CDs@CA in anti-counterfeiting and information encryption have been demonstrated with great confidentiality. Finally,the as-developed method was confirmed to be applicable to many other kinds of CDs for achieving or enhancing their afterglow performances.

Blockchain-Based Secured IPFS-Enable Event Storage Technique With Authentication Protocol in VANET

In recent decades,intelligent transportation systems(ITS)have improved drivers’safety and have shared information(such as traffic congestion and accidents)in a very efficient way.However,the privacy of vehicles and the security of event information is a major concern.The problem of secure sharing of event information without compromising the trusted third party(TTP)and data storage is the main issue in ITS.Blockchain technologies can resolve this problem.A work has been published on blockchain-based protocol for secure sharing of events and authentication of vehicles.This protocol addresses the issue of the safe storing of event information.However,authentication of vehicles solely depends on the cloud server.As a result,their scheme utilizes the notion of partially decentralized architecture.This paper proposes a novel decentralized architecture for the vehicular ad-hoc network(VANET)without the cloud server.This work also presents a protocol for securing event information and vehicle authentication using the blockchain mechanism.In this protocol,the registered user accesses the event information securely from the interplanetary file system(IPFS).We incorporate the IPFS,along with blockchain,to store the information in a fully distributed manner.The proposed protocol is compared with the state-of-the-art.The comparison provides desirable security at a reasonable cost.The evaluation of the proposed smart contract in terms of cost(GAS)is also discussed.