Quantum Computing (QC) is hailed as the future of computers. After Google’s claim of achieving Quantum Supremacy in 2019, several groups challenged the claim. Some QC experts attribute catastrophic risks that unrestr...Quantum Computing (QC) is hailed as the future of computers. After Google’s claim of achieving Quantum Supremacy in 2019, several groups challenged the claim. Some QC experts attribute catastrophic risks that unrestrained QC may cause in the future by collapsing the current cryptographic cybersecurity infrastructure. These predictions are relevant only if QC becomes commercially viable and sustainable in the future. No technology can be a one-way ticket to catastrophe, and neither can the definition of superiority of that technology be. If there are catastrophic risks, large-scale QC can never enter the public domain as a minimum viable product (MVP) unless there are safeguards in place. Those safeguards should obviously become an integral part of the definition of its superiority over the legacy systems. NIST (National Institute of Standards & Technology) is pursuing the standardization of Post Quantum Cryptography (PQC) as that safeguard. However, with all the 82 candidate PQCs failing and companies already offering QC as a service, there’s an urgent need for an alternate strategy to mitigate the impending Q-Day threat and render QC sustainable. Our research proposes a novel encryption-agnostic cybersecurity approach to safeguard QC. It articulates a comprehensive definition of an MVP that can potentially set a sustainable gold standard for defining commercially viable quantum advantage over classical computing.展开更多
The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing s...The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.展开更多
Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, conse...Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.展开更多
2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技...2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技术实现可互操作、基于开放的零信任架构。第二版SP 1800-35更新了原A-D卷的内容,增加了第一版本发布之后新完成的另外3个零信任实现架构;额外增加了E卷的内容,提供了零信任体系架构安全特性与网络安全标准和最佳实践之间的映射关系及风险分析。展开更多
This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introd...This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.展开更多
Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global infor...Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.展开更多
文摘Quantum Computing (QC) is hailed as the future of computers. After Google’s claim of achieving Quantum Supremacy in 2019, several groups challenged the claim. Some QC experts attribute catastrophic risks that unrestrained QC may cause in the future by collapsing the current cryptographic cybersecurity infrastructure. These predictions are relevant only if QC becomes commercially viable and sustainable in the future. No technology can be a one-way ticket to catastrophe, and neither can the definition of superiority of that technology be. If there are catastrophic risks, large-scale QC can never enter the public domain as a minimum viable product (MVP) unless there are safeguards in place. Those safeguards should obviously become an integral part of the definition of its superiority over the legacy systems. NIST (National Institute of Standards & Technology) is pursuing the standardization of Post Quantum Cryptography (PQC) as that safeguard. However, with all the 82 candidate PQCs failing and companies already offering QC as a service, there’s an urgent need for an alternate strategy to mitigate the impending Q-Day threat and render QC sustainable. Our research proposes a novel encryption-agnostic cybersecurity approach to safeguard QC. It articulates a comprehensive definition of an MVP that can potentially set a sustainable gold standard for defining commercially viable quantum advantage over classical computing.
文摘The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.
文摘Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.
文摘2022年12月21日,NIST发布特别出版物SP 1800-35《实现零信任体系架构》(Implementing a Zero Trust Architecture)第二版草案并公开征求意见,该指南提出在NIST SP 800-207《零信任体系架构标准中的概念和原则》的基础上,如何使用商用技术实现可互操作、基于开放的零信任架构。第二版SP 1800-35更新了原A-D卷的内容,增加了第一版本发布之后新完成的另外3个零信任实现架构;额外增加了E卷的内容,提供了零信任体系架构安全特性与网络安全标准和最佳实践之间的映射关系及风险分析。
文摘This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.
文摘Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.