Elektronika 2009-11.pdf - Instytut SystemÃ³w Elektronicznych

More documents

Recommendations

Info

Fig. 2. An example of data groups aggregation into the one group consisting of three electronic documents and two separated electronic documents; Merkle tree is used (notation: h(...) - cryptographic hash function, || - concatenation) (compare with [18]) Rys. 2. Przykład agregacji grup danych za pomocą drzewa Merkla z jedną grupą składająca się z trzech obiektów danych i dwóch pojedynczych obiektów danych (oznaczenia: h(...) - kryptograficzna funkcja skrótu, || - operator konkatenacji) (porównaj [18]) with such properties was called the long-term provable authentic document). Note that V-SED idea is independent of the public key cryptography infrastructure, and particularly can be implemented in very promising environment of Certificateless Public Key Cryptosystem (CL-PKC). The implementation of the long-term electronic signature scheme LT-CESS requires a wide range of new complex services of TSI (Trusted Services Infrastructure) related to electronic signatures, documents of V-SED type and signature verification policies (VP) (see Section 3). Examples of possible technical solutions for an implementation of a long-term keeping the probative value of a signed electronic document (Section 5) are enough to demonstrate the opportunity to build such components. Theirs complexity depends on a trust level of the storage managing organization and usually requires the use of methods presented in Section 5. References [1] Act on electronic signature from September 18 th , 2001, Law Diary - Dz.U. 2001 no 130, pos. 1450 with later amendments (in Polish). [2] EU Directive 1999/93/EC of the European Parliament and the Council of 13 December 1999 on a Community framework for electronic signatures. [3] Boldyreva A., Fischlin M., Palacio A., Warinschi B.: A Closer Look at PKI: Security and Efficiency, Lecture Notes in Computer Science, Vol. 4450/2007, pp. 458-475, Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007. [4] Shamir A.: Identity-based cryptosystems and signature schemes, Advances in Cryptology - Crypto’84, LNCS, vol. 196. pp. 47-53, Springer-Verlag, 1984. [5] Al-Riyami S., Paterson K.: Certificateless public key cryptography, Advances in Cryptology - AsiaCrypt, LNCS, vol. 2894, pp. 452-473, Springer-Verlag, 2003. [6] Harn L., Ren J., Lin Ch.: Design of DL-based certificateless digital signatures, The Journal of Systems and Software, vol. 82, pp. 789-793, 2009. [7] ETSI TS 101 733 Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES), v. 1.7.4, July 2008. [8] ETSI TS 101 903 XML Advanced Electronic Signatures (XAdES), v1.4.1, June 2009. [9] ETSI TS 102 778-5 Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles, v. 1.1.1, July 2009. [10] Gentry C., Silverberg A.: Hierarchical ID-based cryptography, in Y. Zheng, editor, Advances in Cryptology - ASIACRYPT 2002, Lecture Notes in Computer Science, vol. 2501, pp. 548-566. Springer-Verlag, 2002. [11] CWA 14171 General guidelines for electronic signature verification, May 2004. [12] Regulation of Ministry Council from August, 7th, 2002 on technical and organizational requirements for qualified certification authorities, certification policies for qualified certificates issued by them, and technical requirements for secure signature creation and verification devices (Low Diary -Dz.U. 2002 no 128, pos. 1094). [13] RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, May 2008. [14] CWA 15579 E-invoices and digital signatures, July 2006. [15] RFC 4998 Evidence Record Syntax (ERS), August 2007. [16] RFC 3161 Time-Stamp Protocol (TSP), August 2001. [17] ETSI TS 101 861 Time stamping profile, v1.3.1, January 2006. [18] Goodrich M. T., Tamassia R., Hasic J.: An Efficient Dynamic and Distributed Cryptographic Accumulator, in Information Security, 5th International Conference, pp. 372-388, Sao Paulo, Brazil, September 30 - October 2002. (1) Above problems apply to electronic documents based both upon a qualified and non-qualified certificate (2) This requirement is directly related to the certificate electronic signature scheme CESS used in the PKC infrastructure (explicit certificates), but can be also applied indirectly in the CL-PKC infrastructure (implicit certificates). (3) TimeStampToken is an archive timestamp issued according to RFC 3161 [16] or ETSI TS 101 861 [17]. Przypominamy o prenumeracie miesięcznika Elektronika na 2010 r. 34 ELEKTRONIKA 11/2009
Ontology-based approach to scada systems vulnerabilities representation for CIP (Podejście ontologiczne do reprezentacji podatności systemów scada dla ochrony infrastruktur krytycznych) dr inż. MICHAŁ CHORAŚ 1,3 , mgr inż. ANNA STACHOWICZ 1 , mgr inż. RAFAŁ KOZIK 1,3 , mgr inż. ADAM FLIZIKOWSKI 1,3 , mgr inż. RAFAŁ RENK 1,2 1 ITTI Sp. z o.o. 2 Adam Mickiewicz University, Poznań 3 Institute of Telecommunications, UT&LS, Bydgoszcz Critical Infrastructures are the organizations delivering goods and services in an economy that are fundamental to the functioning of society and the economy [1]. As for types of critical infrastructures, there are some domains within an economy that are considered crucial and most important. The loss of or disaster within a CI will affect a part or all society. Some of critical sectors described in [2] are agriculture and food, water, public health and defence. The INSPIRE Project focuses on telecommunication, energy and transportation sectors. CI are now identified and protected by national and international law and regulations (nationally in e.g. Poland by Ministry of Infrastructure in Crisis Management regulations [3]; internationally e.g. by NATO and by EU) [4-6]. Most of them are also intuitively recognized as critical by societies. Unfortunately, not all phenomenon and aspects within CI are well recognized. It is not possible to create mathematical equations fully describing CI - their functioning and dependencies. CI are nonlinear and chaotic: it means that small change may cause enormous effects (as in the butterfly effect). Even if we had equations describing CI, small increase or decrease of non-important tiny factors, could cause enormous change in the overall result [1]. Complexity and wide range of critical infrastructures implies huge problems in their reliability and security. In dispersed critical infrastructures like electric power, water, railway or telecommunication sectors SCADA (Supervisory Control and Data Acquisition) systems are commonly used. SCADA is a monitoring, supervisory and controlling system with data acquisition from remote data fields. On the contrary to other control systems like for e.g. Distributed Control Systems (DCS), SCADA is intended especially to geographical dispersed systems. Control, measure and monitoring remote field data elements are provided by Remote Terminal Units (RTUs). Communication of RTUs with other SCADA components like Master Terminal Units, Operation Control Centres is provided by telecommunication network. Three generations of SCADA systems can be distinguished according to [7]: • 1 st generation - SCADA systems are monolithic and performed all computing functions themselves without connectivity with other systems; • 2 nd generation - SCADA systems are distributed, taking advantages of LocalArea Network, which connected multiple stations with different functions shared information in real-time; • 3 rd generation - it is extension of 2 nd generation in a way that system architecture became open, utilized open standards and protocols and connectivity of SCADA station and functions was moved from LAN to WAN. Nowadays most of SCADA development comply with 3 rd generation SCADA systems. SCADA systems have been designed without security considerations for many years. Nowadays, more and more SCADA systems have connections with business systems, corporate networks, which showed a risk, that unauthorized, unintended entities may have access to critical SCADA data information. The great benefit of integration, the communication between SCADA systems and corporate networks or Internet, which increase efficiency of business processes became a great risk and source of vulnerabilities. Therefore, there is an emerging need of identifying SCADA vulnerabilities and understanding interdependencies between them, especially these implied by SCADA systems interconnection with telecommunication infrastructures. In this paper we present an ontology-based approach to tackle this difficult task. Motivation to ontology-based approach Interoperation with different network technologies and various applications causes SCADA systems inherit typical network and application vulnerabilities. That is why security aspects in SCADA systems are not so different than in network security. One of the most important aspects in security are vulnerabilities. Vulnerabilities are the weak points in (SCADA) system components, which can be exploited by an attack. Definitions of vulnerability and threat according to ISO/IEC 13335-1:2004 standard are as follows [8]: • vulnerability: “includes a weakness of an asset or group of assets which can be exploited by a threat”; • threat: “a potential cause of an unwanted incident which may result in harm to a system or organization”. Threats and attacks exploit vulnerabilities, so identification of vulnerabilities is a key aspect of security consideration and risk assessment. Known vulnerabilities can be fixed and potential attack can be prevented. There are several sources of vulnerabilities, for e.g. vulnerability repositories such as National Vulnerability Database (NVD) [9] or Open Source Vulnerability Database (OSVDB) [10]. However they do not express all security issues, their properties and relations. That is why we find ontology as a suitable tool for showing identified vulnerabilities as a classification and their connections with other security aspects like threats, attacks, SCADA resources and communication infrastructure [11]. Ontology is a form of knowledge representation in a form of data model that provides a decryption of domain and relations between domain concepts. ELEKTRONIKA 11/2009 35
Page 5 and 6: konstrukcje technologie zastosowani
Page 7 and 8: Streszczenia artykułów • Summar
Page 13 and 14: Medical pattern intelligent recogni
Page 15 and 16: Fig. 2. Start graph Z and the set o
Page 17 and 18: Both models are created of the basi
Page 19 and 20: • in some cases in the methods of
Page 21 and 22: 4. Random operators: three types of
Page 23 and 24: useful. In work [1] is stressed, th
Page 25 and 26: Tabl. 1. Fuzzy sets of the objects,
Page 27 and 28: In addition, one has to remember th
Page 29 and 30: The correction of digital images ob
Page 31 and 32: Tabl. 4. MD error before and after
Page 33 and 34: tionship then determines which indi
Page 35 and 36: this goal. A user’s public key au
Page 37: a) will be or could be broken, or b
Page 41 and 42: erarchy of vulnerability classes wi
Page 43 and 44: and the set of tasks is divided int
Page 45 and 46: tasks: T 0 , T 4 , T 5 , T 6 and T
Page 47 and 48: According to presented function CSF
Page 49 and 50: The efficient data authentication i
Page 51 and 52: Fig. 3. Example run of three rounds
Page 53 and 54: Fig. 2. Possible scenarios of data
Page 55 and 56: e necessary, in worst case - also s
Page 57 and 58: dicates the number of tasks at the
Page 59 and 60: • information on their state come
Page 61 and 62: • data regarding their identity (
Page 63 and 64: k = 1, 2, ..., m and m is the numbe
Page 65 and 66: more powerful statistical (algorith
Page 67 and 68: Signal to Noise Ratio (PSNR). We pr
Page 69 and 70: [23] W3C - Web Services Glossary -
Page 71 and 72: Associated with every N-point M-dim
Page 73 and 74: The SMS-B system architecture (Sour
Page 75 and 76: Technika próżni i technologie pr
Page 77 and 78: wniosku i w konsekwencji za rok 200
Page 79 and 80: Poniżej przedstawiono krótki kome
Page 81 and 82: Wspomnienie Edward Leja (1937-2009)
Page 83 and 84: Zastosowanie technik immunoenzymaty
Page 85 and 86: z pasty węglowej, zaś odniesienia
Page 87 and 88: [33] Biani A., Centi S. Tombrlli S.
Page 89 and 90:
Problemem bowiem w pracach instytut
Page 91 and 92:
1985 - Zdzisław Dorywalski 1986 -
Page 93 and 94:
Rys. 4. Uroczyste wręczanie świad
Page 95 and 96:
Imię i Nazwisko Patenty Wzory uży
Page 97 and 98:
zadań określonych przez użytkown
Page 99 and 100:
Ocena sugerowanych w ankiecie metod
Page 101:
Zaprenumeruj wiedzę fachową 2010
Page 104 and 105:
Radary pasywne - nowa technika radi
Page 106 and 107:
c) stopniowo przesuwać jeden przeb
Page 108 and 109:
W przypadku wykorzystania nadajnika
Page 110 and 111:
kreślić to, że owale Cassiniego
Page 112 and 113:
Dla każdego kierunku odbieranej fa
Page 114 and 115:
chomych, które w ogólnym przypadk
Page 116 and 117:
Rys. 19. Fragment zobrazowania SS3
Page 118 and 119:
Zbigniew Czekała jest projektantem
Page 120 and 121:
• wytypowaniu statków zobowiąza
Page 122 and 123:
• używanie właściwego osprzęt
Page 124 and 125:
W jednomodowym szklanym włóknie t
Page 126 and 127:
Światłowody scyntylacyjne W środ
Page 128 and 129:
Parametry materiałowe szklanego w
Page 130 and 131:
126 ELEKTRONIKA 11/2009
Page 132 and 133:
Literatura [1] Yamane M., Asahara Y
Page 134 and 135:
Rys.1. Przebiegi testowe na wyprowa
Page 136 and 137:
nież pasmo emisji od około 500 MH
show all

Elektronika 2009-11.pdf - Instytut SystemÃ³w Elektronicznych

Create successful ePaper yourself

Delete template?

Save as template?