Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5654934
W. Russ, D. Nakazawa, I. Hau, M. Morichi
New hybrid spectroscopic systems directly combine spectra from detectors with very different energy resolutions, accommodating standard analyses of the output hybrid spectrum. Hand-held hybrid systems consisting of a 0.5 cm3 cadmium zinc telluride detector combined with either a 1 cm3 NaI(Tl) scintillator mounted on a photomultiplier tube or a 1 cm3 CsI(Tl) mounted on a silicon photomultiplier were evaluated for performance by source measurements for a variety of acquisition times. Repeated 300 second background measurements were analyzed and found a small increase in false alarm rate for the hybrid combinations compared to the individual component detectors. Repeated measurements with a 100 μR/h 137Cs source and acquisition times of 5, 10, 30, 100, and 300 seconds were analyzed, with the results showing that hybridization significantly enhances peak detectability relative to the individual constituent detectors, especially at shorter times. At 5 and 10 seconds, the probability of detection was more than twice that of the individual components. The hybrid approach enables the consideration of a greater variety of measurement system solutions in terms of cost and performance.
{"title":"CZT/NaI hybrid hand-held performance evaluation","authors":"W. Russ, D. Nakazawa, I. Hau, M. Morichi","doi":"10.1109/THS.2010.5654934","DOIUrl":"https://doi.org/10.1109/THS.2010.5654934","url":null,"abstract":"New hybrid spectroscopic systems directly combine spectra from detectors with very different energy resolutions, accommodating standard analyses of the output hybrid spectrum. Hand-held hybrid systems consisting of a 0.5 cm3 cadmium zinc telluride detector combined with either a 1 cm3 NaI(Tl) scintillator mounted on a photomultiplier tube or a 1 cm3 CsI(Tl) mounted on a silicon photomultiplier were evaluated for performance by source measurements for a variety of acquisition times. Repeated 300 second background measurements were analyzed and found a small increase in false alarm rate for the hybrid combinations compared to the individual component detectors. Repeated measurements with a 100 μR/h 137Cs source and acquisition times of 5, 10, 30, 100, and 300 seconds were analyzed, with the results showing that hybridization significantly enhances peak detectability relative to the individual constituent detectors, especially at shorter times. At 5 and 10 seconds, the probability of detection was more than twice that of the individual components. The hybrid approach enables the consideration of a greater variety of measurement system solutions in terms of cost and performance.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125811910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5655079
M. Agoyan, J. Dutertre, A. Mirbaha, D. Naccache, Anne-Lise Ribotta, A. Tria
Laser fault injection is known as a fault attack method on cryptographic systems. This work provides practical experiments on an 8-bit 0.35µm microcontroller with no countermeasures. It explains how, with a laser beam that creates multiple-byte faults, it is still possible to perform single-bit/byte Differential Fault Analysis (DFA). It requires spatial and temporal adjustments for laser shooting and faulty results classification. This underlines the need to protect cryptographic devices, such as biometric passports and smart cards against surgical faults targeting one or several single-bits on specific bytes in memory.
{"title":"Single-bit DFA using multiple-byte laser fault injection","authors":"M. Agoyan, J. Dutertre, A. Mirbaha, D. Naccache, Anne-Lise Ribotta, A. Tria","doi":"10.1109/THS.2010.5655079","DOIUrl":"https://doi.org/10.1109/THS.2010.5655079","url":null,"abstract":"Laser fault injection is known as a fault attack method on cryptographic systems. This work provides practical experiments on an 8-bit 0.35µm microcontroller with no countermeasures. It explains how, with a laser beam that creates multiple-byte faults, it is still possible to perform single-bit/byte Differential Fault Analysis (DFA). It requires spatial and temporal adjustments for laser shooting and faulty results classification. This underlines the need to protect cryptographic devices, such as biometric passports and smart cards against surgical faults targeting one or several single-bits on specific bytes in memory.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130950143","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5655091
K. Krasnow Waterman, Sam Wang
In 2004, the White House and then Congress determined there should be an “Information Sharing Environment” that facilitates the flow of critical information for counterterrorism, related law enforcement, and disaster management activities. That work has been progressing but a major challenge is how to create technologies that: ensure compliance with laws and policies of the federal government, 50 states, and individual agencies; convey appropriate data that would support access control and privilege decisions in different jurisdictions; and achieve accountability and transparency for this activity. We have built a prototype of Fusion Center information sharing that shows significant progress in the representation of law in a policy language, the reasoning of that law over data transactions occurring in a web environment (internet or intranet), acquiring necessary information from authoritative sources wherever they reside in the decentralized environment, and providing both a binary response suitable for automated workflow implementation and a detailed justification suitable for human validation of the conclusion. In this paper, we briefly describe the technologies employed for serializing the data and policy, reasoning over the rules contained in the policy, and displaying the results to users. These combine to provide a powerful tool supporting a range of necessary governmental functions including access control, privilege management, audit, periodic reporting, and risk modeling.
{"title":"Prototyping Fusion Center information sharing; implementing policy reasoning over cross-jurisdictional data transactions occurring in a decentralized environment","authors":"K. Krasnow Waterman, Sam Wang","doi":"10.1109/THS.2010.5655091","DOIUrl":"https://doi.org/10.1109/THS.2010.5655091","url":null,"abstract":"In 2004, the White House and then Congress determined there should be an “Information Sharing Environment” that facilitates the flow of critical information for counterterrorism, related law enforcement, and disaster management activities. That work has been progressing but a major challenge is how to create technologies that: ensure compliance with laws and policies of the federal government, 50 states, and individual agencies; convey appropriate data that would support access control and privilege decisions in different jurisdictions; and achieve accountability and transparency for this activity. We have built a prototype of Fusion Center information sharing that shows significant progress in the representation of law in a policy language, the reasoning of that law over data transactions occurring in a web environment (internet or intranet), acquiring necessary information from authoritative sources wherever they reside in the decentralized environment, and providing both a binary response suitable for automated workflow implementation and a detailed justification suitable for human validation of the conclusion. In this paper, we briefly describe the technologies employed for serializing the data and policy, reasoning over the rules contained in the policy, and displaying the results to users. These combine to provide a powerful tool supporting a range of necessary governmental functions including access control, privilege management, audit, periodic reporting, and risk modeling.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"547 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125305148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5654988
S. Kwak, S. Jang, Hosik Yoo
A plastic scintillator-based radiation portal monitoring system has played an important role in preventing and detecting illicit trafficking of nuclear and radioactive materials. The limited spectroscopic information of the plastic scintillator material makes it difficult to discriminate radioactive materials of concern from naturally occurring radioactive materials (NORM) or background radiation. This has an impact on operations and surveillance costs. Various studies including energy windowing algorithm have been conducted to deal with this problem. However, few papers have been published on how to determine the optimal boundary of energy windowing algorithm. This paper discusses the algorithmic method for a plastic scintillator-based radiation detection system and how to determine the optimal boundary of the energy windowing. Comparing the calculated and experimental results, it appeared that the algorithmic method using energy window boundary presented in this paper could improve the ability of a plastic scintillator-based radiation detection system to discriminate certain threat materials from NORM or background radiation. Furthermore, nuclear materials (natural and low-enriched uranium) which have the similar spectral distributions with ambient background radiation could also be separated from it.
{"title":"Determination of optimal boundary for algorithmic method of plastic scintillator-based radiation detector against nuclear terrorism","authors":"S. Kwak, S. Jang, Hosik Yoo","doi":"10.1109/THS.2010.5654988","DOIUrl":"https://doi.org/10.1109/THS.2010.5654988","url":null,"abstract":"A plastic scintillator-based radiation portal monitoring system has played an important role in preventing and detecting illicit trafficking of nuclear and radioactive materials. The limited spectroscopic information of the plastic scintillator material makes it difficult to discriminate radioactive materials of concern from naturally occurring radioactive materials (NORM) or background radiation. This has an impact on operations and surveillance costs. Various studies including energy windowing algorithm have been conducted to deal with this problem. However, few papers have been published on how to determine the optimal boundary of energy windowing algorithm. This paper discusses the algorithmic method for a plastic scintillator-based radiation detection system and how to determine the optimal boundary of the energy windowing. Comparing the calculated and experimental results, it appeared that the algorithmic method using energy window boundary presented in this paper could improve the ability of a plastic scintillator-based radiation detection system to discriminate certain threat materials from NORM or background radiation. Furthermore, nuclear materials (natural and low-enriched uranium) which have the similar spectral distributions with ambient background radiation could also be separated from it.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127819793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5654974
Cedric Ulmer Jorn Franke, F. Charoy, F. Charoy
Managing the disaster response, involving many heterogeneous organizations, challenges information system support for coordinating their activities. Current means for coordination such as e-mail exchange, white boards, phone or web-based mission diaries provide only very limited support. One problem is managing the temporal coordination of the response activities of different organizations to unify and synchronize their efforts. It is important that activities can be flexible defined and that each organization can integrate activities of other organizations into their plans. This implies also that several coordinators in different organizations exist. The status and awareness of activities as well as conflicts, when coordinating them, needs to be provided to all interested stake holders in real-time. We provide a model and a system to support this scenario. It is implemented in the Google Wave collaboration infrastructure based on open standards.
{"title":"Coordination and situational awareness for inter-organizational disaster response","authors":"Cedric Ulmer Jorn Franke, F. Charoy, F. Charoy","doi":"10.1109/THS.2010.5654974","DOIUrl":"https://doi.org/10.1109/THS.2010.5654974","url":null,"abstract":"Managing the disaster response, involving many heterogeneous organizations, challenges information system support for coordinating their activities. Current means for coordination such as e-mail exchange, white boards, phone or web-based mission diaries provide only very limited support. One problem is managing the temporal coordination of the response activities of different organizations to unify and synchronize their efforts. It is important that activities can be flexible defined and that each organization can integrate activities of other organizations into their plans. This implies also that several coordinators in different organizations exist. The status and awareness of activities as well as conflicts, when coordinating them, needs to be provided to all interested stake holders in real-time. We provide a model and a system to support this scenario. It is implemented in the Google Wave collaboration infrastructure based on open standards.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127457142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5654985
C. Chang, M. He, M. H. Nguyen
A US law mandating non-intrusive imaging and radiation detection by 2012 for 100% of US-bound containers at international ports has provoked widespread concern that the resulting congestion would hinder trade significantly. To address this issue, we present as a viable alternative an advanced computational model to implement computer automation for dual-energy X-ray imaging technique to detect and recognize nuclear and radiological material smuggled in cargo containers. Successful computer automation enables the dual-energy X-ray imaging technique to efficiently sense and recognize radiological and/or nuclear materials, especially shielded Highly Enriched Uranium (HEU), with high detection accuracy, a low positive-false-alarm rate, and negligible impact on freight movement. Thus, dual-energy X-ray inspection can feasibly be used to efficiently inspect 100% of cargo containers entering the US.
{"title":"Computational model for automatic cargo container inspection systems","authors":"C. Chang, M. He, M. H. Nguyen","doi":"10.1109/THS.2010.5654985","DOIUrl":"https://doi.org/10.1109/THS.2010.5654985","url":null,"abstract":"A US law mandating non-intrusive imaging and radiation detection by 2012 for 100% of US-bound containers at international ports has provoked widespread concern that the resulting congestion would hinder trade significantly. To address this issue, we present as a viable alternative an advanced computational model to implement computer automation for dual-energy X-ray imaging technique to detect and recognize nuclear and radiological material smuggled in cargo containers. Successful computer automation enables the dual-energy X-ray imaging technique to efficiently sense and recognize radiological and/or nuclear materials, especially shielded Highly Enriched Uranium (HEU), with high detection accuracy, a low positive-false-alarm rate, and negligible impact on freight movement. Thus, dual-energy X-ray inspection can feasibly be used to efficiently inspect 100% of cargo containers entering the US.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122620888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5655029
S. Erickson, B. Knutson, John Heavener, Celestino Abrego
This paper describes the considerations involved in creating a plan for testing cargo radiography systems for use in the detection of nuclear material covertly passing through a port of entry. There are three sources of test types than can be used in these tests; they come from existing standards, from concepts developed in modeling the systems, and from analogs to the actual use planned for the systems. Each of these sources has individual factors to be taken into account, and the paper attempts to list the key factors needed in constructing the test plan and to describe the principal issues related to each. These tests need to produce data which can help determine both how to incrementally improve the technology and also to assess how it might fit into a suite of inspection systems.
{"title":"Testing methodology for cargo radiography systems","authors":"S. Erickson, B. Knutson, John Heavener, Celestino Abrego","doi":"10.1109/THS.2010.5655029","DOIUrl":"https://doi.org/10.1109/THS.2010.5655029","url":null,"abstract":"This paper describes the considerations involved in creating a plan for testing cargo radiography systems for use in the detection of nuclear material covertly passing through a port of entry. There are three sources of test types than can be used in these tests; they come from existing standards, from concepts developed in modeling the systems, and from analogs to the actual use planned for the systems. Each of these sources has individual factors to be taken into account, and the paper attempts to list the key factors needed in constructing the test plan and to describe the principal issues related to each. These tests need to produce data which can help determine both how to incrementally improve the technology and also to assess how it might fit into a suite of inspection systems.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128428887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5655061
S. Subik, S. Rohde, T. Weber, C. Wietfeld
The interoperability of the data sharing across different organizations is key for the efficient management of large-scale incidents. The system introduced in this paper will provide multi-disciplinary rescue teams with an integrated and intelligent communication and information system for efficient data sharing and emergency process management before, during and after major incidents. The project SPIDER (Security System for Public Institutions in Disastrous Emergency scenaRios) is part of the national research initiative Scenario based Civil Security Research and substantially funded by the German government. It will (a) facilitate a standardized XML based interface for a service oriented interoperability architecture and (b) provide substantial new insight on how to enable components in distinct critical networks for secure collaboration. With respect to (a), these interfaces will be coupled with recommendations on the orchestration of the provided services. As heterogeneous crisis information systems require standardized gateways, SPIDER uses Web Services in order to mutually interact. Thus, a fail-save communication infrastructure (b) that interconnects the required components is indispensable. Especially the usage of modern systems and the consequential high demand to the data rate pose a challenge to the system. The combination of (a) and (b) will lead to a holistic approach for digital crisis management.
{"title":"SPIDER: Enabling interoperable information sharing between public institutions for efficient disaster recovery and response","authors":"S. Subik, S. Rohde, T. Weber, C. Wietfeld","doi":"10.1109/THS.2010.5655061","DOIUrl":"https://doi.org/10.1109/THS.2010.5655061","url":null,"abstract":"The interoperability of the data sharing across different organizations is key for the efficient management of large-scale incidents. The system introduced in this paper will provide multi-disciplinary rescue teams with an integrated and intelligent communication and information system for efficient data sharing and emergency process management before, during and after major incidents. The project SPIDER (Security System for Public Institutions in Disastrous Emergency scenaRios) is part of the national research initiative Scenario based Civil Security Research and substantially funded by the German government. It will (a) facilitate a standardized XML based interface for a service oriented interoperability architecture and (b) provide substantial new insight on how to enable components in distinct critical networks for secure collaboration. With respect to (a), these interfaces will be coupled with recommendations on the orchestration of the provided services. As heterogeneous crisis information systems require standardized gateways, SPIDER uses Web Services in order to mutually interact. Thus, a fail-save communication infrastructure (b) that interconnects the required components is indispensable. Especially the usage of modern systems and the consequential high demand to the data rate pose a challenge to the system. The combination of (a) and (b) will lead to a holistic approach for digital crisis management.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128570053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5655073
Zhang Ji, Qi Anwen
In Aug, 2009, Chinese Premier WEN Jiabao brought forward the concept of "sensing China", the internet of things (IOT) has become the national strategy of China since then. After that, Secretary of Beijing Municipal Government LIU Qi, put forward to the concept of "sensing Beijing", and hope IOT can be new industrial motivation of Beijing development. Furthermore, in January 2010, GUO Jinlong, Mayor of Beijing Municipal Government officially remarked that "IOT construction in Beijing should start from the city security and emergency management applications". Pilot projects of IOT now focus on the new features related to Emergency Management Systems.
{"title":"The application of internet of things(IOT) in emergency management system in China","authors":"Zhang Ji, Qi Anwen","doi":"10.1109/THS.2010.5655073","DOIUrl":"https://doi.org/10.1109/THS.2010.5655073","url":null,"abstract":"In Aug, 2009, Chinese Premier WEN Jiabao brought forward the concept of \"sensing China\", the internet of things (IOT) has become the national strategy of China since then. After that, Secretary of Beijing Municipal Government LIU Qi, put forward to the concept of \"sensing Beijing\", and hope IOT can be new industrial motivation of Beijing development. Furthermore, in January 2010, GUO Jinlong, Mayor of Beijing Municipal Government officially remarked that \"IOT construction in Beijing should start from the city security and emergency management applications\". Pilot projects of IOT now focus on the new features related to Emergency Management Systems.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115947326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-12-03DOI: 10.1109/THS.2010.5654971
Abdur Rahim Choudhary, Alan Sekelsky
Nation's network infrastructure such as the Global Information Grid (GIG) for the Department of Defense (DoD) and the OneNet for the Homeland Security Department are tran-sitioning to the Internet Protocol version 6 (IPv6) per DoD CIO Memorandum of June 2003 and the Office of Management and Budget memorandum OMB-05–22. There exist IPv6 specific security vulnerabilities in these network infrastructures that need to be mitigated in order to achieve security parity with the existing IPv4 operations. From the perspective of the Homeland Security technologies, the existence of additional security vulnerabilities implies a possibility for two pronged threats. First, the IPv6 specific vulnerabilities reduce the security posture of the network infrastructure itself; second, other critical infrastructure sectors that depend on IPv6 need additional protection. For example, the future supervisory control and data acquisition (SCADA) industrial capabilities would increasingly use the IPv6 infrastructure, as would the voice communications, the voice and video collaboration, and sharing of data such as the image data and surveillance and reconnaissance data. This paper presents three contiguous results. First, it briefly presents the new IPv6 capabilities; second, it presents a brief analysis of the security vulnerabilities arising from these capabilities; and third, it presents a new security model for IPv6 network infrastructures that has the potential to mitigate these vulnerabilities. The new model is based on the end-to-end connectivity that is restored in IPv6, thus allowing the use of host based security (HBS) systems together with the perimeter security devices. However, the use of HBS complicates the security trust management. Therefore the third component of the model is introduced, namely a policy based security management (PBSM) approach. The PBSM approach allows the secure deployment of the host based security systems. It provides the capabilities needed to specify the trust zones via a set of security policy rules that together specify a trust zone. Hosts belong to one or more trust zones. Accordingly, the host based security policies are derived from the zone security policies for all the zones to which a host belongs. In addition, the PBSM approach has the potential to support more sophisticated security capabilities such as a risk adaptive access control and dynamic security response to a changing operational picture. The capabilities are needed to enable net-centric security operations.
{"title":"Securing IPv6 network infrastructure: A new security model","authors":"Abdur Rahim Choudhary, Alan Sekelsky","doi":"10.1109/THS.2010.5654971","DOIUrl":"https://doi.org/10.1109/THS.2010.5654971","url":null,"abstract":"Nation's network infrastructure such as the Global Information Grid (GIG) for the Department of Defense (DoD) and the OneNet for the Homeland Security Department are tran-sitioning to the Internet Protocol version 6 (IPv6) per DoD CIO Memorandum of June 2003 and the Office of Management and Budget memorandum OMB-05–22. There exist IPv6 specific security vulnerabilities in these network infrastructures that need to be mitigated in order to achieve security parity with the existing IPv4 operations. From the perspective of the Homeland Security technologies, the existence of additional security vulnerabilities implies a possibility for two pronged threats. First, the IPv6 specific vulnerabilities reduce the security posture of the network infrastructure itself; second, other critical infrastructure sectors that depend on IPv6 need additional protection. For example, the future supervisory control and data acquisition (SCADA) industrial capabilities would increasingly use the IPv6 infrastructure, as would the voice communications, the voice and video collaboration, and sharing of data such as the image data and surveillance and reconnaissance data. This paper presents three contiguous results. First, it briefly presents the new IPv6 capabilities; second, it presents a brief analysis of the security vulnerabilities arising from these capabilities; and third, it presents a new security model for IPv6 network infrastructures that has the potential to mitigate these vulnerabilities. The new model is based on the end-to-end connectivity that is restored in IPv6, thus allowing the use of host based security (HBS) systems together with the perimeter security devices. However, the use of HBS complicates the security trust management. Therefore the third component of the model is introduced, namely a policy based security management (PBSM) approach. The PBSM approach allows the secure deployment of the host based security systems. It provides the capabilities needed to specify the trust zones via a set of security policy rules that together specify a trust zone. Hosts belong to one or more trust zones. Accordingly, the host based security policies are derived from the zone security policies for all the zones to which a host belongs. In addition, the PBSM approach has the potential to support more sophisticated security capabilities such as a risk adaptive access control and dynamic security response to a changing operational picture. The capabilities are needed to enable net-centric security operations.","PeriodicalId":106557,"journal":{"name":"2010 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114802798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: