Explore chapters and articles related to this topic
Network Security for EIS and ECS Systems
Published in Barney L. Capehart, Timothy Middelkoop, Paul J. Allen, David C. Green, Handbook of Web Based Energy Information and Control Systems, 2020
In order to mitigate the risk of eavesdroppers and interlopers gaining access to the exchange of operationally valuable data via email, the email should be encrypted using PGP, Kerberos, or some other public key encryption protocol. These methods implement significant barriers to decrypting ciphertext to plaintext. In addition to this technological solution for securing email, such communications should be explicitly marked as private, confidential, etc. and should contain an appropriate statement to that end in the footer of each and every email message. When documents are transmitted by email as attachments, they should be converted to portable document file (PDF) format or rich text format (RTF) before sending them. Microsoft Word and Corel WordPerfect file documents contain metadata (information that is hidden within the document). Such metadata may contain every modification or the change history of the document. PDF and RTF document formats contain minimal metadata about the document itself and therefore should be the only acceptable formats for transmission of formatted attachments. Finally, what little metadata can be extracted from the PDF and RTF file formats cannot be easily obtained by someone who has not had significant technical training.
E-Mail Security and Privacy
Published in Steven F. Blanding, Enterprise Operations Management, 2020
PGP uses the RSA algorithm along with an enhanced idea encryption algorithm. Although the draft standards for PEM are not yet widely supported, they will probably gain acceptance as the language of the draft is clarified to remove ambiguity regarding the manner in which users are named and certified.
Deniable authenticated encryption for e-mail applications
Published in International Journal of Computers and Applications, 2020
Chunhua Jin, Guanhua Chen, Changhui Yu, Jianyang Zhao
As the Internet is spreading, electronic mail (e-mail) has become one of the most convenient communication tools, which enables us to deliver the message rapidly. However, due to the openness of e-mail transmission, the malicious adversary can monitor or intercept e-mail to get the contents of transmitted message. Therefore, e-mail security issues are serious. In a secure e-mail application, two security requirements must be satisfied: message confidentiality and message authentication. At present, Pretty Good Privacy and Secure/Multipurpose Internet Mail Extensions are two widely used secure e-mail systems. Both systems utilize a combination of symmetric key techniques and asymmetric key techniques to achieve the above-mentioned security properties. Message confidentiality could be achieved through digital envelope technology. Message authentication could be implemented through digital signature technology. However, in a digital signature scheme, any third party is able to verify the validity of digital signature. Moreover, the signer cannot deny signing a message owning to the non-repudiation property of the signature, which is an undesired security property in e-mail services. Therefore, deniable authentication is proposed to solve this problem.
Behavioural cybersecurity: applications of personality psychology and computer science
Published in Ergonomics, 2020
While I agree that the text fills a useful niche, in contributing to the understanding of behavioural science to cybersecurity there are at least two domains that would seem to be support their objectives. The first is the domain of human–computer interaction (HCI) and the second is the domain of Cyberpsychology. Both domains have something to say regarding the application of behavioural science to the understanding and improvement of cyber security. One classic in the literature is the famous Why Johnny Can’t Encrypt Study (1999) written by Whitten and Tygar, which examines the difficulty in operating the pretty good privacy (PGP) software and how this might lead to the compromise of sensitive information. There has been previous work that is allied to the topics discussed here that might have been worthy of inclusion. Examples of this include Usable Security (2014) written by Garfinkel and Lipford. There are other researchers that have also shared this research such as Ross Anderson who wrote Security Engineering (2008) and conferences such as the Symposium On Usable Privacy and Security (SOUPS), The Security and Human Behaviour Conference and the Workshop on Economics and Information security. As well as researchers such as Bruce Schneier, who have also recognised and developed the importance of understanding the human factor in security.
A variant RSA acceleration with parallelisation
Published in International Journal of Parallel, Emergent and Distributed Systems, 2022
Jun-Jie Liu, Kang-Too Tsang, Yu-Hui Deng
With the rapid development of information network transmission technology, the requirement for the independence, security, and confidentiality of data transmission plays a vital role in the matter of E-commerce, telecommunication, and cloud computing. Cryptography is the main research field that studies methods for protecting information and data. In modern cryptosystem (non-quantum), the asymmetric cryptosystem is essential for today's internet as its ability in providing a secure key transformation method in non-secure communication channels, such as Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Pretty Good Privacy (PGP). The main ideas of the public key system are: