Ukrainian Scientific Journal of Information Security

FORMALIZED SCIENTIFIC PROBLEM STATEMENT FOR THE DEVELOPMENT OF A SYMMETRIC CRYPTOGRAPHIC SYSTEM FOR PROTECTING VOICE INFORMATION.

2024-12-02T23:50:31+02:00

In recent years, the number of challenges and threats to modern information technologies has been steadily increasing. The security situation is further complicated by the fact that, in the context of armed conflict, cyber threats acquire a hybrid nature.The hybridity of cyber threats manifests in the impact of one threat on a single security service across all security components simultaneously. For instance, when voice information circulates within an information technology system, the impact on a property such as confidentiality simultaneously affects various security components, including information security, data security, and cybersecurity. Therefore, in the current conditions, it is crucial to enhance existing mechanisms or develop new ones to ensure the security of voice information. Existing approaches to protecting voice information are primarily based on the use of cryptographic algorithms implemented in symmetric or asymmetric cryptographic systems. Given the relatively higher speed of symmetric cryptographic systems compared to asymmetric ones, they continue to be preferred for protecting voice information. However, they are also susceptible to modern cryptanalytic methods. Therefore, it is crucial to find an unconventional and non-trivial cryptographic algorithm that will implement an effective symmetric cryptographic system for protecting voice information. Based on the above, the article presents the formalized scientific problem statement for the development of a symmetric cryptographic system for protecting voice information. Its features are expected to be: first, the use of the Fredholm integral equation of the first kind as the cryptographic algorithm; second, the use of its kernel as the encryption key; third, the information to be encrypted should be voice information in the form of an analogue signal; fourth, the use of differential transformations by Academician H. Pukhov of the National Academy of Sciences of Ukraine in the encryption and decryption process; fifth, the application of A. Tikhonov's regularization method for decrypting ciphertext from the original voice information in the form of a differential spectrum.Requirements for the development of a symmetric cryptographic system for protecting voice information based on differential transformations are proposed. These requirements relate to guaranteed theoretical and practical cryptographic strength. To meet these requirements, the essence and content of the scientific task being solved in the article have been defined. Its formalized statement is presented.

TRANSITION TO POST-QUANTUM CRYPTOGRAPHY: CHALLENGES, STANDARDIZATION, AND PROSPECTS.

2024-12-03T01:29:32+02:00

This article provides a detailed analysis of the problems and prospects of the implementation of post-quantum cryptographic algorithms, which are becoming more and more relevant in connection with the development of quantum computing. The main challenges related to the standardization of post-quantum algorithms are considered, in particular the issues of flexibility of algorithms, their performance, complexity of implementation and uncertainty regarding the appearance of quantum computers capable of breaking modern cryptosystems. Particular attention is paid to the assessment of the current state of development of post-quantum cryptographic standards, as well as to the analysis of potential scenarios of the transition to new information protection systems. The main role here is played by the US National Institute of Standards and Technology (NIST). NIST provides key coordination and leadership in the development of post-quantum cryptography standards, initiating an open competition process to identify the most promising cryptographic algorithms. The program launched by NIST involves a multi-year process of evaluating, testing and selecting algorithms capable of providing resistance to attacks by quantum computers. Within this program, a wide range of algorithms were considered, which differ in encryption approaches, performance and degree of security. On the basis of the conducted research, recommendations are proposed for the effective management of the transition period from traditional cryptographic systems to post-quantum solutions, which should ensure reliable data security in the face of new technological challenges. In particular, approaches to managing the transition period, risk reduction strategies, as well as assessment of possible threats and ways to minimize them are offered. As a result, the article provides a valuable basis for the formation of a strategy for the safe adaptation of information systems in the age of quantum technologies.

CRYPTO-CODE CONSTRUCTIONS ON LDPC CODES PROPERTIES ASSESSMENT

2024-12-03T01:40:06+02:00

The growth of mobile technologies and computing power has significantly expanded the range of digital services and actually outpaced the development of computer technology. This promotes the use of mobile and wireless networks in most areas of smart technologies and supports the further combination of cyberspace with the mobile Internet. However, the lack of security protocols that ensure the confidentiality and integrity of data in the early stages of LTE technology implementation creates conditions for cybercriminals to use mobile Internet channels to conduct APT attacks. With the development and appearance of a full-fledged quantum computer that uses the Shor and Grover algorithms, a significant decrease in the stability of cryptosystems built on the basis of symmetric and asymmetric cryptography, including cryptography on elliptic curves, is possible. In addition, modern cyber threats show signs of synergy and hybridity, and their combination with social engineering methods makes it difficult to implement effective preventive measures. The paper proposes post-quantum cryptosystems based on the McAleese crypto-code scheme, which uses low density parity check codes (LDPC codes). This approach allows for easy integration into wireless networks that comply with IEEE 802.16 and IEEE 802.15.4 standards, as well as LTE technologies, providing an adequate level of protection against modern threats.

KEEPASS AS A PASSWORD AND DATA SECURITY MANAGER

2024-12-03T01:58:23+02:00

Data protection is a critical aspect of today's information environment, as the number of threats, both from attackers and as a result of human error, is constantly increasing, putting the confidentiality and integrity of information at risk. Basic data protection principles include access control, encryption, backup and activity monitoring. A multi-level approach to security, including physical, administrative and technical measures, reduces the risks of unauthorized access and data loss. The article examines the importance of password security in today's digital environment. Given the growing number of cyber threats, maintaining privacy and protecting personal data has become a priority. One of the effective password management tools is KeePass, a password storage program that provides a high level of encryption and security. This paper analyzes the key features of KeePass, its advantages and disadvantages compared to other password managers. The article also draws attention to the need to choose a reliable password manager to ensure multi-level protection of user data. The use of such tools becomes especially relevant in the context of the growing number of cyber attacks and the need to preserve confidentiality in various industries, including business and government institutions.

MODEL OF THE FACIAL RECOGNITION PROCEDURE MODEL AND THE IRIS OF THE EYE DURING BIOMETRIC AUTHENTICATION OF PERSONNEL OF CRITICAL INFRASTRUCTURE FACILITIES USING NEURAL NETWORK TOOLS.

2024-12-03T02:22:53+02:00

The problematics of the article is related to increasing the effectiveness of biometric authentication systems for personnel of critical infrastructure facilities. It is shown that the prospects of increasing efficiency should be correlated with the improvement of neural network tools used in the process of biometric authentication. As a result of the conducted research, a modular neural network model was developed that provides effective authentication of personnel based on the image of the face and the iris of the eye at a critical infrastructure facility, taking into account the need to recognize spoofing attacks and promptly update data on the list of legitimate personnel representatives of the facility. The novelty of the proposed modular neural network model consists in the application of the author's variants of neural networks, which allow to realize the recognition of the emotional state of the registered person, the recognition of spoofing attacks based on the naturalness of emotions and images of background objects characteristic of specific conditions of video registration, and the recognition of a person by comparing the test image faces with images of the faces of legitimate personnel, which makes it possible to quickly respond to a change in the list of legitimate personnel representatives of a critical infrastructure object without the need to retrain the model.

ANALYSIS OF THE POSSIBILITIES OF USING INTEGRATED INFRASTRUCTURE MONITORING SYSTEMS

2024-12-03T02:29:28+02:00

In today's digital age, the rapid expansion and complexity of IT infrastructures has made the need for effective monitoring systems more critical than ever. These systems play a key role in ensuring the smooth operation of both hardware and software, identifying and resolving potential problems quickly. Integrated monitoring solutions such as Zabbix, Nagios, Prometheus, and Centreon have become key tools in infrastructure management, each offering unique features to meet different monitoring needs. Zabbix, known for its scalability and ability to monitor a wide range of devices, offers extensive data collection methods and flexible alerting systems. It is great for large-scale deployments, allowing organizations to monitor thousands of devices simultaneously. Nagios, one of the oldest and most well-known monitoring tools, is highly customizable and supports many plugins. Its strength lies in its flexibility and the large community that contributes to its continuous development, making it an ideal solution for organizations that need a customized approach to infrastructure monitoring. Prometheus, on the other hand, offers a modern approach to monitoring that is particularly effective in cloud and containerized environments. Its focus on real-time metrics and time-series data, combined with robust alerting capabilities, makes it a popular choice for dynamic environments where real-time performance data is essential. Centreon, while not as widely known as some of its peers, offers a comprehensive approach to infrastructure monitoring. It combines the flexibility of Nagios with an intuitive user interface that allows administrators to easily monitor different components. Centreon's real-time alerting system allows users to identify and resolve issues before they escalate, ensuring system stability. The structured approach to displaying alerts and monitoring types, from network devices to cloud services, makes it a versatile solution for both small and large IT environments. While each system has its own strengths, Centreon's balance between convenience and versatility makes it particularly attractive to organizations looking for an all-in-one solution.

ATTACK SCENARIOS ON SYSTEM OF REMOTE EDUCATION

2024-12-03T02:13:50+02:00

The development of both the violator model and threat model is required for protection of information system from potential harmful influence. Harmful influence can be caused by accident (by its legit users) or intentionally (by violators). Each model is an abstraction and the level of detail of this abstraction is determined by a few factors. One such factor is the object of protection. Systems of remote education are used by people in a wide range of ages – from 1^st grade school students to adult university/college students, while the range of objects of attacks include educational materials and user accounts that contain personal data. The specifics of functioning of systems of remote education accounts for processing data in different formats and interactive, synchronous and asynchronous interaction of users who can have different roles in the system. One should also expect the abuse of main functions executed by legit users of the system and to watch over restriction of access to the system from external network.

MODEL FOR ASSESSMENT OF CYBER RESILIENCE OF INFORMATION SYSTEMS OF CRITICAL INFRASTRUCTURE OBJECTS UNDER THE INFLUENCE OF HYBRID CYBER ATTACKS USING MACHINE LEARNING ALGORITHMS

2024-12-02T18:23:53+02:00

The article presents a model for assessing the cyber resilience of information systems of critical infrastructure objects (CIO) under the influence of combined cyber attacks. The model analyzes the impact of ten types of attacks, such as DoS, DDoS, phishing, malware, and others, on HMI and SCADA systems. The interaction between attacks and systems is modeled using the Monte Carlo method; a genetic algorithm is used to create hybrid attacks, and clustering with HDBSCAN allows for determining the resilience of systems to certain types of attacks. Prediction of attack consequences and recovery time is carried out using the Random Forest Regressor algorithm. The research results can be used to improve cyber defense measures of CIOs and enhance their ability to recover after cyber attacks.

ARTIFICIAL INTELLIGENCE: CYBERSECURITY OF THE NEW GENERATION

2024-12-02T20:19:54+02:00

The article discusses the role of artificial intelligence in shaping the cybersecurity of the new generation. With the rise of cyber threats and the sophistication of attackers' methods, traditional defense mechanisms become insufficiently effective. AI offers innovative solutions to counter these challenges by its ability to analyze large volumes of data, detect anomalies, and predict the behavior of attackers. Various applications of AI for data protection are considered, including: early detection of cyber threats; data analysis from various sources to identify potential threats; predicting the likelihood of cyber attacks; developing intelligent access control systems; automating responses to cyber incidents; and improving encryption algorithms. New cyber attack methods used by hackers are also revealed, such as data poisoning, generating malicious software using generative adversarial networks (GANs), creating fake content and deepfakes, IoT device attacks, and using AI to enhance social engineering effectiveness. Additionally, methods for analyzing code vulnerabilities using AI, including static code analysis (SAST) and dynamic code analysis (DAST), as well as the use of sandboxes for secure code testing, are discussed. Special attention is paid to the capabilities and risks associated with the "dark side" of AI, such as FraudGPT, WormGPT, and Evil-GPT, which are used by cybercriminals to carry out cyber attacks. Emphasis is placed on the need for a comprehensive approach to cybersecurity, combining the power of AI algorithms with expert knowledge, user education, and international cooperation. Further research and development in this field are critically important for ensuring the security of the digital world in the face of constantly growing cyber threats. To provide a solid research foundation, a comprehensive study of scientific literature and relevant publications dedicated to the role of artificial intelligence in modern cybersecurity was conducted.

ANALYSIS OF COMPUTER VIRUSES CREATED USING ARTIFICIAL INTELLIGENCE

2024-12-02T21:56:12+02:00

Artificial intelligence improves the modern world by opening up new possibilities in various fields, but at the same time, it creates new challenges, especially in the realm of cybersecurity. One of the most serious threats is the use of AI to create computer viruses that have the ability to self-learn, adapt to defense systems, and automatically change their code. This makes them significantly more difficult to detect and neutralize compared to traditional viruses. Various methods of virus creation using AI are analyzed. The first is adaptive self-learning viruses that use machine learning algorithms to analyze target behavior and adapt their attacks. There are also viruses with variable encryption, which utilize artificial neural networks to avoid detection. Generative Adversarial Networks (GAN) are also actively used to create new variants of malicious code, complicating traditional detection methods. Phishing attacks based on Natural Language Processing (NLP) are employed as well. AI-based autonomous botnets present another serious threat, as they enable large-scale attacks without human intervention. In response to these threats, countermeasures are analyzed. These include AI-based antivirus systems that can detect anomalies in program behavior, behavioral analysis that allows suspicious programs to be blocked, as well as dynamic analysis in sandboxes, which enables testing of suspicious files in an isolated environment. The use of cloud platforms for storing and analyzing threat data allows for rapid updates to defense mechanisms.

THE INFLUENCE OF NEURAL NETWORKS ON THE DEVELOPMENT OF CYBER SECURITY IN THE CONDITIONS OF REGULATORY CHANGES

2024-12-02T22:14:22+02:00

The article studies the influence of neural networks on the development of cybersecurity in conditions of constant changes in the regulatory field. In today's digital world, where the complexity and frequency of cyber attacks are growing rapidly, traditional security methods are becoming insufficient. Neural networks, as one of the key technologies of artificial intelligence, open up new opportunities for improving the efficiency of cyber defense systems by automating threat detection, anomaly analysis and attack prevention. The integration of neural networks with other emerging technologies, such as blockchain and quantum computing, opens up new horizons for creating more sustainable systems. However, challenges such as adversarial attacks, opacity of algorithms (the "black box" problem) and compliance with regulatory requirements, in particular GDPR and ISO 27001, require special attention. The study also examines the ethical and legal aspects of using neural networks in cybersecurity, emphasizing the importance of developing explanatory artificial intelligence (XAI) and maintaining human control for safe and ethical implementation. The article concludes that neural networks are a promising tool in the fight against cyber threats, but their effectiveness will depend on the ability of organizations and states to solve privacy problems, ethical issues and technical vulnerabilities.

ANALYSIS OF THE IMPACT OF SHADOW IT ON THE ENTERPRISE CLOUD INFRASTRUCTURE

2024-12-02T23:20:36+02:00

Shadow IT, defined as the use of IT systems and services without official approval from the IT department, has become a significant challenge for managing cloud infrastructure in modern organizations. With the expansion of cloud technologies, particularly their availability and scalability, an increasing number of employees are independently implementing technological solutions, bypassing official channels. These actions are often driven by a desire for faster results, improved productivity, or convenience. However, by circumventing formal IT governance procedures, these decisions can pose serious threats to data integrity and create significant challenges for regulatory compliance. The growth of Shadow IT is directly linked to the increasing functionality and accessibility of cloud services, such as AWS, Microsoft Azure, or Google Cloud. These services allow quick and minimal-effort access to computing power, data storage, and additional features without the need for interaction with the IT department. This can lead to bypassing established IT procedures and governance structures, jeopardizing data confidentiality, losing control over information, and creating substantial financial and legal risks for the company. One of the key problems arising from Shadow IT is data protection and cybersecurity. Uncontrolled use of cloud services can leave an organization vulnerable to external attacks, as such services may not meet internal security standards or provide the necessary level of protection. This can lead to unauthorized access to sensitive information, data breaches, or violations of requirements such as GDPR or PCI-DSS. Additionally, conflicts between corporate policies and the specific configurations of cloud services can create security gaps. Shadow IT also increases the risk of legal and financial liability. The use of unauthorized cloud services can result in fines for regulatory violations, reputational damage, and increased costs for restoring security. The lack of proper management and control also complicates audit compliance and creates serious challenges for the organization, especially under growing regulatory pressure. One of the most effective ways to mitigate the impact of Shadow IT is to implement automation for managing cloud environments. Automation significantly improves control over cloud resource usage, allowing IT departments to quickly respond to changes, identify vulnerabilities, and ensure compliance with security standards. Additionally, automated monitoring systems provide real-time visibility into the use of cloud services, reducing the likelihood of unauthorized usage. Another important strategy for combating Shadow IT is reevaluating the usability of official IT solutions used within the organization. Shadow IT often arises as a response to the inadequacy or complexity of existing corporate solutions. If official services are more user-friendly and better tailored to the needs of users, employee motivation to use unauthorized tools will decrease. Providing access to more intuitive and functional official cloud services can significantly reduce the number of Shadow IT incidents and increase security. Thus, combining automation with a constant reevaluation of the convenience and efficiency of official IT solutions is a key strategy for minimizing the risks associated with Shadow IT. These approaches not only enhance control and security but also make IT services more attractive to users, encouraging active use within established rules and procedures.

ANALYSIS OF MODELS AND METHODS FOR ASSESSING THE STATE OF CYBERSECURITY OF CLOUD SERVICES OF INFORMATION INFRASTRUCTURE OBJECTS

2024-12-02T23:28:50+02:00

This article describes the analysis of existing standards in the field of cybersecurity aimed at providing requirements for the functioning of the company's information environment. The article will describe cloud services, their types, and the structural model of each of the selected types. Based on the analysis of the structural models of cloud service types, the main evaluation criteria will be determined. To assess the compliance of cybersecurity standards with the defined evaluation criteria, a comparative analysis will be carried out using these criteria.

METHOD OF OPTIMIZING THE BLOCKING MEANS NUMBER OF ACOUSTIC INFORMATION LEAKAGE CHANNELS AT INFORMATION ACTIVITY OBJECT

2024-12-02T23:38:22+02:00

Ensuring the protection of speech information, which is voiced at information activity objects, is a priority task, for the solution of which technical protection systems are created. Regulatory documents in the field of technical information protection do not specify any methodology for determining the required number of means to block (close) technical leakage channels of this type of information, but they indicate the maximum permissible numerical values and norms of engineering and technical solutions. That is why the article solves an important scientific and practical task, which is to develop a unique methodology for optimizing the number of means of blocking these channels, which is relevant, timely and necessary. The methodology includes the following steps: analysis of engineering and construction features of objects of information activity and development of a model of information threats; development of a model of a complex of technical protection of speech information from leakage by technical channels; evaluation of energy characteristics of active jamming systems and calculation of their optimum quantity. The proposed technique makes it possible to ensure the effectiveness of protection of information from leakage by acoustic channels due to the selection of the optimal required number of selected means of closing these channels, and can also be used in the construction of technical protection systems at information activity objects.

MODELLING OF PSYCHOLOGICAL IMPACT TAKING INTO ACCOUNT NEUROPSYCHOLOGICAL PROCESSES

2024-11-25T20:56:42+02:00

In today's information environment, psychological operations (POs) have become powerful tools for influencing target audiences (TAs), which is a necessary component of armed struggle. This article discusses the neuropsychological approach to assessing psychological influence, which allows for a deeper understanding of the mechanisms behind changing people's behaviour, beliefs and emotional states. The article examines how neural connections activated when receiving information signals influence cognitive and emotional reactions that can significantly change the perception of reality. Particular attention is paid to the role of the emotional state, which can both enhance and weaken the effect of psychological influence. The study is based on the analysis of emotional stimuli that activate neuropsychological processes, determining new beliefs or attitudes in the target audience. The article also discusses the Ebbinghaus effect, which is a critical aspect for increasing the effect of psychological influence. A new scientific approach to mathematical modelling has been developed that describes the dynamics of information retention in the memory of the target audience, taking into account different forgetting rates depending on the characteristics of the audience. In addition, the stability of the system is studied, which is determined through an integral stability indicator that takes into account various aspects, such as the intensity of information impact, emotional charge of the content and resistance to external influences. The use of the developed mathematical approach to modelling the effect of psychological influence provides new tools for predicting behavioural changes in target audiences during psychological operations.

UNCERTAINTY IN EVALUATING QUANTITATIVE QUALITY CHARACTERISTICS OF SOFTWARE

2024-11-25T20:28:28+02:00

Currently, software quality evaluation is a crucial stage in the processes of software development and implementation. It provides developers with the opportunity to obtain an objective assessment of the developed software products and determine their compliance with existing international standards and software quality evaluation requirements. However, this process is often accompanied by a certain level of uncertainty in evaluating the quantitative quality characteristics, which can complicate decision-making regarding the prospects for the use and safety of the developed product. Significant contributions to the theoretical and practical aspects of generalizing the issue of uncertainty in evaluating quantitative quality characteristics have been made by scholars such as S. Hayashi, M. Kubo, H. Mori, C. Areces, R. Fervari, A. Saravia, F. Velázquez-Quesada, S. Guaman, J. Alamo, J. Caiza, M. Nakamura, and others. The purpose of this article is to address the problem associated with the uncertainty in evaluating the quantitative quality characteristics of software systems. To achieve this goal, the article sets and solves the following tasks: examining various aspects of uncertainty in evaluating the quantitative quality characteristics of computer software systems; developing a methodological approach to solving the problem of uncertainty in evaluating quantitative quality characteristics; and conducting a practical study of the developed approach. The methods used to solve these tasks include analysis, synthesis, generalization, and comparison.

JUSTIFICATION OF THE DECISION SCHEME FOR ASSESSING THE PROBABILITY OF DETECTING ELECTROMAGNETIC SIGNALS WITH THE PURPOSE OF PREVENTING THEIR DETECTION

2024-11-25T20:42:38+02:00

The justification of the decision scheme for the construction of the receiver in order to realize the possible detection of signs of signals in space is carried out.In accordance with the condition regarding the impossibility of detecting signs of dangerous signals, the criterion of optimality is substantiated for the construction of the decisive scheme of the receiver. It is obtained by the maximum unmasking of information signals, pursuing the fulfillment of the security condition, as for the worst case. That is, if signals with more unmasking features, for example, power, are not detected, then signals with less unmasking features will not be detected either. On the basis of the obtained optimality criterion, a corresponding decision scheme of the optimal receiver is constructed. The proposed scheme considers three hypotheses: there are no signs of a signal, the impossibility of reliably determining the signs of a signal, and signs of a signal are present.On the basis of the specified decisive scheme, its special case is obtained, which describes the condition of the impossibility of reliably detecting the signs of a dangerous signal at the time when ICS or technical means of information processing and transmission are working. The discrete-continuous channel using the specified scheme allows to simulate the technical channel of information leakage, as for the worst case from the point of view of security, and to find the probability of the impossibility of reliably detecting the signs of a dangerous signal. Obviously, this probability will determine the probability of a security risk.

BLOCKCHAIN AS A TOOL FOR TRANSPARENCY AND PROTECTION OF GOVERNMENT REGISTRIES

2024-11-25T21:08:58+02:00

With the advancement of digital technologies and the growing demand for transparency and data security, government registration systems face several challenges associated with their centralized architecture. Traditional centralized systems used for storing and processing data exhibit various problems, including vulnerability to cyberattacks, insufficient protection of personal data, lack of user control over their information, and non-compliance with international standards, such as the General Data Protection Regulation (GDPR). This creates the need for the adoption of new technological solutions capable of addressing these shortcomings and ensuring enhanced reliability for government registries. This research proposes the implementation of blockchain technologies in government registration systems as a solution capable of improving data security, transparency, and reliability while providing users with greater control over their personal information. Blockchain enables the creation of decentralized systems where data cannot be altered without proper authentication, and all transactions are recorded, reducing the risk of unauthorized access and fraud. A key element of this study is the development of a mathematical model for quantitatively assessing the effectiveness of blockchain adoption in government registration systems. The model evaluates security, transparency, reliability, and data processing speed indicators, allowing for a comparison with traditional centralized systems. The analysis shows that blockchain can significantly reduce corruption risks, ensure full transparency of government processes, and improve citizens' trust in public institutions. Moreover, blockchain implementation complies with international data security and protection standards, such as GDPR, making this technology a promising tool for public administration. The study also highlights key directions for blockchain development, including improving system scalability, optimizing data processing costs, and integrating with other technologies for public governance. The findings demonstrate the significant potential of blockchain solutions to transform government registries, and the developed model can be used as a tool for further research and implementation of the technology in public institutions.