• TECHNICAL FACILITIES FOR ENSURING SECURITY

    SECURITY OF THE B-MSS – THE NEW CHALLENGE FOR THE SATELLITE SYSTEM DESIGNERS

    Security & Future, Vol. 3 (2019), Issue 4, pg(s) 174-177

    The Broadband Mobile Satellite Services (B-MSS) are extremely important not only for government (army and police), but for  many civil applications as car, aero, railway and ship communications. Probably they will be part of the future 5-G network development and their security work is very important too. The solving of the main B-MSS security problems needs entirely new approach. The aim of this paper is to analyze two new radio-communication principles, named Spatial Correlation Processing – Random Phase Spread Coding, from security point of view. They were proposed by the author a decade before as antenna transmit-receive beam forming methods with many applications in microwave frequency bands too.

  • INFORMATION SECURITY

    CODE CONTRACTS VS INPUT VALIDATION

    Security & Future, Vol. 3 (2019), Issue 4, pg(s) 167-169

    The unstoppable growth of security flaws makes the developers more patient in integrating different security defenses in the application development! Most of the security breaches are due to uninformed or unqualified developers! The good part is that Internet provides a large amount of rules/documentations/guidelines/tools free for use to help the developers in their work! But as the coin has two sides each web application needs to provide two parts of security flaws protection. The first level of defense is the well known protection from the outside world, called user input validation! And the second side is to ensure that the application works without a problem! Which means to protect it from inside out by integrating what is called code contracts! Even thought those two types of protection have similar purposes there is a difference which we are going to present in the research!

  • INFORMATION SECURITY

    CROSS-SITE SCRIPTING ATTACKS AND THE SECURITY OF WEB APPLICATIONS

    Security & Future, Vol. 3 (2019), Issue 4, pg(s) 163-166

    This report focuses on vulnerabilities on web-applications and web-sites from Cross-Site Scripting attacks (XSS). The different types of XSS attacks are examined: DOM-based, active and passive attacks. The spread of XSS attacks across platforms – government and financial institutions, transportation companies, hospitality and entertainment has been analyzed. Research and analysis of the security of corporate websites and their resistance to XSS attacks have been carried out. The basic guidelines for preventing valuable data theft and unauthorized access to websites and applications from XSS attacks are reviewed and systematized.

  • NATIONAL AND INTERNATIONAL SECURITY

    ELECTRONIC ADMINISTRATION OF UNMANNED AVIATION WITH PUBLIC KEY INFRASTRUCTURE (PKI)

    Security & Future, Vol. 3 (2019), Issue 4, pg(s) 152-155

    As Unmanned Aircraft Systems (UAS) are converging an Internet of Things-like infrastructure, always connected to the internet, cryptographic security becomes a primary concern to ensure confidential, but even more importantly tamper-proof transport of data. Another emerging problem is the high number of unregistered drone flights, with no regard towards airspace regulations. The wellestablished and standardized processes of Public Key Infrastructure (PKI) can be utilized for electronic identification of drones and associating them to the owner, while providing encryption and integrity protection of data. Nowadays various companies provide PKI for drones. This material summarizes the trends, challenges, possibilities of hardware-based on-board secure storage of secrets and describes a possible solution for government-level electronic administration of drones and owners.

  • NATIONAL AND INTERNATIONAL SECURITY

    ORGANIZED CRIME ACTIVITIES ON THE ILLEGAL MARKET AND SECURITY IMPLICATION

    Security & Future, Vol. 3 (2019), Issue 4, pg(s) 140-143

    This work is inspired by the current problems of confronting organized crime, which in part controls illegal markets. Thus, it is also aimed at highlighting the most significant aspects of the research into illegal markets, whose knowledge enables the creation of effective strategic preferences in the fight against organized crime, whose actions have a number of negative implications for state security. Modern criminal organizations are profitable and market-oriented, and the methods of acting used are combined with the criminal and method of the operation of contemporary business organizations. The knowledge of the organization’s specifics and functioning of illegal markets enables the proper selection of methods to more efficiently counter the destructive actions of criminal organizations that control the illegal market. In fact, the destructive action of criminal organizations reflects directly on the state of security by increasing the level of corruption, the level of money laundering and the infiltration of organized crime into legal economic flows, the spread of illegal markets and the increase of the crime rate, but also the ability to generate criminal profits, increasing the economic power of criminal structures that is recursively used for influence on government holders.

  • INFORMATION SECURITY

    STUDY OF THE IMBALANCE AND DISPROPORTIONS IN THE OPPOSITION OF CYBER DEFENSE AGAINST HACKERS

    Security & Future, Vol. 3 (2019), Issue 3, pg(s) 102-105

    Study outlines the contours and the magnitude of the asymmetry in the opposition of cyber defense against hackers. Propose a
    model that reflects the dynamics of the opposition on both sides and the impact of the listed disproportions. It consist a functional analysis of the differences between organizational and technical approaches applied from both sides. Contains research into why even the most highly protected systems suffer from successful hacking attacks. The analysis sheds light on the magnitude of pressure exerted by malicious actors on cyber security for organizations and the disproportionate response from experts who protect information systems and networks.

  • SOCIETY & ”INDUSTRY 4.0”

    ASPECTS OF SAFETY AND SECURITY IN INDUSTRY 4.0

    Industry 4.0, Vol. 4 (2019), Issue 6, pg(s) 319-321

    Industry 4.0 includes the integration of Safety and Security. Their interconnection (influencing) is assumed. Application of control systems within Safety and Security changes the static principle to dynamic, assumes identification of all production and distribution processes, data mobility as a part of BIG DATA technology and human factor activity while ensuring the functionality of relevant applications. Industry Strategy 4.0 requires a proactive approach in risk analysis, based on the implementation of Safety and Security principles in the development and design phase of machines and complex technologies in the context of the use of CPS principles. It is important that rapid responses to the system’s problems are monitored effectively, with simultaneous exchange of information at individual levels in the production process.

  • TECHNOLOGIES

    INFORMATION MODELING OF INTELLIGENT AND SECURE CYBER-PHYSICAL PRODUCTION SYSTEMS USING OPC UA

    Machines. Technologies. Materials., Vol. 13 (2019), Issue 12, pg(s) 542-545

    The strategic initiative Industry 4.0 implies integration of Cyber-Physical Production Systems (CPPS), Internet of Things (IoT) and cloud computing, leading to what is called “smart factory”. The lack of theoretical foundation and methodologies for development of CPPS creates barriers that may hamper the adoption, commercialization, and market success of the new CPPS applications. Standardization and digitalization are at the heart of the methodologies for developing intelligent cyber-physical production systems. OPC UA is the only recommended communication standard within the RAMI reference architecture. Here comes the main purpose of the paper to analyze OPC UA in respect to the information model creation and measures to ensure security of applications. An important place in the paper is devoted to the specification of standardized information models of other organizations, such as those of the ISA-95 (IEC-62264).

  • Islam: The frightening religious otherness

    Security & Future, Vol. 3 (2019), Issue 1, pg(s) 25-28

    Against the backdrop of the changing role of religion in geopolitical relations, and in connections with the identified global threats to humankind (such as terrorism, organized crime, human trafficking, etc.), a considerable number of theorists and ideologues focused on the problem of security are relating these threats to the growing activeness of religious minorities in various parts of the world, and specifically of supporters of the extreme, fundamentalist version of Islam. Speaking of security, we must inevitably think of fears. The latter are about personal and public safety or the anxiety that society may stop functioning. Widespread fears have a corrosive, long-term effect on social cohesion and stability. The social exclusion of ever-greater groups of people spreads to more and more spheres, such as those of the economy, the market, politics, education, healthcare, etc. The increasing marginalization of groups of people, and the inability of institutions to resolve the problem, result in the search for a scapegoat – the role of such may fall upon the political elites, ethnic minorities, migrants. Identifying an enemy is a precondition of social conflict. We are increasingly afraid of one another as we have become accustomed to believing that our worlds are so different that there meeting would bring about the end of at least one of them. Labeling, supported by passionate qualifications, has proved to be a universal way of dealing with the unfamiliar. Woe to him who cannot define himself and continues naively to believe we can live together without the aid of stereotypes. The oldest and strongest human emotion is fear, and the oldest and strongest fear is that of the unknown. Some of the images related to contemporary Islam are formed not within the House of Islam, but where the religious community is obliged to coexist with others. The change of representations of the so-called European Islam can be identified in Bulgarian reality as well. The willingness to adopt and follow certain principles of conduct typical for the arguments of fundamentalism grows in direct proportion with the growing variety of the immediate social environments of Muslims. In fact, the spaces of fundamentalist interpretation of the religious canon are formed not within the traditional Muslim communities but at the points of their active contacts with other cultural and religious models.

  • The security environment and the challenges to the European Union and NATO in the field of security

    Security & Future, Vol. 3 (2019), Issue 1, pg(s) 17-21

    There are three key moments for the development of security and defense globally: First is dynamics of events in the new security environment, second is the importance of so-called “Events leading to change” in the environment and third is the degree of ability of the Parties to anticipate certain situations related to security challenges.
    The need for a strategic reconsideration of the security environment and for EU-NATO interaction calls for consideration of the challenges and problems facing the CSDP and the Alliance to improve their joint security work.

  • Content security policy validation

    Security & Future, Vol. 3 (2019), Issue 1, pg(s) 6-9

    Due to the unstoppable growth of security flaws, the developers need to pay attention and be patient in the integration of security defence in the application development! In most of the cases, they are either uninformed or unqualified of implementing it which cause some huge breaks in the application! There are a lot of documentations/guidelines/tools free for use to help the developers in their work! For the last few years browsers have integrated certain security header controls to support the web application security! In the present research we will present, in our opinion, one of the most important http security response header – the one responsible for the security of the main base of a web application namely the content! Content Security Policy may help in preventing the some of the most vulnerable security attacks (XSS), but in the hand of an unexperienced developer it can breaks the entire application!