Visible to the public Biblio

Filters: Author is Bezzateev, S. V.  [Clear All Filters]
2022-05-10
Bezzateev, S. V., Fomicheva, S. G., Zhemelev, G. A..  2021.  Agent-based ZeroLogon Vulnerability Detection. 2021 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–5.
Intrusion detection systems installed on the information security devices that control the internal and external perimeter of the demilitarized zones are not able to detect the vulnerability of ZeroLogon after the successful penetration of the intruder into the zone. Component solution for ZeroLogon control is offered. The paper presents the research results of the capabilities for built-in Active Directory audit mechanisms and open source intrusion detection/prevention systems, which allow identification of the critical vulnerability CVE-2020-1472. These features can be used to improve the quality of cyber-physical systems management, to perform audits, as well as to check corporate domains for ZeroLogon vulnerabilities.
2020-04-20
Zaw, Than Myo, Thant, Min, Bezzateev, S. V..  2019.  Database Security with AES Encryption, Elliptic Curve Encryption and Signature. 2019 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–6.

A database is an organized collection of data. Though a number of techniques, such as encryption and electronic signatures, are currently available for the protection of data when transmitted across sites. Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. In this paper, we create 6 types of method for more secure ways to store and retrieve database information that is both convenient and efficient. Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide policies for information security within the database. There are many cryptography techniques available among them, ECC is one of the most powerful techniques. A user wants to the data stores or request, the user needs to authenticate. When a user who is authenticated, he will get key from a key generator and then he must be data encrypt or decrypt within the database. Every keys store in a key generator and retrieve from the key generator. We use 256 bits of AES encryption for rows level encryption, columns level encryption, and elements level encryption for the database. Next two method is encrypted AES 256 bits random key by using 521 bits of ECC encryption and signature for rows level encryption and column level encryption. Last method is most secure method in this paper, which method is element level encryption with AES and ECC encryption for confidentiality and ECC signature use for every element within the database for integrity. As well as encrypting data at rest, it's also important to ensure confidential data are encrypted in motion over our network to protect against database signature security. The advantages of elements level are difficult for attack because the attacker gets a key that is lose only one element. The disadvantages need to thousands or millions of keys to manage.