IT Security

Information technology (IT) has proliferated at an unprecedented rate in our society. Technical advances have come quickly yet the social and ethical infrastructure to support these advances has been slow in development. A group of individuals have developed a general code of ethical conduct for information technology professionals to begin to identify the proper ethical choices that IT professionals should make. This paper examines this code and explores whether there are underlying ethical constructs that underlie the code. After examining ten key provisions of the code, it was found through exploratory factor analysis that there were two factors which emerged-information technology integrity and information technology security. There were found to be no differences in level of agreement with these IT ethical factors based on several demographic variables. The implications of these finding for educators, researchers and practitioners are briefly discussed.

This paper develops a theoretically grounded methodology for the selection and evaluation of alternative encryption algorithms based on artificial neural networks (ANNs). We formalize the cryptographic evaluation problem as a mapping f₀ : χ → M from algorithm feature space to security-efficiency metrics, and prove one lemma and six theorems establishing: (i) universal approximation of cryptographic functionals, (ii) PAC-convergence with explicit error bounds, (iii) Pareto-optimality of multi-criteria selection, (iv) robustness to distribution shifts, (v) recovery of structural invariants, (vi) calibrated decision boundaries with controlled error rates, and (vii) applicability to non-formalized cryptographic systems. Based on these results, we introduce the NCS-DF model for adaptive cryptanalytic inference without a priori knowledge of key structure or base language. The framework enables mathematically rigorous algorithm selection under uncertainty and is applicable to dynamic encryption routing, post-quantum migration assessment, and analysis of artifacts with unformalized entropy.

In recent years, the notion of gamification has gained some interest within the scientific community. Gamification denotes the use of typical gaming mechanisms, like collecting points, reaching different levels or gaining a spot on a highscore list, in a non-gaming related context. One of the most important application areas of gamification is education, e. g. learning a foreign language or basic arithmetics. There have been, however, few attempts to use games for IT-Security education. The present paper will review the existing approaches in this area, present a serious game that has been produced at Stuttgart Media University on behalf of the swiss bank UBS, and will provide an outlook on planned further activities in this area.

In recent years, the notion of gamification has gained some interest within the scientific community. Gamification denotes the use of typical gaming mechanisms, like collecting points, reaching different levels or gaining a spot on a highscore list, in a non-gaming related context. One of the most important application areas of gamification is education, e. g. learning a foreign language or basic arithmetics. There have been, however, few attempts to use games for IT-Security education. The present paper will review the existing approaches in this area, present a serious game that has been produced at Stuttgart Media University on behalf of the swiss bank UBS, and will provide an outlook on planned further activities in this area.

Background: Small and medium-sized enterprises (SMEs) constitute the backbone of national economies globally, yet they remain disproportionately vulnerable to financial distress, regulatory non-compliance, and governance failure. The proliferation of digital technologies and the acceleration of regulatory complexity in the post-pandemic economic environment have intensified the need for structured, data-driven financial risk assessment models capable of supporting robust SME governance. Research Problem: Despite their macroeconomic significance, SMEs continue to operate with inadequate financial compliance frameworks, limited internal control systems, and insufficient enterprise risk management (ERM) infrastructure. Existing academic literature has overwhelmingly directed governance and compliance scholarship towards large multinational corporations, leaving a critical empirical and theoretical gap concerning SME compliance maturity and its relationship to financial stability. Objectives: This study investigates how data-driven financial risk assessment models, integrated with digital compliance architectures and artificial intelligence (AI)-assisted monitoring systems, can enhance SME governance, reduce fraud exposure, improve regulatory adherence, and promote long-term financial sustainability. Methodology: A mixed-methods empirical and conceptual hybrid design was adopted, incorporating multivariate regression analysis, compliance maturity scoring, and semi-structured qualitative interviews with 42 compliance officers, SME finance managers, auditors, and enterprise risk specialists across multiple industry sectors. Financial ratio analysis and risk-scoring models were applied to a panel dataset comprising 318 SMEs across a five-year observation period. Key Findings: Results demonstrate a statistically significant positive relationship between compliance maturity levels and financial stability indicators, including reduced insolvency probability, lower audit deficiency rates, and stronger investor confidence metrics. Qualitative findings identify digital compliance systems and AI-assisted anomaly detection as transformative enablers of SME governance, whilst also revealing persistent implementation barriers including resource constraints, digital literacy gaps, and regulatory fragmentation. Contribution: The study proposes an Integrated SME Compliance Governance Framework (ISCGF) and a Scalable Compliance Maturity Model (SCMM) as practical and theoretically grounded tools for advancing financial governance in smaller enterprise contexts. The research bridges corporate governance theory, enterprise risk management, and digital compliance architecture, offering actionable guidance for policymakers, regulators, auditors, and SME practitioners.

Small and medium-sized enterprises (SMEs) constitute a foundational pillar of national economies, yet they remain disproportionately susceptible to financial fraud, regulatory noncompliance, and governance failure. Existing scholarship has examined compliance and internal control systems principally within large corporations and financial institutions, leaving a substantive empirical gap concerning the governance architectures of smaller enterprises. This study examines how proactive risk auditing frameworks reduce financial fraud exposure in SMEs and evaluates the structural mechanisms through which integrated compliance systems support long-term organisational stability. Adopting a mixed-methods empirical and conceptual hybrid design, the study draws upon semi-structured interviews with forty-seven compliance officers, finance managers, auditors, and governance consultants operating across United Kingdom-registered SMEs, supplemented by quantitative analysis of financial performance and compliance indicators sourced from published regulatory data, audit findings, and enterprise financial disclosures. Multivariate regression modelling, compliance maturity scoring, and thematic analysis are Reducing Financial Fraud Exposure in SMEs-1 employed to evaluate the relationship between governance quality, audit frequency, and incidences of financial irregularity. Findings reveal a statistically significant negative relationship between structured compliance system maturity and the frequency of detected financial fraud events (β =-0.431, p < 0.01). Qualitative evidence identifies four principal governance failure archetypes in SME environments: informal control cultures, inadequate segregation of duties, infrequent audit cycles, and the absence of digitally integrated monitoring systems. The study proposes an SME Proactive Risk Auditing Framework (SPRAF) comprising five governance dimensions: control environment architecture, risk identification protocols, compliance monitoring, digital oversight integration, and governance accountability structures. The findings carry significant implications for policymakers, regulatory bodies, accounting professionals, and SME leadership. The study contributes a theoretically grounded and practically scalable governance model that bridges enterprise risk management theory, audit assurance scholarship, and digital compliance architecture. It advocates for the reconceptualisation of compliance from an administrative burden to a strategic governance instrument essential for SME resilience and macroeconomic stability.

Authentication and authorisation are critical pillars of security in Java-based enterprise systems, ensuring identity verification, controlled access to resources, and protection against unauthorised activities. With the evolution of Java applications from monolithic architectures to distributed microservices, cloud-native platforms, and containerised environments, traditional access control mechanisms have proven insufficient to address emerging scalability, interoperability, and threat challenges. This review presents a comprehensive and systematic analysis of authentication and authorisation mechanisms employed in Java-based systems, encompassing both classical approaches and modern security paradigms. The study examines password-based authentication, token-based mechanisms such as JSON Web Tokens (JWT), OAuth 2.0, OpenID Connect, and SAML, along with advanced techniques including multi-factor authentication (MFA), single sign-on (SSO), and certificate-based authentication. On the authorization side, the paper explores role-based access control (RBAC), attribute-based access control (ABAC), and policy-based access control (PBAC), emphasising their applicability, flexibility, and limitations in dynamic enterprise environments. Widely adopted Java security frameworks, including Spring Security, Java Authentication and Authorisation Service (JAAS), and Apache Shiro, are critically evaluated with respect to architectural design, extensibility, performance overhead, and integration with enterprise identity providers such as LDAP, Active Directory, and cloud-based IAM services. The review further analyses security challenges and threat models relevant to Java ecosystems, including token theft, privilege escalation, session hijacking, misconfigured policies, and insider threats, particularly in microservices and multi-cloud deployments. Performance and scalability implications of authentication and authorisation mechanisms are discussed, highlighting trade-offs between security rigour and system responsiveness under high-concurrency workloads. Emerging trends such as zerotrust architectures, AI-driven adaptive authentication, context-aware authorisation, federated identity, and service mesh-based security enforcement are also explored as future directions. By synthesising existing literature, frameworks, and best practices, this review provides a consolidated reference for developers, architects, and researchers, offering practical guidance for designing secure, scalable, and maintainable authentication and authorisation solutions in modern Java-based enterprise systems.

Web server security is a primary concern amid the rising wave of cyber threats. Every user interaction with a web application is recorded in server logs, which contain valuable information including IP addresses, request methods, response status codes, and data sizes. This study leverages server log data from January to July 2019 collected from an educational institution to detect malicious activities using a data mining approach. After preprocessing and rule-based labeling into three classes Safe, Suspicious, and Dangerous dimensionality reduction was applied via Linear Discriminant Analysis (LDA) before classification using five algorithms: SVM-RBF, SVM-Linear, SVM-Polynomial, K-NN via GridSearch, and Decision Tree. Results show that SVM-RBF delivers the most stable performance, achieving a training accuracy of 88% and testing accuracy of 86%. However, class imbalance affects recall scores for certain categories. This study confirms the effectiveness of combining LDA and SVM-RBF as a basis for log-based intrusion detection systems, while also highlighting the need for further development through data balancing techniques and additional feature engineering.

This article presents the state of the art of the Quantum Computation, consisting of one brief introduction, what it is, its history and origin, who are the main researchers in the world- wide scope, the difficulties in the use of this type of technology and its main applications. Key-words: Quantun Computation, qubit, spin

Resumo Este artigo apresenta o estado da arte da Computação Quântica, consistindo em uma breve introdução, o que é, sua história e origem, quem são os principais pesquisadores no âmbito mundial, as dificuldades no uso deste tipo de tecnologia e suas ...

During the struggle between Iranian Prime Minister Mossadegh and the Shah in April 1953, John Foster Dulles noted that under normal circumstances the United States did not want to support dictators (e.g., the Shah), "but in times like these, . . . we know that we cannot make a transition without losing control of the whole situation." 2 Dulles's comment epitomized a fundamental truth of foreign policy, namely that security remains an "irreducible" national goal and security is well served by stability. Nonetheless, subjugating foreign policy exclusively to security concerns often has unanticipated and unsavory results. Since its emergence as a global power in the late 1800's, U.S. foreign policy has been governed by six principles: peace, prosperity, stability, security, defense, and democracy. Over time there emerged a synergy among these objectives, but a single-minded strategy may extraordinarily influence the pursuit of them. For example, while the United States is a prime advocate of democratic principles, the pursuit of security, as defined by anti-communism during the Cold War, resulted in supporting regimes that have little inclination towards democracy, such as that of the Shah. Second, American foreign policy is issue-sensitive, meaning that policies may shift quickly in response to crises and other factors in the international system. This approach limits the United States' attention span, particularly as new crises emerge. As American attention shifts, the tendency to neglect those who previously were considered critical allies and whose expectations had been raised through contact with the United States increases. This shift from attention to neglect encourages increased authoritarianism by leaders seeking to remain in power and an anti-American backlash that can severely curtail American influence.

During the struggle between Iranian Prime Minister Mossadegh and the Shah in April 1953, John Foster Dulles noted that under normal circumstances the United States did not want to support dictators (e.g., the Shah), "but in times like these, . . . we know that we cannot make a transition without losing control of the whole situation." 2 Dulles's comment epitomized a fundamental truth of foreign policy, namely that security remains an "irreducible" national goal and security is well served by stability. Nonetheless, subjugating foreign policy exclusively to security concerns often has unanticipated and unsavory results. Since its emergence as a global power in the late 1800's, U.S. foreign policy has been governed by six principles: peace, prosperity, stability, security, defense, and democracy. Over time there emerged a synergy among these objectives, but a single-minded strategy may extraordinarily influence the pursuit of them. For example, while the United States is a prime advocate of democratic principles, the pursuit of security, as defined by anti-communism during the Cold War, resulted in supporting regimes that have little inclination towards democracy, such as that of the Shah. Second, American foreign policy is issue-sensitive, meaning that policies may shift quickly in response to crises and other factors in the international system. This approach limits the United States' attention span, particularly as new crises emerge. As American attention shifts, the tendency to neglect those who previously were considered critical allies and whose expectations had been raised through contact with the United States increases. This shift from attention to neglect encourages increased authoritarianism by leaders seeking to remain in power and an anti-American backlash that can severely curtail American influence.

In this paper we describe architectural changes incorporated into DNS aware Multicast Session Directory (mDNS) that enable it to co-exist in both Any Source Multicast (ASM) and Source Specific Multicast (SSM) environments. mDNS is a distributed, global, scalable and hierarchical approach that allows multicast sessions to be searched based on multiple parameters including keywords, session-type, geo-locality, etc. mDNS design being tightly coupled with existing Domain Name Service (DNS) enables sessions to be assigned a Uniform Resource Locator (URL) that can be book-marked for future access. We also describe the caching strategy added to mDNS and present arguments on its possible benefits. Afterwards, we will discuss the slight search strategy alteration required by caching and its security implications. This paper also describes our simulation design. We describe how we automated our experiments. The integration of fully implemented mDNS software and our "simulated" network hierarchy will be explained. We provide simulation results and explain their significance with respect to network topography.

Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improving SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

4.9.1. Grupo de Intervención.
Podrán ser integrantes, entre otros, los siguientes servicios operativos:
• Servicios de prevención, extinción de incendios y salvamento de entidades públicas
y privadas.
• Servicios de rescate y salvamento de entidades públicas y privadas.
• Servicios adscritos al Plan INFOCA.
• Unidad Militar de Emergencias (UME).
• Fuerzas y Cuerpos de Seguridad.
Funciones:
• Hacer el reconocimiento y evaluación de las zonas afectadas, delimitando las áreas
de intervención donde deben realizarse acciones de rescate y salvamento.
• Realizar labores de búsqueda, rescate y salvamento de personas.
• Reconocer y evaluar sobre el terreno los posibles riesgos asociados, tales como
incendios, fugas y derrames de sustancias tóxicas o peligrosas, deslizamientos del
terreno o inundaciones.
• Controlar, reducir o neutralizar los efectos y daños producidos a las personas y
bienes, prestando especial atención a los bienes del patrimonio histórico y cultural.
• Extinguir los incendios y atender otras emergencias derivadas.
• Realizar labores de desescombro.
• Realizar labores de refuerzo y demolición, según sea necesario, de edificios dañados.
4.9.2. Grupo Sanitario.
Podrán ser integrantes, entre otros, los siguientes servicios operativos:
• Sistema sanitario público de Andalucía.
• Centros hospitalarios privados.
• Empresas de transporte sanitario privadas.
• Servicios de atención psicológica ante emergencias.
• Cruz Roja u otras organizaciones no gubernamentales.
Funciones:
• Establecer las medidas de protección sanitaria si se determinan riesgos para los
efectivos actuantes y para la población.
• Organizar el dispositivo de salud ...

In case of mobile agent based computing system such as agent-based electronic payment and online electronic publishing of multimedia contents, both precise identification and secure authentication schemes are required for its security. The public-key cryptosystem and the digital signature scheme have been the foundation of overall secure systems. The requirement for providing agent based secure digital contents in electronic commerce is to implement the compatible secure entity authentication scheme. In this paper, existing discrete logarithm based Schnorr like authentication schemes are improved by the analysis of performance and security on the interactive protocols. And ElGamal type authentication schemes are also proposed. Then, they are enhanced with oblivious transfer based non-interactive public key cryptosystem for entity authentication. Proposed non-interactive protocols are applicable to the noninteractive zero knowledge proofs and they can provide compatible performance and safety in distributed commerce applications such as copyright protection system on multimedia contents.

The ChatGPT Windows application offers better user interaction in the Windows operating system (OS) by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This study presents a holistic forensic analysis of the ChatGPT Windows application, focusing on identifying and recovering digital artifacts for investigative purposes. With the use of widely popular and openly available digital forensics tools such as Autopsy, FTK Imager, Magnet RAM Capture, Wireshark, and Hex Workshop, this research explores different methods to extract and analyze cache, chat logs, metadata, and network traffic from the application. Our key findings also demonstrate the history of the application's chat, user interactions, and system-level traces that can be recovered even after deletion, providing critical insights into the crime investigation and, thus, documenting and outlining a potential misuse report for digital forensics.

Security standards in Oceania are developed and applied according to different national regulatory frameworks. The recent growth of the IT economy in the continent, together with the global challenges that Pacific nations are called to face, requires that security regulations ensure stakeholders can achieve optimal levels of protection and accessibility. In light of this, the paper presents a comprehensive and newly categorized taxonomy of the IT security standards in force in the three largest countries in Oceania: Australia, New Zealand, and Papua New Guinea. This approach not only helps to understand the level of harmonization of IT security standards across the continent, but also enables a comparative analysis to assess potential improvements in the safety and effectiveness of IT frameworks within Oceania.

The confluence of artificial intelligence, pall-native structure, and payment card security authorizations creates an unknown demand for security professionals who can mastermind, operate, and optimize Security Information and Event Management (SIEM) platforms at enterprise scale. This composition documents the specialized and strategic line of a SIEM Security Lead who transitions from reactive log aggregation toward a visionary, Payment Card Industry Data Security Standard-aligned consultancy model-anchored by AI-driven correlation queries, MITRE ATT&CK playbook development, andcross-platform observability gauging Splunk Enterprise Security, Dynatrace, Qualys, and F5 Web operation Firewalls. The Security Operations Center (SOC) professional examined then demonstrates that chastened correlation rule engineering reduces false cons by measurable perimeters across large Linux knot estates, while structured collaboration with Information Technology Service Management (ITSM) workflows in platforms similar as ServiceNow accelerates mean time to remediate. Trouble triage effectiveness improves through machine-literacy-amended hunt queries that surface high-confidence pointers of concession aligned to specific ATT&CK tactics and ways. PCI-DSS inspection readiness advances when payment fraud discovery playbooks image authentication telemetry drawn from real- world sale surroundings. Practical significance emerges in four areas: measurable SOC effectiveness earnings, defensible payment security posture, transmittable knowledge through platoon training and webinar-grounded education, and VP-position career influence in a request projected to grow 25 percent in visionary SecOps places.

A production-hardened, single-file blockchain designed for true decentralization. Runs on a $50 Android phone with 16 GB storage via Pydroid3. IPv6-first networking eliminates firewall barriers, making every phone a first-class node. v7.5.0 adds Layer-2 rollup, BIP-152 compact blocks, parallel block construction, network-aware sizing, BitTorrent-style sync, pre-validation pipeline, admin-gated RPC, and concurrent dispatch. Also usable on iOS via Pyto/iSH.

The backbone of modern economies relies heavily on Critical Information Infrastructure (CII). It helps to provide critical services in the energy, finance, telecommunications, health, and transportation sectors. This growing dependences on third-party vendors, software applications, and supply chains, has exposed CII to formidable cyber risks. Recent attacks like SolarWinds, NotPetya, and Colonial Pipeline show how damaging supply chain cyber-attacks can be. They threaten both national security and economic stability. This paper hence presents a general conceptual framework that protects CII against supply chain threats. Anchored on the DSR approach, the paper synthesizes some of the literature on prior cybersecurity frameworks, models of supply chain risk, and resilience strategies. The proposed framework integrates three layers: Risk Identification, Governance and Compliance, and Resilience and Response. These layers introduce AI-driven threat detection, ZTA, secure procurement policy, and automated mechanisms for incident response. A comparison of major cybersecurity frameworks such as NIST CSF, ISO/IEC 27001, C-SCRM, and the EU NIS2 Directive shows important gaps in risk assessment, regulation, and resilience strategies. The study therefore contributes to both the academic fraternity and industry practices through the presentation of a structured, adaptive model in mitigating evolving supply chain cyber risks. Future research on empirical validation, cross-border regulatory harmonization, and real-time risk quantification models will be useful in further enhancing global CII resilience.

This paper examines how modern TLS trust models interact with constrained network environments, specifically in-flight connectivity (IFC) systems. Through systematic observational analysis of certificate handling on a major domestic airline, a critical gap was documented between operating-system-level certificate validation and application-level certificate pinning. The study identifies three co-occurring conditions that produce this failure: OS trust stores accepting any certificate chaining to a trusted root, applications mandating specific pinned certificates, and captive portals presenting valid certificates for the wrong domain. This research contributes to understanding how legitimate captive portal architectures can inadvertently trigger security warnings that confuse users, break application functionality, and desensitize users to genuine security threats, despite using properly configured PKI infrastructure.

Since the emergence of 3G cellular IP networks, internet usage via 3G data services has become ubiquitous. Therefore such network is an important target for imposters who can disrupt the internet services by attacking the network core, thereby causing significant revenue losses to mobile operators. GPRS Tunneling Protocol GT P is the primary protocol used between the 3G core network nodes. In this paper, we present the design of a multi-layer framework to detect fuzzing attacks targeted to GTP control (GTP-C) packets. The framework analyzes each type of GTP-C packet separately for feature extraction, by implementing a Markov state space model at the Gn interface of the 3G core network. The Multi-layered architecture utilizes standard data mining algorithms for classification. Our analysis is based on real world network traffic collected at the Gn interface. The analysis results show that for only 5% fuzzing introduced in a packet with average size of 85 bytes, the framework detects fuzzing in GTP-C packets with 99.9% detection accuracy and 0.01% false alarm rate.

Quantum-safe Bitcoin" is not a property of a subset of well-behaved transactions. It is a global safety property of the consensus state machine: for every reachable consensus state and for every quantum-capable adversary, no consensus-valid execution may contain an unauthorized state transition. This paper specifies an execution model for Bitcoin at the level required for hostile review: explicit UTXO state, total validation predicates, deterministic transition functions for transactions and blocks, and a network/scheduler model sufficient to reason about mempool races and reorganizations. We define security goals in game-based form against quantum polynomial-time (QPT) adversaries, separate safety from liveness, and state concrete invariants (authorization integrity, state consistency, and determinism), proving that all invariants are preserved across valid transitions. We give a consensus-level construction for post-quantum authorization (via commit-and-reveal witness programs) and prove, via a complete game-hopping reduction, that unauthorized spends imply a break of the underlying post-quantum signature or hash binding assumptions-with a tight, non-rewinding reduction. We further define and exclude cross-input and cross-transaction witness replay attacks via sighash commitment axioms, formalize network execution as traces and prove that adversarial network control does not bypass PQ authorization, and address the quantum random oracle model. Finally, we formalize the migration dilemma-protocol-level quantum safety cannot be achieved without either freezing unmigrated legacy outputs or accepting open theft under Shor-and provide a formal migration trace model with monotonicity guarantees.

In Model-Driven development software system design is represented through models which are created using general purpose modelling languages e.g. UML. Later on system artefacts are automatically generated from these models. Model-Driven Security is a specialization of Model-Driven paradigm towards the domain of security, where security objectives are modelled along the system models and security infrastructures are directly generated from these models. Currently available general purpose modelling languages like UML do not have capability to model the security objectives along the system models. Over the past decade, many researchers are trying to address these limitations of the general purpose modelling languages and come up with several Domain Specific Modelling Languages for Model Driven Security. In this paper, we survey the progress made by these researchers in the area of Model Driven Security and discusses different security Domain Specific Modelling Languages presented by the most prominent researchers for the development of secure system.

Este artigo estuda a adoção de algumas soluções de criptografia em aplicações web visando a melhoria da segurança da informação ao garantir seus objetivos, notadamente a confidencialidade e a integridade. Conceituada a arquitetura de uma aplicação web típica, fragilidades em alguns de seus principais componentes são levantadas, e tipos de web hacks que exploram tais fragilidades são explicados e aplicados em um ambiente de testes controlado e em modelos lógicos que visam sua demonstração de forma objetiva. Soluções para tais web hacks que envolvam a adoção de criptografia são elencados, explicados e aplicados, e os resultados desta aplicação perante os web hacks selecionados são demonstrados, sendo realizado um comparativo entre os resultados antes e depois da adoção das soluções criptográficas estudadas a fim de demonstrar sua eficiência.

This paper addresses a basic security requirement of electronic voting, namely that a voter can correct or abort his vote at any time prior to his final vote casting. This requirement serves as a protection against voter precipitance (haste). We specify rules for a reset and cancel function that implement the correction and abort requirement. These rules are integrated in an extended version of the formal IT security model provided in . We show that these rules do respect the requirements covered in this model namely that each voter can cast a vote, that no voter loses his voting right without having cast a vote and that only eligible voters can cast a vote. This paper formally describes and mathematically proves the model and finally shows at which places of a voting process the formal rules apply. 17 This paper is developed within the project "ModIWA -Modellierung von Internetwahlen" which is funded by DFG, and carried out at the Universities Kassel (Roßnagel, Richter) and Koblenz-Landau (Grimm, Hupf) brought to you by CORE View metadata, citation and similar papers at core.ac.uk

Remote electronic voting systems are more and more used -not so much for parliamentary elections, but nevertheless for elections on lower levels as in associations and at universities. In order to have a basis for the evaluation and certification, in Germany a Common Criteria Protection Profile [PP08] is developed, which defines basic requirements for remote electronic voting systems. This Protection Profile requires a rather low evaluation depth (EAL2+). For elections on higher levels an appropriate adjustment of the evaluation depth is recommended. In its first part this paper points out that increasing the evaluation depth beyond EAL5 is not possible at present, since EAL6 requires formal methods and in particular a formal IT security model. Such a formal model does not exist yet. In the second part, this paper proposes a first step to an IT security model for remote electronic voting systems, which, however, considers only a subset of the security objectives defined in the Protection Profile [PP08].

Ezen ügyben ugyancsak tetten érhető a legfőbb gyermeki érdek, valamint a gyermek meghallgatáshoz való jogának felhívása, bár vitatott eredménnyel. Fontos intézményi fejleményként utalni szükséges a 2008-ban bevezetett sürgősségi eljárásra is, amely főként a gyermekeket érintő eljárásokban kerül alkalmazásra azzal az indokkal, hogy az időmúlás káros befolyással van a gyermek érdekeire, a szülővel való kapcsolat megszakadásával járhat, a jogellenesen elvitt gyermek hazatérését, illetve reintegrációját megnehezítheti, a gyermek további lelki károsodát okozhatja, és a tisztázatlan jogi helyzet a jogbizonytalanság mielőbbi felszámolását igényli.

With numerous new websites being created every day, it's getting increasingly challenging to tell which ones are safe and which could be dangerous. These websites frequently gather sensitive user data that may be hacked in the absence of proper cybersecurity safeguards, such as the effective identification and categorization of dangerous URLs. In order to improve cybersecurity, this study attempts to create models based on machine learning algorithms for the effective detection and categorization of harmful URLs. In this regard, our proposal uses decision trees, logistic regression, support vector machines, and Naive Bayes to reliably categorize dangerous URLs. To improve classification efficiency, we have integrated hyperparameter tuning using the Grid Search technique, optimizing model performance for more accurate and reliable results. The results demonstrate the effectiveness of Naive Bayes in achieving high accuracy (91.9%) and reliable performance in detecting malicious URLs. Implementation as a web service of the study provides evidence of the practicality and natural fit into more generalized security frameworks. Ultimately, our approach significantly enhances the detection of unsafe URLs, offering a robust solution to address the growing challenges in cybersecurity.

This paper presents the possibilities of tracking technologies application in the postal systems. There could be the postal items, vehicles, production tools and employees tracked in the postal system. Based on the tracking object and the way the collected data are used, these technologies could lead to a corresponding efficiency control of the business process and higher quality achievements in the postal company. For the tracking purposes it is possible to use various technologies. In this paper the implementation of Radio Frequency Identification (RFID) is illustrated.

Let X : y 2 = f (x) be a hyperelliptic curve over Q(T ) of genus g ≥ 1. Assume that the jacobian of X over Q(T ) has no subvariety defined over Q. Denote by Xt the specialization of X to an integer T = t, let a Xt (p) be its trace of Frobenius, and A X ,r (p) = 1 p p t=1 a Xt (p) r its r-th moment. The first moment is related to the rank of the jacobian J X (Q(T )) by a generalization of a conjecture of Nagao: Generalizing a result of S. Arms, Á. Lozano-Robledo, and S.J. Miller, we compute first moments for various families resulting in infinitely many hyperelliptic curves over Q(T ) having jacobian of moderately large rank 4g + 2, where g is the genus; by Silverman's specialization theorem, this yields hyperelliptic curves over Q with large rank jacobian. Note that Shioda has the best record in this directon: he constructed hyperelliptic curves of genus g with jacobian of rank 4g + 7. In the case when X is an elliptic curve, Michel proved p • A X ,2 = p 2 + O p 3/2 . For the families studied, we observe the same second moment expansion. Furthermore, we observe the largest lower order term that does not average to zero is on average negative, a bias first noted by S.J. Miller in the elliptic curve case. We prove this bias for a number of families of hyperelliptic curves.

Computationally recognizing humor is an aspect of natural language understanding. Although there appears to be no complete computational model for recognizing verbal humor, it may be possible to recognize jokes based on statistical language recognition techniques. Computational humor recognition was investigated. A restricted set of all possible jokes that have wordplay as a component was considered. The limited domain of "Knock Knock" jokes was examined. A created wordplay generator produces an utterance that is similar in pronunciation to a given word, and the wordplay recognizer determines if the utterance is valid. Once a possible wordplay is discovered, a joke recognizer determines if a found wordplay transforms the text into a joke.

É preciso aprender com a prática, pois, embora você pense que sabe, só terá certeza depois que experimentar. A digitalização de documentos históricos apresenta-se como forma eficaz de viabilizar o acesso público a grandes acervos e equalizar o severo compromisso entre conservação e acesso. Freqüentemente, documentos históricos apresentam alto grau de degradação, causada pela ação do tempo ou danos sofridos, resultando em imagens digitais com baixo nível de legibilidade e em alguns casos extremos, totalmente ilegíveis. Técnicas de processamento digital de imagens e análise de documentos são empregadas na solução deste problema. A maioria das abordagens para limiarização e segmentação de documentos históricos utiliza características globais do documento para eliminar o ruído de fundo e outros problemas de degradação, buscando aprimorar a legibilidade. No entanto, a distribuição dos problemas de degradação não é uniforme e nem linear na imagem do documento. Desta forma, após a aplicação destes algoritmos, algumas regiões apresentam melhoria da legibilidade, porém, em outras, observa-se o efeito reverso. Este trabalho apresenta uma nova abordagem para o problema de melhorar a qualidade visual e a legibilidade de imagens de documentos históricos. A solução utiliza uma abordagem híbrida, combinando características globais e locais. Pode-se dividir o processamento em quatro etapas. Primeiro, as características globais do documento são extraídas. Na segunda etapa, são identificadas as linhas que apresentam conteúdo textual. Na próxima etapa, é realizada a limiarização das linhas selecionadas, combinando características locais e globais. Finalmente, na última etapa, é realizada a binarização global do documento. Experimentos realizados com imagens de documentos históricos do acervo Dops/MG demonstram que a abordagem proposta foi eficiente em melhorar a qualidade visual e legibilidade em 80 por cento dos documentos.

Medical Information Systems (MedIS 1 ) of today are increasingly vulnerable to attacks by malicious software (or malware). Malware, also referred to as a virus or malicious logic, includes such things as Trojan horses, denial of service attacks, trap doors, time bombs, and worms. This white paper informs both vendors (manufacturers and integrators of MedIS) and users (for example, hospitals and medical practices) about possible malware attacks and suggests ways to protect against them. Possible attacks make use of exploitable MedIS vulnerabilities. The vulnerability of a MedIS depends on the kind of physical and logical access available to users and on the kind of software running on it. Vendors and users must cooperate to meet the challenge of safeguarding the security and privacy of data in healthcare. In this white paper, the Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC) 2 offers a list of recommendations for both vendors and users to make the MedIS they produce and operate more secure. • Assure system integrity • Employ defensive system design philosophies • Host virus checkers where appropriate • Respect the need for a proper configuration when offering virus checkers • Offer security-relevant updates and technical assistance • Respect regulatory and technological imperatives and restrictions Users should: • Use technical network defenses • Prepare policies, procedures, and user training • Restrict physical access whenever possible • Reduce logical interconnections to the minimum • Establish secure remote access for servicing • Keep close contact with the vendor • Implement the Defense in Depth philosophy 1 MedIS generally includes all information systems directly employed in delivering health care. Examples include, but are not limited to: HIS (hospital information system), RIS (radiology information system), PACS (picture archiving and communication systems), imaging modalities, radiation therapy systems, cardiology information systems, and patient monitoring systems. 2 NEMA is headquartered in the United States and is a trade association representing medical device and systems manufacturers, COCIR is the European, and JIRA is the Japanese trade association of such manufacturers.

Medical Information Systems (MedIS 1 ) of today are increasingly vulnerable to attacks by malicious software (or malware). Malware, also referred to as a virus or malicious logic, includes such things as Trojan horses, denial of service attacks, trap doors, time bombs, and worms. This white paper informs both vendors (manufacturers and integrators of MedIS) and users (for example, hospitals and medical practices) about possible malware attacks and suggests ways to protect against them. Possible attacks make use of exploitable MedIS vulnerabilities. The vulnerability of a MedIS depends on the kind of physical and logical access available to users and on the kind of software running on it. Vendors and users must cooperate to meet the challenge of safeguarding the security and privacy of data in healthcare. In this white paper, the Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC) 2 offers a list of recommendations for both vendors and users to make the MedIS they produce and operate more secure. • Assure system integrity • Employ defensive system design philosophies • Host virus checkers where appropriate • Respect the need for a proper configuration when offering virus checkers • Offer security-relevant updates and technical assistance • Respect regulatory and technological imperatives and restrictions Users should: • Use technical network defenses • Prepare policies, procedures, and user training • Restrict physical access whenever possible • Reduce logical interconnections to the minimum • Establish secure remote access for servicing • Keep close contact with the vendor • Implement the Defense in Depth philosophy 1 MedIS generally includes all information systems directly employed in delivering health care. Examples include, but are not limited to: HIS (hospital information system), RIS (radiology information system), PACS (picture archiving and communication systems), imaging modalities, radiation therapy systems, cardiology information systems, and patient monitoring systems. 2 NEMA is headquartered in the United States and is a trade association representing medical device and systems manufacturers, COCIR is the European, and JIRA is the Japanese trade association of such manufacturers.

The advancement of quantum computing poses a direct threat to classical cryptographic systems, necessitating the adoption of quantum-resistant encryption techniques to maintain data integrity, confidentiality, and trust in digital communications. This study presents a comprehensive evaluation of Quantum Key Distribution (QKD) protocols-specifically BB84, E91, and B92-alongside post-quantum cryptographic algorithms, including lattice-based, hash-based, and multivariate-quadratic systems. These techniques represent two complementary approaches: QKD leverages quantum mechanical principles for secure key exchange, while PQC reinforces classical cryptography against quantum threats using novel mathematical constructs. A comparative analysis is conducted focusing on security robustness, computational efficiency, and deployment scalability. Real-world constraints such as infrastructure limitations, key management complexity, and algorithmic overhead are also critically examined. The paper also investigates the standardization efforts led by NIST, ISO, and ETSI, highlighting current challenges to global adoption, including the lack of interoperability frameworks and varying readiness levels across industries. The findings underscore the need for hybrid cryptographic models that integrate classical and quantum-resistant mechanisms, offering a pragmatic path forward as quantum capabilities mature. Future directions include integrating quantum cryptography with cloud security, advancing homomorphic encryption, and developing quantum-safe blockchain technologies. These innovations are crucial for building resilient cybersecurity infrastructures capable of supporting next-generation applications such as secure edge computing, confidential AI model sharing, and tamper-proof digital ledgers. This research provides timely insights into the evolving cryptographic landscape and emphasizes the urgency of preparing for the quantum future through interdisciplinary collaboration and proactive technological adaptation.

In this research, the critical task of enhancing information security within a higher education institution is addressed through the implementation of a methodology grounded in the ISO/IEC 27001 and 27002 standards. The current context, characterized by increasing digitalization, underscores the urgent need to protect data and information against cyber threats. The research employs a quasi-experimental approach, combined with precise diagnostic tools, to identify initial vulnerabilities in information security. Subsequently, a strategic risk management plan is developed and implemented, tailored to the institution's needs and specificities. The outcomes are significant, demonstrating an increase in compliance with ISO standards, resulting in a substantial improvement in information security. This progress not only reflects the effectiveness of the adopted methodology but also highlights the importance of systematic and wellstructured risk management in the educational sector. This study not only provides a valuable framework for future initiatives in similar institutions but also encourages constructive dialogue on cybersecurity practices in the educational sector at an international level.

Modern information systems face persistent threats wherein adversaries often remain undetected for extended periods, with average breach costs exceeding USD 4.88 million and containment times surpassing 200 days across industries [1], [2]. Existing Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and Security Orchestration, Automation and Response (SOAR) solutions improve visibility yet exhibit weak linkage between detection and mitigation, prolonging dwell time. This paper presents the Detection-to-Action (D2A) Framework, a concept-based architecture that integrates hybrid detection-signatures for known threats and anomaly analysis for unknown behaviors-with tiered, default-safe mitigation playbooks and a continuous feedback loop. Evaluation in a simulated enterprise environment of 200 users and 20 servers demonstrated 92% detection accuracy, a 35% reduction in false positives, and containment time improvement from over 200 minutes to approximately 10 minutes. By bridging detection and response within existing infrastructures, D2A enables measurable reductions in dwell time and establishes a scalable, auditable path toward proactive cybersecurity operations [3], [4].

Many significant functionalities of vehicular ad hoc networks (VANETs) require that nodes have knowledge of the positions of other vehicles, and notably of those within communication range. However, adversarial nodes could provide false position information or disrupt the acquisition of such information. Thus, in VANETs, the discovery of neighbor positions should be performed in a secure manner. In spite of a multitude of security protocols in the literature, there is no secure discovery protocol for neighbors positions. We address this problem in our paper: we design a distributed protocol that relies solely on information exchange among one-hop neighbors, we analyze its security properties in presence of one or multiple (independent or colluding) adversaries, and we evaluate its performance in a VANET environment using realistic mobility traces. We show that our protocol can be highly effective in detecting falsified position information, while maintaining a low rate of false positive detections.

Many significant functionalities of vehicular ad hoc networks (VANETs) require that nodes have knowledge of the positions of other vehicles, and notably of those within communication range. However, adversarial nodes could provide false position information or disrupt the acquisition of such information. Thus, in VANETs, the discovery of neighbor positions should be performed in a secure manner. In spite of a multitude of security protocols in the literature, there is no secure discovery protocol for neighbors positions. We address this problem in our paper: we design a distributed protocol that relies solely on information exchange among one-hop neighbors, we analyze its security properties in presence of one or multiple (independent or colluding) adversaries, and we evaluate its performance in a VANET environment using realistic mobility traces. We show that our protocol can be highly effective in detecting falsified position information, while maintaining a low rate of false positive detections.

The advent of sufficiently powerful quantum computers poses an existential cryptographic threat to elliptic-curve-based public key infrastructure, upon which major blockchain networks depend for transaction security and identity.

This paper conducts a rigorous comparative analysis of quantum risk exposure for Bitcoin and Ethereum, examining the structural, governance, and economic dimensions of post-quantum cryptographic (PQC) transition for each protocol.

We analyze the mathematical incompatibility of leading NISTstandardized PQC signature schemes with current blockchain scalability constraints, with particular attention to signature size inflation (30-100× current schemes), the loss of algebraic linearity preventing signature aggregation, and the resulting implications for block space, fee markets, node economics, and validator infrastructure.

We subsequently contrast Ethereum's upgrade-oriented, stake-weighted governance model and its modular cryptographic architecture against Bitcoin's deliberately ossified, consensus-driven governance structure.

Our findings indicate that while Ethereum possesses the structural and institutional prerequisites for a credible, phased transition to post-quantum cryptography, Bitcoin's governance model and architectural constraints render such a transition highly contested and potentially irresolvable without chain fragmentation.

We conclude that Bitcoin's structural limitations, compounded by deep ideological fractures and the irreversible nature of PQC deployment, place it at significant risk of prolonged governance stagnation or chain split, undermining its position as a reliable store of value and 'digital gold' standard in the medium term.

The construction industry increasingly relies on complex IT ecosystems to coordinate project management, field operations, and compliance workflows. However, the volume of institutional knowledge scattered across emails, ticketing systems, and project databases often impedes rapid decision-making. This paper presents a practical implementation of an AI-powered knowledge assistant designed to streamline information retrieval, automate help-desk workflows, and enhance data-driven collaboration within a mid-size construction enterprise. Built using large-languagemodel (LLM) architecture and integrated with Microsoft 365, SharePoint, and VMware infrastructure data sources, the system demonstrates how generative AI can transform traditional IT operations into proactive, context-aware service delivery. Results show a 43% reduction in ticket-resolution time and 30% improvement in system-knowledge accessibility across departments. The project illustrates a scalable blueprint for introducing responsible AI automation in construction IT while maintaining cybersecurity, compliance, and user-trust requirements.

Jeg-forsker-i-USAs-milit%C3%A6re-interventioner-og-en-ting-ermeget-sl%C3%A5ende-Vestens-hykleri) Hypocrisy and Double Standards Deepen the Divide Between the West and the Global South Dr. Niels Hahn PhD in Development Studies, with focus on US Interventions Many European politicians have stated that in the West there is little knowledge and understanding of how the Global South views the world, and especially how it views the West. My primary research into US interventions in the Global South confirms that this is indeed true.