Main topic: Paradigms of information technology and security.
Interview with Ross Anderson and Marcus J. Ranum
Many experts in the security area took part in this year’s version of the IS2 Conference. Two of them gave an interview to DSM editor-in-chief Jaroslav Dočkal: Ross Anderson is Professor of Security Engineering at the University of Cambridge Computer Laboratory. He was one of the pioneers of peertopeer systems, micropayments, information hiding systems, API attacks on cryptographic processors and of the study of hardware tamper-resistance. He is also one of the founders of the field of security economics, which has thrown light on many problems that used to be thought intractable. Marcus J. Ranum is a world-renowned expert on security system design and implementation. He works as the Chief Security Officer of Tenable Security, Inc. Since the late 1980‘s he has designed a number of groundbreaking security products.
Cloud Computing – Part I
This paper introduces the reader to the basics of the new technology and seeks to eliminate myths that are spread about it. It clarifies the cloud computing context with upcoming modern technologies that SOA and grid are. The paper gives advice when switch to cloud computing and notes the current problems that still remain to be solved.
Security in Wireless Sensor Networks
This is a review and analysis of the basic properties of wireless sensor networks with a focus on the specifics of protocols for key establishment in environments with restricted computational power, available memory and amount of energy. Selected approaches that precede future trends in security protocol design in decentralized and autonomous environments with wireless communication are discussed.
Biometrics and Key Material Generation
Shkodran Gerguri, Václav Matyáš, Zdeněk Říha, Luděk Smolík
The article provides a description of a novel method for random sequence generation using fingerprints. We then analyze the proposed method from the security and information entropy standpoints, and show results of some experiments. We also provide a comparative overview of some methods in alternative biometric applications.
Information Security: Two Subjects – Two Perspectives
Josef Mařas, Tomáš Kubínek
A dialog between the assessor and the consultant and their differing perspectives on the theme of issues regarding information security management systems (ISMS) implementation and certification. Their presentation should lead to better mutual understanding between the players inside the ISMS triangle – client, consultant and assessor.
BCM Survey of the Slovak Banking Sector
Július Šiška, Pavol Adamec
This article presents the results of the first survey on the maturity of Business Continuity Management in the Slovak banking sector. This survey presents the status as of the end of 2008 when it was conducted. The results can be used by individual banks to compare their BCM maturity against competitors’ as well as to provide a basis for making decisions on further initiatives in developing their BCM.
Experience from the Evaluation of DNSSEC
Because DNS does not offer any form of security, it is vulnerable to spoofing, man-in-the-middle and cache poisoning attacks. The solution is Domain Name System Security Extensions (DNSSEC) - a suite of extensions that add security to the DNS protocol; this suite is already used in the operational environment. The paper shows a practical experiment in the Microsoft Windows environment using open-source BIND 9.6.1 software.
Small SSL/TLS Test
This paper describes the results of the test that uses SSL/ TLS for communication with chosen web pages and oriented toward used keys and server certificates.