Volume 7, Issue 2

Volume 7, Issue 2 Editorial

Stylized Image of the Word Editorial

SEPTEMBER 2008

William Sousan and his colleagues from the KEWI Research Group at the University of Nebraska investigate open source intelligence using a tailored information delivery service system, whilst Andy Luse, Anthony Townsend and Kevin Scheibe from Iowa State University present a new method for secure message transmission. In addition, we have three papers from authors who presented at the 7th European Conference on Information Warfare in Plymouth, UK, in June of this year. The first of these papers by Andrea Cullen and Ian Mann presents an interesting industry/academic perspective on balancing a layered approached in security to counteract social engineering. Linda Finch and Richard Vaughan from General Dynamics UK Limited then propose an engineering ‘fit for purpose’ security system which seeks to create flexibility in adapting to changing resource and information sharing requirements in the military. Lastly, Chris Flaherty argues that information deception is a core component of three dimensional tactics, which seeks to develop spherical security protection, particularly in the context of terrorist attacks.

Collecting Open Source Intelligence via Tailored Information Delivery Systems

ABSTRACT

The Internet offers a plethora of freely available information for possible use in Open Source Intelligence (OSINT) operations.  However, along with this information come challenges in finding relevant information and overcoming information overload.  This paper presents the results of an ongoing research in a Tailored Information Delivery Services (TIDS) system that aids users in retrieving relevant information through various open intelligence sources.  The TIDS provides a semantics-based query constructor that operates in a “What You Get is What You Need (WYGIWYNTM)” fashion and builds ontology based information tagging, theme extractor, and contextual model.

Software Implementation using Hardware-Based Verification for Secure Content Delivery

ABSTRACT

This paper presents a novel method for secure message transmission – the Software Implementation using Hardware-Based Verification for Secure Content Delivery (SIHBVSCD) method.  This method incorporates a two-tier security protocol which allows messages to be verified at both the user level (coming from a particular user) and hardware level (originating from a particular machine) providing protection from espionage and/or clandestine manipulation of information.  SIHBVSCD securely sets up a one-time symmetric key used for transmission, offering advantages over both the high theft/loss likelihood of smartcards and the inability of hardware-based verification for machines that do not contain hardware capable of remote attestation.

Hacking the Human: Countering the Socially Engineered Attack

ABSTRACT

The security model developed here suggests that a focus on systemic changes to an organisation’s processes can produce improved security.  This model of security is novel in that it is designed to ease reliance on the human within the system, therefore reducing the likelihood and impact of social engineering attacks. It highlights the layer of human protection and the systemic protection that can be placed around information. This layered approach to security is original in that it is applied in a social engineering context. The model is then used to map the attacks and their respective countermeasures. 

Towards Fit for Purpose Security in Military Systems

ABSTRACT

In security critical communities such as the military, system design is underpinned by the separation and sharing of resources based upon protective markings, user clearance and a ‘need to know’ policy.  However, this approach can impede the ability to respond to changing resource and information sharing requirements. To address the problem, this paper proposes ‘fit for purpose’ security which seeks to balance flexibility against high assurance through the Non-Persistent Capability Concept (NPC2). The NPC2 is applied in the design, development and implementation of adaptable security. This paper focuses on the NPC2 architecture and presents some preliminary findings from a small-scale prototype based on the proposed framework. The work has application in markets other than the military and should be of interest to system and security architects and decision makers alike.

3D Tactics and Information Deception

ABSTRACT

Information deception is a core component of three dimensional tactics (3D tactics). 3D tactics is a relatively new concept which seeks to develop spherical security, or ‘look-around’ tactical thinking in three dimensions. However, the connection between information deception and 3D tactics is not well understood. In both the 2005 London Underground attacks, and the 2007 Haymarket attempted attack factors such as information deception played a key operational frame of reference in the development of the attack methodology.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com