An analysis is made of the properties and conditions for the existence of 3-and 5isogenies of complete and quadratic supersingular Edwards curves. For the encapsulation of keys based on the SIDH algorithm, it is proposed to use isogeny of minimal odd degrees 3 and 5, which allows bypassing the problem of singular points of the 2 nd and 4 th orders, characteristic of 2isogenies. A review of the main properties of the classes of complete, quadratic, and twisted Edwards curves over a simple field is given. Equations for the isogeny of odd degrees are reduced to a form adapted to curves in the form of Weierstrass. To do this, use the modified law of addition of curve points in the generalized Edwards form, which preserves the horizontal symmetry of the curve return points. Examples of the calculation of 3-and 5-isogenies of complete Edwards supersingular curves over small simple fields are given, and the properties of the isogeny composition for their calculation with large-order kernels are discussed. Equations are obtained for upper complexity estimates for computing isogeny of odd degrees 3 and 5 in the classes of complete and quadratic Edwards curves in projective coordinates; algorithms are constructed for calculating 3-and 5-isogenies of Edwards curves with complexity 6M + 4S and 12M + 5S, respectively. The conditions for the existence of supersingular complete and quadratic Edwards curves of order 4·3 m ·5 n and 8·3 m ·5 n are found. Some parameters of the cryptosystem are determined when implementing the SIDH algorithm at the level of quantum security of 128 bits.
This article is devoted to the problem of readiness of students majoring in 125 Cybersecurity at Borys Hrinchenko Kyiv University to manage information security risks (IS) based on the decision-making theory. The interdisciplinary approach in education, namely, the integration of the disciplines "Risk Theory" and "Decision Theory", allowed to implement in the educational process the formation of practical skills of risk management of future cybersecurity professionals. Based on the achievements of didactics and psychological theories, the analysis of concepts in the field of interdisciplinary methodology is carried out and the relevance and significance of its introduction into the educational process of institution of higher education is substantiated. The peculiarities of the organization of the educational process of training bachelors of information and cyber security in the context of an interdisciplinary approach are described. The elements of the methodology of formation of practical skills of students to make managerial decisions in the conditions of risk on the basis of interdisciplinary principles are developed, theoretically presented and substantiated. It is proved that interdisciplinary exchange, integration of theoretical knowledge of disciplines contribute to new fundamental results, create preconditions for the development of practical skills, provide a holistic image of training future specialists in information and cyber security.
This article examines the problem of implementing active teaching methods for students majoring in 125 Cybersecurity. The study of qualitative analysis of information security risks (IS) is presented on the example of studying the discipline "Risk Theory", namely the use of SWOT-analysis tools for risk assessment in the field of IS of small and medium business. General relevance and possibilities of using SWOT-analysis in the field of IS risk to study the internal environment of the organization, its strengths and weaknesses with the definition of enterprise strategies in the external environment: confronting threats to secure information (confidentiality, availability and integrity), and other its development. Based on scientific sources, the main research of the definition is analyzed: IS risks, risk analysis and their quality assessment. The content and procedure of SWOT-analysis are described. Using forms of group work and active methods (trainings) in the educational process, the basic factors for SWOT-analysis of the virtual organization "Internet Provider" were created, methodical expert assessments were conducted to identify the primary features of these factors, the analysis of the results was obtained.It is proved that the introduction of this technology in the educational process promotes the development of theoretical knowledge and the formation and development of practical skills of future specialists in information and cyber security
This study focuses on the protection of information resources on the basis of risk-oriented approach for small and medium-sized businesses with an emphasis on risk assessment of information security (IS). The analysis of scientific sources allowed to characterize the essence of the risk-oriented approach and to formulate the main provisions for creating a model of information protection based on this technology. The content line of the model focuses on conducting qualitative and quantitative IS risk assessment, namely, SWOT-analysis, statistical method, expert assessment method and Monte Carlo method. The step-by-step procedure of carrying out the stages of analysis and implementation of these methods for IS risk assessment is described. In order to obtain a comprehensive map of IS risks at the initial stage, it is proposed to conduct a SWOT analysis, in particular to identify business weaknesses and external and internal threats. Use a statistical method to quantify IS risk if there are sufficient analytical reports. Otherwise, implement the method of expert assessments. The final step is to generate a script using the Monte Carlo method. To effectively describe the context of each information resource, use the technology of forming multiple pairs "threat - vulnerability". The relevance and possibilities of using this model as a methodology of information for small and medium businesses are substantiated.
The constant development of information technologies, the growing role at the present stage of human potential create new internal threats to the information security of enterprises. The article investigates and analyzes the problems of information security associated with internal violators of companies and their insider activity. Economic reports and analytical materials allowed to determine the relevance and importance of this work. Based on scientific literature, a review of various approaches to the definition of "insider" and "insider information" was carried out. The main key indicators of the insider and signs of insider information are described. The classification of data sources for the study of insider threats is presented, among which real data of the system journal and data from social networks are allocated; analytical information with synthetic anomalies; simulated data due to the formation of stochastic models; theoretical and gaming approach. Insider threat detection algorithms are described depending on intentions, behavior, capabilities of insiders, how resources are used, as well as models involving several algorithms. The normative issues of protection of insider information from unauthorized disclosure and legal responsibility for illegal use of insider information in Ukrainian legislation are covered.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.