https://its.iszzi.kpi.ua/issue/feedCollection "Information Technology and Security"2024-06-27T00:00:00+03:00Vasyl Tsurkan,its@iszzi.kpi.uaOpen Journal Systems<p align="JUSTIFY"><strong>“</strong><strong><img src="https://its.iszzi.kpi.ua/public/site/images/v_v_tsurkan/homepage5.png" alt="" align="left" hspace="10" vspace="6" />Information Technology and Security</strong><strong>”</strong> – scientific publication of the <a href="http://iszzi.kpi.ua/en/" target="_blank" rel="noopener">Institute of special communication and information protection of National technical university of Ukraine «Igor Sikorsky Kyiv polytechnic institute»</a> for the publication of basic scientific results of dissertations and scientific papers by candidates scientific degrees and academic titles, also as higher education in the educational qualification of Master degree. After one year pause resumed in 2015.</p> <p><strong>Media identifier:</strong> R30-04560.</p> <p><strong>Foundation year:</strong> 2012.</p> <p><strong>P-ISSN:</strong> 2411-1031.<br /><br /><strong>E-ISSN:</strong> <span lang="EN-US">2518-1033</span>. </p> <p><strong>Publication type: </strong>collection of research papers<strong>.</strong></p> <p><strong>Status:</strong> Ukrainian.</p> <p><strong>Languages:</strong> Ukrainian, English (multi) languages.</p> <p><strong>Frequency:</strong> semianual.</p> <p><strong>Sphere of distribution:</strong> nation-wide and international .</p> <p><strong>Branch of science:</strong> engineering.</p> <p align="justify"><strong>Publication category:</strong> B.</p> <p align="JUSTIFY"><strong>Categories of readers:</strong> scientific, pedagogical and engineering and technical staff , graduate students, doctoral students , students and kadets.</p> <p align="JUSTIFY"><strong>Thematic focus:</strong> publication of original and review papers on the major problems of modern information technology, information security, information warfare, countering the use of social engineering, cyber security, the security of critical infrastructure, mathematical and computer modeling, the protection of information in telecommunication systems and networks (including on the protection of personal data), information security management and security risk information.</p> <p align="JUSTIFY"><strong>Indexed in: </strong>Index Copernicus Journals Master List, Bielefeld Academic Search Engine, Directory of Research Journals Indexing, WorldCat, Google Scholar, Elektronische Zeitschriftenbibliothek, Zeitschriften Datenbank, Bibliothek der Brandenburgische Technische Universität Cottbus-Senftenberg, Bibliothek der Europa-Universität Viadrina.</p> <p align="JUSTIFY"> </p>https://its.iszzi.kpi.ua/article/view/306276Training of specialists as one of the aspects of resilience of critical infrastructure2024-06-16T15:20:57+03:00Bohdan Nikolaienkonikolaienko_iszzi@ukr.netAndrii Misiuraa.misiura.cip@gmail.comAnton Storchakstorchakanton@gmail.comPavlo Dimitrovstrenia@ukr.net<p>One of the directions of state policy in the field of ensuring national security is the development of a multi-level effective national security and resilience system for critical infrastructure. A key factor in any system, whether in the field of national security or in other spheres, is human capital, its ability to analyze risks and threats, identify vulnerabilities, master new<br />technologies, and find innovative solutions to address modern challenges. Thus, an important aspect becomes the training of qualified professionals who possess systemic knowledge and skills. The need to provide systemic knowledge to specialists and managers directly addressing the tasks of ensuring the protection and resilience of critical infrastructure has been established. The current state of the training system for specialists in the field of critical infrastructure protection in Ukraine has been identified, and the main forms of organizing training and personnel preparation in this area have been analyzed. Tasks have been established based on an analysis of existing professions and labor market demand to determine a set of professions that are expedient to involve in ensuring the security and resilience of critical infrastructure. An analysis of the training and qualification enhancement of specialists in the field of critical infrastructure protection and resilience has shown the necessity and possibility of creating a national education and training system on critical infrastructure protection and resilience in Ukraine. Professions and labor market demand have been analyzed, and a set of professions expedient to involve in ensuring the security and resilience of critical infrastructure has been determined. After their final approval, these professions could include: the head of a structural unit responsible for the protection and resilience of critical infrastructure and a specialist in the protection and resilience of critical infrastructure. Developed or updated professional standards in the field of critical infrastructure protection and resilience will serve as a basis for adapting educational programs of higher education institutions according to the labor market demand.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306274Randomized algorithms in systems without coordination and centralization2024-06-16T15:07:49+03:00Oksana Kubaychuko.kubaychuk@gmail.comDenis Saidenissaj@gmail.com<p>Evaluating the complexity of algorithms based only on the possibility of the worst possible variant of the input data is often not justified. The development of algorithms that would predictably work quickly on all possible inputs is of practical importance. If for the problem there is a reasonable opportunity to model the distributions of input values, then you can use probabilistic analysis as a method of developing effective algorithms. When the information about the distribution of input values is not enough for their numerical modeling, algorithms are developed by giving a part of the algorithm itself a random character - randomized algorithms. The use of randomization ensures the operation of the algorithm with minimal needs to store internal states and events in the past, and the algorithms themselves look compact. The paper studies problems for which there are relatively effective deterministic algorithms for solving. But, as will be shown, the construction of appropriate randomized algorithms leads to effective and efficient parallel computing schemes with linear complexity on average. The advantages of randomization are especially evident in the case of large computer systems and communication networks that function without coordination and centralization. Examples of such distributed systems are, in particular, networks of currently popular cryptocurrencies. The use of randomized heuristics allows the system to adapt to changing operating conditions and minimizes the likelihood of conflicts between processes. The paper shows the advantages of using a randomized algorithm over deterministic algorithms for the problem of routing in a network with a hypercube topology. A theorem on estimating the expected number of steps required by Valiant's randomized algorithm to deliver all messages to an address is proved. The expected linear complexity of Valiant's algorithm is a direct consequence of the proven theorem.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306259Directions for strengthening the protection of software processing state electronic information resources and used at critical infrastructure facilities2024-06-15T16:45:51+03:00Olha Shevchukolia13511@gmail.comArtem Zhylinzhylinartem@gmail.comArtem Mykytiukmukuta8888@gmail.comAnatolii Minochkinminanatol@gmail.com<p>In the modern world, where more and more aspects of our lives become dependent on computer systems and networks, cybersecurity becomes increasingly critical. One of the key elements of cybersecurity is protecting the software used in these systems. Software can contain vulnerabilities that attackers can exploit to gain unauthorized access to systems, data, and resources. These vulnerabilities may arise from coding errors, improper configurations, or inadequate software updates. Attackers continuously refine their methods and tactics not only to exploit software vulnerabilities but also to influence their emergence by targeting the supply chain. This makes software cybersecurity an increasingly complex challenge. This article addresses the pressing issue of cybersecurity in the context of the proliferation of cyberattacks on software, including supply chain attacks. Examples of known cyberattacks targeting the supply chain are provided. The shortcomings in the existing system of standards and rules for secure software development are highlighted, as well as the lack of security requirements and vulnerability management. A comprehensive approach to ensuring software security is proposed, which includes the development of appropriate requirements, standards, and control mechanisms.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306260Automate the verification of session cookie attributes2024-06-15T16:54:14+03:00Anastasiia Tolkachovatolkachova.nastia@gmail.comDanyil Zhuravchakdanyil.y.zhuravchak@lpnu.ua<p>In this research, we focus on a critical web security topic, namely the security of session cookies, which play a key role in the functioning of modern web applications. As a standard mechanism for storing data on the client side, cookies are crucial for authentication, authorization and maintaining the state of a user's session. However, despite their necessity and convenience, cookies can also pose serious security risks. Our research focuses on the analysis and automation of cookie attribute verification, which is critical to ensuring protection against various web attacks. Identifying and eliminating weaknesses in cookie attributes can significantly reduce the risk of malicious attacks such as session hijacking, cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. We take an in-depth look at modern methods and tools for securing cookies, including implementing strict policies on cookie attributes such as Secure, HttpOnly, and SameSite. These attributes help to restrict access to cookies from unauthorized use via client-side scripts and provide additional protection against cross-site attacks. In addition, we consider the importance of updating the cookie standard, RFC6265bis, which offers improved security mechanisms, including the SameSite attribute, which allows controlling the sending of cookies during cross-requests, thereby reducing the risk of CSRF attacks. Our research also includes an analysis of potential threats and vulnerabilities associated with the misuse or misconfiguration of cookies, as well as a discussion of strategies to minimize these risks. We demonstrate how detailed automated verification of cookie attributes can significantly improve the security of web applications. The results of the study point to the need to constantly monitor and evaluate the protection of session cookies, as well as the importance of implementing security best practices and standards to ensure the reliability and security of web applications.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306256Filter generators with variable transition functions over finite fields of characteristic 22024-06-15T16:33:21+03:00Alexandra Matiykoalexm1710@ukr.netAnton Alekseychukalex-dtn@ukr.net<p>Filter generators are a traditional basis for creating synchronous stream ciphers. They are built with the help of linear shift registers (usually over a field of two elements) and nonlinear complexity functions, which are subject to a number of requirements in terms of the generators security against known attacks. Intensive researches of filter generators during the last decades show that meeting these requirements without degrading the performance of the generators is a very difficult task. Despite a large number of publications devoted to the construction of complexity functions with known “good cryptographic properties”, the usage of such functions in practice often becomes unacceptable due to the bulkiness of their constructions, which slows down the functioning of the corresponding generators, especially during software implementation. The way to overcome the noted difficulties by using an additional secret parameter that determines the appearance of the generator transitions’ function is proposed. Such a modification makes it possible to increase the security of generator (compared to traditional filter generators) against known attacks without increasing the length of its initial state. In particular, a specific version of a generator construction with a complexity function, which is determined with the help of substitutions used in the “Kalyna” encryption scheme, is considered. A lower estimate of the output sequences periods of the proposed generators was obtained. A research of their security to known attacks, in particular, Babbage-Golic balancing attack; an attack associated with a small number of terms in the polynomial representation of the complexity function (which negatively affects the value of the equivalent linear complexity of the output sequences of the generator); a natural correlation attack associated with the specifics of the proposed generator construction scheme; algebraic attacks of the Courtois-Mayer type were also conducted. At the end of the article, it is indicated how to choose the components of the proposed generators to ensure their security at a predetermined level.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306258Search for high-probability differential characteristics of the lightweight block cipher algorithm present with non-standard substitution blocks2024-06-15T16:39:33+03:00Valerii Zakusilozak.valera@gmail.comNataliia Kuchynskan.kuchinska@gmail.comSerhii Koniushok3tooth@gmail.com<p>The development of the Internet of Things and the associated devices has made it necessary to establish and implement encryption standards to ensure secure data transmission. These standards need to be comply with fundamental encryption principles and cater to devices with limited computational resources. As a result, lightweight cryptography has emerged as a distinct field within cryptography. The PRESENT block cipher algorithm is a lightweight encryption algorithm designed for deployment in resource-constrained devices. It requires comprehensive and ongoing vulnerability analysis against both known and novel cryptanalysis methods. This work extensively investigates the PRESENT block cipher algorithm, examining its components, operational principles, and key scheduling algorithm. This study analyses existing research on the algorithm with regards to contemporary cryptanalysis methods. Differential cryptanalysis was selected as the method of choice. The requirements for constructing S-boxes, as set forth by the algorithm developers, are reviewed. Two alternative S-boxes are formulated and presented based on these requirements. The paper presents a methodology for identifying high-probability differential characteristics for the PRESENT algorithm, using a substitute substitution block that differs from the one proposed by the developers. The research reports on the encryption algorithm PRESENT, using alternative substitution blocks, and evaluates its resistance to differential cryptanalysis. The text presents the results of applying the methodology for searching differential characteristics to the substituted blocks in the PRESENT algorithm. A comparative analysis is made between the results obtained through the differential characteristic search methodology for the PRESENT algorithm with alternative substitution blocks and the known results for this algorithm.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306254Synthesis of the model of management of complex dynamic objects taking into account the events of their security2024-06-15T16:14:10+03:00Ivan Samborskyii.і.samborskyi@gmail.comIevgen Samborskyiseinauedu@gmail.comVladyslav Holvlad-gol@ukr.netYevhen Peleshokpel85@ukr.netSerhii Sholokhovkit.docent71@gmail.com<p>The rapid development of complex, decentralized, non-linear technical structures - robotic means urgently requires the creation of an optimal algorithmic support for an automatic situational control system of such dynamic objects, taking into account the possibility of increasing the safety of their operation. This will be a guarantee, and as a result, a significant increase in the efficiency and quality of the tasks assigned by the specified technical structures. For the practical implementation of this task, it is advisable to comprehensively consider the nonlinear model of the processes of changing the state of a complex dynamic object. It is advisable to take into account the possibility of operational automatic compensation of dangerous incidents. Such a model will become the basis for the synthesis of nonlinear synergistic situational laws of management of these structures. The difference of the proposed approach is the consideration of the influence of intensive variations of incident flows in the state management laws of nonlinear dynamic objects. Emphasis on promising areas of research, namely: the application of the obtained results to justify the requirements for the design characteristics of control systems and their algorithmic support from the point of view not only of increasing their safety of operation, but also of ensuring the specified performance indicators of a wide range of possible tasks. One of these tasks is the provision of departmental communication (for the collection, processing, storage, protection of information and its operational transmission) in the case of the use of dynamic objects as mobile aerial platforms (unmanned aerial systems (UAVs)) for the placement of special electronic communications devices.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306255The rapid generation of E-learning tools under resource constraints approach2024-06-15T16:22:18+03:00Viacheslav Riabtsevviacheslav.riabtsev@gmail.comPavlo Pavlenkoplamatag@gmail.com<p>Enhancing the efficiency of Ukraine's security and defense sector is one of the key prerequisites for maintaining state sovereignty and achieving victory in the war. This is particularly relevant to the training and education system for specialists of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP). The active phase of Russia's war against Ukraine has significantly exacerbated the contradiction between the necessity to improve the efficiency of this system on one hand and the stringent requirement to economize resources (financial, human, and temporal) on the other. Resolving this contradiction is feasible through the intensive implementation of various e-learning tools and technologies, along with associated pedagogical methodologies. One of the factors limiting the effectiveness of e-learning is the complexity of the traditional process of creating these tools. The negative impact of this factor can be mitigated by developing approaches for the rapid generation of e-learning tools. Thus, there is a need to develop an integrated approach that enables the quick creation of educational content and e-learning tools through the use of innovative technologies. Such tools should save time and enhance the efficiency of learning material assimilation. The primary requirements for this approach include the rational use of limited resources and the adaptability of outcomes to the needs of each specialist. The article proposes an integrated approach to the rapid generation of e-learning tools for studying hardware and software devices and systems. This approach includes the following stages: developing a paper version of the learning material, which is the foundation for further enhancements; supplementing the paper version with an eBook based on H5P, which ensures interactivity and flexibility in learning; introducing a simulator module that allows for the emulation of device operation, stimulates student engagement, and deepens understanding of the material; adding an augmented reality module that visualizes complex concepts and provides opportunities for practical knowledge application. The implementation of the integrated approach to the rapid generation of e-learning tools is demonstrated using the educational module "Fortinet FG-60E Firewall." This module exemplifies how the integrated approach can be applied to prepare specialists in Ukraine's security and defense sector under wartime conditions. Survey results from participants who utilized the developed integrated learning approach indicate its high effectiveness.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306277Analysis of methods of data flow management in mobile radio communication means2024-06-16T15:29:09+03:00Serhii Salnyks.sergey@i.ua<p>The article analyzes the existing methods of managing data flows in mobile radio communications. During the analysis, the peculiarities of the functioning and construction of these networks were considered. It has been established that such networks have features different from other networks, such as mobility, dynamic topology, independent organization, use of mobile means of communication, lack of fixed data transmission routes, etc. The task of providing routing in mobile radio communication devices, mobile radio networks, and the types of routing in communication networks are considered. The conditions for the implementation of the routing task and the features that characterize the routing process have been established. The levels of the OSI open systems model and the most well-known protocols that work at these levels and are used in data flow management are considered. Data flow management methods are classified by type and a list of requirements for the process of data flow transmission in mobile radio networks is defined, taking into account the peculiarities of the functioning of mobile radio communication means, which must be taken into account when building a mobile radio network management system. It has been established that at the current stage of information technology development, data flow management methods are mostly adapted for use in computer, wired or fixed networks and do not take into account the conditions of use in mobile radio communication devices. It has been established that the construction and operation of an effective data flow control subsystem in the control systems of mobile radio networks and mobile radio communication means requires the use of the latest technologies and modern approaches in the development of data flow control methods and methods that will ensure the functioning of the corresponding data flow control subsystem. When choosing protocols, methods, methods of managing data flows, it is proposed to focus on adaptation, modification of approaches or their combined use based on the target function, taking into account the peculiarities of the functioning of mobile radio networks and mobile radio communication means.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306278Development of parabolic antenna irradiator for tropospheric communication station2024-06-16T15:32:23+03:00Yurii Hichkogichko@gmail.comYuriy Golovinyrgol59@gmail.comSerhii Mazormazorsk@gmail.comTetyana Khranovskatanyakhranovskaya@gmail.com<p>The currently existing tropospheric stations, due to high energy consumption and limited signal formation capabilities, and radio relay stations, also due to limited communication range, require new technological solutions. One such solution proposed is the creation of a tropospheric-radio relay station with completely redesigned radio equipment. The Institute of Special Communications and Information Protection, in collaboration with a research institute, developed a scheme for such a station, which was tested in field trials on a real tropospheric radio line with a length of 155 km. Our specialists were involved in the development of two antenna devices. A detailed analysis of the current state of tropospheric communication station development in the world was conducted, and the possibilities of modernizing existing stations, such as the R-423-M, were considered. Based on the results of the analysis, it was proposed not to conduct modernization, but rather to develop a new generation of tropospheric communication stations. According to the accepted station construction concept, its transmitting and receiving parts were developed as two separate units (external and internal). The external unit for conducting field trials was located on the antenna, allowing for the maximum reduction of signal losses in the antenna-feeder paths. The components of the internal units were housed in the closed body of a vehicle. This provided additional convenience for the operator and reduced the requirements for climatic conditions. The antenna block of the transmitter includes a power divider, a power amplifier block (eight power amplifiers of 10 W each), a two-mirror parabolic antenna with a hyperboloid small mirror, and an eight-element horn feed that can be powered in such a way that the output wave will be either linear or circular polarization.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306279Algorithm for measuring parameters of radio link of an unmanned aircraft in fpv mode of the centimeter frequency range2024-06-16T15:37:07+03:00Oleksandr Saliyos.telcom2024@gmail.comSerhii Vasylenkovasylenko.phd@gmail.comYaroslav Zinchenko wmed75@ukr.netOleksii Khakhliukkhakhlyuk@gmail.com<p>The mass use of unmanned aerial vehicles (UAVs) in the mode of remote control "from the first person" (First Person View, FPV) in combat operations radically changes the picture of modern war. Their use makes it possible to damage or destroy enemy equipment, the cost of which is hundreds of times higher than the cost of UAVs. To successfully perform the UAV flight mission in FPV mode, it is necessary to ensure stable radio communication of the UAV with the ground control station (GSC). In the work to organize a radio line between the GSC and the UAV, it is proposed to use radio lines of the centimeter frequency range. At the same time, at the stage of flight mission planning, the UAV operator needs to have information about the parameters of the receiving and transmitting devices of the unmanned aerial vehicle complex (UAVС) in order to calculate the maximum flight range. The purpose of the work is to develop an algorithm for measuring parameters of the radio link of an unmanned aerial vehicle in the FPV mode of the centimeter frequency range. The use of this information will allow the UAVC operator to create a flight map and prepare for a combat mission. The material presented in the article contains practical value for UAV operators and can be used in the organization and planning of the flight mission of multi-rotor UAVs of the tactical level at a given distance. Also, the material can be used by UAV service units for the purpose of checking the technical parameters of the radio link between the UAV and GSC and the optical systems installed on board the UAV (video cameras, thermal imaging cameras, etc.).</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"https://its.iszzi.kpi.ua/article/view/306275Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set2024-06-16T15:17:24+03:00Volodymyr Onishchenkov.o.onishchenko@ukr.netOleksandr Puchkoviszzi@iszzi.kpi.uaIhor Subachigor_subach@ukr.net<p>Automated rule generation for cyber incident identification in information management and security event systems (SIEM, SYSTEM, etc.) plays a crucial role in modern cyberspace defense, where data volumes are exponentially increasing, and the complexity and speed of cyber-attacks are constantly rising. This article explores approaches and methods for automating the process of cyber incident identification rule generation to reduce the need for manual work and ensure flexibility in adapting to changes in threat models. The research highlights the need for utilizing modern techniques of Intelligent Data Analysis (IDA) to process large volumes of data and formulate behavior rules for systems and activities in information systems. The conclusion emphasizes the necessity of integrating multiple research directions, including analyzing existing methods and applying IDA algorithms to search for associative rules from large datasets. Key challenges addressed include the complexity of data modeling, the need to adapt to changes in data from dynamic cyber attack landscapes, and the speed of rule generation algorithms for their identification. The issue of the "dimensionality curse" and the identification of cybersecurity event sequences over time, particularly relevant to SIEM, are discussed. The research objective is defined as the analysis and evaluation of various mathematical methods for automated associative rule generation to identify cyber incidents in SIEM. The most effective strategies for enhancing the efficiency of associative rule generation and their adaptation to the dynamic change of the cybersecurity system state are identified to strengthen the protection of information infrastructure.</p>2024-06-27T00:00:00+03:00Copyright (c) 2024 Collection "Information Technology and Security"