Saturday, January 18, 2020

SSA Integrate by Arindam Bhadra

SSA Integrate by Arindam Bhadra

Security Safety Automation Integration is indicate SSA Integrate. Main key person of SSA Integrate is Mr. Arindam Bhadra. Mr. Arindam has 14 years of experience in Electronic Security Safety & Automation. Managing different type of Customers when he work in G4S, Siemens, Gunnebo, Diebold. As you know my article publish by “safe secure magazine” every month.
We offer technology that best suits your needs. Our open architecture facilitates integration with multi-vendor subsystems. You have the freedom to choose working arrangements and get maximum value from your investment. This reduces life cycle and operating costs. We observe customer suffer to get after sales service from installer due to once payment has cleared integrator neither looking back nor provide warranty service. We dedicated for Services like, Rectification, Commissioning, AMCs, Security Consultancy, Training, Audit....etc. SSA Integrate is Partnership Company. MSME Registered.
Below we share details about Mr. Arindam Bhadra or SSA Integrate.


















































I have very good experience in Project Design, Commissioning & rectification of

  •     CCTV Surveillance,
  •     Fire Detection & Alarm System - FDA,
  •     Access Control System / Attendance System,
  •     Public Address System - PAS,
  •     Intrusion Alarm System,
  •     Entrance Control ( Boom barrier, Flap barrier, Tripod turnstile, Bollard, Tyre Killer..etc),
  •     Building Management System - BMS / BAS
  •     System Integration
Our Head Office based on Kolkata, We deliver service support from Kolkata to other place.

We now look forward for receiving your valued enquiries and your kind support towards me or my organization and hope to establish a healthy business relationship with you.

Wednesday, January 1, 2020

Security Industry Predictions for 2020

Security Industry Predictions for 2020

Wishing you a very Happy New Year.

Some trends observed by the security and surveillance sector are Artificial Intelligence, Cloud Computing, Cybersecurity, Sensor, integration.


According to annual reports from the Ministry of Electronics and Information Technology. In 2016-17, while the reported incidents stood at 35,418, in 2017-18 there were 69,539 incidents, rising to 274,465 in 2018-19. India reported slightly more than 313,000 cybersecurity incidents in the ten months to October.  The country is plagued with weak e-infrastructure and is not capable of meeting the needs of a growing economy and its population. Corporate growth and investments can be hampered if the government fails to close the e-infrastructure deficit. E-Infrastructure. E-Infrastructure comprises tools, facilities and resources that are needed for advanced collaboration and includes the integration of various technologies such as the Internet, computing power, bandwidth provisioning, data storage etc.
Some trends observed in the security and surveillance sector are Artificial Intelligence, Cloud Computing, Cybersecurity and integration. Intellectual property (IP)-based surveillance technology, touted as the future of surveillance systems, has replaced closed-circuit analogue systems. Some trends like sensors, biometrics, real-time connectivity, advanced processing software and analytics have also propelled the industry growth. Some of these trends have enhanced the efficacy of security systems, whereas others have the potential of having adverse impacts.

Common prediction themes across vendors include the 2020 elections in the U.S., more targeted ransomware, more ways to attack the cloud, and an explosion of problems with deepfake technology.

Cybersecurity
There’s disagreement on the most important cyber threats to focus on as we head into 2020, even though everyone agrees that cybersecurity is more important than ever before. Cyber-attacks of all kinds have become, and will continue to be, a major threat, making this one of the most important initiatives that today’s businesses embrace. From a manufacturer’s perspective, building cybersecurity into the product from its inception is critical, with integrators beginning to demand this level of consideration from the products they sell. As a result of a rise in the convergence of IT applications alongside security investments, end users are now seeking out solutions designed with data security top-of-mind. As HikVision, Dahua named Chinese product already ban in various sector globally including under umbrella brand. All network connected devices such as DVRs/NVRs, servers, IP cameras, access controllers, intrusion alarms, smart sensors, are vulnerable, which is why this added step in developing cybersecurity protocols and applying them across the organization is critical.

Internet of Things (IoT)
The Internet of Things (IoT) has been a major trend for the past few years in many industries, and this will continue as we integrate sensors of all kinds into the network. The collection and analysis of the data collected by these sensors is giving rise to a plethora of applications such as industrial applications, intelligent building management, event management, and much more. The physical security industry benefits by having additional intelligence for situational awareness and emergency management, as well as opportunities to provide additional value-added services and business insights. Being deployed in an increasing number of scenarios and with continued improvements in computing capabilities, video has the opportunity to become the eye of IoT.

AI-Enabled Devices
For 2020, AI does show up again in a number of new ways — with several specific warnings for those who fail to use AI to counter bad actors who will be using it. Software manufacturers are looking toward artificial intelligence to help propel advanced analytics in an effort to deliver more situational awareness to operators, and an increased ability to proactively assess threats or anomalies. While video and data analytic capabilities have been around for quite some time, some would argue they were rudimentary in comparison to software that uses AI to make existing applications such as facial recognition much more accurate, and to create new ways to detect anomalies. In addition, AI continues to be used to make sense of the large amounts of data that are being generated by intelligent sensors and by analyzing the growing amount of video.
Businesses and other organisations could face multimillion-pound fines if they are unable to explain decisions made by artificial intelligence, under plans put forward by the UK’s data watchdog in Nov 2019. The Information Commissioner’s Office (ICO) said its new guidance was vital because the UK is at a tipping point. where many firms are using AI to inform decisions for the first time. This could include human resources departments using machine learning to shortlist job applicants based on analysis of their CVs. The regulator says it is the first in the world to put forward rules on explaining choices taken by AI.

Are we still talking about robots as a threat to jobs? According to Google Trends data, automation remains a controversial topic. “Are robots taking over jobs” is peaking at a similar search volume as ten years ago — but a new concept is changing the role of automation in the workplace.  Augmented intelligence is one of the few technologies named on the Gartner Hype Cycle for Emerging Technologies, 2019 that are predicted to reach expectations, over the next two-to-five years. In contrast to artificial intelligence (AI), augmented intelligence emphasises collaborations between AI and human workers. It’s designed to enhance human skills and allow them to work faster and more efficiently, rather than replace them.
In contrast to artificial intelligence (AI), augmented intelligence emphasises collaborations between AI and human workers. It’s designed to enhance human skills and allow them to work faster and more efficiently, rather than replace them. That said, while advanced AI can fix some issues automatically, the process is not always devoid of human intervention. Other issues, such as emergency maintenance of a machine, will always require human involvement at some stage. AI can provide the alert, but it can’t always do the work.


Cloud and Mobile Capabilities

Mobility is critical for physical security and is emerging through the development and use of cloud-based services, as well as the ability to access security devices through a smart phone or Web-based browser. That’s why there’s been such an influx of mobile apps created to manage cameras, receive automatic alerts for the most diverse event, and giving users the ability to grant or restrict access to a facility. All of this demonstrates the world’s demand for mobility, connectivity and ease-of-use.
I believe there will be a data breach to end all data breaches, and it will happen in the cloud and affect billions of users. Chances are it will happen to a hybrid cloud that will lead the hackers down a rabbit hole that will gain them access to multiple cloud entities. This breach will cause a fundamental shift in how cloud providers handle security; look for serious changes to the authentication process of cloud providers by the end of the year.

5G Connectivity
2020 is the year 5G goes mainstream. It’s safe to say that 5G will revolutionize the way people stay connected to the internet. Extra speed, extra bandwidth are going to make our mobile devices faster, more powerful and hyperconnected, with the same thing happening to IoT connected devices such as cameras. This is going completely change the way we think about smart cities: More powerful IP devices connected to one another, powered by AI, will have a massive impact on the way we move, shop and live in urban areas. In 2020, 5G is likely to start becoming a reality in India with its spectrum allocation taking place in the coming months. This will enable telcos and equipment makers to conduct full-fledged trials. Smartphone makers such as as OnePlus and Realme have also announced their plans to bring 5G phones to the country next year to set the pitch for new networks.
2020 will be the year when we would see 5G emerging as a household network technology in many markets around the globe. Australia, Argentina, Canada, and Japan are amongst the key countries where the next-generation wireless technology is set to debut in the coming months.


Drones Open up New Pathway for Intelligence Gathering
To date, the security concern around drones has mostly been focused on the physical damage nefarious actors, including nation states, could perpetrate. In 2020, we could start seeing attackers focus more on what drones know and how that information can be exploited for intelligence gathering, corporate espionage and more.
Military usage of drones or RPAS (Remotely Piloted Aerial Systems) has become the primary use in today's world. Used as target decoys, for combat missions, research and development, and for supervision, drones have been part and parcel of military forces worldwide. 


Video — Everywhere
Video is the cornerstone of security, providing both real-time and forensic coverage for emerging threats and incidents, which is why it’s one of the fastest growing segments of the marketplace. The use of video for traditional applications in new markets, as well as for use in newer applications that are not necessary security related is poised to see the most movement. In some industries such as oil and gas, there is a trend towards extending video coverage into extremely harsh and hazardous environments, so manufacturers are challenged to develop appropriately certified equipment to meet a more stringent demand. Manufacturing facilities such as food processing plants are also increasing their use of video for training and compliance purposes to prevent incidents such as food recalls that can be extremely costly for the business. Huge number Video footage destroy without viewing what camera saw. in this 2020 video auditing will start journey. In order to mitigate occupational safety and health issues, several organizations employ various safety and security measures to address the same, one of them being CCTV/video surveillance systems. CCTV/video surveillance systems are highly effective at visually identifying several risks connected with unsafe behaviours of the workforce and the critical conditions of the working environment.
‘Auditing’ means 'seeing' what the cameras 'saw'. CCTV video footage should be audited daily; several times a day if need be. Depending on the requirements, auditing of CCTV footage of critical cameras on a daily basis must become an SOP. Auditing will help relevant stakeholders to ‘discover’ the 'unknown'. Auditing as an activity may be manual, it may be post-facto, but it is a very dedicated and systematic process, which helps address some of the challenges of live monitoring (video blindness, poor attention span, boredom, bias, fatigue etc.), as well as the challenges related to alert-based systems (how often has one faced false alerts, or what is called the ‘cry-wolf’ effect). Auditing will help discover issues as mentioned above as well as in identifying and analysing threats and hazards (THIRA/HIRA) of various kinds. Auditing CCTV video footage will also be extremely helpful in waste reduction and following the 5S philosophy, i.e. sort, set, shine, standardize and sustain (all part of Six Sigma practices). It’s an exciting time to be a part of the security market, as we’re really just beginning to see that, when it comes to technology advancements, the sky is the limit. I would argue at the core of these innovations is the video data being collected, and as we work to build technologies that can harness the power of these applications, we will continue to be at the forefront of this movement toward greater intelligence and business insights.

The Indian security market is experiencing unprecedented boom due to huge demand. The growing awareness in the retail and enterprise segment is giving security solutions a cult status. A new phase of the consolidation process is on in the Indian security market.

Monday, December 16, 2019

Encryption in Access Control

Encryption in Access Control

In the process of sending information from sender to receiver, an unauthorized user may work in an active way (update it) or passive way (read or delay in sending). There must be some techniques which assures receiver that whatever information received from authorized user as well as must be same as sent from sender side, in addition to this receiver never make Denial of service. Nowadays sharing of information or resources is a very common thing from single user to the network to the cloud. When information is moving from one node to another node, security is a big challenge. When information is stored on the user’s computer, it is under control but when it is in movement user lose control over it. In the world of security, to convert information from one form to another form, Encryption is used, so that only authorized party will able to read. Encryption is a technique for any security-conscious organization.
Access control is one of the techniques for security for providing integrity and confidentiality. Its main task is to regulate the sharing of resources or information. Access control denotes whether a particular user has rights to perform particular operation on particular data. Access control policies define the users’ permission in order to provide security. These policies are defined according to an access control model. It prevents unauthorised sharing of resources or information. It also secures data against internal attacks and disclosure, leakage of information to cyberterrorist.

As an RFID access card gets close to its reader, it begins to wirelessly transmit its binary code. If using 125KHz proximity, then the wireless protocol is typically Wiegand, an older technology that can no longer provide the security needed today. In a worst case scenario, hackers could simply lift that fixed Wiegand clear text, retransmit it to the card reader and, from there, physically enter the facility and thereby the network, allowing these characters free rein to target the IT system. Data encryption is part of good practice and is, indeed, an opportunity for the security industry.

Mostly Access control is user identification to do a specific job, provide authentication, then provide that person the right to access data This is just like granting an individual permission to log in to network using name and password, allowing then to use resources after confirming whether they have permit to do particular job. So, how to provide permission to a particular user to perform their task? Here access control is used.
There are three major elements to access control system encryption:
Authentication: Determining whether someone is, in fact, who they say they are. Credentials are compared to those on file in a database. If the credentials match, the process is completed and the user is granted access. Privileges and preferences granted for the authorized account depend on the user’s permissions, which are either stored locally or on the authentication server.    The settings are defined by an administrator. For example, multifactor authentication, using a card plus keypad, has become commonplace for system logins and transactions within higher security environments.

Integrity: This ensures that digital information is uncorrupted and can only be accessed or modified by those authorized to do so. To maintain integrity, data must not be changed in transit; therefore, steps must be taken to ensure that data cannot be altered by an unauthorized person or program. Should data become corrupted, backups or redundancies must be available to restore the affected data to its correct state.  Measures must also be taken to control the physical environment of networked terminals and servers because data consistency, accuracy and trustworthiness can also be threatened by environmental hazards such as heat, dust or electrical problems. Transmission media (such as cables and connectors) should also be protected to ensure that they cannot be tapped; and hardware and storage media must be protected from power surges, electrostatic discharges and magnetism.

Non-repudiation: This declares that a user cannot deny the authenticity of their signature on a document or the sending of a message that they originated. A digital signature – a mathematical technique used to validate the authenticity and integrity of a message, software or digital document – is used not only to ensure that a message or document has been electronically signed by the person, but also to ensure that a person cannot later deny that they furnished it, since a digital signature can only be created by one person.

Here is Encryption Algorithms
1. AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations.
Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption purposes.
AES is largely considered impervious to all attacks, with the exception of brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher. Still, security experts believe that AES will eventually be hailed the de facto standard for encrypting data in the private sector. AES-128, AES-192 and AES-256 module is FIPS 140-2 certified. “FIPS mode” doesn't make Windows more secure. It just blocks access to newer cryptography schemes that haven't been FIPS-validated.

2. Twofish
Computer security expert Bruce Schneier is the mastermind behind Blowfish and its successor TrueCrypt. Keys used in this algorithm may be up to 256 bits in length and as a symmetric technique, only one key is needed.
Twofish is regarded as one of the fastest of its kind, and ideal for use in both hardware and software environments. Like Blowfish, Twofish is freely available to anyone who wants to use it. As a result, you’ll find it bundled in encryption programs such as PhotoEncrypt, GPG, and the popular open source software TrueCrypt.

3. Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
Despite slowly being phased out, Triple DES still manages to make a dependable hardware encryption solution for financial services and other industries.

Here is How Encryption Works
Encryption consists of both an algorithm and a key. Once a number is encrypted, the system needs to have a key to decrypt the resultant cyphertext into its original form. There are two varieties of algorithms— private (symmetric) and public (asymmetric).

Private key encryption uses the same key for both encryption and decryption. Be aware—if the key is lost or intercepted, messages may be compromised. Public key infrastructure (PKI) uses two different but mathematically linked keys. One key is private and the other is public.
With PKI, either key can be used for encryption or decryption. When one key is used to encrypt, the other is used to decrypt. The public portion of the key is easily obtained for all users. However, only the receiving party has access to the decryption key allowing messages to be read. Systems may use private encryption to encrypt data transmissions but use public encryption to encrypt and exchange the secret key.

Using one or both these algorithms, access credential communications may be encrypted. Many modern cards support cryptography. Look for terms such as 3DES, AES (which the government uses to protect classified information), TEA and RSA.

Adding Encryption to an Access Control System
Integrators should consider 13.56 MHz smart cards to increase security over 125 KHz proximity cards. One of the first terms you will discover in learning about smart cards is “Mifare,” a technology from NXP Semiconductors.
The newest of the Mifare standards, DESFire EV1, includes a cryptographic module on the card itself to add an additional layer of encryption to the card/reader transaction. This is amongst the highest standard of card security currently available. DESFire EV1 protection is therefore ideal for sales to customers wanting to use secure multi-application smart cards in access management, public transportation schemes or closed-loop e-payment applications.
Valid ID is a relatively new anti-tamper feature available with contactless smartcard readers, cards and tags. Embedded, it adds yet an additional layer of authentication assurance to traditional Mifare smartcards. Valid ID enables a smartcard reader help verify that the sensitive access control data programmed to a card or tag is indeed genuine and not counterfeit.

Encrypted Cards and Readers Inhibit Hackers
Whether you need to guard against state sponsored terrorists or the neighborhood teen from hacking the electronic access control systems that you implement, security today starts with encryption. But, that’s just a beginning. To take steps that will further hinder hackers, ask for your manufacturer’s Cybersecurity Vulnerability Checklist.

While many believe that opening their network to cloud services might welcome greater risks, these studies and common mishaps suggest otherwise. Lack of employee education or defined cyber security policies, gaps in physical security and insufficient system maintenance contribute to the greatest number of threats.

How Connected Applications are Shaping Up to Be More Secure
Cloud is not all or nothing. Cloud services can be added to complement an on-premises system and its infrastructure. This can include using cloud applications to store long-term evidence, instead of on local servers or on external storage devices which can end up in the wrong hands. Cloud services can also play a critical role in disaster recovery.
In case servers are damaged by a fire or natural disaster, a full system back-up can be restored using cloud services so operations can continue without delay. Organizations can connect on-premises systems to cloud services to strengthen security and minimize internal and external threats. Here is how.

Automating Updates to Avoid Known Vulnerabilities
Many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Even when an IT team sets scheduled updates in a closed environment, it might not happen fast enough to prevent a breach. The perk of deploying cloud services is that system updates are facilitated by the vendor. As soon as the latest versions and fixes are available, the client will have access to them. This helps to ensure that their systems are always protected against known vulnerabilities.

Considering Security in the Selection of Your Cloud Service Provider
All cloud solutions are not created equally. To identity the most secure cloud services, it’s important for organizations to take a closer look at the vendor’s security policies and built-in security mechanisms. This should include encrypted communications, data protection capabilities, and strong user authentication and password protection.

These mechanisms help protect organizations against hackers and other internet- based attacks. From an internal standpoint, they also ensure only those with defined privileges will be able to access or use resources, data and applications.
Organizations should also look at the back-end cloud platform on which the services are built. Tier-one cloud providers such as Microsoft have a global incident response team that works around the clock to mitigate attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

NFC to Be More Secure
Nowadays a set of short range wireless technologies is use for public transport, opeing a door or parking lot it’s called NFC (Near Field Communication). These chips are most compatible with devices due to they are formatted in NFC Data Exchange Format (NDEF) and implemented standards published by NFC forum. Their content can be encrypted and some examples are NTAG212, NTAG213, NTAG215 y NTAG216. MIFARE is the NXP Semiconductors-owned trademark and it covers proprietary technologies based upon various levels of the ISO/IEC 14443, incorporating some encryption standards (AES and DES/Triple-DES) and also an older proprietary encryption algorithm.
Conclusion
Access Control is the primary thing for security and is used to protect private and confidential data from attack. Basic access control understanding helps us to manage information security. Four basic models are discussed here. Apart from these four, several models have been developed to increase authenticity, integrity, confidentiality. Another way to provide security is the encryption which uses mathematical algorithm with proper to key to perform operation. Both encryption and access control are used for privacy and to prevent unauthorized users from accessing some object. That data will be in motion so copy or deletion will be possible. With ACL, you can just allow or reject access on a software level not on physical storage. Encryption is used to provide confidentiality of data but data may be access by untrusted entity. Access control is used to provide limited access to the particular entity to particular user as defined by owner.

Note: FIPS (Federal Information Processing Standard) 140-2 is the benchmark for validating the effectiveness of cryptographic hardware. If a product has a FIPS 140-2 certificate you know that it has been tested and formally validated by the U.S. and Canadian Governments.
What is the difference between FIPS 140-2 and FIPS 197 certification? FIPS 197 certification looks at the hardware encryption algorithms used to protect the data. FIPS 140-2 is the next, more advanced level of certification. FIPS 140-2 includes a rigorous analysis of the product's physical properties.
FIPS 140-2 requires that any hardware or software cryptographic module implements algorithms from an approved list. The FIPS validated algorithms cover symmetric and asymmetric encryption techniques as well as use of hash standards and message authentication

References
G.Wang,Q.Liu,J.Wu “Hierarchical attribute-based encryption for fine-grained access control in cloud storage services”2010
M.Green,G.Ateniese “Identity-based proxy re-encryption”2007