Sample records for authentication bypass vulnerability

  1. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  2. V-103: RSA Authentication Agent Lets Remote Users Bypass Authenticatio...

    Broader source: Energy.gov (indexed) [DOE]

    RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements PLATFORM: RSA Authentication Agent 7.1, 7.1.1 for Microsoft Windows ABSTRACT: A vulnerability was...

  3. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities |

  4. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  5. U-130: JBoss Operations Network LDAP Authentication Bug Lets...

    Broader source: Energy.gov (indexed) [DOE]

    Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability...

  6. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  7. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

    E-Print Network [OSTI]

    Sabatini, David M.

    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

  8. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  9. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  10. V-223: RSA Authentication Agent for PAM Allows Remote Users to...

    Broader source: Energy.gov (indexed) [DOE]

    Vulnerability V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication Requirements V-159: RSA SecurID Agent Discloses Node Secret Encryption Key to Local Users...

  11. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  12. V-236: MediaWiki CentralAuth Extension Authentication Bypass...

    Broader source: Energy.gov (indexed) [DOE]

    in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension...

  13. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed off Energy.gov. Are you sureReportsofDepartmentSeries |Attacks | Department of Energy3:

  14. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success|SustainableDepartmentregulations.gov to1:

  15. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Environmental Management (EM)

    186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June...

  16. AUTHENTICATED

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOE Office511041cloth DocumentationProducts (VAP) VAP7-0973 1 Introduction In the design ofSouthwesternAUTHENTICATED

  17. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct...

  18. U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

    Broader source: Energy.gov (indexed) [DOE]

    7: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain Administrative Access U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass...

  19. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows®...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Bypass Authentication Requirements V-159: RSA SecurID Agent Discloses Node Secret Encryption Key to Local Users V-195: RSA Authentication Manager Lets Local Users View...

  20. V-036: EMC Smarts Network Configuration Manager Database Authenticatio...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    36: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass...

  1. T-703: Cisco Unified Communications Manager Open Query Interface...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Identity Services Engine Discloses Authentication Credentials to Remote Users V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability...

  2. V-103: RSA Authentication Agent Lets Remote Users Bypass Authentication

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department of EnergySUSE

  3. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  4. Message Authentication message authentication is concerned with

    E-Print Network [OSTI]

    Message Authentication · message authentication is concerned with: ­protecting the integrity of a message ­validating identity of originator ­non-repudiation of origin (dispute resolution) · will consider the security requirements · then three alternative functions used: ­message encryption ­message authentication

  5. V-155: Apache Tomcat FORM Authenticator Lets Remote Users Conduct...

    Broader source: Energy.gov (indexed) [DOE]

    Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks PLATFORM: Tomcat 6.0.21 to 6.0.36, 7.0.0 to 7.0.32 ABSTRACT: A vulnerability was reported in...

  6. U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

  7. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  8. JC3 | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    Service Several vulnerabilities were reported in Wireshark. November 29, 2012 V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability Two...

  9. JC3 Bulletin Archive | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    Service Several vulnerabilities were reported in Wireshark. November 29, 2012 V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability Two...

  10. Multi-factor authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-10-21T23:59:59.000Z

    Detection and deterrence of spoofing of user authentication may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a user of the hardware device. The cryptographic fingerprint unit includes an internal physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a PUF value. Combining logic is coupled to receive the PUF value, combines the PUF value with one or more other authentication factors to generate a multi-factor authentication value. A key generator is coupled to generate a private key and a public key based on the multi-factor authentication value while a decryptor is coupled to receive an authentication challenge posed to the hardware device and encrypted with the public key and coupled to output a response to the authentication challenge decrypted with the private key.

  11. Authentication of byte sequences

    SciTech Connect (OSTI)

    Stearns, S.D.

    1991-06-01T23:59:59.000Z

    Algorithms for the authentication of byte sequences are described. The algorithms are designed to authenticate data in the Storage, Retrieval, Analysis, and Display (SRAD) Test Data Archive of the Radiation Effects and Testing Directorate (9100) at Sandia National Laboratories, and may be used in similar situations where authentication of stored data is required. The algorithms use a well-known error detection method called the Cyclic Redundancy Check (CRC). When a byte sequence is authenticated and stored, CRC bytes are generated and attached to the end of the sequence. When the authenticated data is retrieved, the authentication check consists of processing the entire sequence, including the CRC bytes, and checking for a remainder of zero. The error detection properties of the CRC are extensive and result in a reliable authentication of SRAD data.

  12. T-646: Debian fex authentication bypass | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssues DOE'sSummaryDepartment ofSecurity Controls |Department9:

  13. T-646: Debian fex authentication bypass | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success Stories Systems Analysis SuccessEnergy 38:T-646:

  14. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed off Energy.gov. Are you sureReportsofDepartmentSeries |Attacks | Department of Energy3:7: TYPO3

  15. U-169: Sympa Multiple Security Bypass Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora PhaseArbitraryDrupal

  16. Protocols and security proofs for data authentication

    E-Print Network [OSTI]

    Mityagin, Anton

    2006-01-01T23:59:59.000Z

    Generalized Carter-Wegman MACs . . . . . . . . . . . . . . .which constitute Carter-Wegman message authentication schemening generalized Carter-Wegman message authentication scheme

  17. JC3 Bulletin Archive | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    vulnerabilities were reported in Symantec Messaging Gateway. August 29, 2012 U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain...

  18. JC3 | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    vulnerabilities were reported in Symantec Messaging Gateway. August 29, 2012 U-247: EMC Cloud Tiering Appliance Flaw Lets Remote Users Bypass Authentication and Gain...

  19. Tools for Authentication

    SciTech Connect (OSTI)

    White, G

    2008-07-09T23:59:59.000Z

    Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool must be based on a complete language compiler infrastructure, that is, one that can parse and digest the full language through its standard grammar. ROSE is precisely such a compiler infrastructure developed within DOE. ROSE is a robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. This year, it has been extended to support the automated analysis of binaries. We continue to extend ROSE to address a number of security-specific requirements and apply it to software authentication for Non-proliferation and Arms Control projects. We will give an update on the status of our work.

  20. Key recycling in authentication

    E-Print Network [OSTI]

    Christopher Portmann

    2014-09-29T23:59:59.000Z

    In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a composable security framework. It turns out that the above argument is insufficient: if the adversary learns whether a corrupted message was accepted or rejected, information about the hash function is leaked, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small: Wegman and Carter's protocol is still $\\epsilon$-secure, if $\\epsilon$-almost strongly universal$_2$ hash functions are used. This implies that the secret key corresponding to the choice of hash function can be reused in the next round of authentication without any additional error than this $\\epsilon$. We also show that if the players have a mild form of synchronization, namely that the receiver knows when a message should be received, the key can be recycled for any arbitrary task, not only new rounds of authentication.

  1. Vulnerability Scanning Policy 1 Introduction

    E-Print Network [OSTI]

    Vulnerability Scanning Policy 1 Introduction Vulnerability scanning is an important and necessary and can alert system administrators to potentially serious problems. However vulnerability scanning also to compromise system security. The following policy details the conditions under which vulnerability scans may

  2. T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

  3. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  4. Anonymous authenticated communications

    DOE Patents [OSTI]

    Beaver, Cheryl L. (Albuquerque, NM); Schroeppel, Richard C. (Woodland Hills, UT); Snyder, Lillian A. (Corrales, NM)

    2007-06-19T23:59:59.000Z

    A method of performing electronic communications between members of a group wherein the communications are authenticated as being from a member of the group and have not been altered, comprising: generating a plurality of random numbers; distributing in a digital medium the plurality of random numbers to the members of the group; publishing a hash value of contents of the digital medium; distributing to the members of the group public-key-encrypted messages each containing a same token comprising a random number; and encrypting a message with a key generated from the token and the plurality of random numbers.

  5. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyThe followingRemoteBypass Vulnerability

  6. Ecosystem Vulnerability Assessment - Patterns of Climate Change...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the Southwest Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the...

  7. Quantum direct communication with authentication

    SciTech Connect (OSTI)

    Lee, Hwayean [Center for Information Security Technologies (CIST) and Graduate School of Information Security (GSIS), Korea University, Anam Dong, Sungbuk Gu, Seoul (Korea, Republic of); Institut fuer Experimentalphysik, Universitaet Wien (Austria); Lim, Jongin [Center for Information Security Technologies (CIST) and Graduate School of Information Security (GSIS), Korea University, Anam Dong, Sungbuk Gu, Seoul (Korea, Republic of); Yang, HyungJin [Center for Information Security Technologies (CIST) and Graduate School of Information Security (GSIS), Korea University, Anam Dong, Sungbuk Gu, Seoul (Korea, Republic of); Department of Physics, Korea University, Chochiwon, Choongnam (Korea, Republic of)

    2006-04-15T23:59:59.000Z

    We propose two quantum direct communication (QDC) protocols with user authentication. Users can identify each other by checking the correlation of Greenberger-Horne-Zeilinger (GHZ) states. Alice can directly send a secret message to Bob without any previously shared secret using the remaining GHZ states after authentication. Our second QDC protocol can be used even though there is no quantum link between Alice and Bob. The security of the transmitted message is guaranteed by properties of entanglement of GHZ states.

  8. Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and Light Vehicles Demonstrated Petroleum Reduction Using Oil Bypass Filter Technology on Heavy and...

  9. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01T23:59:59.000Z

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  10. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    NONE

    1995-03-01T23:59:59.000Z

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  11. T-696: RSA Adaptive Authentication Has Unspecified Remote Authenticated Session Re-use Flaw

    Broader source: Energy.gov [DOE]

    An issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.

  12. IT Licentiate theses Query Authentication and

    E-Print Network [OSTI]

    Flener, Pierre

    IT Licentiate theses 2008-002 Query Authentication and Data Confidentiality in Wireless Sensor of Licentiate of Philosophy in Computer Science at Uppsala University 2008 #12;Query Authentication and Data

  13. Biometric Authentication using Nonparametric Methods

    E-Print Network [OSTI]

    Sheela, S V; 10.5121/ijcsit.2010.2309

    2010-01-01T23:59:59.000Z

    The physiological and behavioral trait is employed to develop biometric authentication systems. The proposed work deals with the authentication of iris and signature based on minimum variance criteria. The iris patterns are preprocessed based on area of the connected components. The segmented image used for authentication consists of the region with large variations in the gray level values. The image region is split into quadtree components. The components with minimum variance are determined from the training samples. Hu moments are applied on the components. The summation of moment values corresponding to minimum variance components are provided as input vector to k-means and fuzzy kmeans classifiers. The best performance was obtained for MMU database consisting of 45 subjects. The number of subjects with zero False Rejection Rate [FRR] was 44 and number of subjects with zero False Acceptance Rate [FAR] was 45. This paper addresses the computational load reduction in off-line signature verification based o...

  14. Sandia Energy - SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SCADA Vulnerability Assessments Home Stationary Power Safety, Security & Resilience of Energy Infrastructure Grid Modernization Cyber Security for Electric Infrastructure National...

  15. Exhaust gas bypass valve control for thermoelectric generator

    DOE Patents [OSTI]

    Reynolds, Michael G; Yang, Jihui; Meisner, Greogry P.; Stabler, Francis R.; De Bock, Hendrik Pieter (Peter) Jacobus; Anderson, Todd Alan

    2012-09-04T23:59:59.000Z

    A method of controlling engine exhaust flow through at least one of an exhaust bypass and a thermoelectric device via a bypass valve is provided. The method includes: determining a mass flow of exhaust exiting an engine; determining a desired exhaust pressure based on the mass flow of exhaust; comparing the desired exhaust pressure to a determined exhaust pressure; and determining a bypass valve control value based on the comparing, wherein the bypass valve control value is used to control the bypass valve.

  16. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum (Palo Alto, CA); Kim, Taeseok (San Jose, CA); Smith, David D. (Campbell, CA); Cousins, Peter J. (Menlo Park, CA)

    2012-03-13T23:59:59.000Z

    Bypass diodes for solar cells are described. In one embodiment, a bypass diode for a solar cell includes a substrate of the solar cell. A first conductive region is disposed above the substrate, the first conductive region of a first conductivity type. A second conductive region is disposed on the first conductive region, the second conductive region of a second conductivity type opposite the first conductivity type.

  17. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication...

    Broader source: Energy.gov (indexed) [DOE]

    McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 (MEG 6.7.x is NOT affected.) McAfee Email and Web Security (EWS) 5.6 Patch 3 and earlier McAfee Email and Web Security (EWS) 5.5 Patch 6...

  18. U-244: McAfee Email Gateway Lets Remote Users Bypass Authentication and

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartment ofDepartment of|Users

  19. The Power of Verification Queries in Message Authentication and Authenticated Encryption

    E-Print Network [OSTI]

    Bernstein, Daniel

    encryption. Keywords: Message authentication, PRFs, Carter-Wegman, symmetric encryption, authenticated-cipher based MACs [5, 22, 10, 4, 11, 20, 17, 18] and Carter-Wegman (CW) ma-schemes [25, 21, 23, 16, 8, 9

  20. The Power of Verification Queries in Message Authentication and Authenticated Encryption

    E-Print Network [OSTI]

    encryption. Keywords: Message authentication, PRFs, Carter­Wegman, symmetric encryption, authenticated­cipher based MACs [5, 22, 10, 4, 11, 20, 17, 18] and Carter­Wegman (CW) ma­schemes [25, 21, 23, 16, 8, 9

  1. Obfuscated authentication systems, devices, and methods

    DOE Patents [OSTI]

    Armstrong, Robert C; Hutchinson, Robert L

    2013-10-22T23:59:59.000Z

    Embodiments of the present invention are directed toward authentication systems, devices, and methods. Obfuscated executable instructions may encode an authentication procedure and protect an authentication key. The obfuscated executable instructions may require communication with a remote certifying authority for operation. In this manner, security may be controlled by the certifying authority without regard to the security of the electronic device running the obfuscated executable instructions.

  2. AVTA: Oil Bypass Filter Specifications and Test Procedures

    Broader source: Energy.gov [DOE]

    PuraDYN Oil Bypass Filtration System Evaluation Test Plan methodology is used in the testing of all oil bypass filters on the buses at the Idaho National Laboratory.

  3. authenticated key exchange: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    desirable attributes. Index Terms--Mutual Authentication; Key Management; SRP; Security; Smart Meter; Smart Leung, Victor C.M. 56 Authentication and Key Agreement via Memorable...

  4. Stronger security bounds for Wegman-Carter-Shoup authenticators

    E-Print Network [OSTI]

    Bernstein, Daniel

    Stronger security bounds for Wegman-Carter-Shoup authenticators, authentication, MAC, Wegman-Carter, provable security 1 Introduction This paper proves

  5. Stronger security bounds for Wegman-Carter-Shoup authenticators

    E-Print Network [OSTI]

    Bernstein, Daniel

    Stronger security bounds for Wegman-Carter-Shoup authenticators Daniel J. Bernstein Department probabilities for f. Keywords: mode of operation, authentication, MAC, Wegman-Carter, provable security 1

  6. V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated...

    Broader source: Energy.gov (indexed) [DOE]

    Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges U-233:...

  7. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01T23:59:59.000Z

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

  8. Bypass apparatus and method for series connected energy storage devices

    DOE Patents [OSTI]

    Rouillard, Jean (Saint-Luc, CA); Comte, Christophe (Montreal, CA); Daigle, Dominik (St-Hyacinthe, CA)

    2000-01-01T23:59:59.000Z

    A bypass apparatus and method for series connected energy storage devices. Each of the energy storage devices coupled to a common series connection has an associated bypass unit connected thereto in parallel. A current bypass unit includes a sensor which is coupled in parallel with an associated energy storage device or cell and senses an energy parameter indicative of an energy state of the cell, such as cell voltage. A bypass switch is coupled in parallel with the energy storage cell and operable between a non-activated state and an activated state. The bypass switch, when in the non-activated state, is substantially non-conductive with respect to current passing through the energy storage cell and, when in the activated state, provides a bypass current path for passing current to the series connection so as to bypass the associated cell. A controller controls activation of the bypass switch in response to the voltage of the cell deviating from a pre-established voltage setpoint. The controller may be included within the bypass unit or be disposed on a control platform external to the bypass unit. The bypass switch may, when activated, establish a permanent or a temporary bypass current path.

  9. DATABASE AUTHENTICATION BY DISTORTION FREE WATERMARKING

    E-Print Network [OSTI]

    Cortesi, Tino

    DATABASE AUTHENTICATION BY DISTORTION FREE WATERMARKING Sukriti Bhattacharya and Agostino Cortesi@dsi.unive.it, cortesi@unive.it Keywords: Database watermarking, ZAW, Public key watermark, Abstract interpretation the verification of integrity of the relational databases by using a public zero distortion authentication

  10. Verifying authentication protocols with CSP Steve Schneider

    E-Print Network [OSTI]

    Doran, Simon J.

    Verifying authentication protocols with CSP Steve Schneider Department of Computer Science Royal of Communicating Sequential Processes (CSP). It is il- lustrated by an examination of the Needham-Schroeder public of authentication protocols, built on top of the gen- eral CSP semantic framework. This approach aims to combine

  11. V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyThe followingRemote Users Execute|

  12. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartment of Energy A

  13. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft Security Bulletin Advance Notification

  14. Final report for the network authentication investigation and pilot.

    SciTech Connect (OSTI)

    Eldridge, John M.; Dautenhahn, Nathan; Miller, Marc M.; Wiener, Dallas J; Witzke, Edward L.

    2006-11-01T23:59:59.000Z

    New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.

  15. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  16. MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,

    E-Print Network [OSTI]

    MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

  17. Improving Classical Authentication with Quantum Communication

    E-Print Network [OSTI]

    of short secret keys [1]. Brassard's scheme is itself an improvement of the Wegman-Carter protocol [2 of messages we want to authenticate, as opposed to the Wegman-Carter proposal. The security of PRGs is based

  18. Hardware device binding and mutual authentication

    DOE Patents [OSTI]

    Hamlet, Jason R; Pierson, Lyndon G

    2014-03-04T23:59:59.000Z

    Detection and deterrence of device tampering and subversion by substitution may be achieved by including a cryptographic unit within a computing device for binding multiple hardware devices and mutually authenticating the devices. The cryptographic unit includes a physically unclonable function ("PUF") circuit disposed in or on the hardware device, which generates a binding PUF value. The cryptographic unit uses the binding PUF value during an enrollment phase and subsequent authentication phases. During a subsequent authentication phase, the cryptographic unit uses the binding PUF values of the multiple hardware devices to generate a challenge to send to the other device, and to verify a challenge received from the other device to mutually authenticate the hardware devices.

  19. Heat exchanger bypass system for an absorption refrigeration system

    DOE Patents [OSTI]

    Reimann, Robert C. (Lafayette, NY)

    1984-01-01T23:59:59.000Z

    A heat exchanger bypass system for an absorption refrigeration system is disclosed. The bypass system operates to pass strong solution from the generator around the heat exchanger to the absorber of the absorption refrigeration system when strong solution builds up in the generator above a selected level indicative of solidification of strong solution in the heat exchanger or other such blockage. The bypass system includes a bypass line with a gooseneck located in the generator for controlling flow of strong solution into the bypass line and for preventing refrigerant vapor in the generator from entering the bypass line during normal operation of the refrigeration system. Also, the bypass line includes a trap section filled with liquid for providing a barrier to maintain the normal pressure difference between the generator and the absorber even when the gooseneck of the bypass line is exposed to refrigerant vapor in the generator. Strong solution, which may accumulate in the trap section of the bypass line, is diluted, to prevent solidification, by supplying weak solution to the trap section from a purge system for the absorption refrigeration system.

  20. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...

    Broader source: Energy.gov (indexed) [DOE]

    to enable method execution and execute arbitrary methods, bypassing Struts and OGNL library protections. 2. Any unsanitized String variable exposed by an action and have it...

  1. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01T23:59:59.000Z

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  2. Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

    DOE Patents [OSTI]

    Kent, Alexander Dale (Los Alamos, NM)

    2008-09-02T23:59:59.000Z

    Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

  3. Bypass diode for a solar cell

    DOE Patents [OSTI]

    Rim, Seung Bum; Kim, Taeseok; Smith, David D; Cousins, Peter J

    2013-11-12T23:59:59.000Z

    Methods of fabricating bypass diodes for solar cells are described. In once embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed on the first conductive region. In another embodiment, a method includes forming a first conductive region of a first conductivity type above a substrate of a solar cell. A second conductive region of a second conductivity type is formed within, and surrounded by, an uppermost portion of the first conductive region but is not formed in a lowermost portion of the first conductive region.

  4. Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations Oil Bypass Filter and Diesel Engine Idling Wear-Rate Evaluations 2005 Diesel Engine Emissions Reduction (DEER)...

  5. Threat Insight Quarterly Vulnerability Management

    E-Print Network [OSTI]

    X-Force ® Threat Insight Quarterly Vulnerability Management July 2006 #12;X - F O R C E T H R E.................. 7 X-Force Catastrophic Risk Index.............................. 10 Future X-Force Threat Insight Introduction There is a wide range of threats that can exist in any network. The presence of unpatched

  6. CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND

    E-Print Network [OSTI]

    CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

  7. V-174: RSA Authentication Manager Writes Operating System, SNMP...

    Broader source: Energy.gov (indexed) [DOE]

    RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files PLATFORM: RSA Authentication Manager 8.0 ABSTRACT: A...

  8. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Environmental Management (EM)

    Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection...

  9. Power Grid Vulnerability to Geographically Correlated Failures

    E-Print Network [OSTI]

    Shepard, Kenneth

    Power Grid Vulnerability to Geographically Correlated Failures ­ Analysis and Control Implications such as telecommunications networks [14]. The power grid is vulnerable to natural disasters, such as earthquakes, hurricanes [17], [34]. Thus, we focus on the vulnerability of the power grid to an outage of several lines

  10. REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL

    E-Print Network [OSTI]

    REALIZING TWO-FACTOR AUTHENTICATION FOR THE BITCOIN PROTOCOL Christopher Mann and Daniel Loebenberger 15 August 2014 Abstract. We show how to realize two-factor authentication for a Bitcoin wal- let a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification

  11. Authentication Procedures - The Procedures and Integration Working Group

    SciTech Connect (OSTI)

    Kouzes, Richard T.; Bratcher, Leigh; Gosnell, Tom; Langner, Diana; MacArthur, D.; Mihalczo, John T.; Pura, Carolyn; Riedy, Alex; Rexroth, Paul; Scott, Mary; Springarn, Jay

    2001-05-31T23:59:59.000Z

    Authentication is how we establish trust in monitoring systems and measurements to verify compliance with, for example, the storage of nuclear weapons material. Authentication helps assure the monitoring party that accurate and reliable information is provided by any measurement system and that any irregularities are detected. The U.S. is developing its point of view on the procedures for authentication of monitoring systems now planned or contemplated for arms reduction and control applications. The authentication of a system utilizes a set of approaches, including: functional testing using trusted calibration sources, evaluation of documentation, evaluation of software, evaluation of hardware, random selection of hardware and software, tamper-indicating devices, and operational procedures. Authentication of measurement systems should occur throughout their lifecycles, starting with the elements of design, and moving to off-site authentication, on-siste authentication, and continuing with authentication following repair. The most important of these is the initial design of systems. Hardware and software design criteria and procurement decisions can make future authentication relatively straightforward or conversely very difficult. Facility decisions can likewise ease the procedures for authentication since reliable and effective monitoring systems and tampering indicating devices can help provide the assurance needed in the integrity of such items as measurement systems, spare equipment, and reference sources. This paper will summarize the results of the U.S. Authentication Task Force discussion on the role of procedures in authentication.

  12. Using Rose and Compass for Authentication

    SciTech Connect (OSTI)

    White, G

    2009-07-09T23:59:59.000Z

    Many recent non-proliferation software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project. ROSE is an LLNL-developed robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. It continues to be extended to support the automated analysis of binaries (x86, ARM, and PowerPC). We continue to extend ROSE to address a number of security specific requirements and apply it to software authentication for non-proliferation projects. We will give an update on the status of our work.

  13. Secure Anonymous RFID Authentication Protocols Christy Chatmon

    E-Print Network [OSTI]

    Burmester, Mike

    technology is to automatically identify objects that are contained in electromagnetic fields. RFID tags do attention as is seen by an increase in its deployment, such as object tracking and monitoring, supply-chain management, and personal- ized information services. Numerous authentication protocols for RFID systems were

  14. EA-1262: McKay Bypass Canal Extension, Golden, Colorado

    Broader source: Energy.gov [DOE]

    This EA evaluates the environmental impacts for the proposal to extend the McKay Bypass Canal in order to route water from the existing Canal north of the Walnut Creek drainage on the east side of...

  15. Oil Bypass Filter Technology Performance Evaluation - First Quarterly Report

    SciTech Connect (OSTI)

    Zirker, L.R.; Francfort, J.E.

    2003-01-31T23:59:59.000Z

    This report details the initial activities to evaluate the performance of the oil bypass filter technology being tested by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight full-size, four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass systems from the puraDYN Corporation. Each bus averages about 60,000 miles a year. The evaluation includes an oil analysis regime to monitor the presence of necessary additives in the oil and to detect undesirable contaminants. Very preliminary economic analysis suggests that the oil bypass system can reduce life-cycle costs. As the evaluation continues and oil avoidance costs are quantified, it is estimated that the bypass system economics may prove increasingly favorable, given the anticipated savings in operational costs and in reduced use of oil and waste oil avoidance.

  16. Oil Bypass Filter Technology Performance Evaluation - January 2003 Quarterly Report

    SciTech Connect (OSTI)

    Laurence R. Zirker; James E. Francfort

    2003-01-01T23:59:59.000Z

    This report details the initial activities to evaluate the performance of the oil bypass filter technology being tested by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight full-size, four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass systems from the puraDYN Corporation. Each bus averages about 60,000 miles a year. The evaluation includes an oil analysis regime to monitor the presence of necessary additives in the oil and to detect undesirable contaminants. Very preliminary economic analysis suggests that the oil bypass system can reduce life-cycle costs. As the evaluation continues and oil avoidance costs are quantified, it is estimated that the bypass system economics may prove increasingly favorable, given the anticipated savings in operational costs and in reduced use of oil and waste oil avoidance.

  17. Hemodynamic Changes following Aortic Valve Bypass: A Mathematical Approach

    E-Print Network [OSTI]

    Benevento, Emilia

    Aortic valve bypass (AVB) has been shown to be a viable solution for patients with severe aortic stenosis (AS). Under this circumstance, the left ventricle (LV) has a double outlet. The objective was to develop a mathematical ...

  18. Development of By-Pass Blending Station System

    E-Print Network [OSTI]

    Liu, M.; Barnes, D.; Bunz, K.; Rosenberry, N.

    2003-01-01T23:59:59.000Z

    A new building blending station system named by-pass blending station (BBS) has been developed to reduce building pump energy consumption in both district heating and cooling systems. Theoretical investigation demonstrated that the BBS can...

  19. Optimal redundancy against disjoint vulnerabilities in networks

    E-Print Network [OSTI]

    Krause, Sebastian M; Zlati?, Vinko

    2015-01-01T23:59:59.000Z

    Redundancy is commonly used to guarantee continued functionality in networked systems. However, often many nodes are vulnerable to the same failure or adversary. A "backup" path is not sufficient if both paths depend on nodes which share a vulnerability.For example, if two nodes of the Internet cannot be connected without using routers belonging to a given untrusted entity, then all of their communication-regardless of the specific paths utilized-will be intercepted by the controlling entity.In this and many other cases, the vulnerabilities affecting the network are disjoint: each node has exactly one vulnerability but the same vulnerability can affect many nodes. To discover optimal redundancy in this scenario, we describe each vulnerability as a color and develop a "color-avoiding percolation" which uncovers a hidden color-avoiding connectivity. We present algorithms for color-avoiding percolation of general networks and an analytic theory for random graphs with uniformly distributed colors including critic...

  20. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27T23:59:59.000Z

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  1. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    DATE - THURSDAY: Unique Vulnerability of the New YorkNew Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy...

  2. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01T23:59:59.000Z

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  3. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

  4. Comment on 'Quantum direct communication with authentication'

    SciTech Connect (OSTI)

    Zhang, Zhan-jun [Department of Physics and Center for Quantum Information Science, National Cheng Kung University, Tainan 70101, Taiwan (China); Key Laboratory of Optoelectronic Information Acquisition and Manipulation of Ministry of Education of China, School of Physics and Material Science, Anhui University, Hefei 230039 (China); Liu, Jun; Wang, Dong; Shi, Shou-hua [Key Laboratory of Optoelectronic Information Acquisition and Manipulation of Ministry of Education of China, School of Physics and Material Science, Anhui University, Hefei 230039 (China)

    2007-02-15T23:59:59.000Z

    Two protocols of quantum direct communication with authentication [Phys. Rev. A 73, 042305 (2006)] were recently proposed by Lee, Lim, and Yang. In this paper we will show that in the two protocols the authenticator Trent should be prevented from knowing the secret message. The first protocol can be eavesdropped on by Trent using the intercept-measure-resend attack, while the second protocol can be eavesdropped on by Trent using a simple single-qubit measurement. To fix these leaks, we revise the original versions of the protocols by using the Pauli Z operation {sigma}{sub z} instead of the original bit-flip operation X. As a consequence, the attacks we present can be prevented and accordingly the protocol securities are improved.

  5. Manual bypass for an electronic fuel injector

    SciTech Connect (OSTI)

    Melnik, G.; Amein, B.; McCoy, C.L.; Martin, J.A.

    1990-01-19T23:59:59.000Z

    This patent describes a bypass mechanism for an electronically governed fuel flow control means. It comprises: a valve assembly including a housing defining a fuel entry chamber, a fuel exit chamber, a bore intersecting the fuel entry chamber, and a flow restriction orifice connecting the bore to the fuel exit chamber. The bore defining a radially smaller cylinder and a rapidly larger cylinder, the larger cylinder being at least partly threaded; a rotatable metering shaft in the bore having a threaded end matingly engaged with the larger cylinder, the shaft defining a pin-like end in the fuel entry chamber having an end face opposed to and larger than the orifice. The shaft having a shank fitting closely through the smaller cylinder. The pin-like end being no shorter than the width of the fuel entry chamber, so the shank never enters the fuel entry chamber to affect flow therein. The juxtapoisition of the end face and the orifice being substantially the sole means to vary flow into the orifice.

  6. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers

    E-Print Network [OSTI]

    Van Oorschot, Paul

    protocols are vulnerable to attacks including keylogging, phishing, and pharming, which can extract user

  7. System and method for authentication of goods

    DOE Patents [OSTI]

    Kaish, Norman (West Hampstead, NY); Fraser, Jay (Freeport, NY); Durst, David I. (Syosset, NY)

    1999-01-01T23:59:59.000Z

    An authentication system comprising a medium having a plurality of elements, the elements being distinctive, detectable and disposed in an irregular pattern or having an intrinsic irregularity. Each element is characterized by a determinable attribute distinct from a two-dimensional coordinate representation of simple optical absorption or simple optical reflection intensity. An attribute and position of the plurality of elements, with respect to a positional reference is detected. A processor generates an encrypted message including at least a portion of the attribute and position of the plurality of elements. The encrypted message is recorded in physical association with the medium. The elements are preferably dichroic fibers, and the attribute is preferably a polarization or dichroic axis, which may vary over the length of a fiber. An authentication of the medium based on the encrypted message may be authenticated with a statistical tolerance, based on a vector mapping of the elements of the medium, without requiring a complete image of the medium and elements to be recorded.

  8. Serious leisure, participation and experience in tourism: authenticity and ritual in a renaissance festival

    E-Print Network [OSTI]

    Kim, Hyounggon

    2005-02-17T23:59:59.000Z

    the serious festival participation were reminiscent of tourism existential authenticity specified by Wang (1999) as two levels: intrapersonal authenticity (gaining one?s true self) and interpersonal authenticity (gaining true human relationship). A search...

  9. authentic cost calculations: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ;Abstract iii We also show how to use two existing multicast authentication techniques (TESLA and a master for embedded control networks characterized by few re- ceivers and weak...

  10. authentication system based: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    desirable attributes. Index Terms--Mutual Authentication; Key Management; SRP; Security; Smart Meter; Smart Leung, Victor C.M. 58 Integrating identity-based cryptography in IMS...

  11. STEM Mentoring Café- Engaging Young Women in an Authentic Mentoring...

    Broader source: Energy.gov (indexed) [DOE]

    Engaging Young Women in an Authentic Mentoring Experience Melinda Higgins Albert Einstein Distinguished Educator Fellow, NASA Office of Education, Headquarters and Goddard...

  12. Stronger security bounds for Wegman-Carter-Shoup authenticators

    E-Print Network [OSTI]

    Bernstein, Daniel

    Stronger security bounds for Wegman-Carter-Shoup authenticators, MAC, Wegman-Carter, provable security 1 Introduction This paper proves that various

  13. Shouhuai Xu 2000 1 Password-based Authentication and

    E-Print Network [OSTI]

    Sandhu, Ravi

    &AKE FBackground knowledge FPrevious solutions to authentication: The Trouble FBeing implemented proposals: Server FBeing implemented proposals: Server has a cert. FWeaker assumption proposals: Server has no cert

  14. A Flexible Approach to Embedded Network Multicast Authentication

    E-Print Network [OSTI]

    Koopman, Philip

    A Flexible Approach to Embedded Network Multicast Authentication Chris Szilagyi ECE Department Carnegie Mellon University szilagyi@cmu.edu Philip Koopman ECE Department Carnegie Mellon University

  15. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E. [and others

    1996-10-01T23:59:59.000Z

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  16. Detecting Network Vulnerabilities Through Graph Theoretical Methods

    E-Print Network [OSTI]

    Geddes, Cameron Guy Robinson

    vulnerabilities in power networks is an important prob- lem, as even a small number of vulnerable connections can benchmark power networks. 1 Introduction The electric power grid network is susceptible to power outages northeast and Canada, which affected an estimated 50 million people, causing over $6 billion in damage

  17. SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS: METHOD AND VALIDATION Clotaire Michel, France cmichel@obs.ujf-grenoble.fr Abstract Seismic vulnerability in wide areas is usually assessed like USA or Italy. France is a country with moderate seismicity so that it requires lower-cost methods

  18. IEEE TRANS. INFORM. THEORY, VOL. X, NO. XX, 2005 1 Authentication with Distortion Criteria

    E-Print Network [OSTI]

    Martinian, Emin

    authentication system constructions. Index Terms-- multimedia security, authentication, digi- tal signatures of possible perturbations, including, for example, degradation due to noise or compression; transformation

  19. Recent advances in analysis of PWR containment bypass accidents

    SciTech Connect (OSTI)

    Warman, E.A.; Metcalf, J.E.; Donahue, M.L. (Stone and Webster Engineering Corp., Boston, MA (United States))

    1991-01-01T23:59:59.000Z

    The Reactor Safety Study identified and quantified the contribution to off-site radiological risks of accident sequences at pressurized water reactors (PWRs) in which the release of fission products may be released by bypassing the containment building. These so-called bypass accidents were also referred to as interfacing systems loss-of-coolant accidents (LOCAs) or Event 5 sequences due to the postulated failure of valves separating the high-pressure reactor coolant system (RCS) from low-pressure piping located outside containment. Containment bypass sequence risks constitute a large fraction of the total pressurized water reactor (PWR) in NUREG-1150 in large part because estimates of competing risks from early containment failures have been greatly reduced since WASH-1400. Rigorous analyses of both SGTR and V sequence bypass sequences result in reductions in fission product release to such an extent that in-containment sequences are expected to dominate PWR risks at levels substantially lower than reported in NUREG-1150. It is important that these findings be confirmed by other investigators, particularly in light of the NRC's ongoing study of the frequency of occurrence of interfacing systems. LOCAs based on extensive investigations at operating plants. Progress in this latter effort should be matched by progress in the knowledge and understanding of the progression of bypass sequences, once initiated.

  20. Photovoltaic-module bypass-diode encapsulation. Annual report

    SciTech Connect (OSTI)

    Not Available

    1983-06-20T23:59:59.000Z

    The design and processing techniques necessary to incorporate bypass diodes within the module encapsulant are presented in this annual report. A comprehensive survey of available pad-mounted PN junction and Schottky diodes led to the selection of Semicon PN junction diode cells for this application. Diode junction-to-heat spreader thermal resistance measurements, performed on a variety of mounted diode chip types and sizes, have yielded values which are consistently below 1/sup 0/C per watt, but show some instability when thermally cycled over the temperature range from -40 to 150/sup 0/C. Based on the results of a detailed thermal analysis, which covered the range of bypass currents from 2 to 20 amperes, three representative experimental modules, each incorporating integral bypass diode/heat spreader assemblies of various sizes, were designed and fabricated. Thermal testing of these modules has enabled the formation of a recommended heat spreader plate sizing relationship. The production cost of three encapsulated bypass diode/heat spreader assemblies were compared with similarly rated externally-mounted packaged diodes. An assessment of bypass diode reliability, which relies heavily on rectifying diode failure rate data, leads to the general conclusion that, when proper designed and installed, these devices will improve the overall reliability of a terrestrial array over a 20 year design lifetime.

  1. Rankine cycle load limiting through use of a recuperator bypass

    DOE Patents [OSTI]

    Ernst, Timothy C.

    2011-08-16T23:59:59.000Z

    A system for converting heat from an engine into work includes a boiler coupled to a heat source for transferring heat to a working fluid, a turbine that transforms the heat into work, a condenser that transforms the working fluid into liquid, a recuperator with one flow path that routes working fluid from the turbine to the condenser, and another flow path that routes liquid working fluid from the condenser to the boiler, the recuperator being configured to transfer heat to the liquid working fluid, and a bypass valve in parallel with the second flow path. The bypass valve is movable between a closed position, permitting flow through the second flow path and an opened position, under high engine load conditions, bypassing the second flow path.

  2. attitudes perceived vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Summary: BIODIVERSITY RESEARCH Assessing species vulnerability to climate and land use change: the case projections of likely impacts of global change to identify the most vulner-...

  3. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Energy Savers [EERE]

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides...

  4. Common Cyber Security Vulnerabilities Observed in Control System...

    Energy Savers [EERE]

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

  5. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Energy Savers [EERE]

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document...

  6. aquifer contamination vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    species vulnerability to climate and land use change: the case projections of likely impacts of global change to identify the most vulner- able species. We suggest an original...

  7. V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department...

    Broader source: Energy.gov (indexed) [DOE]

    0: Adobe Flash Player AIR Multiple Vulnerabilities V-090: Adobe Flash Player AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player AIR...

  8. Multi-Level TESLA: Broadcast Authentication for Distributed Sensor Networks

    E-Print Network [OSTI]

    Ning, Peng

    Multi-Level µTESLA: Broadcast Authentication for Distributed Sensor Networks DONGGANG LIU and PENG named multi-level µTESLA based on µTESLA, a broadcast authentication protocol whose scalability is limited by its unicast-based initial parameter distribution. Multi-level µTESLA satisfies several nice

  9. On the construction of digest functions for manual authentication protocols

    E-Print Network [OSTI]

    Jeavons, Peter

    On the construction of digest functions for manual authentication protocols Abstract A digest. Frequently a digest function needs to have a very short output (e.g. 16­32 bits) and no key is used to digest, notably message authentication codes or MACs. Short digests can be constructed directly or by "condensing

  10. T-659: Update support for RSA Authentication Manager

    Broader source: Energy.gov [DOE]

    RSA posted SP4 Patch 4 of their Authentication Manager product 06/30/2011. There are a few pages of fixes in the README, but the most significant is that Authentication Manager can now be installed on Windows Server 2008 (both 32 and 64bit).

  11. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier, E-mail: jjtoroca@unal.edu.co [Institute of Environmental Studies, National University of Colombia, Bogota (Colombia); Duarte, Oscar, E-mail: ogduartev@unal.edu.co [Department of Electrical and Electronics Engineering, National University of Colombia, Bogota (Colombia); Requena, Ignacio, E-mail: requena@decsai.ugr.es [Department of Computer Science and Artificial Intelligence, University of Granada (Spain); Zamorano, Montserrat, E-mail: zamorano@ugr.es [Department of Civil Engineering, University of Granada (Spain)

    2012-01-15T23:59:59.000Z

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  12. Authenticating concealed private data while maintaining concealment

    DOE Patents [OSTI]

    Thomas, Edward V. (Albuquerque, NM); Draelos, Timothy J. (Albuquerque, NM)

    2007-06-26T23:59:59.000Z

    A method of and system for authenticating concealed and statistically varying multi-dimensional data comprising: acquiring an initial measurement of an item, wherein the initial measurement is subject to measurement error; applying a transformation to the initial measurement to generate reference template data; acquiring a subsequent measurement of an item, wherein the subsequent measurement is subject to measurement error; applying the transformation to the subsequent measurement; and calculating a Euclidean distance metric between the transformed measurements; wherein the calculated Euclidean distance metric is identical to a Euclidean distance metric between the measurement prior to transformation.

  13. Hardware authentication using transmission spectra modified optical fiber.

    SciTech Connect (OSTI)

    Grubbs, Robert K.; Romero, Juan A.

    2010-09-01T23:59:59.000Z

    The ability to authenticate the source and integrity of data is critical to the monitoring and inspection of special nuclear materials, including hardware related to weapons production. Current methods rely on electronic encryption/authentication codes housed in monitoring devices. This always invites the question of implementation and protection of authentication information in an electronic component necessitating EMI shielding, possibly an on board power source to maintain the information in memory. By using atomic layer deposition techniques (ALD) on photonic band gap (PBG) optical fibers we will explore the potential to randomly manipulate the output spectrum and intensity of an input light source. This randomization could produce unique signatures authenticating devices with the potential to authenticate data. An external light source projected through the fiber with a spectrometer at the exit would 'read' the unique signature. No internal power or computational resources would be required.

  14. Fragile Networks: Identifying Vulnerabilities and Synergies

    E-Print Network [OSTI]

    Nagurney, Anna

    , Efficiency Measurement, and Vulnerability Analysis · Part II: Applications and Extensions · Part III: Mergers the foundations for transportation and logistics, for communication, energy provision, social interactions as the major theme. #12;Interdisciplinary Impact of Networks Networks Energy Manufacturing Telecommunications

  15. Structural Vulnerability Assessment of Electric Power Grids

    E-Print Network [OSTI]

    Koç, Yakup; Kooij, Robert E; Brazier, Frances M T

    2013-01-01T23:59:59.000Z

    Cascading failures are the typical reasons of black- outs in power grids. The grid topology plays an important role in determining the dynamics of cascading failures in power grids. Measures for vulnerability analysis are crucial to assure a higher level of robustness of power grids. Metrics from Complex Networks are widely used to investigate the grid vulnerability. Yet, these purely topological metrics fail to capture the real behaviour of power grids. This paper proposes a metric, the effective graph resistance, as a vulnerability measure to de- termine the critical components in a power grid. Differently than the existing purely topological measures, the effective graph resistance accounts for the electrical properties of power grids such as power flow allocation according to Kirchoff laws. To demonstrate the applicability of the effective graph resistance, a quantitative vulnerability assessment of the IEEE 118 buses power system is performed. The simulation results verify the effectiveness of the effect...

  16. CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR

    E-Print Network [OSTI]

    CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR CALIFORNIA Legal Analysis of Barriers's California Climate Change Center JULY 2012 CEC5002012019 Prepared for: California Energy Commission to that framework that would facilitate adaptation to climate change. Since such changes may be difficult

  17. Cancer Vulnerabilities Unveiled by Genomic Loss

    E-Print Network [OSTI]

    Nijhawan, Deepak

    Due to genome instability, most cancers exhibit loss of regions containing tumor suppressor genes and collateral loss of other genes. To identify cancer-specific vulnerabilities that are the result of copy number losses, ...

  18. U-104: Adobe Flash Player Multiple Vulnerabilities | Department...

    Broader source: Energy.gov (indexed) [DOE]

    have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and...

  19. Thermal Reliability Study of Bypass Diodes in Photovoltaic Modules (Poster)

    SciTech Connect (OSTI)

    Zhang, Z.; Wohlgemuth, J.; Kurtz, S.

    2013-05-01T23:59:59.000Z

    This paper presents the result of high-temperature durability and thermal cycling testing and analysis for the selected diodes to study the detail of the thermal design and relative long-term reliability of the bypass diodes used to limit the detrimental effects of module hot-spot susceptibility.

  20. authenticated key agreement: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    desirable attributes. Index Terms--Mutual Authentication; Key Management; SRP; Security; Smart Meter; Smart Leung, Victor C.M. 53 On the security of some password-based key...

  1. Stronger security bounds for WegmanCarterShoup authenticators

    E-Print Network [OSTI]

    Bernstein, Daniel

    Stronger security bounds for Wegman­Carter­Shoup authenticators Daniel J. Bernstein # Department, Wegman­Carter, provable security 1 Introduction This paper proves that various state­of­the­art 128­bit

  2. Authenticated Encryption: How Reordering can Impact Performance Basel Alomair

    E-Print Network [OSTI]

    ciphertext blocks are then authenticated using a MAC based on a universal hash-function family (in the Carter-Wegman encryption [30]. The GCM standard is based on the Carter- Wegman Counter (CWC) blockcipher mode

  3. austrian meat authenticity: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is...

  4. V-231: Cisco Identity Services Engine Discloses Authentication...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    form fields. A remote or local user can conduct a cross-site scripting or clickjacking attack to access the username and password of an authenticated session. IMPACT: Disclosure of...

  5. Understanding 'It': Affective Authenticity, Space, and the Phish Scene

    E-Print Network [OSTI]

    Yeager, Elizabeth Anne

    2011-04-26T23:59:59.000Z

    "Understanding It: Affective Authenticity, Space, and the Phish Scene" is an ethnographic study of "scene identity" around the contemporary rock band Phish. Utilizing data generated from six years of ethnographic fieldwork, ...

  6. Authenticity and Physiological Changes during Defensive Verbal Response

    E-Print Network [OSTI]

    Yen, Yana

    2013-08-31T23:59:59.000Z

    who are more authentic experience higher subjective well-being because they feel in control of their self (Kifer, Heller, Perunovic, & Galinsky, 2013). Thus, by paying attention to how one’s cognitions, physiology, and behavior support or challenge...

  7. Secure password-based authenticated key exchange for web services

    SciTech Connect (OSTI)

    Liang, Fang; Meder, Samuel; Chevassut, Olivier; Siebenlist, Frank

    2004-11-22T23:59:59.000Z

    This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

  8. U-084: Cisco Digital Media Manager Lets Remote Authenticated...

    Broader source: Energy.gov (indexed) [DOE]

    authenticated user can gain elevated privileges on the target system. PLATFORM: Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3 ABSTRACT: The system does not...

  9. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  10. Analog Video Authentication and Seal Verification Equipment Development

    SciTech Connect (OSTI)

    Gregory Lancaster

    2012-09-01T23:59:59.000Z

    Under contract to the US Department of Energy in support of arms control treaty verification activities, the Savannah River National Laboratory in conjunction with the Pacific Northwest National Laboratory, the Idaho National Laboratory and Milagro Consulting, LLC developed equipment for use within a chain of custody regime. This paper discussed two specific devices, the Authentication Through the Lens (ATL) analog video authentication system and a photographic multi-seal reader. Both of these devices have been demonstrated in a field trial, and the experience gained throughout will also be discussed. Typically, cryptographic methods are used to prove the authenticity of digital images and video used in arms control chain of custody applications. However, in some applications analog cameras are used. Since cryptographic authentication methods will not work on analog video streams, a simple method of authenticating analog video was developed and tested. A photographic multi-seal reader was developed to image different types of visual unique identifiers for use in chain of custody and authentication activities. This seal reader is unique in its ability to image various types of seals including the Cobra Seal, Reflective Particle Tags, and adhesive seals. Flicker comparison is used to compare before and after images collected with the seal reader in order to detect tampering and verify the integrity of the seal.

  11. Assessment of Chemical and Radiological Vulnerabilities

    SciTech Connect (OSTI)

    SETH, S.S.

    2000-05-17T23:59:59.000Z

    Following the May 14, 1997 chemical explosion at Hanford's Plutonium Reclamation Facility, the Department of Energy Richland Operations Office and its prime contractor, Fluor Hanford, Inc., completed an extensive assessment to identify and address chemical and radiological safety vulnerabilities at all facilities under the Project Hanford Management Contract. This was a challenging undertaking because of the immense size of the problem, unique technical issues, and competing priorities. This paper focuses on the assessment process, including the criteria and methodology for data collection, evaluation, and risk-based scoring. It does not provide details on the facility-specific results and corrective actions, but discusses the approach taken to address the identified vulnerabilities.

  12. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  13. Bluetooth Vulnerabilities ECE 478 Winter 05

    E-Print Network [OSTI]

    Bluetooth Vulnerabilities ECE 478 Winter 05 Victor Yee #12;Topics · What is Bluetooth? · History ­ Automobiles #12;What is Bluetooth? · Short-range (10m-100m) wireless specification · Operating at 2.4GHz radio 2Mb/s #12;History · Named from Danish King Harold Bluetooth from the 10th century ­ instrumental

  14. WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE

    E-Print Network [OSTI]

    WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

  15. The 2011 Military Communications Conference -Track 3 -Cyber Security and Network Operations From Security to Vulnerability: Data Authentication

    E-Print Network [OSTI]

    Wang, Wenye

    lines and transform ers [5], to perform critical functions of energy transmission and distributionThe 2011 Military Communications Conference - Track 3 - Cyber Security and Network Operations From Wang· Zhuo Lu* Jianfeng Mat "Department of Electrical and Computer Engineering, NC State University

  16. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  17. PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE

    E-Print Network [OSTI]

    Hultman, Nathan E.

    PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

  18. Empirical Estimates and Observations of 0Day Vulnerabilities

    SciTech Connect (OSTI)

    Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

    2009-01-01T23:59:59.000Z

    We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

  19. DECISION-MAKING AND THE VULNERABILITY OF INTERDEPENDENT CRITICAL

    E-Print Network [OSTI]

    Wang, Hai

    , telecommunications, water supply, wastewater, electric power and other energy infrastructure. Event databasesDECISION-MAKING AND THE VULNERABILITY OF INTERDEPENDENT CRITICAL INFRASTRUCTURE Zimmerman, R interdependencies, extreme events, vulnerability assessment 1 Introduction The provision of infrastructure services

  20. Cyber Vulnerability Disclosure Policies for the Department of Electrical and

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    Cyber Vulnerability Disclosure Policies for the Smart Grid Adam Hahn Department of Electrical ATTRIBUTES The "Vulnerability Disclosure Framework" developed by the National Infrastructure Advisory Council Department of Electrical and Computer Engineering Iowa State University Ames, IA 50011 Email: gmani

  1. Vulnerability assessment of water supply systems for insufficient fire flows

    E-Print Network [OSTI]

    Kanta, Lufthansa Rahman

    2009-05-15T23:59:59.000Z

    supply systems are vulnerable to many forms of terrorist acts, most of the vulnerability analysis studies on these systems have been for chemical and biological threats. Because of the interdependency of water supply infrastructure and emergency fire...

  2. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  3. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution...

    Office of Environmental Management (EM)

    can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid...

  4. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  5. V-195: RSA Authentication Manager Lets Local Users View the Administra...

    Broader source: Energy.gov (indexed) [DOE]

    (Patch 26 (P26) for RSA Authentication Manager 7.1 Service Pack 4 (SP4) and Appliance 3.0 SP4; Patch 2 (P2) for RSA Authentication Manager 8.0). Addthis Related Articles T-704:...

  6. Efficient authentication scheme for data aggregation in smart grid with fault tolerance and fault diagnosis

    E-Print Network [OSTI]

    Li, Depeng

    Authentication schemes relying on per-packet signature and per-signature verification introduce heavy cost for computation and communication. Due to its constraint resources, smart grid's authentication requirement cannot ...

  7. U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated...

    Broader source: Energy.gov (indexed) [DOE]

    PostgreSQL. PLATFORM: Version(s): prior to 8.3.18, 8.4.11, 9.0.7, 9.1.3 ABSTRACT: A remote authenticated user can gain elevated privileges. A remote authenticated user can inject...

  8. Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding author)

    E-Print Network [OSTI]

    Doran, Simon J.

    1 Specifying authentication using signal events in CSP Siraj A. Shaikh (first and corresponding in the process algebra Communicating Sequential Processes (CSP) to specify authentication. The purpose, security protocols, CSP, formal specification, Kerberos 1. Introduction Schneider [1] uses Communicating

  9. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01T23:59:59.000Z

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

  10. The fragility of AES-GCM authentication algorithm Shay Gueron1,2

    E-Print Network [OSTI]

    for the authentication. The GHASH algorithm is a special form of the Carter-Wegman polynomial evaluation MAC. Each 16

  11. The TESLA Broadcast Authentication Protocol Adrian Perrig Ran Canetti J. D. Tygar Dawn Song

    E-Print Network [OSTI]

    Tygar, Doug

    The TESLA Broadcast Authentication Protocol Adrian Perrig Ran Canetti J. D. Tygar Dawn Song presents the TESLA (Timed Efficient Stream Loss-tolerant Authentication) broadcast authentication protocol of receivers, and tolerates packet loss. TESLA is based on loose time synchronization between the sender

  12. Building the Big Message Authentication Code Dale R. THOMPSON, J. Brad MAXWELL, and James P. PARKERSON

    E-Print Network [OSTI]

    Thompson, Dale R.

    Building the Big Message Authentication Code Dale R. THOMPSON, J. Brad MAXWELL, and James P.S.A. ABSTRACT Message Authentication Codes (MAC) are used to ensure the integrity of digital content is not compromised and to authenticate the sender. A MAC can be constructed by using a message digest and a shared

  13. University of Newcastle upon Tyne Evaluation of Authorization-Authentication Tools: PERMIS, OASIS,

    E-Print Network [OSTI]

    Newcastle upon Tyne, University of

    -Authentication Tools: PERMIS, OASIS, XACML & SHIBOLETH J. Wu and P. Periorellis TECHNICAL REPORT SERIES No. CS-TR-935 of Authorization-Authentication Tools: PERMIS, OASIS, XACML & SHIBOLETH J. Wu, P. Periorellis Abstract GOLD (Grid., PERIORELLIS, P.. Evaluation of Authorization-Authentication Tools: PERMIS, OASIS, XACML & SHIBOLETH [By] J. Wu

  14. The order of encryption and authentication for protecting communications (Or: how secure is SSL?)

    E-Print Network [OSTI]

    The order of encryption and authentication for protecting communications (Or: how secure is SSL and authentication, including the authenticate-then-encrypt method used in SSL, are not generically secure. We show with a random or pseudorandom pad). Thus, while we show the generic security of SSL to be broken, the current

  15. Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication

    E-Print Network [OSTI]

    Basin, David

    , or authentication of transmitted data [27,33]. The ISO (International Organization for Standardization) and IECProvably Repairing the ISO/IEC 9798 Standard for Entity Authentication David Basin, Cas Cremers the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous

  16. Alteration of the groundwater table due to construction of a floodplain bypass at Upper Pine Creek, Concord, California

    E-Print Network [OSTI]

    Williams, John L III

    2003-01-01T23:59:59.000Z

    66 Exploratory Boring 67 Natural Creek 72 Floodplain BypassChannel 78 Floodplain Bypass Channel 65 Natural Creek 69Natural Creek Table 2 Post-Project Groundwater Table Raw

  17. Dead Block Replacement and Bypass with a Sampling Predictor Daniel A. Jimenez

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Dead Block Replacement and Bypass with a Sampling Predictor Daniel A. Jim´enez Department of Computer Science The University of Texas at San Antonio Abstract We present a cache replacement and bypass policy driven by dead block prediction. A block is considered dead is it will be replaced before

  18. Rankine cycle condenser pressure control using an energy conversion device bypass valve

    DOE Patents [OSTI]

    Ernst, Timothy C; Nelson, Christopher R; Zigan, James A

    2014-04-01T23:59:59.000Z

    The disclosure provides a waste heat recovery system and method in which pressure in a Rankine cycle (RC) system of the WHR system is regulated by diverting working fluid from entering an inlet of an energy conversion device of the RC system. In the system, an inlet of a controllable bypass valve is fluidly coupled to a working fluid path upstream of an energy conversion device of the RC system, and an outlet of the bypass valve is fluidly coupled to the working fluid path upstream of the condenser of the RC system such that working fluid passing through the bypass valve bypasses the energy conversion device and increases the pressure in a condenser. A controller determines the temperature and pressure of the working fluid and controls the bypass valve to regulate pressure in the condenser.

  19. Preliminary Study of Bypass Flow in Prismatic Core of Very High Temperature Reactor Using Small-Scale Model 

    E-Print Network [OSTI]

    Kanjanakijkasem, Worasit 1975-

    2012-11-29T23:59:59.000Z

    . Bypass flow experiments are conducted by using three small-scale models of prismatic blocks. They are stacked in a test section to form bypass gaps of single-layer blocks as exist in prismatic core of VHTR. Three bypass gap widths set in air and water...

  20. Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 8th Keystroke Biometric Test-Taker Authentication System

    E-Print Network [OSTI]

    Tappert, Charles

    Biometric Test-Taker Authentication System Michael Wuench, Mingfei Bi, Evelin Urbaez, Shaji Mary Varghese

  1. Title of Dissertation: EPISTEMOLOGICAL AUTHENTICITY IN SCIENCE CLASSROOMS

    E-Print Network [OSTI]

    Maryland at College Park, University of

    ABSTRACT Title of Dissertation: EPISTEMOLOGICAL AUTHENTICITY IN SCIENCE CLASSROOMS Paul S. Hutchison, Ph.D., 2008 Dissertation Directed By: Professor David Hammer, Departments of Curriculum Dissertation submitted to the Faculty of the Graduate School of the University of Maryland, College Park

  2. Authentication Control Point and Its Implications For Secure Processor Design

    E-Print Network [OSTI]

    Lee, Hsien-Hsin "Sean"

    Authentication Control Point and Its Implications For Secure Processor Design Weidong Shi Hsien. Despite a number of secure processor designs have been proposed, the delicate relationship between privacy and integrity protection in the context of modern out-of-order processor design is not well understood

  3. Bucket Hashing and its Application to Fast Message Authentication

    E-Print Network [OSTI]

    Bernstein, Daniel

    the contents of each bucket; then collect up all the buckets' contents. Used in the context of Wegman to authenticate. But it is well­known that this reasoning is specious: in particular, Wegman and Carter [32. In the Wegman--Carter approach communicating parties S and V share a secret key k = (h; P ) which specifies both

  4. Key recycling in authentication Christopher Portmann #1,2

    E-Print Network [OSTI]

    , Switzerland. May 31, 2012 Abstract In their seminal work on authentication, Wegman and Carter pro­ pose of rounds it is completely known. We show however that this leak is very small, and Wegman and Carter, and in their seminal work [1], Wegman and Carter showed that it can be achieved with information­theoretic security

  5. Key recycling in authentication Christopher Portmann1,2

    E-Print Network [OSTI]

    , Switzerland. May 31, 2012 Abstract In their seminal work on authentication, Wegman and Carter pro- pose finite amount of rounds it is completely known. We show however that this leak is very small, and Wegman], Wegman and Carter showed that it can be achieved with information-theoretic security by appending a tag

  6. Patent-Free Authenticated-Encryption As Fast As OCB

    E-Print Network [OSTI]

    Krovetz, Ted

    . Encryption is achieved via counter-mode while authenti- cation uses the Wegman-Carter paradigm. A single encryption and authentication under a single key. Some of the modes also switch to faster Wegman to nearly x cpb because recent Wegman-Carter schemes are as fast as 0.5 cpb--much faster than any known

  7. Universal hashing and authentication codes 1 D. R. Stinson

    E-Print Network [OSTI]

    Stinson, Douglas

    authentication codes without secrecy. This idea is due to Wegman and Carter [14], who gave a construction which states (plaintext messages). We generalize the Wegman and Carter construction by formally de#12;ning some to decrease the key length by a factor of four (roughly) compared to the Wegman and Carter construction, while

  8. Behavioral Authentication of Server Flows James P. Early

    E-Print Network [OSTI]

    Rosenberg, Catherine P.

    Behavioral Authentication of Server Flows James P. Early Carla E. Brodley ˇ Catherine Rosenberg, in the presence of proxy servers that re-map port numbers or host services that have been compromised to act as backdoors or covert channels. We present an approach to classify server traffic based on decision trees

  9. Forging Attacks on two Authenticated Encryptions COBRA and POET

    E-Print Network [OSTI]

    Forging Attacks on two Authenticated Encryptions COBRA and POET Mridul Nandi Indian Statistical COBRA [4], based on pseudorandom per- mutation (PRP) blockcipher, and POET [3], based on Almost XOR and a simple vari- ant of the original proposal of POET (due to a forging attack [13] on the original proposal

  10. Authenticated Streamwise On-line Encryption Patrick P. Tsang

    E-Print Network [OSTI]

    and end-to-end latency. Also, ASOE provides data authenticity as an option. ASOE can therefore be used construction incurs zero end-to-end latency due to buffering and only 48 bytes of message expansion, regardless 7.3 End-to-end Latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 7

  11. SSL Splitting and Barnraising: Cooperative Caching with Authenticity Guarantees

    E-Print Network [OSTI]

    Gummadi, Ramakrishna

    SSL Splitting and Barnraising: Cooperative Caching with Authenticity Guarantees by Christopher T by . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Arthur C. Smith Chairman, Department Committee on Graduate Students #12;SSL Splitting and Barnraising for the degree of Master of Engineering in Electrical Engineering and Computer Science Abstract SSL splitting

  12. Non-Cryptographic Authentication and Identification in Wireless Networks

    E-Print Network [OSTI]

    California at Davis, University of

    1 Non-Cryptographic Authentication and Identification in Wireless Networks Kai Zeng, Kannan considered as potential alternatives/complements to provide security services in wireless networks identi- fication in wireless networks using lower/physical layer properties or information. We discuss

  13. A Hybrid Authentication and Authorization Process for Control System Networks

    SciTech Connect (OSTI)

    Manz, David O.; Edgar, Thomas W.; Fink, Glenn A.

    2010-08-25T23:59:59.000Z

    Convergence of control system and IT networks require that security, privacy, and trust be addressed. Trust management continues to plague traditional IT managers and is even more complex when extended into control system networks, with potentially millions of entities, a mission that requires 100% availability. Yet these very networks necessitate a trusted secure environment where controllers and managers can be assured that the systems are secure and functioning properly. We propose a hybrid authentication management protocol that addresses the unique issues inherent within control system networks, while leveraging the considerable research and momentum in existing IT authentication schemes. Our hybrid authentication protocol for control systems provides end device to end device authentication within a remote station and between remote stations and control centers. Additionally, the hybrid protocol is failsafe and will not interrupt communication or control of vital systems in a network partition or device failure. Finally, the hybrid protocol is resilient to transitory link loss and can operate in an island mode until connectivity is reestablished.

  14. ELmE : A Misuse Resistant Parallel Authenticated Encryption

    E-Print Network [OSTI]

    -Encrypt constructions (inherently inefficient but provide full pri- vacy) and online constructions, e.g., McOE, sponge bottleneck in processing associated data. In this paper, we design a new online secure authenticated in associated data) and pipeline implementable. It also provides full privacy when associated data (which

  15. Using a PVS Embedding of CSP to Verify Authentication Protocols

    E-Print Network [OSTI]

    Doran, Simon J.

    Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a veri cation method described in 14]. The PVS formalization consists of a semantic embedding of CSP]. In 14], Schneider presents such a method based on CSP 7]. The approach relies onageneral

  16. Using a PVS Embedding of CSP to Verify Authentication Protocols

    E-Print Network [OSTI]

    Dutertre, Bruno

    Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a veri cation method described in 14]. The PVS formalization consists of a semantic embedding of CSP, 16, 12, 9]. In 14], Schneider presents such a method based on CSP 7]. The approach relies onageneral

  17. Using a PVS Embedding of CSP to Verify Authentication Protocols

    E-Print Network [OSTI]

    Dutertre, Bruno

    Using a PVS Embedding of CSP to Verify Authentication Protocols To be presented at TPHOLs'97, Bell for a verification method described in [14]. The PVS formalization consists of a semantic embedding of CSP for this purpose [3, 16, 12, 9]. In [14], Schneider presents such a method based on CSP [7]. The approach relies

  18. An Authentication and Security Protocol for Mobile Computing

    E-Print Network [OSTI]

    Zheng, Yuliang

    networks such as public switched telephone/data networks, and hence many security issues with wire-line-air transmission of signals and low power supply of a mobile user. #12;When examining security in a wirelessAn Authentication and Security Protocol for Mobile Computing Yuliang Zheng Monash University Mc

  19. Cryptanalysis of a recent two factor authentication scheme

    E-Print Network [OSTI]

    Centre Dublin City University Ballymun, Dublin 9, Ireland. mike.scott@certivox.com Abstract. Very recently a scheme has been proposed by Wang and Ma for a robust smart-card based password authentication scheme, which claims to be secure against a Smart Card security breach. In this short note we attempt

  20. Cryptanalysis of Two Dynamic IDbased Remote User Authentication Schemes for

    E-Print Network [OSTI]

    University, Harbin City 150001, China 2 Automobile Management Institute of PLA, Bengbu City 233011, China guessing attack under their non­tamper resistance assumption of the smart card; (2) It fails to provide of schemes. Keywords: Cryptanalysis, Authentication protocol, O#ine password guessing attack, Smart card

  1. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan, E-mail: yungjaanlee@gmail.com

    2014-01-15T23:59:59.000Z

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: • This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. • Seventeen social vulnerability indicators are categorized into four dimensions. • This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. • 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. • This study provides a foundation for sustainable strategic planning to deal with environmental change. • Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  2. T-608: HP Virtual Server Environment Lets Remote Authenticated Users Gain Elevated Privileges

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges.

  3. C. T. Lin, S. P. Shieh / Chain Authentication in Mobile Communication Systems Chain Authentication in Mobile Communication

    E-Print Network [OSTI]

    Shieh, Shiuhpyng Winston

    , video, image, and data, be available anytime and everywhere to everybody. The Federal Communications Commission (FCC), U. S. A., defines personal communications services as "a family of mobile or portable radioC. T. Lin, S. P. Shieh / Chain Authentication in Mobile Communication Systems 1 Chain

  4. New pathway to bypass the 15O waiting point

    E-Print Network [OSTI]

    I. Stefan; F. de Oliveira Santos; M. G. Pellegriti; G. Dumitru; J. C. Angélique; M. Angélique; E. Berthoumieux; A. Buta; R. Borcea; A. Coc; J. M. Daugas; T. Davinson; M. Fadil; S. Grévy; J. Kiener; A. Lefebvre-Schuhl; M. Lenhardt; M. Lewitowicz; F. Negoita; D. Pantelica; L. Perrot; O. Roig; M. G. Saint Laurent; I. Ray; O. Sorlin; M. Stanoiu; C. Stodel; V. Tatischeff; J. C. Thomas

    2006-04-14T23:59:59.000Z

    We propose the sequential reaction process $^{15}$O($p$,$\\gamma)(\\beta^{+}$)$^{16}$O as a new pathway to bypass of the $^{15}$O waiting point. This exotic reaction is found to have a surprisingly high cross section, approximately 10$^{10}$ times higher than the $^{15}$O($p$,$\\beta^{+}$)$^{16}$O. These cross sections were calculated after precise measurements of energies and widths of the proton-unbound $^{16}$F low lying states, obtained using the H($^{15}$O,p)$^{15}$O reaction. The large $(p,\\gamma)(\\beta^{+})$ cross section can be understood to arise from the more efficient feeding of the low energy wing of the ground state resonance by the gamma decay. The implications of the new reaction in novae explosions and X-ray bursts are discussed.

  5. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G. (University of New Mexico); Pedretti, Kevin Thomas Tauke; Mueller, Frank (North Carolina State University); Fiala, David (North Carolina State University); Brightwell, Ronald Brian

    2012-05-01T23:59:59.000Z

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power...

  7. T-566: Citrix Secure Gateway Unspecified Vulnerability | Department...

    Broader source: Energy.gov (indexed) [DOE]

    has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia...

  8. Antioch University and EPA Webinar: Assessing Vulnerability of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Webinar: Assessing Vulnerability of Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape Antioch University and EPA Webinar: Assessing...

  9. areas vulnerabilities impacts: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    on residential electricity consumption for the nine San Francisco Bay Area counties 22 Seismic vulnerability analysis of moderate seismicity areas using in situ experimental...

  10. assessing infrastructure vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Websites Summary: , by improving the seismic hazard evaluation using probabilistic seismic hazard assessment (PSHA) methodsSeismic vulnerability assessment to slight dam- age...

  11. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Broader source: Energy.gov (indexed) [DOE]

    DMZs, the corporate network, and the outside. In an on-site assessment, while scanning for vulnerabilities on the CS network, the assessment team discovered IP addresses...

  12. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  13. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A...

  14. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  15. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates...

  16. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic...

  17. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    Sub-national Planners Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners...

  18. Empirical Estimates of 0Day Vulnerabilities in Control Systems

    SciTech Connect (OSTI)

    Miles A. McQueen; Wayne F. Boyer; Sean M. McBride; Trevor A. McQueen

    2009-01-01T23:59:59.000Z

    We define a 0Day vulnerability to be any vulnerability, in deployed software, which has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to well managed control systems which have already effectively mitigated the publicly known vulnerabilities. In these well managed systems the risk contribution from 0Days will have proportionally increased. To aid understanding of how great a risk 0Days may pose to control systems, an estimate of how many are in existence is needed. Consequently, using the 0Day definition given above, we developed and applied a method for estimating how many 0Day vulnerabilities are in existence on any given day. The estimate is made by: empirically characterizing the distribution of the lifespans, measured in days, of 0Day vulnerabilities; determining the number of vulnerabilities publicly announced each day; and applying a novel method for estimating the number of 0Day vulnerabilities in existence on any given day using the number of vulnerabilities publicly announced each day and the previously derived distribution of 0Day lifespans. The method was first applied to a general set of software applications by analyzing the 0Day lifespans of 491 software vulnerabilities and using the daily rate of vulnerability announcements in the National Vulnerability Database. This led to a conservative estimate that in the worst year there were, on average, 2500 0Day software related vulnerabilities in existence on any given day. Using a smaller but intriguing set of 15 0Day software vulnerability lifespans representing the actual time from discovery to public disclosure, we then made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day software vulnerabilities in existence on any given day. We then proceeded to identify the subset of software applications likely to be used in some control systems, analyzed the associated subset of vulnerabilities, and characterized their lifespans. Using the previously developed method of analysis, we very conservatively estimated 250 control system related 0Day vulnerabilities in existence on any given day. While reasonable, this first order estimate for control systems is probably far more conservative than those made for general software systems since the estimate did not include vulnerabilities unique to control system specific components. These control system specific vulnerabilities were unable to be included in the estimate for a variety of reasons with the most problematic being that the public announcement of unique control system vulnerabilities is very sparse. Consequently, with the intent to improve the above 0Day estimate for control systems, we first identified the additional, unique to control systems, vulnerability estimation constraints and then investigated new mechanisms which may be useful for estimating the number of unique 0Day software vulnerabilities found in control system components. We proceeded to identify a number of new mechanisms and approaches for estimating and incorporating control system specific vulnerabilities into an improved 0Day estimation method. These new mechanisms and approaches appear promising and will be more rigorously evaluated during the course of the next year.

  19. Direct Proof of Security of Wegman-Carter Authentication with Partially Known Key

    E-Print Network [OSTI]

    Aysajan Abidin; Jan-Ĺke Larsson

    2013-03-01T23:59:59.000Z

    Information-theoretically secure (ITS) authentication is needed in Quantum Key Distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman & Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal$_2$ hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the Universal Composability (UC) framework. We find that if the authentication procedure has a failure probability $\\epsilon$ and the authentication key has an $\\epsilon'$ trace distance to the uniform, then under ITS, the adversary's success probability conditioned on an authentic message-tag pair is only bounded by $\\epsilon+|\\mT|\\epsilon'$, where $|\\mT|$ is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to $|\\mT|\\epsilon'$ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than $\\epsilon+\\epsilon'$. This proves that the scheme is ($\\epsilon+\\epsilon'$)-UC-secure, without using the composability theorem.

  20. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton (Albuquerque, NM); Phillips, Cynthia A. (Albuquerque, NM)

    2006-03-14T23:59:59.000Z

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  1. Demonstration of a hitless bypass switch using nanomechanical perturbation for high-bitrate transparent networks

    E-Print Network [OSTI]

    Chatterjee, Rohit

    We demonstrate an optical hitless bypass switch based on nanomechanical proximity perturbation for high-bitrate transparent networks. Embedded in a single-level ?-imbalanced Mach-Zehnder interferometer, the two ...

  2. Asynchronous Bypass Channels Improving Performance for Multi-synchronous Network-on-chips

    E-Print Network [OSTI]

    Jain, Tushar Naveen Kumar

    2011-10-21T23:59:59.000Z

    microarchitecture which offers superior performance versus typical synchroniz- ing router designs. Our approach features Asynchronous Bypass Channels (ABCs) at intermediate nodes thus avoiding synchronization delay. We also propose a new network topology and routing...

  3. Importance-Scanning Worm Using Vulnerable-Host Distribution

    E-Print Network [OSTI]

    Ji, Chuanyi

    Importance-Scanning Worm Using Vulnerable-Host Distribution Zesheng Chen School of Electrical scanning. The distribution of vulnerable hosts on the Internet, however, is highly non- uniform over the IP-address space. This implies that random scanning wastes many scans on invulnerable addresses, and more virulent

  4. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  5. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  6. Defense of Trust Management Vulnerabilities in Distributed Networks

    E-Print Network [OSTI]

    Sun, Yan Lindsay

    Defense of Trust Management Vulnerabilities in Distributed Networks Yan (Lindsay) Sun , Zhu Han into distributed networks, the vulnerabilities in trust establishment methods, and the defense mechanisms. Five networks inherently rely on cooper- ation among distributed entities. However, coopera- tion is fragile

  7. Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011

    E-Print Network [OSTI]

    Pawlowski, Wojtek

    Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011 The following) section on Chemical-Terrorism Vulnerability Information (CVI) 6 CFR 27.400. The Program Manager's comments.215; Not currently applicable (2) Site Security Plans under §27.225; Not currently applicable (3) Documents relating

  8. Experimental and Analytic Study on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Richard Schultz

    2012-04-01T23:59:59.000Z

    Core bypass flow has been one of key issues in the very high temperature reactor (VHTR) design for securing core thermal margins and achieving target temperatures at the core exit. The bypass flow in a prismatic VHTR core occurs through the control element holes and the radial and axial gaps between the graphite blocks for manufacturing and refueling tolerances. These gaps vary with the core life cycles because of the irradiation swelling/shrinkage characteristic of the graphite blocks such as fuel and reflector blocks, which are main components of a core's structure. Thus, the core bypass flow occurs in a complicated multidimensional way. The accurate prediction of this bypass flow and counter-measures to minimize it are thus of major importance in assuring core thermal margins and securing higher core efficiency. Even with this importance, there has not been much effort in quantifying and accurately modeling the effect of the core bypass flow. The main objectives of this project were to generate experimental data for validating the software to be used to calculate the bypass flow in a prismatic VHTR core, validate thermofluid analysis tools and their model improvements, and identify and assess measures for reducing the bypass flow. To achieve these objectives, tasks were defined to (1) design and construct experiments to generate validation data for software analysis tools, (2) determine the experimental conditions and define the measurement requirements and techniques, (3) generate and analyze the experimental data, (4) validate and improve the thermofluid analysis tools, and (5) identify measures to control the bypass flow and assess its performance in the experiment.

  9. Analyses Of Two End-User Software Vulnerability Exposure Metrics

    SciTech Connect (OSTI)

    Jason L. Wright; Miles McQueen; Lawrence Wellman

    2012-08-01T23:59:59.000Z

    The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

  10. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael (Knoxville, TN); Klatt, Leon N. (Oak Ridge, TN)

    2001-01-01T23:59:59.000Z

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters, the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided&

  11. Counterfeit-resistant materials and a method and apparatus for authenticating materials

    DOE Patents [OSTI]

    Ramsey, J. Michael (Knoxville, TN); Klatt, Leon N. (Oak Ridge, TN)

    2000-01-01T23:59:59.000Z

    Fluorescent dichroic fibers randomly incorporated within a media provide an improved method for authentication and counterfeiting protection. The dichroism is provided by an alignment of fluorescent molecules along the length of the fibers. The fluorescent fibers provide an authentication mechanism of varying levels of capability. The authentication signature depends on four parameters; the x,y position, the dichroism and the local environment. The availability of so many non-deterministic variables makes production of counterfeit articles (e.g., currency, credit cards, etc.) essentially impossible. Counterfeit-resistant articles, an apparatus for authenticating articles, and a process for forming counterfeit-resistant media are also provided.

  12. New foundations for efficient authentication, commutative cryptography, and private disjointness testing

    E-Print Network [OSTI]

    Weis, Stephen August, 1978-

    2006-01-01T23:59:59.000Z

    This dissertation presents new constructions and security definitions related to three areas: authentication, cascadable and commutative crytpography, and private set operations. Existing works relevant to each of these ...

  13. V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabili...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2) An error within DIGEST authentication mechanism does not properly check server nonces. This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and...

  14. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  15. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

    2012-01-01T23:59:59.000Z

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  16. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10T23:59:59.000Z

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  17. ACCEPTED BY IEEE TRANSACTIONS ON IMAGE PROCESSING, JULY 28, 2014. 1 On Continuous User Authentication via Typing

    E-Print Network [OSTI]

    such as keystroke dynamics (KD), TB provides reliable authentication with a short delay, while avoiding explicit key-logging

  18. T-606: Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data

    Broader source: Energy.gov [DOE]

    Sun Java System Access Manager Lets Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data.

  19. The TESLA Broadcast Authentication Protocol Adrian Perrig Ran Canetti J. D. Tygar Dawn Song

    E-Print Network [OSTI]

    Xu, Wenyuan

    The TESLA Broadcast Authentication Protocol Adrian Perrig Ran Canetti J. D. Tygar Dawn Song presents the TESLA (Timed Efficient Stream Loss-tolerant Authentication) broadcast au- thentication numbers of receivers, and tolerates packet loss. TESLA is based on loose time synchro- nization between

  20. The TESLA Broadcast Authentication Protocol # Adrian Perrig Ran Canetti J. D. Tygar Dawn Song

    E-Print Network [OSTI]

    Perrig, Adrian

    The TESLA Broadcast Authentication Protocol # Adrian Perrig Ran Canetti J. D. Tygar Dawn Song presents the TESLA (Timed Efficient Stream Loss­tolerant Authentication) broadcast au­ thentication numbers of receivers, and tolerates packet loss. TESLA is based on loose time synchro­ nization between

  1. Proving Correctness of the Basic TESLA Multicast Stream Authentication Protocol with TAME

    E-Print Network [OSTI]

    Proving Correctness of the Basic TESLA Multicast Stream Authentication Protocol with TAME Presented, Washington, DC 20375 E-mail: archer@itd.nrl.navy.mil The TESLA multicast stream authentication protocol just been revealed. While an informal argument for the correctness of TESLA has been published

  2. Breaking POET Authentication with a Single Query Jian Guo, Jeremy Jean, Thomas Peyrin, and Lei Wang

    E-Print Network [OSTI]

    Breaking POET Authentication with a Single Query Jian Guo, J´er´emy Jean, Thomas Peyrin, and Lei article, we describe a very practical and simple attack on the au- thentication part of POET authenticated encryption mode proposed at FSE 2014. POET is a provably secure scheme that was designed to resist various

  3. SSL/TLS Session-Aware User Authentication Using a GAA Bootstrapped Key

    E-Print Network [OSTI]

    Sheldon, Nathan D.

    SSL/TLS Session-Aware User Authentication Using a GAA Bootstrapped Key Chunhua Chen1 , Chris J.mitchell@rhul.ac.uk Abstract. Most SSL/TLS-based electronic commerce (e-commerce) ap- plications (including Internet banking a server effectively, and because user authentication methods are typi- cally decoupled from SSL

  4. SSL/TLS Session-Aware User Authentication: A Lightweight Alternative to Client-Side Certificates

    E-Print Network [OSTI]

    Basin, David

    SSL/TLS Session-Aware User Authentication: A Lightweight Alternative to Client-Side Certificates E-Mail: basin@inf.ethz.ch Abstract Many SSL/TLS-based e-commerce applications employ traditional authentication mechanisms on the client side. These mechanisms--if decoupled from SSL/TLS session establishment

  5. SSL/TLS Session-Aware User Authentication Rolf Oppliger1

    E-Print Network [OSTI]

    Basin, David

    SSL/TLS Session-Aware User Authentication Revisited Rolf Oppliger1 , Ralf Hauser2 , and David Basin threat to SSL/TLS-based e-commerce applications. In [OHB06], we introduced the notion of SSL/TLS session-aware user authentication to protect SSL/TLS- based e-commerce applications against MITM attacks and we

  6. Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems

    E-Print Network [OSTI]

    Wang, Yongge

    Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems This paper studies the security requirements for remote authentication and communication in smart grid to smart grid systems. For example, in order to unlock the credentials stored in tamper

  7. A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication

    E-Print Network [OSTI]

    Paterson, Kenny

    to the pervasive electrical power grid. In particular, as commercial interest grows in grid computing, gridA Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication Jason propose a security infrastructure for grid applications, in which users are authenticated us- ing

  8. Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication

    E-Print Network [OSTI]

    Basin, David

    (International Organization for Standardization) and IEC (Interna- tional Electrotechnical Commission) jointlyProvably Repairing the ISO/IEC 9798 Standard for Entity Authentication David Basin, Cas Cremers the family of entity authentication proto- cols defined by the ISO/IEC 9798 standard and find numerous

  9. CSP, PVS and a Recursive Authentication Protocol Jeremy Bryans and Steve Schneider

    E-Print Network [OSTI]

    Doran, Simon J.

    CSP, PVS and a Recursive Authentication Protocol Jeremy Bryans and Steve Schneider Department In this paper we consider the nature of machine proofs used in the CSP approach to the veri cation of authentication protocols using the process algebra CSP Hoa85]. The CSP syntax provides a natural and precise way

  10. Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach

    E-Print Network [OSTI]

    Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach Ding Wang University, Beijing 100871, China 3 Automobile Management Institute of PLA, Bengbu City 233011, China wangdingg@mail.nankai.edu.cn Abstract. As the most prevailing two-factor authentication mechanism, smart

  11. Formal Analysis and Systematic Construction of Two-factor Authentication Scheme

    E-Print Network [OSTI]

    , Duncan S. Wong1 , Huaxiong Wang2 , and Xiaotie Deng1 1 Department of Computer Science City University-factor authentication mechanisms is based on smart card and user's password. Throughout the years, there have been many-resistant hash functions. Keywords: Authentication, Password, Smart Card, Guessing Attack 1 Introduction Password

  12. A Measurement Study on IKEv2 Authentication Performance in Wireless Networks

    E-Print Network [OSTI]

    Nřrvĺg, Kjetil

    . The performance cost evaluation of security protocols, such as the Internet key exchange version 2 (IKEv2 and IKEv2 in an OPNET simulation environment. They used pre-shared key (PSK) based authentication methodsA Measurement Study on IKEv2 Authentication Performance in Wireless Networks Zolt´an Faigl , Stefan

  13. Atomic-scale Authentication Using Resonant Tunnelling Diodes

    E-Print Network [OSTI]

    J. Roberts; I. E. Bagci; M. A. M. Zawawi; J. Sexton; N. Hulbert; Y. J. Noori; M. P. Young; C. S. Woodhead; M. Missous; M. A. Migliorato; U. Roedig; R. J. Young

    2015-02-23T23:59:59.000Z

    The rapid development of technology has provided a wealth of resources enabling the trust of everyday interactions to be undermined. Authentication schemes aim to address this challenge by providing proof of identity. This can be achieved by using devices that, when challenged, give unique but reproducible responses. At present, these distinct signatures are commonly generated by physically unclonable functions, or PUFs. These devices provide a straightforward measurement of a physical characteristic of their structure that has inherent randomness, due to imperfections in the manufacturing process. These hard-to-predict physical responses can generate a unique identity that can be used for authentication without relying on the secrecy of stored data. However, the classical design of these devices limits both their size and security. Here we show that the extensively studied problematic fluctuations in the current-voltage measurements of resonant tunnelling diodes (RTDs) provide an uncomplicated, robust measurement that can function as a PUF without conventional resource limitations. This is possible due to quantum tunnelling within the RTD, and on account of these room temperature quantum effects, we term such devices QUFs - quantum unclonable functions. As a result of the current-voltage spectra being dependent on the atomic structure and composition of the nanostructure within the RTD, each device provides a high degree of uniqueness, whilst being impossible to clone or simulate, even with state-of-the-art technology. We have thus created PUF-like devices requiring the fewest resources which make use of quantum phenomena in a highly manufacturable electronic device operating at room temperature. Conventional spectral analysis techniques, when applied to our QUFs, will enable reliable generation of unpredictable unique identities which can be employed in advanced authentication systems.

  14. Final report and recommendations of the ESnet Authentication Pilot Project

    SciTech Connect (OSTI)

    Johnson, G.R.; Moore, J.P. [Pacific Northwest Lab., Richland, WA (United States); Athey, C.L. [Lawrence Livermore National Lab., CA (United States); Engert, D.E. [Argonne National Lab., IL (United States); Ramus, J.E. [National Energy Research Supercomputer Center, Livermore, CA (United States)

    1995-01-01T23:59:59.000Z

    To conduct their work, U.S. Department of Energy (DOE) researchers require access to a wide range of computing systems and information resources outside of their respective laboratories. Electronically communicating with peers using the global Internet has become a necessity to effective collaboration with university, industrial, and other government partners. DOE`s Energy Sciences Network (ESnet) needs to be engineered to facilitate this {open_quotes}collaboratory{close_quotes} while ensuring the protection of government computing resources from unauthorized use. Sensitive information and intellectual properties must be protected from unauthorized disclosure, modification, or destruction. In August 1993, DOE funded four ESnet sites (Argonne National Laboratory, Lawrence Livermore National Laboratory, the National Energy Research Supercomputer Center, and Pacific Northwest Laboratory) to begin implementing and evaluating authenticated ESnet services using the advanced Kerberos Version 5. The purpose of this project was to identify, understand, and resolve the technical, procedural, cultural, and policy issues surrounding peer-to-peer authentication in an inter-organization internet. The investigators have concluded that, with certain conditions, Kerberos Version 5 is a suitable technology to enable ESnet users to freely share resources and information without compromising the integrity of their systems and data. The pilot project has demonstrated that Kerberos Version 5 is capable of supporting trusted third-party authentication across an inter-organization internet and that Kerberos Version 5 would be practical to implement across the ESnet community within the U.S. The investigators made several modifications to the Kerberos Version 5 system that are necessary for operation in the current Internet environment and have documented other technical shortcomings that must be addressed before large-scale deployment is attempted.

  15. Oil Bypass Filter Technology Evaluation Tenth Quarterly Report January–March 2005

    SciTech Connect (OSTI)

    Larry Ziker; James Francfort

    2005-06-01T23:59:59.000Z

    This Oil Bypass Filter Technology Evaluation quarterly report (January– March 2005) details the ongoing fleet evaluation of oil bypass filter technologies being conducted by the Idaho National Laboratory (INL) for the U.S. Department of Energy’s FreedomCAR & Vehicle Technologies Program. Eleven INL fourcycle diesel-engine buses and six INL Chevrolet Tahoes with gasoline engines are equipped with oil bypass filter systems. Eight of the buses and the six Tahoes are equipped with oil bypass filters from the puraDYN Corporation; the remaining three buses are equipped with oil bypass filters from Refined Global Solutions. Both the puraDYN and Refined Global Solutions bypass filters have a heating chamber to remove liquid contaminates from the oil. During the January to March 2005 reporting quarter, the eleven diesel engine buses traveled 97,943 miles. As of March 31, 2005, the buses had accumulated 744,059 total test miles. During this quarter, four regularly scheduled 12,000-mile bus servicings were performed. The full-flow and bypass oil filters were changed and oil analysis samples were taken for the four buses. Bus 73446 had its oil changed due to a low total base number value. Bus 73450 had a major engine failure at the beginning of the quarter when one of its pushrods and valves were damaged. Buses 73432 and 73433 were removed from the bypass filter evaluation project and placed into the INL Diesel Engine Idling Wear-Rate Evaluation Test. While a total of nine oil changes on the INL buses occurred during the past 29 months, 53 oil changes have been avoided by using the oil bypass filters. The 53 avoided oil changes equates to 1,855 quarts (464 gallons) of new oil not consumed and 1,855 quarts of waste oil not generated. Therefore, over 85% of the oil normally required for oil-changes was not used, and, consequently, the evaluation achieved a greater than 85% reduction in the amount of waste oil normally generated by the buses. The six Tahoe test vehicles traveled 40,700 miles, and as of March 31, 2005, the Tahoes had accumulated 231,428 total test miles.

  16. Investigation on the Core Bypass Flow in a Very High Temperature Reactor

    SciTech Connect (OSTI)

    Hassan, Yassin

    2013-10-22T23:59:59.000Z

    Uncertainties associated with the core bypass flow are some of the key issues that directly influence the coolant mass flow distribution and magnitude, and thus the operational core temperature profiles, in the very high-temperature reactor (VHTR). Designers will attempt to configure the core geometry so the core cooling flow rate magnitude and distribution conform to the design values. The objective of this project is to study the bypass flow both experimentally and computationally. Researchers will develop experimental data using state-of-the-art particle image velocimetry in a small test facility. The team will attempt to obtain full field temperature distribution using racks of thermocouples. The experimental data are intended to benchmark computational fluid dynamics (CFD) codes by providing detailed information. These experimental data are urgently needed for validation of the CFD codes. The following are the project tasks: • Construct a small-scale bench-top experiment to resemble the bypass flow between the graphite blocks, varying parameters to address their impact on bypass flow. Wall roughness of the graphite block walls, spacing between the blocks, and temperature of the blocks are some of the parameters to be tested. • Perform CFD to evaluate pre- and post-test calculations and turbulence models, including sensitivity studies to achieve high accuracy. • Develop the state-of-the art large eddy simulation (LES) using appropriate subgrid modeling. • Develop models to be used in systems thermal hydraulics codes to account and estimate the bypass flows. These computer programs include, among others, RELAP3D, MELCOR, GAMMA, and GAS-NET. Actual core bypass flow rate may vary considerably from the design value. Although the uncertainty of the bypass flow rate is not known, some sources have stated that the bypass flow rates in the Fort St. Vrain reactor were between 8 and 25 percent of the total reactor mass flow rate. If bypass flow rates are on the high side, the quantity of cooling flow through the core may be considerably less than the nominal design value, causing some regions of the core to operate at temperatures in excess of the design values. These effects are postulated to lead to localized hot regions in the core that must be considered when evaluating the VHTR operational and accident scenarios.

  17. Vulnerability and social risk management in India and Mexico

    E-Print Network [OSTI]

    Flores Ballesteros, Luis

    2008-01-01T23:59:59.000Z

    The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

  18. Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs

    E-Print Network [OSTI]

    Noel, Steven

    Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs Steven, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged threats, complexity of security data, and network growth. Our approach to network defense applies attack

  19. Assessing the vulnerability of the fiber infrastructure to disasters

    E-Print Network [OSTI]

    Neumayer, Sebastian James

    Communication networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such real- world events happen in specific geographical ...

  20. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  1. Researchers Develop Tool to Assess Supernetwork Efficiency and Vulnerability

    E-Print Network [OSTI]

    Nagurney, Anna

    , electrical power supply chains and telecommunications networks. University of Massachusetts Amherst components like roads, electrical power stations or transmission lines are destroyed and captures how usersResearchers Develop Tool to Assess Supernetwork Efficiency and Vulnerability Natural disasters

  2. Fragile Networks: Identifying Vulnerabilities and Synergies in an Uncertain Age

    E-Print Network [OSTI]

    Nagurney, Anna

    , electric power, smart grid, critical infrastructure, emergency and disaster pre- paredness, mergers for the determination of network vulnerability and robustness, since critical infrastructure networks from transportation, telecommunications, supply chains, to financial and electric power ones, provide the ties

  3. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Hay, David

    Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks Pankaj K. Agarwal, swami}@cs.arizona.edu Electrical Engineering, Columbia University. {hdavid, gil}@ee.columbia.edu Abstract--Telecommunications networks heavily rely on the physical infrastructure and, are therefore

  4. Ethical Issues in Research with "Vulnerable" and "HardtoReach"

    E-Print Network [OSTI]

    Illinois at Chicago, University of

    are interdependentinterdependent · One can be vulnerable w/o being harmed or d ( d i )wronged (and vice versa) #12;2 Ways women (Subpart B) ADDITIONAL SAFEGUARDS? · handicapped persons · Prisoners (Subpart C) · Children

  5. Assessing node risk and vulnerability in epidemics on networks

    E-Print Network [OSTI]

    Rogers, Tim

    2015-01-01T23:59:59.000Z

    Which nodes are most vulnerable to an epidemic spreading through a network, and which carry the highest risk of causing a major outbreak if they are the source of the infection? Here we show how these questions can be answered to good approximation using the cavity method. Several curious properties of node vulnerability and risk are explored: some nodes are more vulnerable than others to weaker infections, yet less vulnerable to stronger ones; a node is always more likely to be caught in an outbreak than it is to start one, except when the disease has a deterministic lifetime; the rank order of node risk depends on the details of the distribution of infectious periods.

  6. Oil Bypass Filter Technology Evaluation, Fourth Quarterly Report, July--September 2003

    SciTech Connect (OSTI)

    James E. Francfort; Larry Zirker

    2003-11-01T23:59:59.000Z

    This fourth Oil Bypass Filter Technology Evaluation report details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy’s FreedomCAR & Vehicle Technologies Program. Eight four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. To date, the eight buses have accumulated 259,398 test miles. This represents an avoidance of 21 oil changes, which equates to 740 quarts (185 gallons) of oil not used or disposed of. To validate the extended oil-drain intervals, an oil-analysis regime evaluates the fitness of the oil for continued service by monitoring the presence of necessary additives, undesirable contaminants, and engine-wear metals. For bus 73450, higher values of iron have been reported, but the wear rate ratio (parts per million of iron per thousand miles driven) has remained consistent. In anticipation of also evaluating oil bypass systems on six Chevrolet Tahoe sport utility vehicles, the oil is being sampled on each of the Tahoes to develop a characterization history or baseline for each engine.

  7. Oil Bypass Filter Technology Evaluation - Third Quarterly Report, April--June 2003

    SciTech Connect (OSTI)

    Laurence R. Zirker; James E. Francfort

    2003-08-01T23:59:59.000Z

    This Third Quarterly report details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy’s FreedomCAR & Vehicle Technologies Program. Eight full-size, four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the PuraDYN Corporation. The reported engine lubricating oil-filtering capability (down to 0.1 microns) and additive package of the bypass filter system is intended to extend oil-drain intervals. To validate the extended oil-drain intervals, an oil-analysis regime monitors the presence of necessary additives in the oil, detects undesirable contaminants and engine wear metals, and evaluates the fitness of the oil for continued service. The eight buses have accumulated 185,000 miles to date without any oil changes. The preliminary economic analysis suggests that the per bus payback point for the oil bypass filter technology should be between 108,000 miles when 74 gallons of oil use is avoided and 168,000 miles when 118 gallons of oil use is avoided. As discussed in the report, the variation in the payback point is dependant on the assumed cost of oil. In anticipation of also evaluating oil bypass systems on six Chevrolet Tahoe sport utility vehicles, the oil is being sampled on the six Tahoes to develop an oil characterization history for each engine.

  8. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01T23:59:59.000Z

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  9. Tests of by-pass diodes at cryogenic temperatures for the KATRIN magnets

    SciTech Connect (OSTI)

    Gil, W. [Karlsruhe Institute of Technology, ITEP, Hermann-von-Helmholtz-Platz 1, D-76344, Eggenstein-Leopoldshafen (Germany); Bolz, H.; Jansen, A.; Müller, K.; Steidl, M. [Karlsruhe Institute of Technology, IKP, Hermann-von-Helmholtz-Platz 1, D-76344, Eggenstein-Leopoldshafen (Germany); Hagedorn, D. [CERN, TE-MPE, 1211 Geneva 23 (Switzerland)

    2014-01-27T23:59:59.000Z

    The Karlsruhe Tritium Neutrino experiment (KATRIN) requires a series of superconducting solenoid magnets for guiding beta-electrons from the source to the detector. By-pass diodes will operate at liquid helium temperatures to protect the superconducting magnets and bus bars in case of quenches. The operation conditions of the by-pass diodes depend on the different magnet systems of KATRIN. Therefore, different diode stacks are designed with adequate copper heat sinks assuming adiabatic conditions. The by-pass diode stacks have been submitted to cold tests both at liquid nitrogen and liquid helium temperatures for checking operation conditions. This report presents the test set up and first results of the diode characteristics at 300 K and 77 K, as well as of endurance tests of the diode stacks at constant current load at 77 K and 4.2 K.

  10. Oil Bypass Filter Technology Evaluation Ninth Quarterly Report October–December 2004

    SciTech Connect (OSTI)

    Larry Zirker; James Francfort; Jordan Fielding

    2005-02-01T23:59:59.000Z

    This Oil Bypass Filter Technology Evaluation quarterly report (October–December 2004) details the ongoing fleet evaluation of oil bypass filter technologies being conducted by the Idaho National Laboratory (INL; formerly Idaho National Engineering and Environmental Laboratory) for the U.S. Department of Energy’s FreedomCAR & Vehicle Technologies Program. Eight INL four-cycle diesel-engine buses used to transport INL employees on various routes and six INL Chevrolet Tahoes with gasoline engines are equipped with oil bypass filter systems from the puraDYN Corporation. This quarter, three additional buses were equipped with bypass filters from Refined Global Solutions. Oil bypass filters are reported to have an engine oil filtering capability of less than 1 micron. Both the puraDYN and Refined Global Solutions bypass filters have a heating chamber to remove liquid contaminate from the oil. During the quarter, the eleven diesel engine buses traveled 62,188 miles, and as of January 3, 2005 the buses had accumulated 643,036 total test miles. Two buses had their engine oil changed this quarter. In one bus, the oil was changed due to its degraded quality as determined by a low total base number (<3.0 mg KOH/g). The other bus had high oxidation and nitration numbers (>30.0 Abs/cm). Although a total of six buses have had their oil changed during the last 26 months, by using the oil bypass filters the buses in the evaluation avoided 48 oil changes, which equates to 1,680 quarts (420 gallons) of new oil not consumed and 1,680 quarts of waste oil not generated. Therefore, over 80% of the oil normally required for oil-changes was not used, and, consequently, the evaluation achieved over 80% reduction in the amount of waste oil normally generated. The six Tahoe test vehicles traveled 39,514 miles, and as of January 3, 2005 the Tahoes had accumulated 189,970 total test miles. The Tahoe filter test is in transition. To increase the rate of bypass filter oil flow on the Tahoes, puraDYN provided a larger orifice assembly, and these are being changed out as the Tahoes come in for regular service.

  11. Endovascular Treatment of a Coronary Artery Bypass Graft to Pulmonary Artery Fistula with Coil Embolization

    SciTech Connect (OSTI)

    Nielson, Jeffery L., E-mail: nielson@uhrad.com; Kang, Preet S. [University Hospitals of Cleveland and Veterans Administration Medical Center-Cleveland, Case Western Reserve University, Departments of Radiology (United States)

    2006-04-15T23:59:59.000Z

    Fistula formation between a coronary artery bypass graft (CABG)and the pulmonary arterial circulation represents a rare cause of recurrent angina in patients following bypass grafting. Therapy has traditionally involved surgical ligation by open thoracotomy. We describe a case of left internal mammary artery-left upper lobe pulmonary artery fistula presenting as early recurrent angina following CABG. The fistula was embolized using platinum coils, resulting in symptomatic relief and improvement in myocardial perfusion on cardiac perfusion scintigraphy. Coil embolization should be considered a therapeutic option in patients with coronary-pulmonary steal syndrome.

  12. Holographic Labeling And Reading Machine For Authentication And Security Appications

    DOE Patents [OSTI]

    Weber, David C. (Rancho Santa Margarita, CA); Trolinger, James D. (Costa Mesa, CA)

    1999-07-06T23:59:59.000Z

    A holographic security label and automated reading machine for marking and subsequently authenticating any object such as an identification badge, a pass, a ticket, a manufactured part, or a package is described. The security label is extremely difficult to copy or even to read by unauthorized persons. The system comprises a holographic security label that has been created with a coded reference wave, whose specification can be kept secret. The label contains information that can be extracted only with the coded reference wave, which is derived from a holographic key, which restricts access of the information to only the possessor of the key. A reading machine accesses the information contained in the label and compares it with data stored in the machine through the application of a joint transform correlator, which is also equipped with a reference hologram that adds additional security to the procedure.

  13. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  14. T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities |Vulnerability |PROBLEM:

  15. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities |VulnerabilityEnergyDepartment

  16. T-731:Symantec IM Manager Code Injection Vulnerability | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilitiesVulnerability

  17. Assessing environmental vulnerability in EIA-The content and context of the vulnerability concept in an alternative approach to standard EIA procedure

    SciTech Connect (OSTI)

    Kvaerner, Jens [Bioforsk-Norwegian Institute for Agricultural and Environmental Research, Soil and Environmental Division, Frederik A. Dahls vei 20, N-1432 As (Norway)]. E-mail: jens.kvarner@bioforsk.no; Swensen, Grete [NIKU, Norwegian Institute for Cultural Heritage Research, Storgata 2, P.O. Box 736, Sentrum, N-0105 Oslo (Norway)]. E-mail: grete.swensen@niku.no; Erikstad, Lars [NINA, Norwegian Institute for Nature Research, Dronningens gt. 13., P.O. Box 736, Sentrum, N-0105 Oslo (Norway)]. E-mail: lars.erikstad@nina.no

    2006-07-15T23:59:59.000Z

    In the traditional EIA procedure environmental vulnerability is only considered to a minor extent in the early stages when project alternatives are worked out. In Norway, an alternative approach to EIA, an integrated vulnerability model (IVM), emphasising environmental vulnerability and alternatives development in the early stages of EIA, has been tried out in a few pilot cases. This paper examines the content and use of the vulnerability concept in the IVM approach, and discusses the concept in an EIA context. The vulnerability concept is best suited to overview analyses and large scale spatial considerations. The concept is particularly useful in the early stages of EIA when alternatives are designed and screened. By introducing analyses of environmental vulnerability at the start of the EIA process, the environment can be a more decisive issue for the creation of project alternatives as well as improving the basis for scoping. Vulnerability and value aspects should be considered as separate dimensions. There is a need to operate with a specification between general and specific vulnerability. The concept of environmental vulnerability has proven useful in a wide range of disciplines. Different disciplines have different lengths of experience regarding vulnerability. In disciplines such as landscape planning and hydrogeology we find elements suitable as cornerstones in the further development of an interdisciplinary methodology. Further development of vulnerability criteria in different disciplines and increased public involvement in the early stages of EIA are recommended.

  18. The Emotional and Spiritual Dimensions of Being a Pastor: Authenticity and Identity

    E-Print Network [OSTI]

    Otey, Penny Addison

    2011-10-21T23:59:59.000Z

    Emotional labor and its influence on authenticity and identity amongst human service workers has been the focus of numerous studies. Often these studies viewed identity as a stable sense of self. This study set out to examine emotional labor amongst...

  19. Subverting value hierarchies : essays on the causes and responses to shifts in demand for authenticity

    E-Print Network [OSTI]

    Hahl, Oliver (Oliver Douglas)

    2013-01-01T23:59:59.000Z

    This dissertation includes three essays on the causes and responses to shifts in demand for authenticity. In the first chapter, I answer the question: why do previously cast-off products, practices, or styles abruptly ...

  20. Direct Proof of Security of Wegman-Carter Authentication with Partially Known Key

    E-Print Network [OSTI]

    Direct Proof of Security of Wegman-Carter Authentication with Partially Known Key Aysajan Abidin by Wegman and Carter [24], in the case of partially known key. The scheme is based on secretly selecting

  1. Improving Classical Authentication over a Quantum Channel F. M. Assis1

    E-Print Network [OSTI]

    Lisboa, Universidade Técnica de

    be used to replace Wegman-Carter's classical authentication scheme in quantum key distribution (QKD the QKD protocol to bootstrap. The authenti- cation scheme commonly used in QKD is the Wegman

  2. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Liang, Min

    2012-01-01T23:59:59.000Z

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  3. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Min Liang; Li Yang

    2012-05-10T23:59:59.000Z

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  4. Questioning the Meaning of Authenticity in Martin Heidegger's Being and Time

    E-Print Network [OSTI]

    Liwinski, Thomas

    2011-10-21T23:59:59.000Z

    , it is necessary to highlight those commitments to phenomenology and hermeneutics that informs Heidegger's effort. The third chapter first introduces the various characterizations of authenticity that Heidegger offers in Being and Time and the problematic meaning...

  5. Using Unlabelled Data To Update Classification Rules With Applications In Food Authenticity Studies

    E-Print Network [OSTI]

    Washington at Seattle, University of

    library . . . . . . . . . . . 3 2 Average correct classification rates for the five meat groupsUsing Unlabelled Data To Update Classification Rules With Applications In Food Authenticity Studies programme. #12;Abstract A classification method is developed to classify samples when both labelled

  6. U-212: RSA Authentication Manager Flaws Permit Cross-Site and...

    Office of Environmental Management (EM)

    to be executed by the target user's browser. The code will originate from the site running the RSA Authentication Manager software and will run in the security context of that...

  7. Anonymous, authentic, and accountable resource management based on the E-cash paradigm

    E-Print Network [OSTI]

    Lam, Tak Cheung

    2009-05-15T23:59:59.000Z

    AAA Anonymity, Authenticity, Accountability BC Binary Code BRGC Binary Reflected Gray Code CA Central Authority DHT Distributed Hashing Table DSI Double Spending Identification DVS Delegation Key, Verification Key, Secret Share GDA General... Disposable Authentication GDM General Divisibility Model GTM General Transferability Model MLBF Multi-Layer Bloom Filter KDM Key Dependency Map MSR Multi-Source Reusability P2P Peer-to-Peer RC Random Code SH Secret Handshake SOA Service Oriented...

  8. AUTHENTICATED SENSOR INTERFACE DEVICE FOR JOINT USE SAFEGUARDS APPLICATIONS - CONCEPTS AND CHALLENGES

    SciTech Connect (OSTI)

    Poland, R.; Drayer, R.; Wilson, J.

    2013-08-12T23:59:59.000Z

    This paper will discuss the key features of the Authenticated Sensor Interface Device that collectively provide the ability to share data among a number of parties while ensuring the authentication of data and protecting both the operator’s and the IAEA’s interests. The paper will also discuss the development of the prototype, the initial testing with an accountancy scale, and future plans and challenges to implementation into the joint use and remote monitoring applications. As nuclear fuel cycle technology becomes more prevalent throughout the world and the capacity of plants increases, limited resources of the IAEA are being stretched near a breaking point. A strategy is to increase efficiency in safeguards monitoring using “joint use” equipment that will provide the facility operator process data while also providing the IAEA key safeguards data. The data, however, must be authenticated and validated to ensure the data have not been tampered with. The Authenticated Sensor Interface Device provides the capability to share data and can be a valuable component in the IAEA’s ability to collect accountancy data from scales in Uranium conversion and enrichment plants, as well as nuclear fuel fabrication plants. Likewise, the Authenticated Sensor Interface Device can be configured to accept a diverse array of input signals, ranging from analog voltage, to current, to digital interfaces and more. These modular capabilities provide the ability to collect authenticated, joint-use, data streams from various process monitoring sensors.

  9. DO-IT-YOURSELF SCADA VULNERABILITY TESTING WITH LZFUZZ

    E-Print Network [OSTI]

    Smith, Sean W.

    Chapter 1 DO-IT-YOURSELF SCADA VULNERABILITY TESTING WITH LZFUZZ Rebecca Shapiro, Sergey Bratus, for SCADA software used in critical infrastructure, the widespread use of propri- etary protocols makes't apply in real-world infrastructure such as power SCADA. Domain experts often do not have the time

  10. Flooding of Industrial Facilities -Vulnerability Reduction in Practice

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    any improvement. As human activities historically developed in river areas and floodplains, industrial-use planning in flood-prone areas and vulnerability reduction in flood-prone facilities. This paper focuses of hazardous material, soil or water pollutions by hazardous substances for the environment, fires, explosions

  11. Pretty Good Piggy-backing Parsing vulnerabilities in PGP Desktop

    E-Print Network [OSTI]

    Verheul, Eric

    Guard (GPG). Despite the long established PGP open source policy these vulnerabilities were apparently find their basis in PGP, the most prominent being the GNU Privacy Guard or GPG. PGP was also. These specifications are adhered to by all `PGP' implementations most notably GPG and the PGP products developed by PGP

  12. Vulnerability of Hydropower Projects to Climate Change Revision: 20th

    E-Print Network [OSTI]

    Harrison, Gareth

    Vulnerability of Hydropower Projects to Climate Change Revision: 20th December 2001 Dr Gareth P and increased use of renewable sources including hydropower. Paradoxically, climate change itself may alter role in whether emissions cuts are achieved. 2. Climate Change and Hydropower A rising demand

  13. Cyber-Vulnerability of Power Grid Monitoring and Control Systems

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    Cyber-Vulnerability of Power Grid Monitoring and Control Systems Chee-Wooi Ten Iowa State, and power infrastructures due to the complexity of required compliances [5]. Although the complex outages. Three modes of malicious attacks on the power infrastructure are (i) attack upon the system, (ii

  14. Vulnerability Analysis of Complex Networks from Transportation Networks to

    E-Print Network [OSTI]

    Nagurney, Anna

    and Electric Power Supply Chains Anna Nagurney John F. Smith Memorial Professor Department of Finance to Dynamic Networks · Where Are We Now? An Empirical Case Study to Real-World Electric Power Supply ChainsVulnerability Analysis of Complex Networks from Transportation Networks to the Internet

  15. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01T23:59:59.000Z

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  16. Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability

    E-Print Network [OSTI]

    Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability Presentation by-Medium-High productivity ­ Implications for agricultural production, trade and poverty · The issue of climate volatility ­ Impact of extreme climate events on poverty #12;Climate Science Debate Detection: - Little doubt about

  17. Climate Change: Conflict, Security and Vulnerability Professor of Climate Change

    E-Print Network [OSTI]

    Hulme, Mike

    Climate Change: Conflict, Security and Vulnerability Mike Hulme Professor of Climate Change Science, Society and Sustainability Group School of Environmental Sciences Rethinking Climate Change, Conflict security" "increase risk of conflicts among and within nations" #12;· from `climatic change' to `climate-change

  18. U-273: Multiple vulnerabilities have been reported in Wireshark |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartmentAuthentication Client 3.5

  19. An assessment of fire vulnerability for aged electrical relays

    SciTech Connect (OSTI)

    Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

    1995-03-01T23:59:59.000Z

    There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

  20. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  1. Managing Secure Survivable Critical Infrastructures To Avoid Vulnerabilities Frederick Sheldon, Tom Potok, Andy Loebl

    E-Print Network [OSTI]

    Krings, Axel W.

    Managing Secure Survivable Critical Infrastructures To Avoid Vulnerabilities Frederick Sheldon, Tom technologically complex society makes knowing the vulnerability of such systems essential to improving their intrinsic reliability/survivability. Our discussion employs the power transmission grid. 1 Introduction

  2. A case study of social vulnerability mapping: issues of scale and aggregation

    E-Print Network [OSTI]

    Burns, Gabriel Ryan

    2009-05-15T23:59:59.000Z

    This study uses geographic information systems to determine if the aggregation of census block data are better than census block group data for analyzing social vulnerability. This was done by applying a social vulnerability method that used census...

  3. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities

    E-Print Network [OSTI]

    Narasayya, Vivek

    programs by exploiting browser vulnerabilities are a serious emerging threat. In response, we have-management methodology to cybersecurity: instead of directly detecting the acts of vulnerability exploits, the system

  4. CFD Analysis of Core Bypass Flow and Crossflow in the Prismatic Very High Temperature Gas-cooled Nuclear Reactor 

    E-Print Network [OSTI]

    Wang, Huhu 1985-

    2012-12-13T23:59:59.000Z

    Very High Temperature Rector (VHTR) had been designated as one of those promising reactors for the Next Generation (IV) Nuclear Plant (NGNP). For a prismatic core VHTR, one of the most crucial design considerations is the bypass flow and crossflow...

  5. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  6. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  7. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  8. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J [ORNL] [ORNL; Fernandez, Steven J [ORNL] [ORNL

    2014-01-01T23:59:59.000Z

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  9. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30T23:59:59.000Z

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  10. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  11. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  12. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01T23:59:59.000Z

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  13. U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass Authentication U-159: Red Hat Enterprise MRG Messaging Qpid Bug Lets Certain Remote Users Bypass...

  14. A Tree-Based TESLA Broadcast Authentication for Sensor Networks Donggang Liu Peng Ning Sencun Zhu Sushil Jajodia

    E-Print Network [OSTI]

    Zhu, Sencun

    A Tree-Based µTESLA Broadcast Authentication for Sensor Networks Donggang Liu Peng Ning Sencun Zhu to multiple nodes in an authenticated way. µTESLA and multi-level µTESLA have been proposed to provide of senders. Though multi-level µTESLA schemes can scale up to large sensor networks (in terms of receivers

  15. Probabilistic Non-Repudiation for Source Authentication with TESLA Certificates in Hybrid Satellite/Wireless Networks and

    E-Print Network [OSTI]

    Baras, John S.

    Probabilistic Non-Repudiation for Source Authentication with TESLA Certificates in Hybrid Satellite describe a novel non-repudiation mechanism for an authentication protocol based on the extended TESLA to this problem, we have proposed a new class of lightweight, symmetric key certificates called extended TESLA

  16. A Proof of Concept Implementation of SSL/TLS Session-Aware User Authentication (TLS-SA)

    E-Print Network [OSTI]

    Basin, David

    A Proof of Concept Implementation of SSL/TLS Session-Aware User Authentication (TLS-SA) Rolf, CH-8005 Z¨urich Abstract Most SSL/TLS-based e-commerce applications employ con- ventional mechanisms for user authentication. These mechanisms--if de- coupled from SSL/TLS session establishment

  17. Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srinivas Devadas

    E-Print Network [OSTI]

    Sabatini, David M.

    Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai}@mit.edu ABSTRACT A major security concern with outsourcing data storage to third- party providers is authenticating hardware (e.g., a monotonic counter) at the storage server achieve low throughput. This pa- per proposes

  18. T-707: Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilitiesVulnerability |Users Obtain

  19. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  20. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19T23:59:59.000Z

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

  1. V-062: Asterisk Two Denial of Service Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities |Remote

  2. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartment of

  3. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartmentWireshark

  4. V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |Vulnerabilities | DepartmentEnergy

  5. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |VulnerabilitiesCodeCode |Department of

  6. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department ofForgery

  7. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment of

  8. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment| Department

  9. V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyThe followingRemoteBypassDepartment of

  10. Nov. 15, 2001 Mohammad al-Kahtani 1 Emerging Authorization and Authentication

    E-Print Network [OSTI]

    Sandhu, Ravi

    1 Nov. 15, 2001 Mohammad al-Kahtani 1 XML Emerging Authorization and Authentication Standards Nov. 15, 2001 Mohammad al-Kahtani 2 About the speaker · Name: Mohammad al-Kahtani · Doctoral Candidate in Software Engineering: George Mason University · Contact info: malkahta@gmu.edu #12;2 Nov. 15, 2001 Mohammad

  11. All Your Face Are Belong to Us: Breaking Facebook's Social Authentication

    E-Print Network [OSTI]

    Yang, Junfeng

    All Your Face Are Belong to Us: Breaking Facebook's Social Authentication Iasonas Polakis FORTH adversaries from compromising accounts using stolen credentials. Facebook has recently released a two can obtain the information needed to solve the chal- lenges presented by Facebook. We implement

  12. Simplified authenticated key exchange based on the q(th) root problem

    SciTech Connect (OSTI)

    JOHNSTON,ANNA M.; GEMMELL,PETER S.

    2000-02-29T23:59:59.000Z

    Finding a q{sup th} root in GF(p), where p and q are prunes, q is large and q{sup 2} divides (p{minus}1) is a difficult problem equivalent to the discrete logarithm problem using an element of order q as the base. This paper describes an authenticated key exchange algorithm utilizing this hard problem.

  13. Distillation Codes and Applications to DoS Resistant Multicast Authentication

    E-Print Network [OSTI]

    Perrig, Adrian

    Distillation Codes and Applications to DoS Resistant Multicast Authentication Chris Karlof UC We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast

  14. An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards Pascal clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart the scalability of this server linked to smart card grids whose distributed computation manages the concurrence

  15. MMH: Software Message Authentication in the Gbit/second Rates \\Lambda

    E-Print Network [OSTI]

    Bernstein, Daniel

    universal hashing) applications. The construction is based on techniques due to Carter and Wegman Universal hash functions, which were first introduced by Carter and Wegman in [CW79], have a wide range authentication (introduced by Wegman and Carter [WC81] as well) received much attention lately. In particular

  16. MULTIMEDIA CONTENT AUTHENTICATION: FUNDAMENTAL LIMITS Emin Martinian and Gregory W. Wornell

    E-Print Network [OSTI]

    Martinian, Emin

    MULTIMEDIA CONTENT AUTHENTICATION: FUNDAMENTAL LIMITS Emin Martinian and Gregory W. Wornell Dept,gwwˇ @mit.edu ABSTRACT In many multimedia applications, there is a need to authen- ticate a source that has signature techniques are a natural tool for addressing such problems. However, in many emerging multimedia

  17. SSL/TLS Session-Aware User Authentication--Or How to Effectively Thwart

    E-Print Network [OSTI]

    Basin, David

    SSL/TLS Session-Aware User Authentication--Or How to Effectively Thwart the Man-in-the-Middle Rolf@inf.ethz.ch Abstract. Man-in-the-middle attacks pose a serious threat to SSL/TLS- based electronic commerce mechanisms fail to provide protection against this type of attack, even when they run on top of SSL

  18. On optimizing energy consumption: An adaptative authentication level in wireless sensor networks

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    On optimizing energy consumption: An adaptative authentication level in wireless sensor networks-hungry. As energy is a scarce resource in wireless sensor networks, we propose a new approach that consists or third-party nodes. I. INTRODUCTION Wireless sensor networks (WSNs) are used in several fields

  19. An Energy-Efficient Symmetric Cryptography Based Authentication Scheme for Wireless

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    An Energy-Efficient Symmetric Cryptography Based Authentication Scheme for Wireless Sensor Networks. In Section 3 we evaluate the performance and efficiency of our proposal, both in terms of energy consumption of Engineering & Built Environment Callaghan, The University of Newcastle (AUSTRALIA) Ljiljana

  20. A Localized Authentication, Authorization, and Accounting (AAA) Protocol for Mobile Hotspots

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    of authentication, authorization, and accounting (AAA) protocol, which is a core technology for public mobile mobile hotspots. I. INTRODUCTION With the advances of wireless access technologies (e.g., 3G, IEEE 802 hotspots [3] [4] [5]. In terms of mobility management, the Internet Engineering Task Force (IETF) has

  1. CITI Technical Report 93-1 Long Running Jobs in an Authenticated Environment

    E-Print Network [OSTI]

    Michigan, University of

    . An unfortunate byproduct of building Kerberos-based systems is a loss of functionality, such as long running jobs-- -- CITI Technical Report 93-1 Long Running Jobs in an Authenticated Environment A. D. Rubin that a user have a valid token or ticket for a job to run. These tickets are issued with limited lifetimes

  2. Project List 1. Project Name: Efficient Anonymous Private Authentication Protocol for RFID Systems

    E-Print Network [OSTI]

    Brylow, Dennis

    based authentication. Publication: · Md. Endadul Hoque, Farzana Rahman, and Sheikh I. Ahamed, "Anon's geocoding and mapping API. Publication: ···· Farzana Rahman, Casey O'Brien, Sheikh I. Ahamed, He Zhang'Brien, Kristine Manning, Jason Cowdy, Sheikh Iqbal Ahamed, "Let EcoDrive be Your Guide: Development of a Mobile

  3. Cryptanalysis of an IDbased Password Authentication Scheme using Smart Cards and

    E-Print Network [OSTI]

    Cryptanalysis of an ID­based Password Authentication Scheme using Smart Cards and Fingerprints Michael Scott School of Computer Applications Dublin City University Ballymun, Dublin 9, Ireland. mike two ID­based password authen­ tication schemes for logging onto a remote network server using smart

  4. Security by Spatial Reference: Using Relative Positioning to Authenticate Devices for

    E-Print Network [OSTI]

    Hazas, Mike

    to connect their personal devices with devices encountered in their environment in order to take advantage the interaction of their personal device with the intended target device. They must be able to ascertainSecurity by Spatial Reference: Using Relative Positioning to Authenticate Devices for Spontaneous

  5. Efficient Authentication and Authorization of Mobile Users Based on Peer-to-Peer Network Mechanisms

    E-Print Network [OSTI]

    Braun, Torsten

    1 Efficient Authentication and Authorization of Mobile Users Based on Peer-to-Peer Network is to avoid exchanging security information between networks visited by a roaming user and the user's home network and retrieves the required security information from that AAA server. The AAA servers can

  6. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01T23:59:59.000Z

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  7. Vulnerability of nuclear power plant structures to large external fires

    SciTech Connect (OSTI)

    Bennett, D.E.

    1983-08-01T23:59:59.000Z

    This report examines the inherent vulnerability of nuclear power plant structures to the thermal environments arising from large, external fires. The inherent vulnerability is the capacity of the concrete safety-related structures to absorb thermal loads without exceeding the appropriate thermal and structural design criteria. The potential sources of these thermal environments are large, offsite fires arising from accidents involving the transportation or storage of large quantities of flammable gases or liquids. A realistic thermal response analysis of a concrete panel was performed using three limiting criteria: temperature at the first rebar location, erosion and ablation of the front (exterior) surface due to high heat fluxes, and temperature at the back (interior) surface. The results of this analysis yield a relationship between incident heat flux and the maximum allowable exposure duration. Example calculations for the break of a 0.91 m (3') diameter high-pressure natural gas pipeline and a 1 m/sup 2/ hole in a 2-1/2 million gallon gasoline tank show that the resulting fires do not pose a significant hazard for ranges of 500 m or greater.

  8. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  9. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  10. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  11. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  12. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  13. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  14. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  15. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  16. T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

  17. Effect of beta on Seismic Vulnerability Curve for RC Bridge Based on Double Damage Criterion

    SciTech Connect (OSTI)

    Feng Qinghai [CCCC Highway, CO., Ltd. (China); Yuan Wancheng [Bridge Department, Tongji University, Shanghai (China)

    2010-05-21T23:59:59.000Z

    In the analysis of seismic vulnerability curve based on double damage criterion, the randomness of structural parameter and randomness of seismic should be considered. Firstly, the distribution characteristics of structure capability and seismic demand are obtained based on IDA and PUSHOVER, secondly, the vulnerability of the bridge is gained based on ANN and MC and a vulnerability curve according to this bridge and seismic is drawn. Finally, the analysis for a continuous bridge is displayed as an example, and parametric analysis for the effect of beta is done, which reflects the bridge vulnerability overall from the point of total probability, and in order to reduce the discreteness, large value of beta are suggested.

  18. Electrical and thermal finite element modeling of arc faults in photovoltaic bypass diodes.

    SciTech Connect (OSTI)

    Bower, Ward Isaac; Quintana, Michael A.; Johnson, Jay

    2012-01-01T23:59:59.000Z

    Arc faults in photovoltaic (PV) modules have caused multiple rooftop fires. The arc generates a high-temperature plasma that ignites surrounding materials and subsequently spreads the fire to the building structure. While there are many possible locations in PV systems and PV modules where arcs could initiate, bypass diodes have been suspected of triggering arc faults in some modules. In order to understand the electrical and thermal phenomena associated with these events, a finite element model of a busbar and diode was created. Thermoelectrical simulations found Joule and internal diode heating from normal operation would not normally cause bypass diode or solder failures. However, if corrosion increased the contact resistance in the solder connection between the busbar and the diode leads, enough voltage potentially would be established to arc across micron-scale electrode gaps. Lastly, an analytical arc radiation model based on observed data was employed to predicted polymer ignition times. The model predicted polymer materials in the adjacent area of the diode and junction box ignite in less than 0.1 seconds.

  19. Open cycle ocean thermal energy conversion steam control and bypass system

    DOE Patents [OSTI]

    Wittig, J. Michael (West Goshen, PA); Jennings, Stephen J. (Radnor Township, Delaware County, PA)

    1980-01-01T23:59:59.000Z

    Two sets of hinged control doors for regulating motive steam flow from an evaporator to a condenser alternatively through a set of turbine blades in a steam bypass around the turbine blades. The evaporator has a toroidal shaped casing situated about the turbine's vertical axis of rotation and an outlet opening therein for discharging motive steam into an annular steam flow path defined between the turbine's radially inner and outer casing structures. The turbine blades extend across the steam flow path intermediate the evaporator and condenser. The first set of control doors is arranged to prevent steam access to the upstream side of the turbine blades and the second set of control doors acts as a bypass around the blades so as to maintain equilibrium between the evaporator and condenser during non-rotation of the turbine. The first set of control doors preferably extend, when closed, between the evaporator casing and the turbine's outer casing and, when open, extend away from the axis of rotation. The second set of control doors preferably constitute a portion of the turbine's outer casing downstream from the blades when closed and extend, when open, toward the axis of rotation. The first and second sets of control doors are normally held in the open and closed positions respectively by locking pins which may be retracted upon detecting an abnormal operating condition respectively to permit their closing and opening and provide steam flow from the evaporator to the condenser.

  20. V-151: RSA Archer eGRC Bugs Let Remote Authenticated Users Upload...

    Energy Savers [EERE]

    5.x ABSTRACT: Several vulnerabilities were reported in RSA Archer eGRC. REFERENCE LINKS: EMC SecurityTracker Alert ID: 1028516 CVE-2013-0932 CVE-2013-0933 CVE-2013-0934 IMPACT...

  1. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04T23:59:59.000Z

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  2. Using vulnerability assessments to design facility safeguards and security systems

    SciTech Connect (OSTI)

    Snell, M.; Jaeger, C.

    1994-08-01T23:59:59.000Z

    The Weapons Complex Reconfiguration (WCR) Program is meant to prepare the Department of Energy (DOE) weapons complex to meet the needs of the next century through construction of now facilities or upgrades-in-place at existing facilities. This paper describes how a vulnerability (VA) was used to identify potential S&S features for the conceptual design for a plutonium storage facility as part of the WCR Program. We distinguish those features of the design that need to be investigated at the conceptual stage from those that can be evaluated later. We also examined what protection features may allow reduced S&S operating costs, with the main focus on protective force costs. While some of these concepts hold the promise for significantly reducing life-cycle protective force costs, their use depends on resolving long-standing tradeoffs between S&S and safety, which are discussed in the study.

  3. Universal Hashing and Multiple Authentication M. Atici1*2and 11. R,. S t i n ~ o n ' > ~

    E-Print Network [OSTI]

    Bernstein, Daniel

    authentication without secrecy. Our point of view is the uni- vcrsal hashing approach pioneered by Wegman,ions, and obtained some improvements to the Wegman-Carter construction. Since 1991, several authors have given im

  4. CFD Analysis of Core Bypass Flow and Crossflow in the Prismatic Very High Temperature Gas-cooled Nuclear Reactor

    E-Print Network [OSTI]

    Wang, Huhu 1985-

    2012-12-13T23:59:59.000Z

    if the large portion of the coolant flows into bypass gaps instead of coolant channels in which the cooling efficiency is much higher. A preliminary three dimensional steady-state CFD analysis was performed with commercial code STARCCM+ 6.04 to investigate...

  5. Application-Bypass Reduction for Large-Scale Adam Wagner, Member, IEEE, Darius Buntinas, Member, IEEE, Ron Brightwell, Member, IEEE,

    E-Print Network [OSTI]

    Panda, Dhabaleswar K.

    of Energy's Grant #DE=FC02- 01ER25506, National Science Foundation's grant #EIA-9986052 increases with system size, indicating that the application-bypass implementation is more scalable and skew or skewed. This may happen for a variety of reasons including heterogeneous systems consisting of nodes

  6. VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN

    E-Print Network [OSTI]

    Richner, Heinz

    VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN TO ENVIRONMENTAL Resources VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN TO ENVIRONMENTAL Resources Institute of African Research and Studies, Cairo University For the Degree of MASTER OF SCIENCE

  7. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  8. Emotion Regulation and Vulnerability to Depression: Spontaneous Versus Instructed Use of Emotion Suppression and Reappraisal

    E-Print Network [OSTI]

    Gross, James J.

    Emotion Regulation and Vulnerability to Depression: Spontaneous Versus Instructed Use of Emotion vulnerability is related to difficulties with emotion regulation by comparing recovered-depressed and never of emotion regulation strategies. In the second phase, sad mood was induced using a film clip, and the degree

  9. Geospatial analysis of vulnerable beach-foredune systems from decadal time series of lidar data

    E-Print Network [OSTI]

    Mitasova, Helena

    Geospatial analysis of vulnerable beach-foredune systems from decadal time series of lidar data, Geospatial analysis of vulnerable beach- foredune systems from decadal time series of lidar data, Journal densities; therefore, geospatial analysis, when applied to decadal lidar time series, needs to address

  10. Impact of relief accuracy on flood simulations and road network vulnerability analysis

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    network by forcing users to take detours. In a risk preventive viewpoint, the network administrator has 1 Impact of relief accuracy on flood simulations and road network vulnerability analysis Jean in the water level and its consequences on the road network vulnerability. The first part focuses

  11. Vulnerability of Xylem Vessels to Cavitation in Sugar Maple. Scaling from Individual Vessels to

    E-Print Network [OSTI]

    Melcher, Peter

    nega- tive pressures (Dixon and Joly, 1895; Briggs, 1950) allows plants to power the movement of water to withstand tension-induced cavitation is typ- ically inferred from "vulnerability curves" generatedVulnerability of Xylem Vessels to Cavitation in Sugar Maple. Scaling from Individual Vessels

  12. OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID

    E-Print Network [OSTI]

    Pinar, Ali

    OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID ALI PINAR, JUAN would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a bilevel mixed integer nonlinear programming

  13. What about vulnerability to a fault attack of the Miller algorithm during an

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    What about vulnerability to a fault attack of the Miller algorithm during an Identity Based is to analyse the weakness of the Miller algorithm when it undergoes a fault attack. We prove that the Miller algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution

  14. What About Vulnerability to a Fault Attack of the Miller's Algorithm During an

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    What About Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based of this article is to analyse the weakness of the Miller's algorithm when it undergoes a fault attack. We prove that the Miller's algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through

  15. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  16. Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1

    E-Print Network [OSTI]

    Krings, Axel W.

    : Security, Vulnerabilities, Cyber Attack, Critical Infrastructure Protection, Electric Power Management present a model developed for Electric Power Management Systems (EPMS) and Supervisory Control and Data vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

  17. Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats

    E-Print Network [OSTI]

    Wang, Wenye

    Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui infrastructure and begins to show its inability as the demand for power delivery and consumption boosts in recent power grid. This integration, however, brings a new host of vulnerabilities stem from Internet and opens

  18. Response surfaces of vulnerability to climate change: the Colorado River Basin, the High Plains, and California

    E-Print Network [OSTI]

    the vulnerability of water supply to shortage for the Colorado River Basin and basins of the High Plains, it becomes ever more important to assess the vulnerability of current and future water supplies to shortage more likely to experience water shortages (Barnett et al. 2004; Barnett and Pierce 2008, 2009; Cayan et

  19. Update on the Department of Energy's 1994 plutonium vulnerability assessment for the plutonium finishing plant

    SciTech Connect (OSTI)

    HERZOG, K.R.

    1999-09-01T23:59:59.000Z

    A review of the environmental, safety, and health vulnerabilities associated with the continued storage of PFP's inventory of plutonium bearing materials and other SNM. This report re-evaluates the five vulnerabilities identified in 1994 at the PFP that are associated with SNM storage. This new evaluation took a more detailed look and applied a risk ranking process to help focus remediation efforts.

  20. Climate change impacts and vulnerability of the southern populations of Pinus nigra subsp. salzmannii

    E-Print Network [OSTI]

    Herrera, Carlos M.

    vulnerability to climate change in Mediterranean mountain forests is not well developed. Climate change impactsClimate change impacts and vulnerability of the southern populations of Pinus nigra subsp-sensitive species. Trees will adapt not only to changes in mean climate variables but also to increased extreme

  1. Seismic vulnerability analysis of moderate seismicity areas using in situ experimental

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Seismic vulnerability analysis of moderate seismicity areas using in situ experimental techniques (LGIT), LCPC, CNRS, Université Joseph Fourier Grenoble Abstract Seismic vulnerability analysis. This curve is particularly interesting in moderate seismic areas. This methodology is applied to the Grenoble

  2. A preliminary assessment of beryllium dust oxidation during a wet bypass accident in a fusion reactor

    SciTech Connect (OSTI)

    Brad J. Merrill; Richard L. Moore; J. Phillip Sharp

    2008-09-01T23:59:59.000Z

    A beryllium dust oxidation model has been developed at the Idaho National Laboratory (INL) by the Fusion Safety Program (FSP) for the MELCOR safety computer code. The purpose of this model is to investigate hydrogen production from beryllium dust layers on hot surfaces inside a fusion reactor vacuum vessel (VV) during in-vessel loss-of-cooling accidents (LOCAs). This beryllium dust oxidation model accounts for the diffusion of steam into a beryllium dust layer, the oxidation of the dust particles inside this layer based on the beryllium-steam oxidation equations developed at the INL, and the effective thermal conductivity of this beryllium dust layer. This paper details this oxidation model and presents the results of the application of this model to a wet bypass accident scenario in the ITER device.

  3. Particle Image Velocimetry Measurements and Analysis of Bypass Data for a Scaled 6mm Gap

    SciTech Connect (OSTI)

    J.R. Wolf; T.E. Conder; R.R. Schultz

    2012-09-01T23:59:59.000Z

    The purpose of the fluid dynamics experiments in the MIR (Matched Index of-Refraction) flow system at Idaho National Laboratory (INL) is to develop benchmark databases for the assessment of Computational Fluid Dynamics (CFD) solutions of the momentum equations, scalar mixing, and turbulence models for the flow ratios between coolant channels and bypass gaps in the interstitial regions of typical prismatic standard fuel element (SFE) or upper reflector block geometries of typical Modular High-temperature Gas-cooled Reactors (MHTGR) in the limiting case of negligible buoyancy and constant fluid properties. The experiments will use optical techniques, primarily particle image velocimetry (PIV) in the INL Matched Index of Refraction (MIR) flow system.

  4. Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

    SciTech Connect (OSTI)

    Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

    2007-01-01T23:59:59.000Z

    Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

  5. WIPP Transparency Project - container tracking and monitoring demonstration using the Authenticated Tracking and Monitoring System (ATMS)

    SciTech Connect (OSTI)

    SCHOENEMAN, J. LEE; SMARTT, HEIDI ANNE; HOFER, DENNIS

    2000-01-27T23:59:59.000Z

    The Authenticated Tracking and Monitoring System (ATMS) is designed to answer the need for global monitoring of the status and location of proliferation-sensitive items on a worldwide basis, 24 hours a day. ATMS uses wireless sensor packs to monitor the status of the items within the shipment and surrounding environmental conditions. Receiver and processing units collect a variety of sensor event data that is integrated with GPS tracking data. The collected data are transmitted to the International Maritime Satellite (INMARSAT) communication system, which then sends the data to mobile ground stations. Authentication and encryption algorithms secure the data during communication activities. A typical ATMS application would be to track and monitor the stiety and security of a number of items in transit along a scheduled shipping route. The resulting tracking, timing, and status information could then be processed to ensure compliance with various agreements.

  6. Using quantum routers to implement quantum message authentication and Bell-state manipulation

    E-Print Network [OSTI]

    Karol Bartkiewicz; Antonín ?ernoch; Karel Lemr

    2014-09-03T23:59:59.000Z

    In this paper we investigate the capability of quantum routing (quantum state fusion) to implement two useful quantum communications protocols. The analyzed protocols include quantum authentication of quantum messages and non-destructive linear-optical Bell state manipulation. We also present the concept of quantum decoupler -- a device implementing an inverse operation to quantum routing. We demonstrate that both quantum router and decoupler can work as specialized disentangling gates.

  7. Integrating end-to-end encryption and authentication technology into broadband networks

    SciTech Connect (OSTI)

    Pierson, L.G.

    1995-11-01T23:59:59.000Z

    BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signaling and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.

  8. Utilitas and venustas: balancing utility and authenticity in the stewardship of our built heritage

    E-Print Network [OSTI]

    Reich, Alene Wilmoth

    2007-04-25T23:59:59.000Z

    Members, John Alexander John Nichols Head of Department, Mardelle Shepley December 2005 Major Subject: Architecture iii ABSTRACT Utilitas and Venustas: Balancing Utility and Authenticity in the Stewardship of Our Built... Services (HPS). The aim of HPS is to, ?[help] our nation's citizens and communities identify, evaluate, protect and preserve historic properties for future generations of Americans.?17 HPS is responsible for the administration of educational, technical...

  9. New HANE Fireball Physics: Implications for US Infrastructure Vulnerability

    SciTech Connect (OSTI)

    Hewett, D W; Larson, D J; Eng, C; Tarwater, A E; Brecht, S H

    2009-01-26T23:59:59.000Z

    The vulnerability of the US infrastructure to High altitude Nuclear Explosions (HANEs) continues to be the object of studies by a number of blue-ribbon panels and commissions. In particular, studies suggest an alarming sensitivity of our electronic infrastructure to some types of ElectroMagnetic Pulse (EMP) while other types of EMP threaten our power distribution systems. Equally or perhaps more important is the concern that a large percentage of our satellites will experience 'upsets' or worse from these same HANE effects. Such studies, however, are all based on the sparse data obtained during the last HANE tests conducted in the early 1960's. A weakness in our present understanding is that almost all the conclusions about distributed-electric-current-driven EMP, with time scales 1/2 second or longer, are interpretations of old data guided by the computational MHD/fluid models available at the time. Fluid models make the assumption that the mean-free-path is zero and thus miss important physics regardless of the model used to couple ion motion to the magnetic field. Even when planetary length scales are modeled so that the gyro radius becomes negligible, the early dynamics of the fireball are not properly captured. The facts are, at relevant altitudes, the explosion expansion is almost unimpeded by the tenuous ionospheric background-particle mean-free-paths are of order 10,000 km. The primary impediment to the debris expansion is the earth's magnetic field bending the energetic ion trajectories emanating from the explosion into circular orbits with typical radii that range from 200 km for heavy ions to 10 km or less for the lighter ions in the debris. These particles thus gyrate many times before they are stopped by a collision with the background atmosphere. Only models that track ion gyro-motion can recover the myriad possibilities through which the complicated, energetic, 'fireball' of debris may evolve. Fireball evolution is important because it determines debris distribution (crucial in satellite vulnerability studies) and generation of low frequency EMP. With the previous considerations as motivation, we have recently reconsidered the early fireball dynamics to see if more appropriate physics models would reveal new insight into some long-standing problems, such as the apparent need for 'jetting' of debris particles to high altitude to explain the observed satellite damage. Additionally, we hoped that the additional physics might reveal new aspects of the early fireball dynamics that could augment the rather incomplete understanding we now have of the EMP generated by such tests.

  10. Home Authentication / Biometrics Business / Finance Continuity / Recovery Cybersecurity Detection Education / Sci-Tech Emergency / Police / Mil. Government policy Infrastructure Public health / Biodefense Surveillance Systems integration Transport / Borde

    E-Print Network [OSTI]

    Rogers, John A.

    Home Authentication / Biometrics Business / Finance Continuity / Recovery Cybersecurity Detection Education / Sci-Tech Emergency / Police / Mil. Government policy Infrastructure Public health / Biodefense

  11. Safeguards Evaluation Method for evaluating vulnerability to insider threats

    SciTech Connect (OSTI)

    Al-Ayat, R.A.; Judd, B.R.; Renis, T.A.

    1986-01-01T23:59:59.000Z

    As protection of DOE facilities against outsiders increases to acceptable levels, attention is shifting toward achieving comparable protection against insiders. Since threats and protection measures for insiders are substantially different from those for outsiders, new perspectives and approaches are needed. One such approach is the Safeguards Evaluation Method. This method helps in assessing safeguards vulnerabilities to theft or diversion of special nuclear meterial (SNM) by insiders. The Safeguards Evaluation Method-Insider Threat is a simple model that can be used by safeguards and security planners to evaluate safeguards and proposed upgrades at their own facilities. The method is used to evaluate the effectiveness of safeguards in both timely detection (in time to prevent theft) and late detection (after-the-fact). The method considers the various types of potential insider adversaries working alone or in collusion with other insiders. The approach can be used for a wide variety of facilities with various quantities and forms of SNM. An Evaluation Workbook provides documentation of the baseline assessment; this simplifies subsequent on-site appraisals. Quantitative evaluation is facilitated by an accompanying computer program. The method significantly increases an evaluation team's on-site analytical capabilities, thereby producing a more thorough and accurate safeguards evaluation.

  12. Climate change and health: Indoor heat exposure in vulnerable populations

    SciTech Connect (OSTI)

    White-Newsome, Jalonne L., E-mail: jalonne@umich.edu [University of Michigan School of Public Health, Environmental Health Sciences Department, 109 S. Observatory, SPH II, Rm. M6314, Ann Arbor, MI 48109 (United States); Sanchez, Brisa N., E-mail: brisa@umich.edu [University of Michigan School of Public Health, Biostatistics Department, M4164 SPH II, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States); Jolliet, Olivier, E-mail: ojolliet@umich.edu [University of Michigan School of Public Health, Environmental Health Sciences Department, 6622 SPH tower, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States)] [University of Michigan School of Public Health, Environmental Health Sciences Department, 6622 SPH tower, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States); Zhang, Zhenzhen, E-mail: zhzh@umich.edu [University of Michigan School of Public Health, Biostatistics Department, M4164 SPH II, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States)] [University of Michigan School of Public Health, Biostatistics Department, M4164 SPH II, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States); Parker, Edith A., E-mail: Edith-Parker@uiowa.edu [University of Michigan School of Public Health, Health Behavior and Health Education Department, 1415 Washington Heights, Ann Arbor, MI 48109-2029 (United States); Timothy Dvonch, J., E-mail: dvonch@umich.edu [University of Michigan School of Public Health, Environmental Health Sciences Department, 1415 Washington Heights, 6642 SPH Tower, Ann Arbor, MI 48109 (United States); O'Neill, Marie S., E-mail: marieo@umich.edu [University of Michigan School of Public Health, Environmental Health Sciences Department, 6631 SPH Tower, 1415 Washington Heights, Ann Arbor, MI 48109 (United States)

    2012-01-15T23:59:59.000Z

    Introduction: Climate change is increasing the frequency of heat waves and hot weather in many urban environments. Older people are more vulnerable to heat exposure but spend most of their time indoors. Few published studies have addressed indoor heat exposure in residences occupied by an elderly population. The purpose of this study is to explore the relationship between outdoor and indoor temperatures in homes occupied by the elderly and determine other predictors of indoor temperature. Materials and methods: We collected hourly indoor temperature measurements of 30 different homes; outdoor temperature, dewpoint temperature, and solar radiation data during summer 2009 in Detroit, MI. We used mixed linear regression to model indoor temperatures' responsiveness to weather, housing and environmental characteristics, and evaluated our ability to predict indoor heat exposures based on outdoor conditions. Results: Average maximum indoor temperature for all locations was 34.85 Degree-Sign C, 13.8 Degree-Sign C higher than average maximum outdoor temperature. Indoor temperatures of single family homes constructed of vinyl paneling or wood siding were more sensitive than brick homes to outdoor temperature changes and internal heat gains. Outdoor temperature, solar radiation, and dewpoint temperature predicted 38% of the variability of indoor temperatures. Conclusions: Indoor exposures to heat in Detroit exceed the comfort range among elderly occupants, and can be predicted using outdoor temperatures, characteristics of the housing stock and surroundings to improve heat exposure assessment for epidemiological investigations. Weatherizing homes and modifying home surroundings could mitigate indoor heat exposure among the elderly.

  13. A graph-based network-vulnerability analysis system

    SciTech Connect (OSTI)

    Swiler, L.P.; Phillips, C.; Gaylor, T.

    1998-05-03T23:59:59.000Z

    This paper presents a graph based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level of effort for the attacker, various graph algorithms such as shortest path algorithms can identify the attack paths with the highest probability of success.

  14. A graph-based network-vulnerability analysis system

    SciTech Connect (OSTI)

    Swiler, L.P.; Phillips, C. [Sandia National Labs., Albuquerque, NM (United States); Gaylor, T. [3M, Austin, TX (United States). Visual Systems Div.

    1998-01-01T23:59:59.000Z

    This report presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.

  15. A graph-based system for network-vulnerability analysis

    SciTech Connect (OSTI)

    Swiler, L.P.; Phillips, C.

    1998-06-01T23:59:59.000Z

    This paper presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.

  16. V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities | Department of

  17. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success|SustainableDepartmentregulations.govVulnerabilities

  18. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently20,000 Russian Nuclear Warheads intoMansoor GhassemUseDepartment ofUsers|Vulnerabilities

  19. V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartmentRemoteVulnerability

  20. T-704: RSA enVision Lets Remote Users View Files and Remote Authenticated

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilitiesVulnerability |Users Obtain Password

  1. T-728: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilitiesVulnerability |UsersSessions

  2. Method of treating emissions of a hybrid vehicle with a hydrocarbon absorber and a catalyst bypass system

    DOE Patents [OSTI]

    Roos, Bryan Nathaniel; Gonze, Eugene V; Santoso, Halim G; Spohn, Brian L

    2014-01-14T23:59:59.000Z

    A method of treating emissions from an internal combustion engine of a hybrid vehicle includes directing a flow of air created by the internal combustion engine when the internal combustion engine is spinning but not being fueled through a hydrocarbon absorber to collect hydrocarbons within the flow of air. When the hydrocarbon absorber is full and unable to collect additional hydrocarbons, the flow of air is directed through an electrically heated catalyst to treat the flow of air and remove the hydrocarbons. When the hydrocarbon absorber is not full and able to collect additional hydrocarbons, the flow of air is directed through a bypass path that bypasses the electrically heated catalyst to conserve the thermal energy stored within the electrically heated catalyst.

  3. Preliminary studies of coolant by-pass flows in a prismatic very high temperature reactor using computational fluid dynamics

    SciTech Connect (OSTI)

    Hiroyuki Sato; Richard Johnson; Richard Schultz

    2009-09-01T23:59:59.000Z

    Three dimensional computational fluid dynamic (CFD) calculations of a typical prismatic very high temperature gas-cooled reactor (VHTR) were conducted to investigate the influence of gap geometry on flow and temperature distributions in the reactor core using commercial CFD code FLUENT. Parametric calculations changing the gap width in a whole core length model of fuel and reflector columns were performed. The simulations show the effects of core by-pass flows in the heated core region by comparing results for several gap widths including zero gap width. The calculation results underline the importance of considering inter-column gap width for the evaluation of maximum fuel temperatures and temperature gradients in fuel blocks. In addition, it is shown that temperatures of core outlet flow from gaps and channels are strongly affected by the gap width of by-pass flow in the reactor core.

  4. Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    1 Title draft: Complexity and vulnerability of Smartgrid systems Elizaveta Kuznetsova1 , Keith of Smartgrids. Typical characteristics of complex systems, such as self-organization, emergence, chaotic behavior and evolution, are considered with respect to Smartgrids as future energy infrastructures

  5. Energy as a Framework for Prioritizing Conservation Vulnerabilities and Management Strategies

    E-Print Network [OSTI]

    Hansen, Andrew J.

    Energy as a Framework for Prioritizing Conservation Vulnerabilities and Management Strategies - trophic structure - evolutionary processes - available energy. Theoretical Roots of Conservation Biology - habitat area - trophic structure - evolutionary processes - available energy Theoretical Roots

  6. Seismic vulnerability of older reinforced concrete frame structures in Mid-America

    E-Print Network [OSTI]

    Beason, Lauren Rae

    2004-09-30T23:59:59.000Z

    This research quantifies the seismic vulnerability of older reinforced concrete frame structures located in Mid-America. After designing a representative three-story gravity load designed reinforced concrete frame structure, a nonlinear analytical...

  7. Geographic variation in vulnerability to climate warming in a tropical Caribbean lizard

    E-Print Network [OSTI]

    Leal, Manuel S.

    Geographic variation in vulnerability to climate warming in a tropical Caribbean lizard Alex R temperatures (Tb) of the tropical Caribbean lizard Anolis cristatellus at nine sites representing two habitat

  8. A Smart Grid Vulnerability Analysis Framework for Coordinated Variable Structure Switching Attacks

    E-Print Network [OSTI]

    Kundur, Deepa

    the approach. Moreover the insights gained from the vulnerability analysis of the WECC system are consistent approach is detailed in Section III along with an illustration of the procedure on the WECC 3-machine, 9

  9. UEA Water Security Research Centre Climate Change and Variability Adaptation and Vulnerability

    E-Print Network [OSTI]

    Everest, Graham R

    UEA Water Security Research Centre Climate Change and Variability · Adaptation and Vulnerability · Transboundary Cooperation ­ Conflict · Irrigation Performance and Policy · River Basin Management · Water Allocation · Hydropolitics www.uea.ac.uk/watersecurity #12;The UEA Water Security Research Centre applies

  10. Guilt by Association: United States Ties and Vulnerability to Transnational Terrorist Attacks

    E-Print Network [OSTI]

    Warhol, Matthew Grant

    2011-02-22T23:59:59.000Z

    Do nations' allies and trading partners affect their vulnerability to transnational terrorist attacks? Prior research has focused on how the attributes of individual nations, such as regime type, economic stability, and international power, affect...

  11. DNA repair modulates the vulnerability of the developing brain to alkylating agents

    E-Print Network [OSTI]

    Samson, Leona D.

    Neurons of the developing brain are especially vulnerable to environmental agents that damage DNA (i.e., genotoxicants), but the mechanism is poorly understood. The focus of the present study is to demonstrate that DNA ...

  12. Screening vulnerabilities in water supply networks : risk analysis of infrastructure systems

    E-Print Network [OSTI]

    Michaud, David, 1975-

    2005-01-01T23:59:59.000Z

    The extreme importance of critical infrastructures to modern society is widely known. Recognizing that society cannot afford the costs associated with absolute protection, it is necessary to prioritize the vulnerabilities ...

  13. A Role for Repressive Histone Methylation in Cocaine-Induced Vulnerability to Stress

    E-Print Network [OSTI]

    Covington, Herbert E.

    Substance abuse increases an individual's vulnerability to stress-related illnesses, which is presumably mediated by drug-induced neural adaptations that alter subsequent responses to stress. Here, we identify repressive ...

  14. Vulnerability of ex vivo ?-motor nerve terminals to hypoxia-reperfusion injury. 

    E-Print Network [OSTI]

    Baxter, Rebecca L.

    2010-01-01T23:59:59.000Z

    A growing body of evidence shows that presynaptic nerve terminals throughout the nervous system are vulnerable to a range of traumatic, toxic and disease-related neurodegenerative stimuli. The aim of this study was to further characterise...

  15. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Final Report

    SciTech Connect (OSTI)

    L. R. Zirker; J. E. Francfort; J. J. Fielding

    2006-03-01T23:59:59.000Z

    This Oil Bypass Filter Technology Evaluation final report documents the feasibility of using oil bypass filters on 17 vehicles in the Idaho National Laboratory (INL) fleet during a 3-year test period. Almost 1.3 million test miles were accumulated, with eleven 4-cycle diesel engine buses accumulating 982,548 test miles and six gasoline-engine Chevrolet Tahoes accumulating 303,172 test miles. Two hundred and forty oil samples, taken at each 12,000-mile bus servicing event and at 3,000 miles for the Tahoes, documented the condition of the engine oils for continued service. Twenty-eight variables were normally tested, including the presence of desired additives and undesired wear metals such as iron and chrome, as well as soot, water, glycol, and fuel. Depending on the assumptions employed, the INL found that oil bypass filter systems for diesel engine buses have a positive payback between 72,000 and 144,000 miles. For the Tahoes, the positive payback was between 66,000 and 69,000 miles.

  16. Implications for Damage Recognition during Dpo4-Mediated Mutagenic Bypass of m1G and m3C Lesions

    SciTech Connect (OSTI)

    Rechkoblit, Olga; Delaney, James C.; Essigmann, John M.; Patel, Dinshaw J. (MIT); (MSKCC)

    2012-05-08T23:59:59.000Z

    DNA is susceptible to alkylation damage by a number of environmental agents that modify the Watson-Crick edge of the bases. Such lesions, if not repaired, may be bypassed by Y-family DNA polymerases. The bypass polymerase Dpo4 is strongly inhibited by 1-methylguanine (m1G) and 3-methylcytosine (m3C), with nucleotide incorporation opposite these lesions being predominantly mutagenic. Further, extension after insertion of both correct and incorrect bases, introduces additional base substitution and deletion errors. Crystal structures of the Dpo4 ternary extension complexes with correct and mismatched 3'-terminal primer bases opposite the lesions reveal that both m1G and m3C remain positioned within the DNA template/primer helix. However, both correct and incorrect pairing partners exhibit pronounced primer terminal nucleotide distortion, being primarily evicted from the DNA helix when opposite m1G or misaligned when pairing with m3C. Our studies provide insights into mechanisms related to hindered and mutagenic bypass of methylated lesions and models associated with damage recognition by repair demethylases.

  17. Assessment of chemical vulnerabilities in the Hanford high-level waste tanks

    SciTech Connect (OSTI)

    Meacham, J.E. [and others

    1996-02-15T23:59:59.000Z

    The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

  18. Children with disabilities in the context of disaster: A social vulnerability perspective

    E-Print Network [OSTI]

    Stough, Laura

    2010-01-01T23:59:59.000Z

    through a social vulnerability perspective they all can be seen as lacking access to vital economic and social resources, possessing lim- ited autonomy and power, and having low levels of social capital (Morrow, 1999). They also, for socio- historical... of these socially vulnerable populations, but we do not yet know what parts of the community infrastructure are most critical to support their resilience in the post- disaster context. Given the dearth of empirical studies that actu- ally explore how disaster...

  19. Planning for Water Scarcity: The Vulnerability of the Laguna Region, Mexico

    E-Print Network [OSTI]

    Sanchez Flores, Maria Del Rosario

    2010-10-12T23:59:59.000Z

    and Hydrological Science iii ABSTRACT Planning for Water Scarcity: The Vulnerability of the Laguna Region, Mexico. (August 2009) Maria del Rosario Sanchez Flores, B.S., Monterrey Tech.; M.S., Instituto Matias Romero Co-Chairs of Advisory Committee: Dr... this problem, a combination of quantitative and qualitative techniques were used. A systems theory simulation model was used to measure the economic vulnerability of the main agricultural products at different scenarios of water volume in the aquifer...

  20. Sputter deposition of thin film MIM capacitors on LTCC substrates for RF bypass and filtering applications

    SciTech Connect (OSTI)

    Murray, Jack [Missouri University of Science and Technology; O'Keefe, Matthew J. [Missouri University of Science and Technology; Wilder, Kristina [Missouri University of Science and Technology; Eatinger, Ryan [Kansas State University; Kuhn, William [Kansas State University; Krueger, Daniel S. [Honeywell Federal Manufacturing & Technologies; Wolf, J. Ambrose [Honeywell Federal Manufacturing & Technologies

    2011-08-31T23:59:59.000Z

    Thin film capacitors for RF bypass and filtering applications were sputter deposited onto low temperature co-fired ceramic (LTCC) substrates. The capacitors were configured in a metal-insulator-metal (MIM) design featuring 200 nm thick Al electrodes and a 300 nm thick Al{sub 2}O{sub 3} dielectric layer, with dimensions varied between ~150x150 ?m and ~750x750 ?m. DC current-voltage measurements (E ? 5 MV/cm) coupled with impedance analysis (?15 MHz) was used to characterize the resulting devices. More than 90% of the devices functioned as capacitors with high DC resistance (>20 M?) and low loss (tan ? <0.1). A second set of capacitors were made under the same experimental conditions with device geometries optimized for high frequency (?200 MHz) applications. These capacitors featured temperature coefficient of capacitance (TCC) values between 500 and 1000 ppm/°C as well as low loss and high self-resonant frequency performance (ESR <0.6 Ohms at self-resonance of 5.7 GHz for 82 pF). Capacitance and loss values were comparable between the capacitor structures of similar areas at the different frequency regimes.

  1. U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA®

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartmentAuthentication Client 3.5 Access

  2. U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

  3. Universal Hashing and Multiple Authentication M. Atici 1;2 and D. R. Stinson 1;3

    E-Print Network [OSTI]

    Stinson, Douglas

    . Our point of view is the uni­ versal hashing approach pioneered by Wegman and Carter in 1981. We first to the construction of unconditionally secure authentication codes without secrecy. This idea is due to Wegman formal def­ initions of relevant classes of hash functions, and obtained some improvements to the Wegman

  4. IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011 675 A Lightweight Message Authentication Scheme for

    E-Print Network [OSTI]

    Shen, Xuemin "Sherman"

    IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011 675 A Lightweight Message Authentication Scheme for Smart Grid Communications Mostafa M. Fouda, Member, IEEE, Zubair Md. Fadlullah, Member Abstract--Smart grid (SG) communication has recently received significant attentions to facilitate

  5. Trust-and Clustering-Based Authentication Services in Mobile Ad Hoc Edith C. H. Ngai and Michael R. Lyu

    E-Print Network [OSTI]

    Lyu, Michael R.

    distributed systems, security in ad hoc networks is based on the use of a key management system. Specific key the network. The new solution is evaluated through simulation and implementation, and the resultsTrust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith C. H. Ngai

  6. Calculating Nuclear Power Plant Vulnerability Using Integrated Geometry and Event/Fault-Tree Models

    SciTech Connect (OSTI)

    Peplow, Douglas E. [Oak Ridge National Laboratory (United States); Sulfredge, C. David [Oak Ridge National Laboratory (United States); Sanders, Robert L. [Oak Ridge National Laboratory (United States); Morris, Robert H. [Oak Ridge National Laboratory (United States); Hann, Todd A. [Defense Threat Reduction Agency (United States)

    2004-01-15T23:59:59.000Z

    Since the events of September 11, 2001, the vulnerability of nuclear power plants to terrorist attacks has become a national concern. The results of vulnerability analysis are greatly influenced by the computational approaches used. Standard approximations used in fault-tree analysis are not applicable for attacks, where high component failure probabilities are expected; two methods that do work with high failure probabilities are presented. Different blast modeling approaches can also affect the end results. Modeling the structural details of facility buildings and the geometric layout of components within the buildings is required to yield meaningful results.

  7. Department of Energy Plutonium ES&H Vulnerability Assessment Savannah River Site interim compensatory measures

    SciTech Connect (OSTI)

    Bickford, W.E.

    1994-09-15T23:59:59.000Z

    The Savannah River Site (SRS) has recently completed a self-assessment of potential vulnerabilities associated with plutonium and other transuranic materials stored at the site. An independent Working Group Assessment Team (WGAT) appointed by DOE/ES&H also performed an independent assessment, and reviewed and validated the site self-assessment. The purpose of this report is to provide a status of interim compensatory measures at SRS to address hazards in advance of any corrective actions. ES&H has requested this status for all vulnerabilities ranked medium or higher with respect to potential consequences to workers, environment, and the public.

  8. Bypass Flow Computations using a One-Twelfth Symmetric Sector For Normal Operation in a 350 MWth VHTR

    SciTech Connect (OSTI)

    Richard W. Johnson; Hiroyuki Sato

    2010-10-01T23:59:59.000Z

    Significant uncertainty exists about the effects of bypass flow in a prismatic gas-cooled very high temperature reactor (VHTR). Bypass flow is the flow in the gaps between prismatic graphite blocks in the core. The gaps are present because of variations in their construction, imperfect installation and expansion and shrinkage from thermal heating and neutron fluence. Calculations are performed using computational fluid dynamics (CFD) for flow of the helium coolant in the gap and coolant channels along with conjugate heat generation and heat transfer in the fuel compacts and graphite. A commercial CFD code is used for all of the computations. A one-twelfth sector of a standard hexagonal block column is used for the CFD model because of its symmetry. Various scenarios are computed by varying the gap width from zero to 5 mm, varying the total heat generation rate to examine average and peak radial generation rates and variation of the graphite block geometry to account for the effects of shrinkage caused by irradiation. The calculations are for a 350 MWth prismatic reactor. It is shown that the effect of increasing gap width, while maintaining the same total mass flow rate, causes increased maximum fuel temperature while providing significant cooling to the near-gap region. The maximum outlet coolant temperature variation is increased by the presence of gap flow and also by an increase in total heat generation with a gap present. The effect of block shrinkage is actually to decrease maximum fuel temperature compared to a similar reference case.

  9. Arctic sea ice trends and narwhal vulnerability Kristin L. Laidre a,*, Mads Peter Heide-Jrgensen b

    E-Print Network [OSTI]

    Laidre, Kristin L.

    risk assess- ments as this may exceed the natural response capacity of the species. Ó 2004 Elsevier Ltd; Risk assessment; Vulnerability 1. Introduction Significant physical and biological shifts have recently climate change require that species vulnerability be incorporated into population risk models, especially

  10. More information from http://www.researchandmarkets.com/reports/1054243/ Fragile Networks: Identifying Vulnerabilities and Synergies in an

    E-Print Network [OSTI]

    Nagurney, Anna

    and Links in Financial Networks. Chapter 7: Dynamic Networks, the Internet, and Electric Power. Chapter 8: Identifying Vulnerabilities and Synergies in an Uncertain World Description: A unified treatment of the vulnerabilities that exist in real-world network systems?--with tools to identify synergies for mergers

  11. Spatial Modelling with Geographic Information Systems for Determination of Water Resources Vulnerability

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    (river or well). This method is based on spatial analysis tools integrated in Geographical Information is proposed. The vulnerability of a water resource is defined as the risk that the resource will become (rivers or aquifers) against pollution is an important challenge for decision- makers in water resources

  12. A graph-theoretical characterization of power network vulnerabilities Fabio Pasqualetti, Antonio Bicchi, and Francesco Bullo

    E-Print Network [OSTI]

    Bullo, Francesco

    of vulnerabilities that are inherent to the power network interconnection structure. From a system theoretic-time descriptor system. We adopt the framework of structural control theory, and we associate a digraph in the power network model. The study of dynamical systems in descriptor form has received sensible attention

  13. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard #3; May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC

  14. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode

  15. Educational Access i Educational Access for Orphans and Vulnerable Children in Woliso, Ethiopia

    E-Print Network [OSTI]

    Scheel, David

    Educational Access i Educational Access for Orphans and Vulnerable Children in Woliso, Ethiopia ABSTRACT The appalling rise in the number of orphans in Ethiopia has reached epidemic proportions. The United Nations Fund-Ethiopia (2007) estimates there are 4.6 million orphaned children, 85 % of which do

  16. Vulnerability Analysis of a Nuclear Power Plant Considering Detonations of Explosive Devices

    E-Print Network [OSTI]

    Cizelj, Leon

    Vulnerability Analysis of a Nuclear Power Plant Considering Detonations of Explosive Devices Marko threats to a nuclear power plant in the year 1991 and after the 9/11 events in 2001. The methodology which strength and injuries of human beings with nuclear power plant models used in probabilistic safety

  17. Vulnerability of age-0 pallid sturgeon Scaphirhynchus albus to fish predation By W. E. French1

    E-Print Network [OSTI]

    and smallmouth bass is low, especially in the presence of an alternative fish prey. Introduction SturgeonVulnerability of age-0 pallid sturgeon Scaphirhynchus albus to fish predation By W. E. French1 , B, Brookings, SD, USA; 2 USGS South Dakota Cooperative Fish & Wildlife Research Unit, Department of Wildlife

  18. Proline Nal. 22(2):107-112. 1990. Vulnerability of Largemouth Bass

    E-Print Network [OSTI]

    '. an estimated largemouth bass density of 84 fish/ha and a biomass of 33.6 kg/ha. Knox Pond. a 1.3·ha private largemouth bass less than 200 rom long. but did not estimate their number. Marked fish were releasedProline Nal. 22(2):107-112. 1990. Vulnerability of Largemouth Bass to Angling in Two Small South

  19. TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity for

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity standards for electric power systems. The purpose is to study the impact of a cyber attack on supervisory was supported by Electric Power Research Center (EPRC) at Iowa State University. C.-W. Ten, C.-C. Liu, and M

  20. 1836 IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 23, NO. 4, NOVEMBER 2008 Vulnerability Assessment of Cybersecurity

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    1836 IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 23, NO. 4, NOVEMBER 2008 Vulnerability Assessment's cybersecurity standards for electric power systems. The purpose is to study the impact of a cyber attack was supported by the Electric Power Research Center (EPRC) at Iowa State University. Paper no. TPWRS-00963- 2007

  1. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  2. Vulnerability of national economies to the impacts of climate change on fisheries

    E-Print Network [OSTI]

    Reynolds, John D.

    economies and diets, and limited societal capacity to adapt to potential impacts and opportunities. Many the world's poorest and twice as reliant on fish, which provides 27% of dietary protein compared to 13 but lack the capacity to adapt. Keywords Adaptation, climate change, fisheries, poverty, vulnerability

  3. Vulnerability of the New York City Metropolitan Area to Coastal Hazards,

    E-Print Network [OSTI]

    moved from a manufacturing to a service industry-based economy. Mid-town and Lower Manhattan are two on Long Island, NY, and the north- ern New Jersey shore. Beaches and coastal wetlands provide recreational at or near sea level. Major coastal urban centers have long been vulnerable to natural hazards, such as storm

  4. Impacts of Control and Communication System Vulnerabilities on Power Systems Under

    E-Print Network [OSTI]

    Hayat, Majeed M.

    1 Impacts of Control and Communication System Vulnerabilities on Power Systems Under Contingencies, NM, USA Abstract--Modern power grids rely heavily on their control systems operating over and blackouts remain possible if the initial disturbances in the power grid are accompanied by other system

  5. Flashover vulnerability of transmission and distribution lines to high-altitude electromagnetic pulse

    SciTech Connect (OSTI)

    Kruse, V.J. (Westinghouse Electric Corp., Pittsburgh, PA (USA). Advanced Systems Technology Div.); Tesche, F.M. (E-Systems, Inc., Greenville, TX (USA)); Liu, T.K. (Lutech, Inc., Oakland, CA (US)); Barnes, P.R. (Oak Ridge National Lab., TN (USA))

    1990-04-01T23:59:59.000Z

    This paper estimates the vulnerability of transmission and distribution lines to flashover from the electromagnetic pulse generated by a nuclear detonation 400 kilometers above the earth. The analysis consists of first determining the cumulative probability of induced-voltage on three-phase lines, including shield and neutral conductors, for four operating voltages and then comparing these stresses to estimates of line insulation strength.

  6. Title: Climate Change Vulnerability and Adaptation Options for Coastal Communities in Timor-Leste

    E-Print Network [OSTI]

    Title: Climate Change Vulnerability and Adaptation Options for Coastal Communities in Timor-Leste Summary Climate change is a major global challenge, particularly for world's coastal communities in low 2008, Kelman & West 2009, Veitayaki 2010). Within these regions, climate change impacts are already

  7. Assessment of U.S. Agriculture Sector and Human Vulnerability to a Rift Valley Fever Outbreak

    E-Print Network [OSTI]

    Hughes, Randi Catherine

    2011-08-08T23:59:59.000Z

    on the assessment of the U.S. agricultural sector and human vulnerability to a Rift Valley Fever (RVF) outbreak and the value of a select set of alternative disease control strategies. RVF is a vector-borne, zoonotic disease that affects both livestock and humans...

  8. Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin and Laurie Williams

    E-Print Network [OSTI]

    Young, R. Michael

    Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin to prioritize security inspection and testing efforts may be better served by a prediction model that indicates commonalities that may allow development teams to use traditional fault prediction models and metrics

  9. Detection of Vulnerable Road Users in Smart Cities Francisco Guayante, Arnoldo Daz-Ramrez

    E-Print Network [OSTI]

    Mejia-Alvarez, Pedro

    Detection of Vulnerable Road Users in Smart Cities Francisco Guayante, Arnoldo Díaz. In order to cope with the problems of the growing urban communities, the concept of smart cities has emerged. A smart city is based on the use of smart computing technologies, such as Intelligent

  10. American Journal of Botany 87(9): 12871299. 2000. VULNERABILITY TO XYLEM CAVITATION AND THE

    E-Print Network [OSTI]

    Pockman, William T.

    1287 American Journal of Botany 87(9): 1287­1299. 2000. VULNERABILITY TO XYLEM CAVITATION to evaluate how the limitation of xylem pressure ( x) by cavitation corresponded with plant distribution along xylem, which shows the decrease in hydraulic conductance from cavitation as a function of x and the crit

  11. Seismic vulnerability assessment to slight dam-age based on experimental modal parameters

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Seismic vulnerability assessment to slight dam- age based on experimental modal parameters Clotaire Federal Institute of Technology, Zuerich, Switzerland. Michel C., Gueguen P., Causse M. 2011. Seismic higher modes and full seismic ground motion, (2) using a single-degree of freedom model considering

  12. International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities and Solutions

    E-Print Network [OSTI]

    Aloul, Fadi

    to be able to communicate with smart meters via a Home Area Network (HAN) facilitating efficient powerInternational Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities is currently evolving into the smart grid. Smart grid integrates the traditional electrical power grid

  13. From Sustainability to Transformation: dynamics and diversity in reflexive governance of vulnerability, Andy Stirling

    E-Print Network [OSTI]

    Sussex, University of

    of vulnerability, Andy Stirling From "Broadening Out" Appraisal to "Opening Up" Commitments This chapter turns our-technical choice (Stirling, 2008a). Organizational, cultural, political, and economic forces structure our implications (Stirling, 2008b). In this way, we can extend attention to alternative trajectories reflecting

  14. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01T23:59:59.000Z

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  15. APPENDIX A: Climate Change Vulnerability Literature Review The purpose of this discussion is to review the existing literature surrounding climate change adaptation

    E-Print Network [OSTI]

    Brownstone, Rob

    on built infrastructure. It will examine the evolution of the term vulnerability and explore current infrastructure vulnerabilities (potential for increased moisture damage to buildings or interruptions in electrical power generation) (Berry et al., 2008; Canadian Council of Professional Engineers, 2008

  16. Sarkar, Papiya "Solid Waste Management In Delhi A Social Vulnerability Study" in Martin J. Bunch, V. Madha Suresh and T. Vasantha Kumaran, eds., Proceedings of the Third

    E-Print Network [OSTI]

    Columbia University

    1 Sarkar, Papiya "Solid Waste Management In Delhi ­ A Social Vulnerability Study" in Martin J IN DELHI ­ A SOCIAL VULNERABILITY STUDY Papiya Sarkar· Toxics Link, New Delhi, India. Abstract Management

  17. V-166: HP-UX Directory Server Discloses Passwords to Remote Authenticated

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |VulnerabilitiesCodeCode | Department

  18. T-575: OpenLDAP back-ndb Lets Remote Users Authenticate Without a Valid

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department ofForgery Attacks

  19. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program Oil Bypass Filter Technology Evaluation Fifth Quarterly Report October - December 2003

    SciTech Connect (OSTI)

    Larry Zirker; James Francfort

    2004-02-01T23:59:59.000Z

    This Oil Bypass Filter Technology Evaluation quarterly report (October-December 2003) details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy's FreedomCAR & Vehicle Technologies Program. Eight four-cycle diesel-engine buses used to transport INEEL employees on various routes have been equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. To date, the eight buses have accumulated 324,091 test miles. This represents an avoidance of 27 oil changes, which equate to 952 quarts (238 gallons) of new oil not conserved and therefore, 952 quarts of waste oil not generated. To validate the extended oil-drain intervals, an oil-analysis regime is used to evaluate the fitness of the oil for continued service by monitoring the presence of necessary additives, undesirable contaminants, and engine-wear metals. The test fleet has been expanded to include six Chevrolet Tahoe sport utility vehicles with gasoline engines.

  20. Evaluation of a Prototype Surface Flow Bypass for Juvenile Salmon and Steelhead at the Powerhouse of Lower Granite Dam, Snake River, Washington, 1996-2000

    SciTech Connect (OSTI)

    Johnson, Gary E.; Anglea, Steven M.; Adams, Noah S.; Wik, Timothy O.

    2005-02-28T23:59:59.000Z

    A surface flow bypass provides a route in the upper water column for naturally, surface-oriented juvenile salmonids to safely migrate through a hydroelectric dam. Surface flow bypasses were recommended in several regional salmon recovery plans as a means to increase passage survival of juvenile salmonids at Columbia and Snake River dams. A prototype surface flow bypass, called the SBC, was retrofit on Lower Granite Dam and evaluated from 1996 to 2000 using biotelemetry and hydroacoustic techniques. In terms of passage efficiency, the best SBC configurations were a surface skimmer (99 m3/s [3,500 cfs], three entrances 5 m wide, 5 m deep and one entrance 5 m wide, 15 m deep) and a single chute (99 m3/s, one entrance 5 m wide, 8.5 m deep). They each passed 62 ? 3% (95% confidence interval) of the total juvenile fish population that entered the section of the dam with the SBC entrances (Turbine Units 4-5). Smooth entrance shape and concentrated surface flow characteristics of these configurations are worth pursuing in designs for future surface flow bypasses. In addition, a guidance wall in the Lower Granite Dam forebay diverted the following percentages of juvenile salmonids away from Turbine Units 1-3 toward other passage routes, including the SBC: run-at-large 79 ? 18%; hatchery steelhead 86%; wild steelhead 65%; and yearling chinook salmon 66%. When used in combination with spill or turbine intake screens, a surface flow bypass with a guidance wall can produce a high level (> 90% of total project passage) of non-turbine passage and provide operational flexibility to fisheries managers and dam operators responsible for enhancing juvenile salmonid survival.

  1. A watershed-based method for environmental vulnerability assessment with a case study of the Mid-Atlantic region

    SciTech Connect (OSTI)

    Tran, Liem T., E-mail: ltran1@utk.edu [Department of Geography, University of Tennessee, Knoxville, TN (United States); O& #x27; Neill, Robert V. [OTIE and Associates, Oak Ridge, TN (United States); Smith, Elizabeth R. [U.S. Environmental Protection Agency, Office of Research and Development, National Exposure Research Laboratory, Research Triangle Park, NC (United States)

    2012-04-15T23:59:59.000Z

    The paper presents a method for environmental vulnerability assessment with a case study of the Mid-Atlantic region. The method is based on the concept of 'self-/peer-appraisal' of a watershed in term of vulnerability. The self-/peer-appraisal process is facilitated by two separate linear optimization programs. The analysis provided insights on the environmental conditions, in general, and the relative vulnerability pattern, in particular, of the Mid-Atlantic region. The suggested method offers a simple but effective and objective way to perform a regional environmental vulnerability assessment. Consequently the method can be used in various steps in environmental assessment and planning. - Highlights: Black-Right-Pointing-Pointer We present a method for regional environmental vulnerability assessment. Black-Right-Pointing-Pointer It is based on the self-/peer-appraisal concept in term of vulnerability. Black-Right-Pointing-Pointer The analysis is facilitated by two separate linear optimization programs. Black-Right-Pointing-Pointer The method provides insights on the regional relative vulnerability pattern.

  2. 161 rue Ada F -34392 Montpellier Cedex 05 Tl : 33 (0)4 67 4 85 85 Fax : 33 (0)4 67 4 85 00 www. lirmm.fr Added Redundancy Explicit Authentication at

    E-Print Network [OSTI]

    Boyer, Edmond

    hardware-based (physical) attacks and work under th Technical Report 01/07/2007 lirmm-00171028,version1-11Sep2007 #12;Added Redundancy Explicit Authentication

  3. Agricultural Livelihoods and Climate Change: Employing the Livelihood Vulnerability Index in Bluefields, Jamaica

    E-Print Network [OSTI]

    Fath, Kevin

    2014-08-20T23:59:59.000Z

    in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Chair of Committee, Gary Wingenbach Committee Members, Theresa P. Murphrey Leonardo Lombardini Head of Department, John Elliot December 2014 Major Subject...; (c) health; (d) social networks; (e) food; (f) water; and (g) natural disasters and climate variability (Hahn et al., 2009). The Hahn et al. (2009) study took this vulnerability framework a step further by determining which secondary components...

  4. Flashover vulnerability of transmission and distribution lines to high-altitude electromagnetic pulse (HEMP)

    SciTech Connect (OSTI)

    Kruse, V.J.; Liu, T.K.; Tesche, F.M.; Barnes, P.R.

    1989-01-01T23:59:59.000Z

    This paper estimates the vulnerability of transmission and distribution lines to flashover from the electromagnetic pulse generated by a nuclear detonation 400 kilometers above the earth. The analysis consists of first determining the cumulative probability of induced-voltage on three-phase lines, including shield and neutral conductors, for four operating voltages and then comparing these stresses to estimates of line insulation strength. 11 refs., 9 figs., 5 tabs.

  5. U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your Density Isn'tOriginEducationVideoStrategic|IndustrialCenterMarch 4;DepartmentVulnerabilities |Department

  6. Crucial role of detailed function, task, timeline, link and human vulnerability analyses in HRA

    SciTech Connect (OSTI)

    Ryan, T.G.; Haney, L.N.; Ostrom, L.T.

    1992-10-01T23:59:59.000Z

    This paper addresses one major cause for large uncertainties in human reliability analysis (HRA) results, that is, an absence of detailed function, task, timeline, link and human vulnerability analyses. All too often this crucial step in the HRA process is done in a cursory fashion using word of mouth or written procedures which themselves may incompletely or inaccurately represent the human action sequences and human error vulnerabilities being analyzed. The paper examines the potential contributions these detailed analyses can make in achieving quantitative and qualitative HRA results which are: (1) creditable, that is, minimize uncertainty, (2) auditable, that is, systematically linking quantitative results and qualitative information from which the results are derived, (3) capable of supporting root cause analyses on human reliability factors determined to be major contributors to risk, and (4) capable of repeated measures and being combined with similar results from other analyses to examine HRA issues transcending individual systems and facilities. Based on experience analyzing test and commercial nuclear reactors, and medical applications of nuclear technology, an iterative process is suggested for doing detailed function, task, timeline, link and human vulnerability analyses using documentation reviews, open-ended and structured interviews, direct observations, and group techniques. Finally, the paper concludes that detailed analyses done in this manner by knowledgeable human factors practitioners, can contribute significantly to the credibility, auditability, causal factor analysis, and combining goals of the HRA.

  7. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01T23:59:59.000Z

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  8. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

  9. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S. [Carnegie Mellon University, Pittsburgh, PA (United States). Dept. of Civil & Environmental Engineering

    2009-09-15T23:59:59.000Z

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  10. Vulnerability of larval and juvenile white sturgeon to barotrauma: can they handle the pressure?

    SciTech Connect (OSTI)

    Brown, Richard S.; Cook, Katrina V.; Pflugrath, Brett D.; Rozeboom, Latricia L.; Johnson, Rachelle C.; McLellan, Jason; Linley, Timothy J.; Gao, Yong; Baumgartner, Lee J.; Dowell, Frederick E.; Miller, Erin A.; White, Timothy A.

    2013-07-01T23:59:59.000Z

    Techniques were developed to determine which life stages of fish are vulnerable to barotrauma from expansion of internal gases during decompression. Eggs, larvae and juvenile hatchery-reared white sturgeon (Acipenser transmontanus; up to 91 days post hatch; dph), were decompressed to assess vulnerability to barotrauma and identify initial swim bladder inflation. Barotrauma related injury and mortality were first observed 9 dph, on the same day as initial exogenous feeding. However, barotrauma related injury did not occur again until swim bladder inflation 75 dph (visible from necropsy and x-ray radiographs). Swim bladder inflation was not consistent among individuals, with only 44% being inflated 91 dph. Additionally, swim bladder inflation did not appear to be size dependent among fish ranging in total length from 61-153 mm at 91 dph. The use of a combination of decompression tests and x-ray radiography was validated as a method to determine initial swim bladder inflation and vulnerability to barotrauma. Extending these techniques to other species and life history stages would help to determine fish susceptibility to hydroturbine passage and aid in fish conservation.

  11. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  12. Systematic investigation of genetic vulnerabilities across cancer cell lines reveals lineage-specific dependencies in ovarian cancer

    E-Print Network [OSTI]

    Ren, Yin

    A comprehensive understanding of the molecular vulnerabilities of every type of cancer will provide a powerful roadmap to guide therapeutic approaches. Efforts such as The Cancer Genome Atlas Project will identify genes ...

  13. Summary Xylem vulnerability to cavitation is a promising criterion for identifying trees with high drought tolerance, but

    E-Print Network [OSTI]

    Mencuccini, Maurizio

    Summary Xylem vulnerability to cavitation is a promising criterion for identifying trees with high drought tolerance, but traditional techniques for measuring cavitation resistance are unsuitablefor throughput screening of cavitation resistance in five poplar (Populus spp.) andfour willow (Salix spp

  14. U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Cisco ASA. A remote or remote authenticated user can cause denial of service conditions.

  15. JC3 | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    by malicious people to bypass certain security restrictions. May 14, 2012 U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users...

  16. JC3 Bulletin Archive | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    by malicious people to bypass certain security restrictions. May 14, 2012 U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users...

  17. California GAMA Program: A Contamination Vulnerability Assessment for the Bakersfield Area

    SciTech Connect (OSTI)

    Moran, J E; Hudson, G B; Eaton, G F; Leif, R

    2004-11-01T23:59:59.000Z

    In response to concerns expressed by the California Legislature and the citizenry of the State of California, the State Water Resources Control Board (SWRCB), implemented a program to assess groundwater quality, and provide a predictive capability for identifying areas that are vulnerable to contamination. The program was initiated in response to concern over public supply well closures due to contamination by chemicals such as MTBE from gasoline, and solvents from industrial operations. As a result of this increased awareness regarding groundwater quality, the Supplemental Report of the 1999 Budget Act mandated the SWRCB to develop a comprehensive ambient groundwater-monitoring plan, and led to the initiation of the Groundwater Ambient Monitoring and Assessment (GAMA) Program. The primary objective of the GAMA Program is to assess the water quality and to predict the relative susceptibility to contamination of groundwater resources throughout the state of California. Under the GAMA program, scientists from Lawrence Livermore National Laboratory (LLNL) collaborate with the SWRCB, the U.S. Geological Survey (USGS), the California Department of Health Services (DHS), and the California Department of Water Resources (DWR) to implement this groundwater assessment program. In 2003, LLNL carried out this vulnerability study in the groundwater basin that underlies Bakersfield, in the southern San Joaquin Valley. The goal of the study is to provide a probabilistic assessment of the relative vulnerability of groundwater used for the public water supply to contamination from surface sources. This assessment of relative contamination vulnerability is made based on the results of two types of analyses that are not routinely carried out at public water supply wells: ultra low-level measurement of volatile organic compounds (VOCs), and groundwater age dating (using the tritium-helium-3 method). In addition, stable oxygen isotope measurements help determine the recharge water source location. Interpreted together, and in the context of existing water quality and hydrogeologic data, these observable parameters help define the flow field of a groundwater basin, and indicate the degree of vertical communication between near-surface sources (or potential sources) of contamination, and deeper groundwater pumped at high capacity production wells.

  18. LOCA with consequential or delayed LOOP accidents: Unique issues, plant vulnerability, and CDF contributions

    SciTech Connect (OSTI)

    Martinez-Guridi, G.; Samanta, P.; Chu, L.; Yang, J.

    1998-08-01T23:59:59.000Z

    A loss-of-coolant accident (LOCA) can cause a loss-of-offsite power (LOOP) wherein the LOOP is usually delayed by few seconds or longer. Such an accident is called LOCA with consequential LOOP, or LOCA with delayed LOOP (here, abbreviated as LOCA/LOOP). This paper analyzes the unique conditions that are associated with a LOCA/LOOP, presents a model, and quantifies its contribution to core damage frequency (CDF). The results show that the CDF contribution can be a dominant contributor to risk for certain plant designs, although boiling water reactors (BWRs) are less vulnerable than pressurized water reactors (PWRs).

  19. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01T23:59:59.000Z

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  20. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities | Department

  1. V-061: IBM SPSS Modeler XML Document Parsing Vulnerability | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities |Remote Users

  2. V-080: Apple iOS Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartment

  3. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |VulnerabilitiesCodeCode |

  4. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department of Energy Cisco|

  5. T-597: WordPress Multiple Security Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment ofWordPress

  6. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment|Adobe

  7. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartmentRemoteVulnerabilityApple has

  8. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59CapabilityVulnerabilities | Department1: IBM

  9. U.S. Department of Energy FreedomCAR & Vehicle Technologies Program: Oil Bypass Filter Technology Evaluation Seventh Quarterly Report April - June 2004

    SciTech Connect (OSTI)

    Larry Zirker; James Francfort; Jordan Fielding

    2004-08-01T23:59:59.000Z

    This Oil Bypass Filter Technology Evaluation quarterly report (April–June 2004) details the ongoing fleet evaluation of an oil bypass filter technology by the Idaho National Engineering and Environmental Laboratory (INEEL) for the U.S. Department of Energy’s (DOE) FreedomCAR & Vehicle Technologies Program. Eight INEEL four-cycle diesel engine buses used to transport INEEL employees on various routes and six INEEL Chevrolet Tahoes with gasoline engines are equipped with oil bypass filter systems from the puraDYN Corporation. The bypass filters are reported to have engine oil filtering capability of <1 micron and a built-in additive package to facilitate extended oil-drain intervals. This quarter, the eight diesel engine buses traveled 85,632 miles. As of the end of June 2004, the eight buses have accumulated 498,814 miles since the beginning of the test and 473,192 miles without an oil change. This represents an avoidance of 39 oil changes, which equates to 1,374 quarts (343 gallons) of new oil not consumed and, furthermore, 1,374 quarts of waste oil not generated. One bus had its oil changed due to the degraded quality of the engine oil. Also this quarter, the six Tahoe test vehicles traveled 48,193 miles; to date, the six Tahoes have accumulated 109,708 total test miles. The oil for all six of the Tahoes was changed this quarter due to low Total Base Numbers (TBN). The oil used initially in the Tahoe testing was recycled oil; the recycled oil has been replaced with Castrol virgin oil, and the testing was restarted. However, the six Tahoe’s did travel a total of 98,266 miles on the initial engine oil. This represents an avoidance of 26 oil changes, which equates to 130 quarts (32.5 gallons) of new oil not consumed and, consequently, 130 quarts of waste oil not generated. Based on the number of oil changes avoided by the test buses and Tahoes to date, the potential engine oil savings if an oil bypass filter system were used was estimated for the INEEL, DOE complex and all Federal fleets of on-road vehicles. The estimated potential annual engine oil savings for the three fleets are: INEEL – 3,400 gallons, all DOE fleets – 32,000 gallons, and all Federal fleet – 1.7 million gallons.

  10. How to reuse a one-time pad and other notes on authentication, encryption, and protection of quantum information

    SciTech Connect (OSTI)

    Oppenheim, Jonathan [Racah Institute of Theoretical Physics, Hebrew University of Jerusalem, Givat Ram, Jerusalem 91904 (Israel); Institute of Theoretical Physics and Astrophysics, University of Gdansk (Poland); Horodecki, Michal [Institute of Theoretical Physics and Astrophysics, University of Gdansk (Poland)

    2005-10-15T23:59:59.000Z

    Quantum information is a valuable resource which can be encrypted in order to protect it. We consider the size of the one-time pad that is needed to protect quantum information in a number of cases. The situation is dramatically different from the classical case: we prove that one can recycle the one-time pad without compromising security. The protocol for recycling relies on detecting whether eavesdropping has occurred, and further relies on the fact that information contained in the encrypted quantum state cannot be fully accessed. We prove the security of recycling rates when authentication of quantum states is accepted, and when it is rejected. We note that recycling schemes respect a general law of cryptography which we introduce relating the size of private keys, sent qubits, and encrypted messages. We discuss applications for encryption of quantum information in light of the resources needed for teleportation. Potential uses include the protection of resources such as entanglement and the memory of quantum computers. We also introduce another application: encrypted secret sharing and find that one can even reuse the private key that is used to encrypt a classical message. In a number of cases, one finds that the amount of private key needed for authentication or protection is smaller than in the general case.

  11. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30T23:59:59.000Z

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  12. Google Earth as a geospatial tool for development organisations: mapping climate change vulnerability 

    E-Print Network [OSTI]

    Crossley, Janet Ruth

    2008-01-01T23:59:59.000Z

    needed to represent the issue of vulnerability, and Google Earth allows for users to explore and understand even more information. This study draws examples from a mapping project of climate change vulnerability in Niger, and discusses the lessons...Geographical Information Systems have not been as successful in the non-governmental humanitarian sector as GIS professionals had hoped. If geospatial tools are to become more widely used and valuable within the humanitarian sector, it is perhaps time for a new approach to be taken. A debate is currently underway about the potential role of Google Earth in emergency relief operations. This research extends the scope of this discussion into the wider development sector, and asks whether Google Earth has the potential to become a useful tool in various aspects of development NGO work. Information management tools need to have wide support within an organisation to be successful, and it seems that many are very interested in what can be done using compromise geospatial/geovisualisation tools such as Google Earth. However there is also scepticism about its usefulness. This research suggests practical applications and recommendations for good use so that actors within the development sector can take the research further....

  13. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C. (Lawrence Berkeley National Laboratory); Pinar, Ali; Lesieutre, Bernard (Lawrence Berkeley National Laboratory); Donde, Vaibhav (ABB Inc., Raleigh NC)

    2009-03-01T23:59:59.000Z

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  14. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13T23:59:59.000Z

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  15. LIANG, WEI. Design and Analysis of Authentication Mechanisms in Single-and Multi-Hop Wireless Networks. (Under the direction of Professor Wenye Wang).

    E-Print Network [OSTI]

    Wang, Wenye

    -Hop Wireless Networks. (Under the direction of Professor Wenye Wang). The increasing demand for ubiquitous Internet services imposes more security threats to communications due to open mediums in wireless networks on the transmission. As one of most widely used security mechanisms, authentication is used to identify mobile nodes

  16. authentic food -simply prepared add green bean fair trade organic coffee or fair trade tea to your meal for $1.5

    E-Print Network [OSTI]

    Martin, Jeff

    brunch authentic food - simply prepared #12;BREAKFAST add green bean fair trade organic coffee locally made corn tortillas · smoky pinto beans · salsa · red sauce Bothwell cheddar · two eggs (any style eggs · mesa red sauce · cheddar · salsa · pinto beans BREAKFAST BUN 5 toasted whole wheat bun · fried

  17. When HTTPS Meets CDN: A Case of Authentication in Delegated Service Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li , Tao Wan , Jianping Wu,

    E-Print Network [OSTI]

    Li, Kang

    providers also start to offer DDoS mitigation services by hiding the original web site and distributingWhen HTTPS Meets CDN: A Case of Authentication in Delegated Service Jinjin Liang, Jian Jiang technologies, each of which has been well studied individually and independently. This paper provides

  18. The effects of aging on the fire vulnerability of nuclear power plant components

    SciTech Connect (OSTI)

    Nowlen, S.P.

    1988-01-01T23:59:59.000Z

    Sandia National Laboratories, under the sponsorship of the US Nuclear Regulatory Commission, has initiated an effort to identify and investigate potential nuclear power plant fire safety issues associated with plant aging. The issues of potential concern, which have been identified are the effects of aging on (1) the vulnerability of electrical equipment to fire induced damage; (2) the propensity with which electrical equipment will initiate, or contribute to the severity of, fires; and (3) the integrity of passive fire protection features. Efforts in this program were initiated late in fiscal year 1988. For fiscal year 1989 efforts will focus on the investigation of the effects of aging on cable damageability and cable flammability. This paper presents the findings of a limited review of past electrical equipment fire aging research and a summary of planned activities for fiscal year 1989. 11 refs., 4 figs.

  19. System vulnerability as a concept to assess power system dynamic security

    SciTech Connect (OSTI)

    Fouad, A.A.; Qin Zhou; Vittal, V. (Iowa State Univ., Ames, IA (United States))

    1994-05-01T23:59:59.000Z

    The concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. This new concept combines information on the level of security and its trend with changing system condition. In this paper the transient energy function (TEF) method is used as a tool of analysis. The energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity ([partial derivative][Delta]V/[partial derivative]p) to a changing system parameter p as an indicator of its trend. The thresholds for acceptable levels of the security indicator ([Delta]V) and its trend ([partial derivative][Delta]V/[partial derivative]p) are related to the stability limits of a critical system parameter. A method is proposed to determine these thresholds using heuristic techniques derived from operating practices and policies for a change in plant generation. Results from the IEEE 50 generator test system are presented to illustrate the procedure.

  20. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    SciTech Connect (OSTI)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26T23:59:59.000Z

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.