Open Access. Powered by Scholars. Published by Universities.®

Digital Commons Network

Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics

Edith Cowan University

2011

Articles 1 - 30 of 130

Full-Text Articles in Entire DC Network

On The Detection Of Hidden Terrorist Cells Immersed In Peer To Peer Networks, Belinda A. Chiera Aug 2011

On The Detection Of Hidden Terrorist Cells Immersed In Peer To Peer Networks, Belinda A. Chiera

International Cyber Resilience conference

Hidden terrorist cells in high dimensional communications networks arise when terrorists camouflage connectivity to appear randomly connected to the background network. We investigate hidden network detectability when the background network does not support terrorist activities. Using two September 11 terrorist networks as the test bed and a network measure called assortativity, we suggest hidden terrorist networks can behave as Peer-to-Peer networks. We compare the September 11 hidden networks with Peer-to-Peer networks containing embedded terrorist networks, as well as with generic Peer-to-Peer networks. Using Peer-to-Peer characteristics and social network group-based centralities, we show that for certain Peer-to-Peer networks it is possible …

Go to article

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah Aug 2011

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah

International Cyber Resilience conference

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …

Go to article

Gap Analysis Of Intrusion Detection In Smart Grids, Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark Aug 2011

Gap Analysis Of Intrusion Detection In Smart Grids, Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark

International Cyber Resilience conference

Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defence. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid …

Go to article

K Anonymous Private Query Based On Blind Signature And Oblivious Transfer, Russell Paulet, Golam Kaosar, Xun Yi Aug 2011

K Anonymous Private Query Based On Blind Signature And Oblivious Transfer, Russell Paulet, Golam Kaosar, Xun Yi

International Cyber Resilience conference

In this paper, we consider a scenario where there are a group of clients and a database server, and a client wishes to query the database, but does not want to reveal her or his query to the server. Current solutions for this problem are based on oblivious transfer, which usually requires high communication overhead. To reduce the communication overhead, we propose three k-anonymous private query protocols. Our first protocol is based on blind signature, where the server cannot determine the identity of the querying client from the group. Our second protocol is based on k-anonymous oblivious transfer, where the …

Go to article

A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen Aug 2011

A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen

International Cyber Resilience conference

Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical …

Go to article

A Comparative Analysis Of The Security Of Internet Banking In Australia:A Customer Perspective, Panida Subsorn, Sunsern Limwiriyakul Aug 2011

A Comparative Analysis Of The Security Of Internet Banking In Australia:A Customer Perspective, Panida Subsorn, Sunsern Limwiriyakul

International Cyber Resilience conference

Internet has its own inherent security issues in terms of confidentiality, integrity and privacy. The main impact of these kinds of issues is specifically on the banking industry as they have increased their Internet banking facilities in order to reduce costs and provide better services and banking convenience to their Internet banking customers. However, banking customers have not had a choice of Internet banking mainly due to the fact that they are already tied to whatever form of Internet banking that their current bank provides. This paper therefore examined Internet banking security systems in Australian banks by creating the proposed …

Go to article

Why Australia's E-Health System Will Be A Vulnerable National Asset , Patricia A. Williams Aug 2011

Why Australia's E-Health System Will Be A Vulnerable National Asset , Patricia A. Williams

International Cyber Resilience conference

Connecting Australian health services and the e-health initiative is a major talking point currently. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However the largest problem may not be these issues in sharing information but the fact that the point of origin and storage of such records is still relatively insecure. Australia aims to have a Personally Controlled Electronic Health Record in 2012 and this is underpinned by a national network for e-health. It is this very foundation that becomes the critical infrastructure, with general practice the cornerstone for its success. Yet, …

Go to article

A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward Aug 2011

A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward

International Cyber Resilience conference

This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an orchestrated attack from the member machines in the botnet for a variety of malicious purposes, including information warfare applications. Alternatively, it can also be used to inject known malware signatures into …

Go to article

Novel Pseudo Random Number Generation Using Variant Logic Framework, Jeffrey Zheng Aug 2011

Novel Pseudo Random Number Generation Using Variant Logic Framework, Jeffrey Zheng

International Cyber Resilience conference

Cyber Security requires cryptology for the basic protection. Among different ECRYPT technologies, stream cipher plays a central role in advanced network security applications; in addition, pseudo-random number generators are placed in the core position of the mechanism. In this paper, a novel method of pseudo-random number generation is proposed to take advantage of the large functional space described using variant logic, a new framework for binary logic. Using permutation and complementary operations on classical truth table to form relevant variant table, numbers can be selected from table entries having pseudo-random properties. A simple generation mechanism is described and shown and …

Go to article

Disability And The Web: Why Website Accessibility Matters, Vivienne Conway May 2011

Disability And The Web: Why Website Accessibility Matters, Vivienne Conway

InfoSci@ECU Seminars

With Australia now transitioning to WCAG 2.0, accessibility has become a critical area requiring a far greater emphasis in the next couple of years. The Australian Human Rights Commission has argued that all Australian websites should meet WCAG 2.0 AA by December 2014. In this presentation, Vivienne will discuss important findings from her study of public library web site accessibility. She will also provide insights into her current PhD investigation and give a first hand account of the Hyderabad conference and global efforts on web site accessibility.

Go to article

Roundtable On Australian National Data Service, Mathew Wyatt, Julia Gross, Toby Burrows, Salim Taleb May 2011

Roundtable On Australian National Data Service, Mathew Wyatt, Julia Gross, Toby Burrows, Salim Taleb

InfoSci@ECU Seminars

The Australian National Data Service (ANDS) (http://ands.org.au/index.html) provides funding to foster partnerships and build infrastructure to enable better local data management in Australian universities and research institutions. Begun in 2008, ANDS has received $72 million of Commonwealth funding. ANDS aims to establish infrastructure and services for an Australian research data commons in which research data with enduring value and the potential for reuse, is preserved and managed for continuing accessibility.

Go to article

Intelligent Buildings: An Investigation Into Current And Emerging Security Vulnerabilities In Automated Building Systems Using An Applied Defeat Methodology, David J. Brooks Jan 2011

Intelligent Buildings: An Investigation Into Current And Emerging Security Vulnerabilities In Automated Building Systems Using An Applied Defeat Methodology, David J. Brooks

Australian Security and Intelligence Conference

Intelligent Buildings (IB) have become increasing popular during the past decade, driven through the need to reduce energy, have more reactive and safer buildings, and increase productivity. IB integrate many systems that were in the past isolated from each other, including fire and life safety, HVAC, lighting, security, etc. Facilities contain commercial-in-confidence material and other valued assets; however, IB are integrated through open and common data communication protocols and hardware, leaving facilities exposed to external and internal threats. The study presents an investigation into IB, based on a defeat evaluation methdology. IB vulnerabilities considered two areas, namely physical and software …

Go to article

Intelligence Analysis And Threat Assessment: Towards A More Comprehensive Model Of Threat, Charles Vandepeer Jan 2011

Intelligence Analysis And Threat Assessment: Towards A More Comprehensive Model Of Threat, Charles Vandepeer

Australian Security and Intelligence Conference

A central focus of intelligence is the identification, analysis and assessment of threat. However, as acknowledged by intelligence practitioners, threat assessment lags behind the related field of risk assessment. This paper highlights how definitions of threat currently favoured by intelligence agencies are primarily based on threatening entities alone. Consequently, assessments of threat are almost singularly concerned with understanding an identified enemy’s intentions and capabilities. This ‘enemy-centric’ approach to intelligence analysis has recently come in for criticism. In particular, the shortcomings of the current approach become apparent where the focus of intelligence analysis is on threats from difficult-to-identify sub-state or non-state …

Go to article

Efficient And Expressive Fully Secure Attribute-Based Signature In The Standard Model, Piyi Yang, Tanveer A. Zia, Zhenfu Cao, Xiaolei Dong Jan 2011

Efficient And Expressive Fully Secure Attribute-Based Signature In The Standard Model, Piyi Yang, Tanveer A. Zia, Zhenfu Cao, Xiaolei Dong

Australian Information Security Management Conference

Designing a fully secure (adaptive-predicate unforgeable and perfectly private) attribute-based signature (ABS), which allows a signer to choose a set of attributes in stead of a single string representing the signer‘s identity, under standard cryptographic assumption in the standard model is a challenging problem. Existing schemes are either too complicated or only proved in the generic group model. In this paper, we present an efficient fully secure ABS scheme in the standard model based on q-parallel BDHE assumption which is more practical than the generic group model used in the previous scheme. To the best of our knowledge, our scheme …

Go to article

Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin Jan 2011

Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin

Australian Digital Forensics Conference

Today Smartphone devices are widespread and they hold a number of types of information about the owner and their activities. As a result of the widespread adoption of these devices into every aspect of our lives they can be involved in almost any crime. The aim of digital forensics of Smartphone devices is to recover the digital evidence in a forensically sound manner so that the digital evidence can be presented and accepted in court. The digital forensic process consists of four phases which are preservation, acquisition, examination/analysis and finally presentation. In this paper we look at various types of …

Go to article

Security Risk Management In The Asia Pacific Region: What Are Security Professional Using?, David J. Brooks, Hamish Cotton Jan 2011

Security Risk Management In The Asia Pacific Region: What Are Security Professional Using?, David J. Brooks, Hamish Cotton

Australian Security and Intelligence Conference

The Asia Pacific (APAC) region encompasses a heterogeneous group of nation-states. Like the APAC region, the security industry operates within a diverse and multi-disciplined knowledge base, with risk management being a fundamental knowledge domain within security. Nevertheless, there has been limited understanding of what security professionals use when applying security risk management. The study was designed to gain a better understanding of risk management practice in place throughout APAC. Questions were generated to gauge an understanding of current practice and levels of implementation of standards and frameworks. Participants were drawn from many industries, using non-probabilistic sampling methods in a “snowball” …

Go to article

Case Studies: A Security Science Research Methodology, Bill Bailey Jan 2011

Case Studies: A Security Science Research Methodology, Bill Bailey

Australian Security and Intelligence Conference

As a relatively new discipline Security Science is searching for academic acceptance very often combining established hard science approaches with those of Social Science and Humanities. Methodologies need to be developed to equip the discipline to conduct more varied research. One such method is the use of the case study approach, as it allows multiple inputs from a variety of sources to build up the research into a central review, allowing conclusions and recommendations to be drawn from the data. Though relatively common in the business world for conducting reports, this has not hitherto been the position in academia. The …

Go to article

Programmable Logic Controller Based Fibre Bragg Grating In-Ground Intrusion Detection System, Gary Allwood, Graham Wild, Steven Hinckley Jan 2011

Programmable Logic Controller Based Fibre Bragg Grating In-Ground Intrusion Detection System, Gary Allwood, Graham Wild, Steven Hinckley

Australian Security and Intelligence Conference

In this paper we present an in-ground intrusion detection system for security applications. Here, an optical fibre pressure switch is directly connected to a standard digital input of a programmable logic controller (PLC). This is achieved using an intensiometric detection system, where a laser diode and Fibre Bragg Grating (FBG) are optically mismatched, resulting in a static dc offset from the transmitted and reflected optical power signals. Pressure applied to the FBG, as the intruder stepped on it, induced a wavelength shift in the FBG. The wavelength shift was then converted into an intensity change as the wavelength of the …

Go to article

Information Evaluation: How One Group Of Intelligence Analysts Go About The Task, John Joseph, Jeff Corkill Jan 2011

Information Evaluation: How One Group Of Intelligence Analysts Go About The Task, John Joseph, Jeff Corkill

Australian Security and Intelligence Conference

Source and information evaluation is identified as being a critical element of the analytical process and production of intelligence products. However there is concern that in reality evaluation is being carried out in a cursory fashion involving limited intellectual rigour. Poor evaluation is also thought to be a causal factor in the failure of intelligence. This study examined the process of information and source evaluation as understood and practiced by, six West Australian Police Force, (WAPOL) intelligence analysts. Data was gathered by use of a focus group with that data being compared against the current literature. It was discovered that …

Go to article

Wi-Fi Security: Wireless With Confidence, Lucas Jacob, Damien Hutchinson, Jemal Abawajy Jan 2011

Wi-Fi Security: Wireless With Confidence, Lucas Jacob, Damien Hutchinson, Jemal Abawajy

Australian Security and Intelligence Conference

Since the IEEE ratification of the 802.11 standard in 1999, continuous exploits have been discovered compromising the confidentiality, integrity and availability of 802.11 networks. This paper describes the justification for a project to assess the security status of wireless network usage in society. It reviews the status of both commercial and residential approaches to wireless network security in three major Victorian cities, Melbourne, Geelong and Mornington, in Australia. By War Driving these suburbs, actual data was gathered to indicate the security status of wireless networks and give a representation of modern attitudes towards wireless security for the sample population. Preliminary …

Go to article

Mapping The Organizational Relations Within Physical Security’S Body Of Knowledge: A Management Heuristic Of Sound Theory And Best Practice, Richard Coole, David J. Brooks Jan 2011

Mapping The Organizational Relations Within Physical Security’S Body Of Knowledge: A Management Heuristic Of Sound Theory And Best Practice, Richard Coole, David J. Brooks

Australian Security and Intelligence Conference

Security Science education at university levels is still in its infancy, with little agreement towards knowledge, curriculum and competency. Therefore, it is essential that educators draw on relevant literature highlighting means of efficient and effective knowledge transfer for tertiary students within the Security Science domain. Such knowledge transfer will reduce the gap between academic knowledge (explicit) and professional competency (tacit knowledge). This paper presents phase one of a multiphase study. A qualitative “systems based knowledge structure” of security domain categories has been conceptually mapped as a domain heuristic. The heuristic drew on research highlighting that experts have both richer depths …

Go to article

A Strategy To Articulate The Facility Management Knowledge Categories Within The Built Environment, Robert Doleman, David J. Brooks Jan 2011

A Strategy To Articulate The Facility Management Knowledge Categories Within The Built Environment, Robert Doleman, David J. Brooks

Australian Security and Intelligence Conference

Security is applied in the built environment and this requires a close relationship with facility managers. Therefore, this study puts forward an approach to establish the facility management knowledge categories within the built environment. In part, the significance of the study stemmed from research undertaken into the compliance to Australian fire door maintenance within nursing homes, which demonstrated 87 percent noncompliance. This high level of non-compliance appeared to identify a lack of facility management knowledge, among other issues (Doleman & Brooks, 2011). The article uses a method to test the supposition of facility management knowledge construct in a three-phase Grounded …

Go to article

Individualised Responses To Vigilance Demands And Their Management, Fiona M. Donald, Craig Hm Donald Jan 2011

Individualised Responses To Vigilance Demands And Their Management, Fiona M. Donald, Craig Hm Donald

Australian Security and Intelligence Conference

This research uses a task disengagement framework to examine how CCTV surveillance operators and novices respond to the vigilance demands of the detection process. Vigilance tasks are acknowledged as being high in mental workload, yet little is known about how operators deal with these demands in jobs where successful performance is reliant upon sustaining attention on a daily basis. Much vigilance research makes an implicit assumption that people perform tasks that require sustained attention in a passive manner. By contrast, this study examines how operators manage their levels of task engagement and attention resources. The sample consisted of 73 participants …

Go to article

Is There A Core Set Of Skills For Visual Analysis Across Different Imaging Technologies?, Craig Hm Donald Jan 2011

Is There A Core Set Of Skills For Visual Analysis Across Different Imaging Technologies?, Craig Hm Donald

Australian Security and Intelligence Conference

This research examines the technological challenges posed by security imaging technologies for human visual analysis of images. Imaging technologies are increasing becoming part of an overall security strategy that incorporates a range of camera technologies, x-ray technologies, and other electromagnetic imaging such as millimetre wave and terahertz based systems. Still and video image types are increasingly becoming presented to viewers or screeners in forms that are only representative in nature and highly abstract, and the use of filters is increasing the complexity of interpretation. Despite a range of factors that are being looked at to enhance visual analysis, the contribution …

Go to article

A Risk Index Model For Security Incident Prioritisation, Nor Badrul Anuar, Steven Furnell, Maria Papadaki, Nathan Clarke Jan 2011

A Risk Index Model For Security Incident Prioritisation, Nor Badrul Anuar, Steven Furnell, Maria Papadaki, Nathan Clarke

Australian Information Security Management Conference

With thousands of incidents identified by security appliances every day, the process of distinguishing which incidents are important and which are trivial is complicated. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, and dependability as decision factors to calculate incidents’ risk index. The RIM was validated using the MIT DARPA LLDOS 1.0 dataset, and the results were compared against the combined priorities of the Common Vulnerability Scoring System (CVSS) v2 and Snort Priority. The experimental …

Go to article

Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz Jan 2011

Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz

Australian Information Security Management Conference

The ever greater reliance on complex information technology environments together with dynamically changing threat scenarios and increasing compliance requirements make an efficient and effective management of information security controls a key concern for most organizations. Good practice collections such as COBIT and ITIL as well as related standards such as the ones belonging to the ISO/IEC 27000 family provide useful starting points for control management. However, neither good practice collections and standards nor scholarly literature explain how the management of controls actually is performed in organizations or how the current state-of-practice can be improved. A series of interviews with information …

Go to article

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah Jan 2011

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah

Australian Information Security Management Conference

Senior Citizens represent a unique cohort of computer users insomuch as they have come to the field of computer usage later in life, as novices compared to other users. As a group they exhibit a resentment, mistrust and ignorance towards cyber related technology that is born out of their educational and social experiences prior to widespread information technology. The shift from analogue to digital proficiency has been understated for a generation of citizens who were educated before computer usage and internet ubiquity. This paper examines the language difficulties encountered by senior citizens in attempting to engage in banking and communications …

Go to article

An Agile It Security Model For Project Risk Assessment, Damien Hutchinson, Heath Maddern, Jason Wells Jan 2011

An Agile It Security Model For Project Risk Assessment, Damien Hutchinson, Heath Maddern, Jason Wells

Australian Information Security Management Conference

There are two fundamental challenges in effectively performing security risk assessment in today's IT projects. The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This …

Go to article

Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone Jan 2011

Security Aspects Of Sensor-Based Defence Systems, Michael N. Johnstone

Australian Information Security Management Conference

The Australian Defence Force (ADF) has IMAP and JMAP to perform planning prior to the deployment of forces, but there is a knowledge gap for on-ground forces during the execution of an operation. Multi-agent based sensor systems can provide on-ground forces with a significant amount of real-time information that can be used to modify planning due to changed conditions. The issue with such sensor systems is the degree to which they are vulnerable to attack by opposing forces. This paper explores the types of attack that could be successful and proposes defences that could be put in place to circumvent …

Go to article

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia Jan 2011

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia

Australian Information Security Management Conference

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with …

Go to article

Next Last