Digital Commons Network^™

Attitudes And Perceptions Towards Privacy And Surveillance In Australia, Aleatha J. Shanley

Theses: Doctorates and Masters

Understanding attitudes towards privacy and surveillance technologies used to enhance security objectives is a complex, but crucial aspect for policy makers to consider. Historically, terrorism-related incidents justified the uptake of surveillance practices. More recently however, biosecurity concerns have motivated nation-states to adopt more intrusive surveillance measures. There is a growing body of literature that supports the public’s desire to maintain privacy despite fears of biological or physical threats.

This research set out to explore attitudes towards privacy and surveillance in an Australian context. Throughout the course of this endeavour, the COVID-19 pandemic emerged bringing with it a variety of track …

A Review On Security Issues And Solutions Of The Internet Of Drones, Wencheng Yang, Song Wang, Xuefei Yin, Xu Wang, Jiankun Hu

Research outputs 2022 to 2026

The Internet of Drones (IoD) has attracted increasing attention in recent years because of its portability and automation, and is being deployed in a wide range of fields (e.g., military, rescue and entertainment). Nevertheless, as a result of the inherently open nature of radio transmission paths in the IoD, data collected, generated or handled by drones is plagued by many security concerns. Since security and privacy are among the foremost challenges for the IoD, in this paper we conduct a comprehensive review on security issues and solutions for IoD security, discussing IoD-related security requirements and identifying the latest advancement in …

A Review Of Security Standards And Frameworks For Iot-Based Smart Environments, Nickson M. Karie, Nor Masri Sahri, Wencheng Yang, Craig Valli, Victor R. Kebande

Research outputs 2014 to 2021

Assessing the security of IoT-based smart environments such as smart homes and smart cities is becoming fundamentally essential to implementing the correct control measures and effectively reducing security threats and risks brought about by deploying IoT-based smart technologies. The problem, however, is in finding security standards and assessment frameworks that best meets the security requirements as well as comprehensively assesses and exposes the security posture of IoT-based smart environments. To explore this gap, this paper presents a review of existing security standards and assessment frameworks which also includes several NIST special publications on security techniques highlighting their primary areas of …

Integration Of Biometrics And Steganography: A Comprehensive Review, Ian Mcateer, Ahmed Ibrahim, Guanglou Zhang, Wencheng Yang, Craig Valli

Research outputs 2014 to 2021

The use of an individual’s biometric characteristics to advance authentication and verification technology beyond the current dependence on passwords has been the subject of extensive research for some time. Since such physical characteristics cannot be hidden from the public eye, the security of digitised biometric data becomes paramount to avoid the risk of substitution or replay attacks. Biometric systems have readily embraced cryptography to encrypt the data extracted from the scanning of anatomical features. Significant amounts of research have also gone into the integration of biometrics with steganography to add a layer to the defence-in-depth security model, and this has …

Assessment Of Security Vulnerabilities In Wearable Devices, Brian Cusack, Bryce Antony, Gerard Ward, Shaunak Mody

Australian Information Security Management Conference

Wearable devices have proliferated in usage and human experience, and they provide convenience for personal information requirements. These devices are both sensory and immersive for the diverse global network that is generally termed the Internet of things (IoT). The immediacy of the two-way communication created in the IoT has made vulnerable human behaviour and raised debate around information ownership and privacy expectations. The legitimacy of ownership of information and its reuse are prevalent problems. In this research, we tested four wearable devices that share 44% of the current market, for security vulnerabilities. We found serious weaknesses that could result in …

A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe

Australian Information Security Management Conference

This research utilises a comprehensive survey to ascertain the level of social networking site personal information disclosure by members at the time of joining the membership and their subsequent postings to the sites. Areas examined are the type of information they reveal, their level of knowledge and awareness regarding how their information is protected by SNSs and the awareness of risks that over-sharing may pose. Additionally, this research studies the effect of gender, age, education, and level of privacy concern on the amount and kind of personal information disclosure and privacy settings applied. A social experiment was then run for …

A Privacy Gap Around The Internet Of Things For Open-Source Projects, Brian Cusack, Reza Khaleghparast

Australian Information Security Management Conference

The Internet of Things (IoT) is having a more important role in the everyday lives of people. The distribution of connectivity across social and personal interaction discloses personalised information and gives access to a sphere of sensitivities that were previously masked. Privacy measures and security to protect personal sensitivities are weak and in their infancy. In this paper we review the issue of privacy in the context of IoT open-source projects, and the IoT security concerns. A proposal is made to create a privacy bubble around the interoperability of devices and systems and a filter layer to mitigate the exploitation …

A Forensic Examination Of Several Mobile Device Faraday Bags & Materials To Test Their Effectiveness, Ashleigh Lennox-Steele, Alastair Nisbet

Australian Digital Forensics Conference

A Faraday bag is designed to shield a mobile phone or small digital device from radio waves entering the bag and reaching the device, or to stop radio waves escaping through the bag from the device. The effectiveness of these shields is vital for security professionals and forensic investigators who seize devices and wish to ensure that their contents are not read, modified or deleted prior to a forensic examination. This research tests the effectiveness of several readily available Faraday bags. The Faraday bags tested are all available through online means and promise complete blocking of all signals through the …

Survey On Remnant Data Research: The Artefacts Recovered And The Implications In A Cyber Security Conscious World, Michael James, Patryk Szewczyk

Australian Digital Forensics Conference

The prevalence of remnant data in second hand storage media is well documented. Since 2004 there have been ten separate papers released through Edith Cowan University alone. Despite numerous government agencies providing advice on securing personal and corporate information, and news articles highlighting the need for data security, the availability of personal and confidential data on second hand storage devices is continuing, indicating a systemic laissez faire attitude to data security, even in our supposedly cyber security conscious world. The research continues, but there seems to be a lack of correlation of these studies to identify trends or common themes …

The Challeges In Implementing Security In Spontaneous Ad Hoc Networks, Alastair Nisbet

Australian Information Security Management Conference

Mobile Ad Hoc Networks (MANETS) promise much in the ability to rapidly deploy a wireless network in a fashion where no prior planning is needed and the network can be running efficiently and with high security within minutes. Natural disaster response, military, education and business provide areas where MANETS can offer significant advantages in communication where infrastructure networks may take days to set up or may be impossible to implement. This research reviews a selection of MANET protocols to show the progression of the research and the issues that are yet to be addressed. It discusses the challenges to researchers …

I Remember Richelieu: Is Anything Secure Anymore?, Michael G. Crowley, Michael N. Johnstone

Australian Security and Intelligence Conference

Petraeus-gate, hacked nude celebrity photos in the cloud and the recent use of a search and seizure warrant in the United States of America to seek production of customer email contents on an extraterritorial server raises important issues for the supposably safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This paper explores the legal and technical issues raised by the these matters with emphasis on the courts decision “In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and …

A 2013 Study Of Wireless Network Security In New Zealand: Are We There Yet?, Alastair Nisbet

Australian Information Security Management Conference

This research examines the current level of security in wireless networks in New Zealand. A comprehensive wardrive covering the length of the country was made in January 2013 to ensure accurate comparisons from two previous wardrives as well as comparisons between the four main cities and the suburbs can be made. With 16 years since the introduction of the original IEEE 802.11 wireless standard having passed, an examination is made of the current state of wireless security of networks throughout New Zealand and the Auckland suburbs, and where possible compares these results with similar studies undertaken in 2004 and 2011. …

Privacy And Legal Issues In Cloud Computing - The Smme Position In South Africa, Mathias Mujinga

Australian Information Security Management Conference

Cloud computing (CC) brings substantial benefits to organizations and their clients. Information technology (IT) users in developing countries, especially those in underdeveloped communities, are gaining easy and cost‐effective access to a variety of services, from entertainment to banking. South Africa has outlined a national e‐strategy that aims to improve those communities, by providing frameworks for access to information and communications technology (ICT). The products and services of small‐, medium and micro‐sized enterprises (SMME) are now reaching a wider audience through the use of technology. CC can go a long way to help government realize the national e‐strategy. There are numerous …

Towards Detection And Control Of Civilian Unmanned Aerial Vehicles, Matthew Peacock, Michael N. Johnstone

Australian Information Warfare and Security Conference

Considering the significant number of non‐military unmanned aerial vehicles (UAVs) that can be purchased to operate in unregulated air space and the range of such devices, the potential for security and privacy problems to arise is significant. This can lead to consequent harm for critical infrastructure in the event of these UAVs being used for criminal or terrorist purposes. Further, if these devices are not being detected, there is a privacy problem to be addressed as well. In this paper we test a specific UAV, the Parrot AR Drone version 2, and present a forensic analysis of tests used to …

A Conceptual Framework For Secure Use Of Mobile Health, Patricia A. Williams, Anthony Maeder

Research outputs 2013

Mobile health is characterised by its diversity of applicability, in a multifaceted and multidisciplinary healthcare delivery continuum. In an environment of rapid change with the increasing development of mobile health, issues related to security and privacy must be well thought out. The different competing tensions in the development of mobile health from the device technologies and associated regulation, to clinical workflow and patient acceptance, require a framework for security that reflects the complex structure of this emerging field. There are three distinct associated elements that require investigation: technology, clinical, and human factors. Each of these elements consists of multiple aspects …

Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward

Australian Information Security Management Conference

The usage of 128 bit addresses with hexadecimal representation in IPv6 poses significant potential privacy issues. This paper discusses the means of allocating IPv6 addresses, along with the implications each method may have upon privacy in different usage scenarios. The division of address space amongst the global registries in a hierarchal fashion can provide geographical information about the location of an address, and its originating device. Many IPv6 address configuration methods are available, including DHCPv6, SLAAC (with or without privacy extensions), and Manual assignment. These assignment techniques are dissected to expose the identifying characteristics of each technique. It is seen …

Building Patient Trust In Electronic Health Records, Helen Cripps, Craig Standing

Research outputs 2012

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been …

Accountable-Ehealth Systems: The Next Step Forward For Privacy, Randike Gajanayake, Tony Iannella, Bill Lane, Tony Sahama

Research outputs 2012

EHealth systems promise enviable benefits and capabilities for healthcare, yet the technologies that make these capabilities possible brings with them undesirable drawback such as information security related threats which need to be appropriately addressed. Lurking in these threats are patient privacy concerns. Resolving these privacy concerns have proven to be difficult since they often conflict with information requirements of healthcare providers. It is important to achieve a proper balance between these requirements. We believe that information accountability can achieve this balance. In this paper we introduce accountable-eHealth systems. We will discuss how our designed protocols can successfully address the aforementioned …

Building Patient Trust In Electronic Health Records, Helen Cripps, Craig Standing

Australian eHealth Informatics and Security Conference

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been …

Accountable-Ehealth Systems: The Next Step Forward For Privacy, Randike Gajanayake, Tony Iannella, Bill Lane, Tony Sahama

Australian eHealth Informatics and Security Conference

EHealth systems promise enviable benefits and capabilities for healthcare, yet the technologies that make these capabilities possible brings with them undesirable drawback such as information security related threats which need to be appropriately addressed. Lurking in these threats are patient privacy concerns. Resolving these privacy concerns have proven to be difficult since they often conflict with information requirements of healthcare providers. It is important to achieve a proper balance between these requirements. We believe that information accountability can achieve this balance. In this paper we introduce accountable-eHealth systems. We will discuss how our designed protocols can successfully address the aforementioned …

Efficient And Expressive Fully Secure Attribute-Based Signature In The Standard Model, Piyi Yang, Tanveer A. Zia, Zhenfu Cao, Xiaolei Dong

Australian Information Security Management Conference

Designing a fully secure (adaptive-predicate unforgeable and perfectly private) attribute-based signature (ABS), which allows a signer to choose a set of attributes in stead of a single string representing the signer‘s identity, under standard cryptographic assumption in the standard model is a challenging problem. Existing schemes are either too complicated or only proved in the generic group model. In this paper, we present an efficient fully secure ABS scheme in the standard model based on q-parallel BDHE assumption which is more practical than the generic group model used in the previous scheme. To the best of our knowledge, our scheme …

Privacy-Preserving Pki Design Based On Group Signature, Sokjoon Lee, Hyeok Chan Kwon, Dong-Il Seo

Australian Information Security Management Conference

Nowadays, Internet becomes a part of our life. We can make use of numerous services with personal computer, Lap-top, tablet, smart phone or smart TV. These devices with network make us enjoy ubiquitous computing life. Sometimes, on-line services request us authentication or identification for access control and authorization, and PKI technology is widely used because of its security. However the possibility of privacy invasion will increase, if We’re identified with same certificate in many services and these identification data are accumulated. For privacy-preserving authentication or anonymous authentication, there have been many researches such as Group signatures, anonymous credentials, etc. Among …

Data Remanence In New Zealand: 2011, Dax Roberts, H B. Wolfe

Australian Digital Forensics Conference

This paper presents findings from a study of computer data remanence in New Zealand and considers three research questions. Those questions are “What is the level of data remanence in New Zealand?”, “How does it compare with other countries?”, and “Are there industries in New Zealand that are more likely to have data remanence issues?” Computer data remanence is data that remains on a hard disk drive after that hard drive has been prepared for disposal. Typically data remanence research involves purchasing second hand hard drives without knowing the original source and then a variety of tools and techniques are …

Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren

Australian Information Security Management Conference

Micro-blogging services such as Twitter, Yammer, Plurk and Google Buzz have generated substantial interest among members of the business community in recent years. Many CEOs, managers and front-line employees have embraced micro-blogs as a tool for interacting with colleagues, employees, customers, suppliers and investors. Micro-blogs are considered a more informal channel than emails and official websites, and thus present a different set of challenges to businesses. As a positional paper, this paper uses a case study of a bogus Twitter account to emphasise security and ethical issues relating to (i) Trust, Accuracy and Authenticity of Information, (ii) Privacy and Confidentiality, …

The 2009 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland, G. Dabibi, Gareth Davies

Australian Digital Forensics Conference

The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the …

The 2009 Analysis Of Information Remaining On Usb Storage Devices Offered Forsale On The Second Hand Market, Andy Jones, Craig Valli, G. Dabibi

Australian Digital Forensics Conference

The use of the USB storage device, also known as the USB drive, a thumb drive, a keychain drive and a flash drive has, for the most part, replaced the floppy disk and to some extent the Compact Disk (CD), the DVD (Digital Video Disk or Digital Versatile Disk) and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these …

The 2007 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andrew Jones, Craig Valli, Glenn Dardick, Iain Sutherland

Research outputs pre 2011

All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain …

A Study Into The Forensic Recoverability Of Data From 2nd Hand Blackberry Devices: World-Class Security, Foiled By Humans, Craig Valli, Andrew Jones

Research outputs pre 2011

Blackberry RIM devices are arguably one of the more secure platforms for email, calendaring and voice. It is one of the few devices in this arena that has approval for carrying restricted security classifications. Blackberry devices do suffer from the same basic fundamental flaw in that they have a human operator. This research was about the blind purchase of Blackberry devices from auctions. Of the 15 Blackberry examined in this study 3 were able to be fully recovered. They all revealed personal and corporate details about the users of the devices.

Anti-Forensics And The Digital Investigator, Gary C. Kessler

Australian Digital Forensics Conference

Viewed generically, anti-forensics (AF) is that set of tactics and measures taken by someone who wants to thwart the digital investigation process. This paper describes some of the many AF tools and methods, under the broad classifications of data hiding, artefact wiping, trail obfuscation, and attacks on the forensics tools themselves. The concept of AF is neither new nor solely intended to be used by the criminal class; it also has legitimate use by those who wish to protect their privacy. This paper also introduces the concept of time-sensitive anti-forensics, noting that AF procedures might be employed for the sole …

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley

Australian Information Security Management Conference

Cyber crime is now a well recognised international problem that is a major issue for anyone who runs, manages, owns, uses or accesses computer systems linked to the worldwide web. Computer systems are business assets. Personal biometric information is also an asset. Studies have shown that privacy concerns represent a key hurdle to the successful introduction of biometric authentication. In addition, terrorist activity and the resultant legislation have added an additional risk factor businesses need to take into account if they propose using biometric authentication technology. This paper explores the use of biometric authentication to protect business and individual assets. …