Physical Sciences and Mathematics Commons^™

Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan

Australian Information Security Management Conference

With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack.

Information Security Disclosure: A Case Study, I Rosewall, M J. Warren

Australian Information Security Management Conference

New social networking systems such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. This paper will focus upon the impact of Generation F - the Facebook Generation and their attitudes to security. The paper will be based around discussing the findings of a major UK case study and the implications that this has. The case study identifies 51 recommendations to improve the …

A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang

Research Collection School Of Computing and Information Systems

Compared with the direct server-user approach, the server-proxy-user architecture for multimedia delivery promises significantly improved system scalability. The introduction of the intermediary transcoding proxies between content servers and end users in this architecture, however, brings unprecedented challenges to content security. In this article, we present a systematic study on the end-to-end content authentication problem in the server-proxy-user context, where intermediary proxies transcode multimedia content dynamically. We present a formal model for the authentication problem, propose a concrete construction for authenticating generic data modality and formally prove its security. We then apply the generic construction to authenticating specific multimedia formats, for …

Wireless Networks: Improved Secure Network Authentication Protocol (Isnap) For Ieee 802.16, Raheel M. Hashmi, Arooj M. Siddiqui, M. Jabeen, K. Shehzad, A. Zubair, K. S. Alimgeer

International Conference on Information and Communication Technologies

Security is amongst one of the major issues in broadband wireless access (BWA) networks. After the launch of the IEEE 802.16 standard (WiMAX), a number of security issues were reported in several articles. Ever since the beginning, work has been in progress for the neutralization of these identified threats. In this paper, the analysis of the authentication protocols implemented in WiMAX has been presented along with the description of the threats posed to them. The paper also describes security sub-layer and limitations of the existing architecture. An approach has also been presented for the prevention of these threats like the …

Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song

Research Collection School Of Computing and Information Systems

Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to "mimicry" attacks in which the injected code masquerades as the original server software, including returning the correct service responses, while conducting its attack. "Behavioral distance," by which two diverse replicas processing the same inputs are continually monitored to detect divergence in their low-level (system-call) behaviors and hence potentially the compromise of one of them, has been proposed for detecting mimicry attacks. In this paper, we present a novel approach to behavioral distance measurement using a new type of hidden …

Security Decay: An Entropic Approach To Definition And Understanding, Michael Coole, David J. Brooks

Australian Security and Intelligence Conference

This article discusses the affect decay has within a systems approach used when implementing security strategies, in particular, the theory of defence in depth. Defence in depth is implemented within a risk management framework to reduce an organisation’s identified risks, which could lead to undesirable and unacceptable consequences. Defence in depth aims to link layered security elements into a system to ensure a holistic and functional security system, underpinned by the functions of; deter, detect, delay, response and recovery. For such a system to be commissioned and maintain its commissioning effectiveness, these functions must be performed in their sequential order …

Enhanced Security For Preventing Man-In-The-Middle Attacks In Authentication, Dataentry And Transaction Verification, Jason Wells, Damien Hutchinson, Justin Pierce

Australian Information Security Management Conference

There is increasing coverage in the literature highlighting threats to online financial systems. Attacks range from the prevalent reverse social engineering technique known as phishing; where spam emails are sent to customers with links to fake websites, to Trojans that monitor a customer’s account log on process that captures authentication details that are later replayed for financial gain. This ultimately results in loss of monetary funds for affected victims. As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases. This …

Evaluating The Usability Impacts Of Security Interface Adjustments In Word 2007, M Helala, S M. Furnell, M Papadaki

Australian Information Security Management Conference

Prior research has suggested that integrating security features with user goals and increasing their visibility would improve the usability of the associated functionalities. This paper investigates how these approaches affect the efficiency of use and the level of user satisfaction. The user interface of Word 2007 was modified according to these principles, with usability tests being conducted with both the original and the modified user interfaces. The results suggest that integrating security features with user goals improves the efficiency of use, but the impacts upon user satisfaction cannot be clearly identified based on the collected data. No indications of any …

Data Security Measures In The It Service Industry: A Balance Between Knowledge & Action, N. Mlitwa, Y. Kachala

Journal of Digital Forensics, Security and Law

That “knowledge is power” is fast becoming a cliché within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even …

Anti-Phishing Models: Main Challenges, Edina Hatunic-Webster

Conference papers

Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user's account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points …

The Importance Of Human Factors When Assessing Outsourcing Security Risks, Carl Colwill, Andy Jones

Australian Information Security Management Conference

The word is becoming increasingly interconnected and ways of doing business are evolving rapidly. Communications technology is ubiquitous and reliable and businesses are continuously seeking ways in which systems can be exploited to improve resilience, become more efficient and reduce costs. One way in which organisations seek to achieve this is by concentrating their efforts on core business processes and outsourcing non-core functions. However, outsourcing - and particularly offshoring - presents many security issues that must be considered throughout the lifetime of contracts. The scale of outsourcing and increasing technological and security complexity is making this task more difficult. Often …

Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward

Australian Information Security Management Conference

The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …

The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke

Australian Information Security Management Conference

An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular …

Providing Vanet Security Through Active Position Detection, Gongjun Yan, Gyanesh Choudhary, Michele C. Weigle, Stephan Olariu

Computer Science Faculty Publications

Our main contribution is a novel approach to enhancing position security in VANET. We achieve local and global position security by using the on-board radar to detect neighboring vehicles and to confirm their announced coordinates. We compute cosine similarity among data collected by radar and neighbors' reports to filter the forged data from the truthful data. Based on filtered data, we create a history of vehicle movement. By checking the history and computing similarity, we can prevent a large number of Sybil attacks and some combinations of Sybil and position-based attacks.

Secure Transmission Of Shared Electronic Health Records: A Review, Rachel J. Mahncke, Patricia A. Williams

Australian Information Security Management Conference

Paperbased health records together with electronic Patient Management Systems remain the norm for hospitals and primary care practices to manage patient health information in Australia. Although the benefits of recording patient health information into an electronic format known as an electronic health record (EHR) are well documented, the use of these systems has not yet been fully realised. The next advancement for EHRs is the ability to share health records for the primary purpose of improved patient care. This may for example enable a primary care physician, with the patient’s consent, to electronically share pertinent health information with a specialist, …

Cyber Crime And Biometric Authentication – The Problem Of Privacy Versus Protection Of Business Assets, Michael G. Crowley

Australian Information Security Management Conference

Cyber crime is now a well recognised international problem that is a major issue for anyone who runs, manages, owns, uses or accesses computer systems linked to the worldwide web. Computer systems are business assets. Personal biometric information is also an asset. Studies have shown that privacy concerns represent a key hurdle to the successful introduction of biometric authentication. In addition, terrorist activity and the resultant legislation have added an additional risk factor businesses need to take into account if they propose using biometric authentication technology. This paper explores the use of biometric authentication to protect business and individual assets. …

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Australian Information Security Management Conference

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Making Research Real: Is Action Research A Suitable Methodology For Medical Information Security Investigations?, Patricia A. Williams

Australian Information Security Management Conference

In the medical field, information security is an important yet vastly underrated issue. Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation. Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly …

Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan

Australian Information Security Management Conference

Worldwide Interoperability for Microwave Access (WiMAX) is going to be an emerging wireless technology for the future. With the increasing popularity of Broadband internet, wireless networking market is thriving. Wireless network is not fully secure due to rapid release of new technologies, market competition and lack of physical infrastructure. In the IEEE 802.11 technology, security was added later. Iin IEEE 802.16, security has been considered as the main issue during the design of the protocol. However, security mechanism of the IEEE 802.16 (WiMAX) still remains a question. WiMAX is relatively a new technology; not deployed widely to justify the evidence …

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

Australian Information Warfare and Security Conference

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Alphaco: A Teaching Case On Information Technology Audit And Security, Hüseyin Tanriverdi, Joshua Bertsch, Jonathan Harrison, Po-Ling Hsiao, Ketan S. Mesuria, David Hendrawirawan

Journal of Digital Forensics, Security and Law

Recent regulations in the United States (U.S.) such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT) in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal …

A Block Oriented Fingerprinting Scheme In Relational Database, Siyuan Liu, Shuhong Wang, Robert H. Deng, Weizhong Shao

Research Collection School Of Computing and Information Systems

The need for protecting rights over relational data is of ever increasing concern. There have recently been some pioneering works in this area. In this paper, we propose an effective fingerprinting scheme based on the idea of block method in the area of multimedia fingerprinting. The scheme ensures that certain bit positions of the data contain specific values. The bit positions are determined by the keys known only to the owner of the data and different buyers of the database have different bit positions and different specific values for those bit positions. The detection of the fingerprint can be completed …

Security Analysis And Improvement Of Return Routability Protocol, Ying Qiu, Jianying Zhou, Robert H. Deng

Research Collection School Of Computing and Information Systems

Mobile communication plays a more and more important role in computer networks. How to authenticate a new connecting address belonging to a said mobile node is one of the key issues in mobile networks. This paper analyzes the Return Routability (RR) protocol and proposes an improved security solution for the RR protocol without changing its architecture. With the improvement, three types of redirect attacks can be prevented.

Making The Key Agreement Protocol In Mobile Ad Hoc Network More Efficient, Gang Yao, Kui Ren, Feng Bao, Robert H. Deng, Dengguo Feng

Research Collection School Of Computing and Information Systems

Mobile ad hoc networks offer convenient infrastructureless communications over the shared wireless channel. However, the nature of mobile ad hoc networks makes them vulnerable to security attacks, such as passive eavesdropping over the wireless channel and denial of service attacks by malicious nodes. To ensure the security, several cryptography protocols are implemented. Due to the resource scarcity in mobile ad hoc networks, the protocols must be communication efficient and need as less computational power as possible. Broadcast communication is an important operation for many application in mobile ad hoc networks. To securely broadcast a message, all the members in the …

Protecting The Infrastructure: 3rd Australian Information Warfare & Security Conference 2002, William Hutchinson (Ed.)

Research outputs pre 2011

The conference is hosted by the We-B Centre (working with a-business) in the School of Management Information System, the School of Computer & Information Sciences at Edith Cowan University. This year's conference is being held at the Sheraton Perth Hotel in Adelaide Terrace, Perth. Papers for this conference have been written by a wide range of academics and industry specialists. We have attracted participation from both national and international authors and organisations.

The papers cover many topics, all within the field of information warfare and its applications, now and into the future.

The papers have been grouped into six streams: …

Working For Excellence In The E-Conomy: 2nd International We-B Conference, Sue Stoney (Ed.)

Research outputs pre 2011

Welcome to Perth, Western Australia, and to the 2nd International We-B Conference 2001 "working for excellence in the e-conomy" hosted by the We-B Centre, School of Management Information Systems at Edith Cowan University.

This is an international conference for academics and industry specialists in e-business, e-government and related fields. The conference has drawn participants from national and international organisations.

All submitted papers were subjected to an anonymous peer review process managed by the Conference Committee.

Trends. An Encryption Paradox: Cracking The Groupe Speciale Mobile Standard (Gsm), Ibpp Editor

International Bulletin of Political Psychology

The author discusses the vulnerability of encryption methods used with today's modern technology.

Review Of Personal Identification Systems, J. M. Cross

Research outputs pre 2011

The growth of the use of biometric personal identification systems has been relatively steady over the last 20 years. The expected biometric revolution which was forecast since the mid 1970's has not yet occurred. The main factor for lower than expected growth has been the cost and user acceptance of the systems. During the last few years, however, a new generation of more reliable, less expensive and better designed biometric devices have come onto the market. This combined with the anticipated expansion of new reliable, user friendly inexpensive systems provides a signal that the revolution is about to begin. This …