Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 30 of 32
Full-Text Articles in Physical Sciences and Mathematics
Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim
Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim
Australian Information Security Management Conference
Traditional firewalls are losing their effectiveness against new and evolving threats today. Artificial intelligence (AI) driven firewalls are gaining popularity due to their ability to defend against threats that are not fully known. However, a firewall can only protect devices in the same network it is deployed in, leaving mobile devices unprotected once they leave the network. To comprehensively protect a mobile device, capabilities of an AI-driven firewall can enhance the defensive capabilities of the device. This paper proposes porting AI technologies to mobile devices for defence against today’s ever-evolving threats. A defensive AI technique providing firewall-like capability is being …
Security Vulnerabilities In Android Applications, Crischell Montealegre, Charles Rubia Njuguna, Muhammad Imran Malik, Peter Hannay, Ian Noel Mcateer
Security Vulnerabilities In Android Applications, Crischell Montealegre, Charles Rubia Njuguna, Muhammad Imran Malik, Peter Hannay, Ian Noel Mcateer
Australian Information Security Management Conference
Privacy-related vulnerabilities and risks are often embedded into applications during their development, with this action being either performed out of malice or out of negligence. Moreover, the majority of the mobile applications initiate connections to websites, other apps, or services outside of its scope causing significant compromise to the oblivious user. Therefore, mobile data encryption or related data-protection controls should be taken into account during the application development phase. This paper evaluates some standard apps and their associated threats using publicly available tools and demonstrates how an ignorant user or an organisation can fall prey to such apps.
Xmpp Architecture And Security Challenges In An Iot Ecosystem, Muhammad Imran Malik, Ian Noel Mcateer, Peter Hannay, Syed Naeem Firdous, Zubair Baig
Xmpp Architecture And Security Challenges In An Iot Ecosystem, Muhammad Imran Malik, Ian Noel Mcateer, Peter Hannay, Syed Naeem Firdous, Zubair Baig
Australian Information Security Management Conference
The elusive quest for technological advancements with the aim to make human life easier has led to the development of the Internet of Things (IoT). IoT technology holds the potential to revolutionise our daily life, but not before overcoming barriers of security and data protection. IoTs’ steered a new era of free information that transformed life in ways that one could not imagine a decade ago. Hence, humans have started considering IoTs as a pervasive technology. This digital transformation does not stop here as the new wave of IoT is not about people, rather it is about intelligent connected devices. …
Mitigating Man-In-The-Middle Attacks On Mobile Devices By Blocking Insecure Http Traffic Without Using Vpn, Kevin Chong, Muhammad Imran Malik, Peter Hannay
Mitigating Man-In-The-Middle Attacks On Mobile Devices By Blocking Insecure Http Traffic Without Using Vpn, Kevin Chong, Muhammad Imran Malik, Peter Hannay
Australian Information Security Management Conference
Mobile devices are constantly connected to the Internet, making countless connections with remote services. Unfortunately, many of these connections are in cleartext, visible to third-parties while in transit. This is insecure and opens up the possibility for man-in-the-middle attacks. While there is little control over what kind of connection running apps can make, this paper presents a solution in blocking insecure HTTP packets from leaving the device. Specifically, the proposed solution works on the device, without the need to tunnel packets to a remote VPN server, and without special privileges such as root access. Speed tests were performed to quantify …
An Investigation Into A Denial Of Service Attack On An Ethereum Network, Richard Greene, Michael N. Johnstone
An Investigation Into A Denial Of Service Attack On An Ethereum Network, Richard Greene, Michael N. Johnstone
Australian Information Security Management Conference
Apart from its much-publicised use in crypto-currency, blockchain technology is used in a wide range of application areas, from diamonds to wine. The most common application of this technology is in smart contracts in supply chain management, where assurance of delivery and provenance are important. One problem for an Ethereum consortium is the potential for disruption caused by a Denial-of-Service attack across the consortium nodes. Such an attack can be launched from a single source or multiple sources to amplify the effect. This paper investigates the impact of various Denial-of-Service attacks on an Ethereum Consortium deployed on the Azure Cloud …
A Critical Analysis Of Security Vulnerabilities And Countermeasures In A Smart Ship System, Dennis Bothur, Guanglou Zheng, Craig Valli
A Critical Analysis Of Security Vulnerabilities And Countermeasures In A Smart Ship System, Dennis Bothur, Guanglou Zheng, Craig Valli
Australian Information Security Management Conference
It is timely to raise cyber security awareness while attacks on maritime infrastructure have not yet gained critical momentum. This paper analyses vulnerabilities in existing shipborne systems and a range of measures to protect them. It discusses Information Technology network flaws, describes issues with Industrial Control Systems, and lays out major weaknesses in the Automated Identification System, Electronic Chart Display Information System and Very Small Aperture Terminals. The countermeasures relate to the concept of “Defence-in-depth”, and describe procedural and technical solutions. The maritime sector is interconnected and exposed to cyber threats. Internet satellite connections are feasible and omnipresent on vessels, …
An Investigation Into Some Security Issues In The Dds Messaging Protocol, Thomas White, Michael N. Johnstone, Matthew Peacock
An Investigation Into Some Security Issues In The Dds Messaging Protocol, Thomas White, Michael N. Johnstone, Matthew Peacock
Australian Information Security Management Conference
The convergence of Operational Technology and Information Technology is driving integration of the Internet of Things and Industrial Control Systems to form the Industrial Internet of Things. Due to the influence of Information Technology, security has become a high priority particularly when implementations expand into critical infrastructure. At present there appears to be minimal research addressing security considerations for industrial systems which implement application layer IoT messaging protocols such as Data Distribution Services (DDS). Simulated IoT devices in a virtual environment using the DDSI-RTPS protocol were used to demonstrate that enumeration of devices is possible by a non-authenticated client in …
An Investigation Of Potential Wireless Security Issues In Traffic Lights, Brian Bettany, Michael N. Johnstone, Matthew Peacock
An Investigation Of Potential Wireless Security Issues In Traffic Lights, Brian Bettany, Michael N. Johnstone, Matthew Peacock
Australian Information Security Management Conference
The purpose of automated traffic light systems is to safely and effectively manage the flow of vehicles through (usually) urban environments. Through the use of wireless-based communication protocols, sets of traffic lights are increasingly being connected to larger systems and also being remotely accessed for management purposes, both for monitoring and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus systems may operate with sub-standard or non-existent security implementations. This research aims to test if the same issues and vulnerabilities that appear to be present in traffic light systems in the USA are prevalent …
A Survey And Method For Analysing Soho Router Firmware Currency, Nikolai Hampton, Patryk Szewczyk
A Survey And Method For Analysing Soho Router Firmware Currency, Nikolai Hampton, Patryk Szewczyk
Australian Information Security Management Conference
Network routers are a core component of contemporary SoHo networks. The firmware within these devices provides routing, control and monitoring functionality coupled with mechanisms to ensure a secure and reliable network. End-users are typically reliant on manufacturers to provide timely firmware updates to mitigate known vulnerabilities. An investigation was undertaken to identify the underlying software components used in the firmware of currently available, SoHo network devices used in Australia. Firmware from 37 devices was deconstructed to identify potential security issues; in each instance, the firmware images were found to include vulnerabilities, obsolete software and out-of-date operating system components. 95% of …
Loyalty Cards And The Problem Of Captcha: 2nd Tier Security And Usability Issues For Senior Citizens, David M. Cook, Apoorv Kumar, Charwina Unmar-Satiah
Loyalty Cards And The Problem Of Captcha: 2nd Tier Security And Usability Issues For Senior Citizens, David M. Cook, Apoorv Kumar, Charwina Unmar-Satiah
Australian Information Security Management Conference
Information Security often works in antipathy to access and useability in communities of older citizens. Whilst security features are required to prevent the disclosure of information, some security tools have a deleterious effect upon users, resulting in insecure practices. Security becomes unfit for purpose where users prefer to abandon applications and online benefits in favour of non-digital authentication and verification requirements. For some, the ability to read letters and symbols from a distorted image is a decidedly more difficult task than for others, and the resulting level of security from CAPTCHA tests is not consistent from person to person. This …
Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog
Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog
Australian Information Security Management Conference
Building Automation Systems (BAS), alternatively known as Building Management Systems (BMS), which centralise the management of building services, are often connected to corporate networks and are routinely accessed remotely for operational management and emergency purposes. The protocols used in BAS, in particular BACnet, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations. As intrusion is thus likely easy to achieve, intrusion detection systems should be put in place to ensure they can be detected and mitigated. Existing intrusion detection systems typically deal only with known threats (signature-based approaches) …
An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone
An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone
Australian Information Security Management Conference
The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in …
A Longitudinal Study Of Wi-Fi Access Point Security Inthe Perth Central Business District, Emil Jacobson, Andrew Woodward
A Longitudinal Study Of Wi-Fi Access Point Security Inthe Perth Central Business District, Emil Jacobson, Andrew Woodward
Australian Information Security Management Conference
This study collected data in 2008 and 2011 in relation to the level of apparent security of wireless network access points in the Perth CBD. It also compared this data to a comparable study conducted in 2004. The aim was to determine whether businesses were using an appropriate level of encryption to protect their wireless networks. A pre-determined route was followed which traced the Perth CBD and the open source wireless network auditing tool Kismet was used to survey the wireless networks. In 2008, approximately 1300 access points were discovered in the Perth CBD, this number climbing to approximately 3400 …
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy
Australian Information Security Management Conference
Each year the latest information security surveys are released to the computing and business communities. Often their findings and their methodologies are subject to criticism from the information security community, professional bodies and others in the profession. This paper looks at the viewpoints of both the producers and the critics of the surveys. The criticisms cover such issues as the methodologies, the response rates, the experience of the respondents, the design of the questions and the interpretation of the results. This paper looks at these issues and discusses the validity of these criticisms, the impact of the surveys and their …
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward
Australian Information Security Management Conference
The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …
A Comprehensive Firewall Testing Methodology, Murray Brand
A Comprehensive Firewall Testing Methodology, Murray Brand
Australian Information Security Management Conference
This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn’t, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping …
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski
Australian Information Security Management Conference
This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this …
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Network Security Devices And Protocols Using State Model Diagrams, C. Nuangjamnong, D. Veal, S. P. Maj
Australian Information Security Management Conference
Network security is concerned with protecting sensitive information, limiting unauthorised access, and reinforcing network performance. An important factor in network security is encryption. Internet Security Protocol (IPSec) is the de facto open standard for encryption and replaces the older Cisco Encryption Technology (CET). Both encryption protocols are typically implemented and managed using the text based Command Line Interface (CLI). A graphical user interface (GUI) is available; however, it is not routinely used. Regardless of whether the CLI or GUI is used, both encryption suites are complex to implement and manage. State Model Diagrams (SMDs) were developed and successfully used as …
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Securing Voip: A Framework To Mitigate Or Manage Risks, Peter James, Andrew Woodward
Australian Information Security Management Conference
In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about …
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
The Need For A Security/Privacy Model For The Health Sector In Ghana, James Tetteh Ami-Narh, Patricia A. Williams
Australian Information Security Management Conference
Many developing countries around the world are faced with the dilemma “brain-drain” as their healthcare professionals seek better economic opportunities in other countries. This problem is compounded by a lack of robust healthcare infrastructure requiring substantive improvements to bring them up to date. This impacts a countries ability to understand morbidity and mortality patterns which impact health care policy and program planning. The lack of IT infrastructure also negatively affects the safety, quality, and efficiency of health care delivery in these countries. Ghana is faced with this precise set of circumstances as it struggles to adopt policies to overcome these …
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
The Phantasm Of Atm Withdrawal, Nattakant Utakrit
Australian Information Security Management Conference
Despite the stringent legislation and increased enforcement aimed at combating financial crime, fraud using cash machines remains a public concern. The problem of ATM fraud is happening on a global scale and the ramifications have been felt in Australia. This paper highlights the stratagems of financial crime, in particular of ATM fraud. The abuse of ATMs with intelligent methods used by perpetrators will be discussed. At the same time, the paper will present some global cases of ATM fraud. Finally this paper will illustrate countermeasures and security methods, such as biometrics and premises protections of banks, financial institutions and customers, …
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Importance Of Verification And Validation Of Data Sources In Attaining Information Superiority, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Information superiority has been defined as a state that is achieved when a competitive advantage is derived from the ability to exploit a superior information position. To achieve such a superior information position enterprises and nations, alike, must not only collect and record correct, accurate, timely and useful information but also ensure that information recorded is not lost to competitors due to lack of comprehensive security and leaks. Further, enterprises that aim to attain information superiority must also ensure mechanisms of validating and verifying information to reduce the chances of mis-information. Although, research has been carried out into ways to …
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
The Need For An Investigation Into Possible Security Threats Associated With Sql Based Emr Software, Lee Heinke
Australian Information Security Management Conference
An increasing amount of E-health software packages are being bundled with Standard Query Language (SQL) databases as a means of storing Electronic Medical Records (EMR’s). These databases allow medical practitioners to store, change and maintain large volumes of patient information. The software that utilizes these databases pulls data directly from fields within the database based on standardized query statements. These query statements use the same methods as web-based applications to dynamically pull data from the database so it can be manipulated by the Graphical User Interface (GUI). This paper proposes a study for an investigation into the susceptibility of popular …
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Analysis Of Pki As A Means Of Securing Odf Documents, Gautham Kasinath, Leisa Armstrong
Australian Information Security Management Conference
Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the usefulness of PKI in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control.
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Medical Identity Theft – Not Feeling Like Yourself?, Darren Webb
Australian Information Security Management Conference
Hospital and general practice healthcare providers today rely heavily on the information and communication technologies they employ to provide access to patient and associated data. The continuing migration to wireless means of data transfer has afforded system users more convenient and timely access to information via the use of 802.11 based wireless network capable devices. Through the increased digital connectivity of these internet and wireless based networks, new avenues of criminal activity such as medical identity theft have been steadily increasing as malicious individuals and organisations seek to abuse the digital ubiquity of the electronic medical record. The increased need …
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Taxonomy Of Iphone Activation And Sim Unlocking Methods, Marwan Al-Zarouni, Haitham Al-Hajri
Australian Information Security Management Conference
This paper will discuss the different methods of SIM unlocking and activation for the Apple iPhone. Early iPhone activation and SIM card fabrication methods as well as the latest software only methods will be discussed. The paper will examine the benefits and drawbacks of each method. It will provide a step-by-step guide to creating a specially crafted SIM card for an iPhone by using Super SIM and Turbo SIM methods. The paper will also include a section on recovering (unbricking) the iPhone and other advanced hacks
Managing Information Security Complexity, Murray Brand
Managing Information Security Complexity, Murray Brand
Australian Information Security Management Conference
This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance …
Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward
Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward
Australian Information Security Management Conference
A wireless network solution is generally implemented when the bounds of walls of buildings and the constraints of wires need to be broken. Wireless technologies provide the potential for freedom of mobility which is undoubtedly a convenience for organisations in today’s market. The security of a wireless network is crucial for data integrity, especially when the data is not secured by the insulation of wires. While data is being transferred across a wireless network, it is vulnerable. There is no room for error, neglect or ignorance from an organisation, as a breech of data integrity can be devastating for both …
An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah
An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah
Australian Information Security Management Conference
This paper investigates the risks and vulnerabilities associated to the security of the WiMAX/802.16 broadband wireless technology. One of the other aspects of this document will be to review all the associated weaknesses to the Medium Access Control (MAC) layer and at the physical (PHY) layer. The risks and impacts are assessed according to a systematic approach. The approach or methodology is used is according to the European Telecommunication Standards Institute (ETSI). These threats are enumerated and classified accordingly to their risk levels.
The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni
The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni
Australian Information Security Management Conference
Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on …