Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Security (4)
- Computer security (2)
- Encryption (2)
- IPv6 (2)
- Usability (2)
-
- AES algorithm (1)
- Access policy (1)
- Aged care organisations (1)
- Agile (1)
- Attribute-based encryption (1)
- Authentication (1)
- Authorisation (1)
- Building automation (1)
- Cache timing attack (1)
- Cache timing countermeasures. (1)
- Cognitive walkthrough (1)
- Computer sciences (1)
- Cyber security (1)
- Cybersecurity (1)
- DNS (1)
- DNSSec (1)
- Design (1)
- Domain Name System (1)
- ERP Systems (1)
- End-to-end security (1)
- Heuristic evaluation (1)
- IP Networks (1)
- IPv4 (1)
- Images (1)
- Information security (1)
Articles 1 - 13 of 13
Full-Text Articles in Physical Sciences and Mathematics
Cache-Timing Attack Against Aes Crypto System - Countermeasures Review, Yaseen H. Taha, Settana M. Abdulh, Naila A. Sadalla, Huwaida Elshoush
Cache-Timing Attack Against Aes Crypto System - Countermeasures Review, Yaseen H. Taha, Settana M. Abdulh, Naila A. Sadalla, Huwaida Elshoush
Australian Information Security Management Conference
Side channel attacks are based on side channel information, which is information that is leaked from encryption systems. Implementing side channel attacks is possible if and only if an attacker has access to a cryptosystem (victim) or can interact with cryptosystem remotely to compute time statistics of information that collected from targeted system. Cache timing attack is a special type of side channel attack. Here, timing information caused by cache effect is collected and analyzed by an attacker to guess sensitive information such as encryption key or plaintext. Cache timing attack against AES was known theoretically until Bernstein carry out …
Authentication And Authorisation In Entrusted Unions, Ayed F. Dhouha, Jan Camenisch, Tanya Ignatenko, Michael N. Johnstone, Paul Koster, Brigitta Lange, Milan Petkovic, Dieter Sommer, John Zic
Authentication And Authorisation In Entrusted Unions, Ayed F. Dhouha, Jan Camenisch, Tanya Ignatenko, Michael N. Johnstone, Paul Koster, Brigitta Lange, Milan Petkovic, Dieter Sommer, John Zic
Australian Information Security Management Conference
This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two …
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
Australian Information Security Management Conference
This paper demonstrates the application of an agile risk management approach to perform asset-based risk analysis to meet the information security requirements of SMEs (Small and Medium-sized Enterprises). This approach is proposed as an alternative to traditional methods that are cumbersome, resource intensive and costly, often hindering their value and use by SMEs. The organisation being studied is an Aged Care Facility (ACF) with legal and ethical responsibilities. Within the business there is little knowledge regarding potential information technology threats that could impact on these responsibilities. The ACF maintains a system containing client personal and medical records, network communications, as …
A Survey Of Ipv6 Address Usage In The Public Domain Name System, Clinton R. Carpene, Andrew Woodward
A Survey Of Ipv6 Address Usage In The Public Domain Name System, Clinton R. Carpene, Andrew Woodward
Australian Information Security Management Conference
The IPv6 protocol has been slowly increasing in use on the Internet. The main reason for the development of the protocol is that the address space provided by IPv4 is nearing exhaustion. The pool of addresses provided by IPv6 is 296 times larger than IPv4, and should be sufficient to provide an address for every device for the foreseeable future. Another potential advantage of this significantly large address space is the use of randomly assigned addresses as a security barrier as part of a defence in depth strategy. This research examined the addresses allocated by those implementing IPv6 to determine …
Mitigating Man-In-The-Middle Attacks On Smartphones – A Discussion Of Ssl Pinning And Dnssec, Veelasha Moonsamy, Lynn Batten
Mitigating Man-In-The-Middle Attacks On Smartphones – A Discussion Of Ssl Pinning And Dnssec, Veelasha Moonsamy, Lynn Batten
Australian Information Security Management Conference
Since their introduction, smartphones remain one of the most used handheld devices and this trend is predicted to continue in the coming years. Consequently, the number of attacks on smartphones is increasing exponentially; current market research shows that data traffic generated by smartphones will escalate by tenfold in 2019. Such an increase in traffic indicates that the smartphone industry will remain an attractive target for attackers. Whilst smartphone users are aware of the benefits of installing antivirus applications for malware evasion, they have limited knowledge on how to mitigate MiTM attacks. Furthermore, application developers do not always consider implementing appropriate …
Evaluating The Security Vulenerabilities Of The Ip6to4 Tunnelling Mechanism, Brian Cusack, Raymond Lutui
Evaluating The Security Vulenerabilities Of The Ip6to4 Tunnelling Mechanism, Brian Cusack, Raymond Lutui
Australian Information Security Management Conference
The two versions of Internet Protocol (IP) rely on mechanisms that will convert one protocol to the other and vice versa. Version 4 is still prevalent in the Internet backbone and version 6 in most private networks. In this research we focus on the automatic tunnelling mechanism that provides the encapsulation at one end of the transition tunnel and the de-encapsulation at the other end dependant on the direction of transition. In our research we asked: How secure is the automatic tunnelling mechanism? It is a simple question but important given the number of times transition may occur in any …
Securing Identity Information With Image Watermarks, Brian Cusack, Reza Khaleghparas
Securing Identity Information With Image Watermarks, Brian Cusack, Reza Khaleghparas
Australian Information Security Management Conference
In this paper, we describe the requirements for embedding watermarks in images used for identity verification and demonstrate a proof of concept in security sciences. The watermarking application is designed for verifying the rightful ownership of a driving license or similar identity object. The tool we built and tested embeds and extracts watermarks that contain verification information of the rightful owner. We used the human finger print of the rightful owner as the watermark. Such information protection mechanisms add an extra layer of security to the information system and improve verification of identification attributes by providing strong security. The issues …
The Impact Of Social Constructivism On Erp Systems Security: A Critical Social Review, Kennedy Njenga
The Impact Of Social Constructivism On Erp Systems Security: A Critical Social Review, Kennedy Njenga
Australian Information Security Management Conference
Little is understood about the effects of social constructivism that shapes conflicting concerns regarding Enterprise Resource Planning (ERP) security and usability during implementation. This work looks at social constructivism as produced and reproduced by stakeholders in the ERP systems implementation phase. Social constructivism is characterised by the embedded trade-off for usability, espoused by end-user and security, espoused by developers. Social constructivism was conceptualised qualitatively from a selected case study. Critical Social Theory (CST) was used as the theoretical lens. Stakeholders concerned with ERP security aspects in the implementation phase were interviewed and data transcribed and interpreted. Hermeneutical interpretation was applied …
Persistent Issues In Encryption Software: A Heuristic And Cognitive Walkthrough, Jad El-Abed, Patryk Szewczyk
Persistent Issues In Encryption Software: A Heuristic And Cognitive Walkthrough, Jad El-Abed, Patryk Szewczyk
Australian Information Security Management Conference
The support information accompanying security software can be difficult to understand by end-users, who have little knowledge in cyber security. One mechanism for ensuring the integrity and confidentiality of information is encryption software. Unfortunately, software usability issues can hinder an end-user’s capability to properly utilise the security features effectively. To date there has been little research in investigating the usability of encryption software and proposing solutions for improving them. This research paper analysed the usability of encryption software targeting end-users. The research identified several issues that could impede the ability of a novice end-user to adequately utilise the encryption software. …
Securing The Internet Of Things Infrastructure – Standards And Techniques, Zubair A. Baig
Securing The Internet Of Things Infrastructure – Standards And Techniques, Zubair A. Baig
Australian Information Security Management Conference
The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards …
Attribute-Based Encryption With Encryption And Decryption Outsourcing, Muhammad Asim, Milan Petkovic, Tanya Ignatenko
Attribute-Based Encryption With Encryption And Decryption Outsourcing, Muhammad Asim, Milan Petkovic, Tanya Ignatenko
Australian Information Security Management Conference
In this paper we propose a new scheme for ciphertext-policy attribute-based encryption that allows outsourcing of computationally expensive encryption and decryption steps. The scheme constitutes an important building block for mobile applications where both the host and users use mobile devices with limited computational power. In the proposed scheme, during encryption the host involves a semi-trusted proxy to encrypt a partially encrypted (by the host) message according to an access policy provided by the host. The proxy is unable to learn the message from this partially encrypted text. A user can only decrypt the stored ciphertext if he possesses secret …
12th Australian Information Security Management Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University
12th Australian Information Security Management Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University
Australian Information Security Management Conference
No abstract provided.
An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone
An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone
Australian Information Security Management Conference
The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in …