Physical Sciences and Mathematics Commons^™

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Dr Khin Win

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

Privacy Issues And Solutions In Social Network Sites, Xi Chen, Katina Michael

Associate Professor Katina Michael

The boom of the internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be let in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove [6] has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin [7] also asserts: “[w]e do need to sharpen and …

The Social Impact Of National Security Technologies: Epassports, E911 And Mobile Alerts, Holly Tootell

Dr Holly Tootell

This paper explores the adoption of emerging technologies for the purposes of national security. The three technologies chosen were ePassports, E911 and mobile alerts. The study uses a content analysis methodology drawing on popular media documentation to extract the major social and technological impacts of the technologies on citizens as they were reported. The find i ngs of the study indicate that reactions to the three technologies differed. ePassports were considered vastly different to E911 and mobile alerting predominantly because they were seen to be a controlling technology, whereas E911 and mobile alerting were viewed to be about safety and …

Security Analysis Of Michael: The Ieee 802.11i Message Integrity Code, Jianyong Huang, Jennifer Seberry, Willy Susilo, Martin W. Bunder

Professor Willy Susilo

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of …

Understanding The Vulnerabilities In Wi-Fi And The Impact On Its Use In Cctv Systems, Michael Coole, Andrew Woodward, Craig Valli

Australian Security and Intelligence Conference

Modern surveillance devices are increasingly being taken off private networks and placed onto networks connected via gateway to the Internet or into Wi-Fi based local area wireless networks (LAWN). The devices are also increasingly using IPv4 and IPv6 network stacks and some form of embedded processing or compute built in. Additionally, some specialist devices are using assistive technologies such as GPS or A-GPS. This paper explored the issues with use of the technologies in a networked environment, both wireless and internetworked. Analysis of these systems shows that the use of IP based CCTV systems carries greater risk than traditional CCTV …

The Regulation Of Space And Cyberspace: One Coin, Two Sides, Brett Biddington

Australian Information Warfare and Security Conference

In the 1960s, during some very tense days in the Cold War the United States of America (USA) and the Union of Socialist Soviet Republics (USSR) brokered a deal in the United Nations for a treaty regime to govern human activities in outer space. This regime has served well enough for almost 50 years. In recent years, however, fears of space weaponisation, the proliferation of space debris in the Low Earth Orbits (LEO) and increasing demands on the electromagnetic spectrum (EMS) have led to demands for regulatory reform. Some nations now consider space to be the fourth domain of modern …

Forensic Readiness For Wireless Medical Systems, Brian Cusack, Ar Kar Kyaw

Australian Digital Forensics Conference

Wireless medical devices and related information systems are vulnerable to use and abuse by unauthorized users. Medical systems are designed for a range of end users in different professional skill groups and also people who carry the devices in and on their bodies. Open, accurate and efficient communication is the priority for medical systems and as a consequence strong protection costs are traded against the utility benefits for open systems. Flexible security provisions are required and strong forensic capabilities built into the systems to treat the risk. In this paper we elaborate the problem area and discuss potential solutions to …

Secure Key Deployment And Exchange Protocol For Manet Information Management, Brian Cusack, Alastair Nisbet

Australian Digital Forensics Conference

Secure Key Deployment and Exchange Protocol (SKYE) is an innovative encryption Key Management Scheme (KMS) based on a combination of features from recent protocols combined with new features for Mobile Ad Hoc Networks (MANETs). The design focuses on a truly ad hoc networking environment where geographical size of the network, numbers of network members and mobility of the members is all unknown before deployment. This paper describes the process of development of the protocol and the application to system design to assure information security and potential evidential retention for forensic purposes. Threshold encryption key management is utilized and simulation results …

Privacy And Security Issues In Iot Healthcare Applications For The Disabled Users A Survey, Wassnaa Al-Mawee

Masters Theses

Aging of the population resulted in new challenges for the society and healthcare systems. Ambient Assisted Living (AAL) that depends on Internet of Things (IoT) provides assistance to the disabled people and supports their vital daily life activities. Affordability of and accessibility to AAL and the usage of IoT starts revolutionizing healthcare services. This Thesis is a survey of the privacy and security issues in IoT healthcare applications for the disabled users. Introduction includes definitions of privacy and security terms, and discusses their relationship. Then, it presents an overview of the IoT, including its architecture and components. Next, the Thesis …

Reputation As Public Policy For Internet Security: A Field Study, Qian Tang, Leigh L. Linden, John S. Quarterman, Andrew Whinston

Research Collection School Of Computing and Information Systems

Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasiexperimental field study for eight countries through SpamRankings.net. This outgoingspam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This …

Improving Security Of Q-Sdh Based Digital Signatures, Fuchun Guo, Yi Mu, Willy Susilo

Professor Yi Mu

In Eurocrypt 2009, Hohenberger and Waters pointed out that a complexity assumption, which restricts the adversary to a single correct response, seems inherently more reliable than their flexible counterparts. The q-SDH assumption is less reliable than standard assumptions because its solution allows exponential answers. On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof. In this paper, we propose a variant of the q-SDH assumption, so that its correct answers are polynomial and no longer exponentially many. The new assumption is much more reliable and weaker than the original q-SDH assumption. We propose …

Security Analysis Of Michael: The Ieee 802.11i Message Integrity Code, Jianyong Huang, Jennifer Seberry, Willy Susilo, Martin W. Bunder

Dr Martin Bunder

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Professor John Fulcher

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

Privacy In Mobile Technology For Personal Healthcare, Sasikanth Avancha, Amit Baxi, David Kotz

Dartmouth Scholarship

Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of \emphmobile\/ computing technologies that have the potential to transform healthcare. Such \emphmHealth\/ technology enables physicians to remotely monitor patients' health, and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of …

Wispernet: Anti-Jamming For Wireless Sensor Networks, Miroslav Pajic, Rahul Mangharam

Rahul Mangharam

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns …

Anti-Jamming For Embedded Wireless Networks, Miroslav Pajic, Rahul Mangharam

Rahul Mangharam

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns …

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Security On Medical Wireless Sensor Networks, Eric D. Southern

Electronic Thesis and Dissertation Repository

Wireless technology is fast becoming a very important tool for all aspects of communication. An area that lacks a strong implementation for wireless communication is the medical field. Wireless systems could be used by clinicians to be better able to diagnose and monitor patients. The reason behind the lack of adoption in healthcare is due to the need to meet the legislated and perceived requirements of security and privacy when dealing with clinical information. The current methods of wireless authentication are investigated and an existing issue in mobile networks is described and solved with two novel solutions; one solution within …

Defeating Sql Injection, Lwin Khin Shar, Hee Beng Kuan Tan

Research Collection School Of Computing and Information Systems

The best strategy for combating SQL injection, which has emerged as the most widespread website security risk, calls for integrating defensive coding practices with both vulnerability detection and runtime attack prevention methods.

Developments In The Global Energy Markets And Constructing The Future Of The Persian Gulf Security, Nihat Cengel

Graduate Program in International Studies Theses & Dissertations

This study analyses the global energy projections and regional dynamics in the Persian Gulf. It is shown that the future projections in the world energy markets signify the importance of cooperation between developed and developing countries. It is also suggested that connected to the global economic crises and the regional demand change in the energy market, there is a growing need for international support to the Persian Gulf security.

I argue that the Gulf Cooperation Council (GCC) could play a crucial role for eliminating political conflicts and maintaining the regional stability. As a result, collective arm transfer to the region, …

A Survey Of Mobile Computing Security Issues And Possible Solutions, Glenn Kimpell

All Capstone Projects

This project reviews security issues with mobile devices and offers possible solutions from Internet sources. (supplied by OPUS staff)

Towards An Incentive Compatible Framework Of Secure Cloud Computing, Yulong Zhang

Theses and Dissertations

Cloud computing has changed how services are provided and supported through the computing infrastructure. It has the advantages such as flexibility , scalability , compatibility and availability . However, the current architecture design also brings in some troublesome problems, like the balance of cooperation benefits and privacy concerns between the cloud provider and the cloud users, and the balance of cooperation benefits and free-rider concerns between different cloud users. Theses two problems together form the incentive problem in cloud environment. The first conflict lies between the reliance of services and the concerns of secrets of cloud users. To solve it, …

Mitigating Insider Threat In Relational Database Systems, Qussai Yaseen

Graduate Theses and Dissertations

The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems security. It focuses on modeling the accumulative knowledge that insiders get throughout legal accesses, and it concentrates on analyzing the dependencies and constraints among data items and represents them using graph-based methods. The dissertation proposes new types of Knowledge Graphs (KGs) to represent insiders' knowledgebases. Furthermore, it introduces the Neural Dependency and Inference Graph (NDIG) and Constraints and Dependencies Graph (CDG) to demonstrate the dependencies and constraints among data items. The dissertation discusses in detail how insiders use knowledgebases and dependencies and constraints to get …

Book Review: Securing The Cloud: Cloud Computer Security Techniques And Tactics, Katina Michael

Associate Professor Katina Michael

With so much buzz around Cloud Computing, books like this one written by Winkler are much in demand. Winkler’s experience in the computing business shines through and as readers we are spoiled with a great deal of useful strategic information- a jam packed almost 300 page volume on securing the cloud.

Identifying And Analyzing Pointer Misuses For Sophisticated Memory-Corruption Exploit Diagnosis, Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, Heng Yin

Electrical Engineering and Computer Science - Technical Reports

Software exploits are one of the major threats to internet security. To quickly respond to these attacks, it is critical to automatically diagnose such exploits and find out how they circumvent existing defense mechanisms.

Passive Biometrics For Pervasive Wearable Devices (Poster Paper), Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz

Dartmouth Scholarship

Wearable devices – like the FitBit, MOTOACTV, and Jawbone UP – are increasingly becoming more pervasive whether for monitoring health and fitness, personal assistance, or home automation. While pervasive wearable devices have long been researched, we are now beginning to see the fruits of this research in the form of commercial offerings. Today, many of these commercial wearable devices are closed systems that do not interoperate with other devices a person might carry. We believe, however, these commercial offerings signal the coming of wireless body-area networks that will connect these pervasive wearable devices and leverage existing devices a user already …

An Amulet For Trustworthy Wearable Mhealth, Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma N. Smithayer, David Kotz

Dartmouth Scholarship

Mobile technology has significant potential to help revolutionize personal wellness and the delivery of healthcare. Mobile phones, wearable sensors, and home-based tele-medicine devices can help caregivers and individuals themselves better monitor and manage their health. While the potential benefits of this “mHealth” technology include better health, more effective healthcare, and reduced cost, this technology also poses significant security and privacy challenges. In this paper we propose \emphAmulet, an mHealth architecture that provides strong security and privacy guarantees while remaining easy to use, and outline the research and engineering challenges required to realize the Amulet vision.

Book Review: Security Risk Management: Building An Information Security Risk Management Program From The Ground Up, Katina Michael

Associate Professor Katina Michael

In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that- he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than …

Networking And Security Solutions For Vanet Initial Deployment Stage, Baber Aslam

Electronic Theses and Dissertations

Vehicular ad hoc network (VANET) is a special case of mobile networks, where vehicles equipped with computing/communicating devices (called "smart vehicles") are the mobile wireless nodes. However, the movement pattern of these mobile wireless nodes is no more random, as in case of mobile networks, rather it is restricted to roads and streets. Vehicular networks have hybrid architecture; it is a combination of both infrastructure and infrastructure-less architectures. The direct vehicle to vehicle (V2V) communication is infrastructure-less or ad hoc in nature. Here the vehicles traveling within communication range of each other form an ad hoc network. On the other …

Human Rights, Regulation, And National Security (Introduction), Simon Bronitt, Katina Michael

Faculty of Informatics - Papers (Archive)

Law disciplines technology, though it does so in a partial and incomplete way. This fact is refl ected in the old adage that technology outstrips the capacity of law to regulate it. The rise of new technologies poses a signifi cant threat to human rights. The pervasive use of closedcircuit television (CCTV), as well as mobile CCTV, telecommunications interception, and low-cost audiovisual recording and tracking devices (some of these discreetly wearable), extend the power of the state and corporations to signifi cantly intrude into the lives of citizens.