Physical Sciences and Mathematics Commons^™

Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler

Ryan Schuetzler

Deception in computer-mediated communication is a widespread phenomenon. Cyber criminals are exploiting technological mediums to communicate with potential targets as these channels reduce both the deception cues and the risk of detection itself. A prevalent deception-based attack in computer-mediated communication is phishing. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying and rejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as …

Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle

Ryan Schuetzler

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users' perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security …

An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook

Dr. David M Cook

Care needs to be taken to reduce the number of people who are fearful and mistrustful of using ICT where that usage is forced upon them without choice or alternative. The growing incidence of mandatory and imposed online systems can result in confusion, misuse, fear, and rejection by people with only rudimentary ICT skills. A cohort where a high percentage of such people occur is older people, defined in this study as people over the age of 60 Examples of compulsory ICT interactions include some banks limiting bank statement access through online rather than paper-based options. Other examples include the …

Introduction, Tracy Mitrano

Tracy Mitrano

No abstract provided.

Chapter Five: The San Bernardino Iphone Case, Tracy Mitrano

Tracy Mitrano

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Chatter: Classifying Malware Families Using System Event Ordering, Aziz Mohaisen, Andrew G. West, Allison Mankin, Omar Alrawi

Andrew G. West

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics this analysis produces are often circumvented by subsequent malware authors.

To this end we propose CHATTER, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse …

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

David J Brooks Dr.

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson Higashino, Alexandra L'Heureux, David Allison, Miriam Capretz

Wilson A Higashino

In the Big Data community, MapReduce has been seen as one of the key enabling approaches for meeting continuously increasing demands on computing resources imposed by massive data sets. The reason for this is the high scalability of the MapReduce paradigm which allows for massively parallel and distributed execution over a large number of computing nodes. This paper identifies MapReduce issues and challenges in handling Big Data with the objective of providing an overview of the field, facilitating better planning and management of Big Data projects, and identifying opportunities for future research in this field. The identified challenges are grouped …

On The Privacy Concerns Of Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. Often times these arguments are not privacy sensitive but are necessary to render the web page. However, query strings may also contain tracking mechanisms, user names, email addresses, and other information that users may not wish to reveal. In isolation such URLs are not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web browsers) are increasingly being publicly broadcast.

This position paper argues that the …

Using Database Management System Todevelop And Implement An Automated Vehicle Management System, Dr. Dipo Theophilus Akomolafe Mbcs, Mncs, Mcpn,, Naomi Timothy, Francis Ofere

Dr. Dipo Theophilus Akomolafe MBCS, MNCS, MCPN,

The automated motor vehicle management system is a system developed for managing the movement of vehicles in and out of an organization. Presently, movemnts of vehicles in most organisations are handled manually bythe security officials that are stationed at the gates. This system is associated with mismanaged data, inaccurate data or no data at all in some instances. Consequently, it is imperative to develop a computerized system to manage data taken from the large number of vehicles that move in and out of organisations in order to deal with cases of theft, proper monitoring of people and vehicles and to …

Rfid-Based Anti-Theft Auto Security System With An Immobilizer, Geeth Jayendra, Sisil Kumarawadu, Lasantha Meegahapola

Dr Lasantha G Meegahapola

This paper presents a novel radio frequency identification (RFID) based vehicle immobilizer system, which features low hacking probability while preserving the safety of the passengers of the hijacked vehicle. The immobilizer uses the active RFID technology where the tag is generated with comparatively large character sets. The receiving unit is intelligently integrated into three control circuits in the vehicle, namely, ignition circuit, power control unit, and automatic gear changing system, enabling it to bring the vehicle speed down to zero in a safe step by step manner. The anti-theft auto security system proposed here was tested under different weather conditions …

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Michael Crowley

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Big Data: New Opportunities And New Challenges, Katina Michael, Keith Miller

Associate Professor Katina Michael

We can live with many of the uncertainties of big data for now, with the hope that its benefits will outweigh its harms, but we shouldn't blind ourselves to the possible irreversibility of changes—whether good or bad—to society.

It's no secret that both private enterprise and government seek greater insights into people's behaviors and sentiments. Organizations use various analytical techniques—from crowdsourcing to genetic algorithms to neural networks to sentiment analysis—to study both structured and unstructured forms of data that can aid product and process discovery, productivity, and policy-making. This data is collected from numerous sources including sensor networks, government data …

Big Data: New Opportunities And New Challenges, Katina Michael, Keith W. Miller

Keith Miller

We can live with many of the uncertainties of big data for now, with the hope that its benefits will outweigh its harms, but we shouldn't blind ourselves to the possible irreversibility of changes—whether good or bad—to society.

It's no secret that both private enterprise and government seek greater insights into people's behaviors and sentiments. Organizations use various analytical techniques—from crowdsourcing to genetic algorithms to neural networks to sentiment analysis—to study both structured and unstructured forms of data that can aid product and process discovery, productivity, and policy-making. This data is collected from numerous sources including sensor networks, government data …

Balance Or Trade-Off? Online Security Technologies And Fundamental Rights, Mireille Hildebrandt

Mireille Hildebrandt

In this contribution I argue that the image of the balance is often used to defend the idea of a trade-off. To understand the drawbacks of this line of thought I will explore the relationship between online security technologies and fundamental rights, notably privacy, non-discrimination, freedom of speech and due process. After discriminating between three types of online security technologies I will trace the reconfiguration of the notion of privacy in the era of smart environments. This will lead to an inquiry into the metaphor of the scale, building on the triple test regarding the justification of the limitation of …

The Social Implications Of Covert Policing, Simon Bronitt, Clive Harfield, K. Michael

Clive Harfield

Police agencies have been accused of suffering from an acute form of technophilia. Rather than representing some dreadful disorder, this assessment reflects the strong imperative, both in police agencies and the wider community, that police must have access to the latest technologies of surveillance and crime detection.

The last decade has witnessed the proliferation of low-cost surveillance technologies, some developed specifically for law enforcement purposes. Technology once the preserve of the military or secret intelligence agencies is now within the reach of ordinary general duties police officers. The new generation of police recruits is highly adept at using new technologies. …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Dr Khin Win

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

On The Cca-1 Security Of Somewhat Homomorphic Encryption Over The Integers, Zhenfei Zhang, Thomas Plantard, Willy Susilo

Dr Thomas Plantard

The notion of fully homomorphic encryption is very important since it enables many important applications, such as the cloud computing scenario. In EUROCRYPT 2010, van Dijk, Gentry, Halevi and Vaikuntanathan proposed an interesting fully homomorphic encryption scheme based on a somewhat homomorphic encryption scheme using integers. In this paper, we demonstrate a very practical CCA-1 attack against this somewhat homomorphic encryption scheme. Given a decryption oracle, we show that within O(λ2) queries, we can recover the secret key successfully, where λ is the security parameter for the system.

A Generic Construction Of Dynamic Single Sign-On With Strong Security, Jinguang Han, Yi Mu, Willy Susilo, Jun Yan

Dr Jun Yan

Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable …

Privacy Issues And Solutions In Social Network Sites, Xi Chen, Katina Michael

Associate Professor Katina Michael

The boom of the internet and the explosion of new technologies have brought with them new challenges and thus new connotations of privacy. Clearly, when people deal with e-government and e-business, they do not only need the right to be let alone, but also to be let in secret. Not only do they need freedom of movement, but also to be assured of the secrecy of their information. Solove [6] has critiqued traditional definitions of privacy and argued that they do not address privacy issues created by new online technologies. Austin [7] also asserts: “[w]e do need to sharpen and …

The Social Impact Of National Security Technologies: Epassports, E911 And Mobile Alerts, Holly Tootell

Dr Holly Tootell

This paper explores the adoption of emerging technologies for the purposes of national security. The three technologies chosen were ePassports, E911 and mobile alerts. The study uses a content analysis methodology drawing on popular media documentation to extract the major social and technological impacts of the technologies on citizens as they were reported. The find i ngs of the study indicate that reactions to the three technologies differed. ePassports were considered vastly different to E911 and mobile alerting predominantly because they were seen to be a controlling technology, whereas E911 and mobile alerting were viewed to be about safety and …

A Study Of Information Security Awareness And Practices In Saudi Arabia, Abdulaziz Alarifi, Holly Tootell, Peter Hyland

Dr Holly Tootell

Although the Web, cell phoneand cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. While awareness of information threats is growing in the Western world, in places like Saudi Arabia, information security is very poor. Unlike Western pluralistic democracies, Saudi Arabia is a highly-censored country, with a patriarchical and tribal culture, which may influence its poor information security rating. This paper examines the level of information security awareness (ISA) among the general public in Saudi Arabia, using an anonymous online survey, based on instruments produced by the Malaysian …

Security Analysis Of Michael: The Ieee 802.11i Message Integrity Code, Jianyong Huang, Jennifer Seberry, Willy Susilo, Martin W. Bunder

Professor Willy Susilo

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of …

On Capabilities Of Hash Domain Extenders To Preserve Enhanced Security Properties, Reza Reyhanitabar, Willy Susilo

Dr Reza Reyhanitabar

In this paper, we study property preservation capabilities of several domain extension transforms for hash functions with respect to multiple enhanced security notions. The transforms investigated include MD with strengthening padding (sMD), HAIFA, Enveloped Shoup (ESh) and Nested Linear Hash (nLH). While the first two transforms and their straightforward variants are among the most popular ones in practical hash designs including several SHA-3 candidates, the last two transforms (i.e. ESh and nLH) are mainly of a theoretical interest in the analysis of multi-property-preservation (MPP) capabilities of hash domain extenders. The security notions considered are the enhanced (or strengthened) variants of …

Improving Security Of Q-Sdh Based Digital Signatures, Fuchun Guo, Yi Mu, Willy Susilo

Professor Yi Mu

In Eurocrypt 2009, Hohenberger and Waters pointed out that a complexity assumption, which restricts the adversary to a single correct response, seems inherently more reliable than their flexible counterparts. The q-SDH assumption is less reliable than standard assumptions because its solution allows exponential answers. On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof. In this paper, we propose a variant of the q-SDH assumption, so that its correct answers are polynomial and no longer exponentially many. The new assumption is much more reliable and weaker than the original q-SDH assumption. We propose …

Security Analysis Of Michael: The Ieee 802.11i Message Integrity Code, Jianyong Huang, Jennifer Seberry, Willy Susilo, Martin W. Bunder

Dr Martin Bunder

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of …

A Study Of Information Security Awareness And Practices In Saudi Arabia, Abdulaziz Alarifi, Holly Tootell, Peter Hyland

Associate Professor Peter Hyland

Although the Web, cell phoneand cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. While awareness of information threats is growing in the Western world, in places like Saudi Arabia, information security is very poor. Unlike Western pluralistic democracies, Saudi Arabia is a highly-censored country, with a patriarchical and tribal culture, which may influence its poor information security rating. This paper examines the level of information security awareness (ISA) among the general public in Saudi Arabia, using an anonymous online survey, based on instruments produced by the Malaysian …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Professor John Fulcher

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

Wispernet: Anti-Jamming For Wireless Sensor Networks, Miroslav Pajic, Rahul Mangharam

Rahul Mangharam

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns …