Search results for: user data security

Authors: Oludare Isaac Abiodun, Esther Omolara Abiodun

Abstract:

The purpose of this paper is to demonstrate that cyberterrorism is existing and poses a threat to computer security and national security. Nowadays, people have become excitedly dependent upon computers, phones, the Internet, and the Internet of things systems to share information, communicate, conduct a search, etc. However, these network systems are at risk from a different source that is known and unknown. These network systems risk being caused by some malicious individuals, groups, organizations, or governments, they take advantage of vulnerabilities in the computer system to hawk sensitive information from people, organizations, or governments. In doing so, they are engaging themselves in computer threats, crime, and terrorism, thereby making the use of computers insecure for others. The threat of cyberterrorism is of various forms and ranges from one country to another country. These threats include disrupting communications and information, stealing data, destroying data, leaking, and breaching data, interfering with messages and networks, and in some cases, demanding financial rewards for stolen data. Hence, this study identifies many ways that cyberterrorists utilize the Internet as a tool to advance their malicious mission, which negatively affects computer security and safety. One could identify causes for disparate anomaly behaviors and the theoretical, ideological, and current forms of the likelihood of cyberterrorism. Therefore, for a countermeasure, this paper proposes the use of previous and current computer security models as found in the literature to help in countering cyberterrorism

Keywords: cyberterrorism, computer security, information, internet, terrorism, threat, digital forensic solution

Procedia PDF Downloads 72

Authors: Yuhong Li, Luyu Mao

Abstract:

Globalization has led to an increasingly interconnected international community and transmitted risks to every corner of the world through the chain of globalization. Security risks arising from international conflicts seem inescapable. Some countries have begun to build their capacity to deal with the globalization of security risks. They establish disembedding security mechanisms that transcend spatial or temporal boundaries and promote security cooperation with countries or regions that are not geographically close. This paper proposes four hypotheses of the phenomenon of "risks and security disembedding" in the post-Cold War international society and uses them to explain The United Kingdom’s behavior in the Bosnian War and the Russo-Ukrainian War. In the Bosnian War, confident in its own security and focused on maintaining European stability, The UK has therefore chosen to be cautious in its use of force in international frameworks such as the EU and to maintain a very limited intervention in Bosnia and Herzegovina's affairs. In contrast, the failure of the EU and NATO’s security mechanism in the Russo-Ukrainian war heightened Britain's anxiety, and the volatile international situation led it to show a strong tendency towards security disembedding, choosing to conclude security communities with extra-territorial states. Analysis suggests that security mechanisms are also the starting point of conflict and that countries will rely more on disembedding mechanisms to counteract the global security risks. The current mechanism of security disembedding occurs as a result of the global proliferation of security perceptions as a symbolic token and the recognition of an expert system of security mechanisms formed by states with similar security perceptions.

Keywords: disembedding mechanism, bosnia war, the russian-ukrainian war, british security strategy

Procedia PDF Downloads 56

Authors: Merad Boudia Omar Rafik, Feham Mohammed

Abstract:

Data aggregation in wireless sensor networks (WSNs) provides a great reduction of energy consumption. The limited resources of sensor nodes make the choice of an encryption algorithm very important for providing security for data aggregation. Asymmetric cryptography involves large ciphertexts and heavy computations but solves, on the other hand, the problem of key distribution of symmetric one. The latter provides smaller ciphertexts and speed computations. Also, the recent researches have shown that achieving the end-to-end confidentiality and the end-to-end integrity at the same is a challenging task. In this paper, we propose (SA-SPKC), a novel security protocol which addresses both security services for WSNs, and where only the base station can verify the individual data and identify the malicious node. Our scheme is based on stateful public key encryption (StPKE). The latter combines the best features of both kinds of encryption along with state in order to reduce the computation overhead. Our analysis

Keywords: secure data aggregation, wireless sensor networks, elliptic curve cryptography, homomorphic encryption

Procedia PDF Downloads 266

Authors: Teh Kean Kheng, Low Soon Yee, Burra Venkata Durga Kumar

Abstract:

In 2022, as the future world becomes increasingly computer-related, more individuals are attempting to study coding for themselves or in school. This is because they have discovered the value of learning code and the benefits it will provide them. But learning coding is difficult for most people. Even senior programmers that have experience for a decade year still need help from the online source while coding. The reason causing this is that coding is not like talking to other people; it has the specific syntax to make the computer understand what we want it to do, so coding will be hard for normal people if they don’t have contact in this field before. Coding is hard. If a user wants to learn bash code with bash prompt, it will be harder because if we look at the bash prompt, we will find that it is just an empty box and waiting for a user to tell the computer what we want to do, if we don’t refer to the internet, we will not know what we can do with the prompt. From here, we can conclude that the bash prompt is not user-friendly for new users who are learning bash code. Our goal in writing this paper is to give an idea to implement a user-friendly Bash prompt in Ubuntu OS using Artificial Intelligent (AI) to lower the threshold of learning in Bash code, to make the user use their own words and concept to write and learn Bash code.

Keywords: user-friendly, bash code, artificial intelligence, threshold, semantic similarity, lexical similarity

Procedia PDF Downloads 103

Authors: Michaela Vašková

Abstract:

The paper is focused on the application of the security audit method on the selected objects of the critical infrastructure. The emphasis is put on security audit method to find gaps in the critical infrastructure security. The theoretical part describes objects of the critical infrastructure. The practical part describes using the security audit method. The main emphasis was put on the protection of the critical infrastructure in the Czech Republic.

Keywords: crisis management, critical infrastructure, object of critical infrastructure, security audit, extraordinary event

Procedia PDF Downloads 405

Authors: Sandeep Kaur, Jenny Vuong, Marcel Julliard, Sean O'Donoghue

Abstract:

Time-series data are useful for modelling as they can enable model-evaluation. However, when reconstructing models from phosphoproteomic data, often non-exact methods are utilised, as the knowledge regarding the network structure, such as, which kinases and phosphatases lead to the observed phosphorylation state, is incomplete. Thus, such reactions are often hypothesised, which gives rise to uncertainty. Here, we propose a framework, implemented via a web-based tool (as an extension to Minardo), which given time-series phosphoproteomic datasets, can generate κ models. The incompleteness and uncertainty in the generated model and reactions are clearly presented to the user via the visual method. Furthermore, we demonstrate, via a toy EGF signalling model, the use of algorithmic verification to verify κ models. Manually formulated requirements were evaluated with regards to the model, leading to the highlighting of the nodes causing unsatisfiability (i.e. error causing nodes). We aim to integrate such methods into our web-based tool and demonstrate how the identified erroneous nodes can be presented to the user via the visual method. Thus, in this research we present a framework, to enable a user to explore phosphorylation proteomic time-series data in the context of models. The observer can visualise which reactions in the model are highly uncertain, and which nodes cause incorrect simulation outputs. A tool such as this enables an end-user to determine the empirical analysis to perform, to reduce uncertainty in the presented model - thus enabling a better understanding of the underlying system.

Keywords: κ-models, model verification, time-series phosphoproteomic datasets, uncertainty and error visualisation

Procedia PDF Downloads 230

Authors: Frederic Jumelle, Kelvin So, Didan Deng

Abstract:

A method and system for neuropsychological performance test, comprising a mobile terminal, used to interact with a cloud server which stores user information and is logged into by the user through the terminal device; the user information is directly accessed through the terminal device and is processed by artificial neural network, and the user information comprises user facial emotions information, performance test answers information and user chronometrics. This assessment is used to evaluate the cognitive performance and emotional response of the subject to a series of dichotomous questions describing various situations of daily life and challenging the users' knowledge, values, ethics, and principles. In industrial applications, the timing of this assessment will depend on the users' need to obtain a service from a provider, such as opening a bank account, getting a mortgage or an insurance policy, authenticating clearance at work, or securing online payments.

Keywords: artificial intelligence, neurofinance, neuropsychology, risk management

Procedia PDF Downloads 114

Authors: E. K. Linsenmayer

Abstract:

Traditional international relations theorists define state security, the principal national interest, as a state’s military force. However, many political theorists argue the current definition of security is not comprehensive and therefore, problematic. This paper argues that women’s physical security is not only linked but also necessary to achieve state security. In today’s unipolar political international system, the United States continues to accredit national security to its military. However, in one of the most militarized countries, women remain insecure. Through a case study method of the United States, this paper illuminates a necessary political prescription: the empowerment of women through an inside-out, feminist theoretical approach that makes state security attainable. The research through empirical testing, drawing from several databases, shows the positive effects of women’s physical security on state security. Women’s physical security is defined in terms of equal legal practices, health, education, and female representation in the government. State security is measured by the relative peace of a state, its involvement in conflict and a state’s relations with neighboring states. This paper shows that empowering women, 50% of the world’s population, is necessary for ending the current vicious circle of militarization, war, and insecurity. Without undoing gender power dynamics at the individual and societal level, security at all levels remains unattainable.

Keywords: gender inequality, politics, state security, women's security

Procedia PDF Downloads 183

Authors: Jihyun Song, Kyeongjoo Kim, Minsoo Lee

Abstract:

Due to the development of information technology and wireless Internet technology, various data are being generated in various fields. These data are advantageous in that they provide real-time information to the users themselves. However, when the data are accumulated and analyzed, more various information can be extracted. In addition, development and dissemination of boards such as Arduino and Raspberry Pie have made it possible to easily test various sensors, and it is possible to collect sensor data directly by using database application tools such as MySQL. These directly collected data can be used for various research and can be useful as data for data mining. However, there are many difficulties in using the board to collect data, and there are many difficulties in using it when the user is not a computer programmer, or when using it for the first time. Even if data are collected, lack of expert knowledge or experience may cause difficulties in data analysis and visualization. In this paper, we aim to construct a library for sensor data collection and analysis to overcome these problems.

Keywords: clustering, data mining, DBSCAN, k-means, k-medoids, sensor data

Procedia PDF Downloads 349

Authors: Yu-Ming Wang, Jia-Hong Jian

Abstract:

The Internet and digital publication technologies have brought dramatic impacts on how people collect, organize, disseminate, access, store, and use information. More and more governments, schools, and organizations spent huge funds to develop digital libraries. A digital library can be regarded as a web extension of traditional physically libraries. People can search diverse publications, find out the position of knowledge resources, and borrow or buy publications through digital libraries. People can gain knowledge and students or employees can finish their reports by using digital libraries. Since the considerable funds and energy have been invested in implementing digital libraries, it is important to understand the evaluative criteria from the users’ viewpoint in order to enhance user acceptance. This study develops a list of user acceptance criteria for digital libraries. An initial criteria list was developed based on some previously validated instruments related to digital libraries. Data were collected from user experiences of digital libraries. The exploratory factor analysis and confirmatory factor analysis were adopted to purify the criteria list. The reliabilities and validities were tested. After validating the criteria list, a user survey was conducted to collect the comparative importance of criteria. The analytic hierarchy process (AHP) method was utilized to derive the importance of each criterion. The results of this study contribute to an e understanding of the criteria and relative importance that users evaluate for digital libraries.

Keywords: digital library, user acceptance, analytic hierarchy process, factor analysis

Procedia PDF Downloads 229

Authors: Mahdi Rahimi, Mohammad Mahdi Mojahedian, Mohammad Reza Aref

Abstract:

In this paper, a cellular communication scenario with a transmitter and an authorized user is considered to analyze its secrecy in the face of eavesdroppers and the interferences propagated unintentionally through the communication network. It is also assumed that some D2D pairs and eavesdroppers are randomly located in the cell. Assuming hardware impairment, perfect connection probability is analytically calculated, and upper bound is provided for the secrecy outage probability. In addition, a method based on random activation of D2Ds is proposed to improve network security. Finally, the analytical results are verified by simulations.

Keywords: physical layer security, stochastic geometry, device-to-device, hardware impairment

Procedia PDF Downloads 146

Authors: Noor Abdelhamid, Donovan Nelson, Cara Prosser

Abstract:

The architectural design process could be mapped out as a dialogue between designer and user that is constructed across multiple phases with the overarching goal of aligning design outcomes with user needs. Traditionally, this dialogue is bounded within a preliminary phase of determining factors that will direct the design intent, and a completion phase, of handing off the project to the client. Pre- and post-occupancy evaluations (P/POE’s) could provide an alternative process by extending this dialogue on both ends of the design process. The purpose of this research is to study the influence of systematic pre-occupancy data collection in achieving design goals by conducting post-occupancy evaluations of two case studies. In the context of this study, systematic pre-occupancy data collection is defined as the preliminary documentation of the existing conditions that helps portray stakeholders’ needs. When implemented, pre-occupancy occurs during the early phases of the architectural design process, utilizing the information to shape the design intent. Investigative POE’s are performed on two case studies with distinct early design approaches to understand how the current space is impacting user needs, establish design outcomes, and inform future strategies. The first case study underwent systematic pre-occupancy data collection and synthesis, while the other represents the traditional, uncoordinated practice of informally collecting data during an early design phase. POE’s target the dynamics between the building and its occupants by studying how spaces are serving the needs of the users. Data collection for this study consists of user surveys, audiovisual materials, and observations during regular site visits. Mixed methods of qualitative and quantitative analyses are synthesized to identify patterns in the data. The paper concludes by positioning value on both sides of the architectural design process: the integration of systematic pre-occupancy methods in the early phases and the reinforcement of a continued dialogue between building and design team after building completion.

Keywords: architecture, design process, pre-occupancy data, post-occupancy evaluation

Procedia PDF Downloads 141

Authors: Aizzat Md. Nasurdin, Noor Hazlina Ahmad, Cheng Ling Tan

Abstract:

This study aims to examine the role of career advancement and job security as predictors of employee commitment to their organization. Data was collected from 580 frontline employees attached to two departments of 29 luxury hotels in Peninsular Malaysia. Statistical results using Partial Least Squares technique provided support for the proposed hypotheses. In view of the findings, theoretical and practical implications are discussed.

Keywords: organizational commitment, career advancement, job security, frontline employees, luxury hotels, Malaysia

Procedia PDF Downloads 360

Authors: Yu Qin, Wanjiaman Li

Abstract:

The widespread use of mobile electronic devices increases the complexities of mobile security. This thesis aims to provide a secure communication environment for smartphone users. Some research proves that the one-time pad is one of the securest encryption methods, and that the key distribution problem can be solved by using the QKD (quantum key distribution). The objective of this project is to design an Android APP (application) to exchange several random keys between mobile phones. Inspired by QKD, the developed APP uses the quick response (QR) code as a carrier to dispatch large amounts of one-time keys. After evaluating the performance of APP, it allows the mobile phone to capture and decode 1800 bytes of random data in 600ms. The continuous scanning mode of APP is designed to improve the overall transmission performance and user experience, and the maximum transmission rate of this mode is around 2200 bytes/s. The omnidirectional readability and error correction capability of QR code gives it a better real-life application, and the features of adequate storage capacity and quick response optimize overall transmission efficiency. The security of this APP is guaranteed since QR code is exchanged face-to-face, eliminating the risk of being eavesdropped. Also, the id of QR code is the only message that would be transmitted through the whole communication. The experimental results show this project can achieve superior transmission performance, and the correlation between the transmission rate of the system and several parameters, such as the QR code size, has been analyzed. In addition, some existing technologies and the main findings in the context of the project are summarized and critically compared in detail.

Keywords: one-time pad, QKD (quantum key distribution), QR code, application

Procedia PDF Downloads 121

Authors: Ji Lian Yap

Abstract:

This paper will critically consider developments in 2014 in relation to the law relating to security over personal property in Hong Kong. The rules governing the registration of charges under the Hong Kong Companies Ordinance will be examined. Case law relating to personal property security will also be discussed. The transplantation of the floating charge into China’s Property Law will also be considered.

Keywords: personal property, security law, reform of the law, law

Procedia PDF Downloads 398

Authors: Mushty Srividya

Abstract:

Humans that inhabit a designed space consciously or unconsciously accept the spaces which have an impact on how they perceive, feel and act accordingly. Spaces that are more interactive and communicative with the human senses become more interesting. Interaction in architecture is the art of building relationships between the user and the spaces. Often spaces are form-based, function-based or aesthetically pleasing spaces but they are not interactive with the user which actually has a greater impact on how the user perceives the designed space and appreciate it. It is very necessary for a designer to understand and appreciate the human character and design accordingly, wherein the user gets the flexibility to explore and experience it for themselves rather than the designed space dictating the user how to perceive or feel in that space. In this interaction between designed spaces and the user, a designer needs to understand the spatial potential and user’s needs because the design language varies with varied situations in accordance with these factors. Designers often have the tendency to construct spaces with their perspectives, observations, and sense the space in their range of different angles rather than the users. It is, therefore, necessary to understand the potential of the space by understanding different factors and improve the quality of space with the help of creating better interactive spaces. For an interaction to occur between the user and space, there is a need for some medium. In this paper, light, color, and sound will be used as the mediums to understand and create interactions between the user and space, considering these to be the primary sources which would not require any physical touch in the space and would help in triggering the human senses. This paper involves in studying and understanding the impact of light, color and sound on different typologies of spaces on the user through different findings, articles, case studies and surveys and try to get links between these three mediums to create an interaction. This paper also deals with understanding in which medium takes an upper hand in a varied typology of spaces and identify different techniques which would create interactions between the user and space with the help of light, color, and sound.

Keywords: color, communicative spaces, human factors, interactive spaces, light, sound

Procedia PDF Downloads 186

Authors: Fawzia Abujalala, Asma Elmangoush, Majdi Ashibani

Abstract:

The adoption of Blockchain technology introduces the possibility to decentralize cold chain systems. This adaptation enhances them to be more efficient, accessible, verifiable, and data security. Additionally, the Internet of Things (IoT) concept is considered as an added-value to various application domains. Cargo tracking and cold chain are a few to name. However, the security of the IoT transactions and integrated devices remains one of the key challenges to the IoT application’s success. Consequently, Blockchain technology and its consensus protocols have been used to solve many information security problems. In this paper, the researchers discussed the advantages of integrating Blockchain technology into IoT platform to improve security and provide an overview of existing literature on integrating Blockchain and IoT platforms. Then, presented the immunization cold chain solution as a use-case that could apply to any critical goods based on integrating hyperledger fabric platform and IoT platform.

Keywords: blockchain, hyperledger fabric, internet of things, security, traceability

Procedia PDF Downloads 116

Authors: Elena A. Troubitsyna

Abstract:

Designers of modern safety-critical control systems are increasingly relying on networking to provide the systems with advanced functionality and satisfy customer’s needs. However, networking nature of modern control systems also brings new technological challenges associated with ensuring system safety in the presence of openness and hence, potential security threats. In this paper, we propose a methodology that relies on systems-theoretic analysis to enable an integrated analysis of safety and security requirements of controlling software. We demonstrate how to create a safety case – a structured argument about system safety – with explicit representation of both safety and security goals. Our approach provides the designers with a systematic approach to analysing safety and security interdependencies while designing safety-critical control systems.

Keywords: controlling software, integrated analysis, security, safety-security co-engineering

Procedia PDF Downloads 469

Authors: Takahiro Nishigaki, Takashi Onoda

Abstract:

In recent years, the number of document data has been increasing since the spread of the Internet. Many methods have been studied for extracting topics from large document data. We proposed Independent Topic Analysis (ITA) to extract topics independent of each other from large document data such as newspaper data. ITA is a method for extracting the independent topics from the document data by using the Independent Component Analysis. The topic represented by ITA is represented by a set of words. However, the set of words is quite different from the topics the user imagines. For example, the top five words with high independence of a topic are as follows. Topic1 = {"scor", "game", "lead", "quarter", "rebound"}. This Topic 1 is considered to represent the topic of "SPORTS". This topic name "SPORTS" has to be attached by the user. ITA cannot name topics. Therefore, in this research, we propose a method to obtain topics easy for people to understand by using the web search engine, topics given by the set of words given by independent topic analysis. In particular, we search a set of topical words, and the title of the homepage of the search result is taken as the topic name. And we also use the proposed method for some data and verify its effectiveness.

Keywords: independent topic analysis, topic extraction, topic naming, web search engine

Procedia PDF Downloads 98

Authors: Da Eun Sung

Abstract:

In today’s world, cyber security has become an important international agenda. As the information age has arrived, the need for cyber defense against cyber attacks is mounting, and the significance of cyber cooperation in the international community is drawing attention. Through the course, international society has agreed that the institutionalization of international norms dealing with cyber space and cyber security is crucial ever. Nevertheless, the West, led by the United States of America, and 'the East', composed of Russia and China, have shown conflicting views on forming international norms and principles which would regulate and ward off the possible threats in cyber space. Thus, the international community hasn’t yet to reach an agreement on cyber security. In other words, the difference between both sides on the approach and understanding of principles, objects, and the definition has rendered such. Firstly, this dissertation will cover the Russia’s perception, strategy, and definition on cyber security through analyzing primary source. Then, it will delve into the two contrasting cyber security strategy between Russia and the US by comparing them. And in the conclusion, it will seek the possible solution for the cooperation in the field of cyber security. It is quite worthwhile to look into Russia’s views, which is the main counterpart to the US in this field, especially when the efforts to institutionalize cyber security by the US-led international community have met with their boundaries, and when the legitimacy of them have been challenged.

Keywords: cyber security, cyber security strategic, international relation in cyberspace, Russia

Procedia PDF Downloads 280

Authors: Kai Jin, Hua Li, Qing Song

Abstract:

Homeland security and border safety is an issue for any country. This paper takes the border security of US as an example to discuss the usage and efficiency of simulation tools in the homeland security application. In this study, available resources and different illegal infiltration parameters are defined, including their individual behavior and objective, in order to develop a model that describes border patrol system. A simulation model is created in Arena. This simulation model is used to study the dynamic activities in the border security. Possible factors that may affect the effectiveness of the border patrol system are proposed. Individual and factorial analysis of these factors is conducted and some suggestions are made.

Keywords: resource optimization, simulation, modeling, border security

Procedia PDF Downloads 488

Authors: Ali Abdrhman M. Ukasha

Abstract:

Data security needed in data transmission, storage, and communication to ensure the security. The single step parallel contour extraction (SSPCE) method is used to create the edge map as a key image from the different Gray level/Binary image. Performing the X-OR operation between the key image and each bit plane of the original image for image pixel values change purpose. The Arnold transform used to changes the locations of image pixels as image scrambling process. Experiments have demonstrated that proposed algorithm can fully encrypt 2D Gary level image and completely reconstructed without any distortion. Also shown that the analyzed algorithm have extremely large security against some attacks like salt & pepper and JPEG compression. Its proof that the Gray level image can be protected with a higher security level. The presented method has easy hardware implementation and suitable for multimedia protection in real time applications such as wireless networks and mobile phone services.

Keywords: SSPCE method, image compression-salt- peppers attacks, bitplanes decomposition, Arnold transform, lossless image encryption

Procedia PDF Downloads 402

Authors: Sukhleen Kaur

Abstract:

In security groundwork, Intrusion Detection System (IDS) has become an important component. The IDS has received increasing attention in recent years. IDS is one of the effective way to detect different kinds of attacks and malicious codes in a network and help us to secure the network. Data mining techniques can be implemented to IDS, which analyses the large amount of data and gives better results. Data mining can contribute to improving intrusion detection by adding a level of focus to anomaly detection. So far the study has been carried out on finding the attacks but this paper detects the malicious files. Some intruders do not attack directly, but they hide some harmful code inside the files or may corrupt those file and attack the system. These files are detected according to some defined parameters which will form two lists of files as normal files and harmful files. After that data mining will be performed. In this paper a hybrid classifier has been used via Naive Bayes and Ripper classification methods. The results show how the uploaded file in the database will be tested against the parameters and then it is characterised as either normal or harmful file and after that the mining is performed. Moreover, when a user tries to mine on harmful file it will generate an exception that mining cannot be made on corrupted or harmful files.

Keywords: data mining, association, classification, clustering, decision tree, intrusion detection system, misuse detection, anomaly detection, naive Bayes, ripper

Procedia PDF Downloads 393

Authors: Jiri F. Urbanek, Jiri Barta, Oldrich Svoboda, Jiri J. Urbanek

Abstract:

The organizations of European and Czech critical infrastructure have specific position, mission, characteristics and behaviour in European Union and Czech state/ business environments, regarding specific requirements for regional and global security environments. They must respect policy of national security and global rules, requirements and standards in all their inherent and outer processes of supply-customer chains and networks. A controlling is generalized capability to have control over situational policy. This paper aims and purposes are to introduce the controlling as quite new necessary process attribute providing for critical infrastructure is environment the capability and profit to achieve its commitment regarding to the effectiveness of the quality management system in meeting customer/ user requirements and also the continual improvement of critical infrastructure organization’s processes overall performance and efficiency, as well as its societal security via continual planning improvement via DYVELOP modelling.

Keywords: added value, DYVELOP, controlling, environments, process approach

Procedia PDF Downloads 387

Authors: Rebecca Zahra, Joseph G. Vella, Ernest Cachia

Abstract:

The notion of cloud computing is rapidly gaining ground in the IT industry and is appealing mostly due to making computing more adaptable and expedient whilst diminishing the total cost of ownership. This paper focuses on the software as a service (SaaS) architecture of cloud computing which is used for the outsourcing of databases with their associated business processes. One approach for offering SaaS is basing the system’s architecture on multi-tenancy. Multi-tenancy allows multiple tenants (users) to make use of the same single application instance. Their requests and configurations might then differ according to specific requirements met through tenant customisation through the software. Despite the known advantages, companies still feel uneasy to opt for the multi-tenancy with data security being a principle concern. The fact that multiple tenants, possibly competitors, would have their data located on the same server process and share the same database tables heighten the fear of unauthorised access. Security is a vital aspect which needs to be considered by application developers, database administrators, data owners and end users. This is further complicated in cloud-based multi-tenant system where boundaries must be established between tenants and additional access control models must be in place to prevent unauthorised cross-tenant access to data. Moreover, when altering the database state, the transactions need to strictly adhere to the tenant’s known business processes. This paper focuses on the fact that security in cloud databases should not be considered as an isolated issue. Rather it should be included in the initial phases of the database design and monitored continuously throughout the whole development process. This paper aims to identify a number of the most common security risks and threats specifically in the area of multi-tenant cloud systems. Issues and bottlenecks relating to security risks in cloud databases are surveyed. Some techniques which might be utilised to overcome them are then listed and evaluated. After a description and evaluation of the main security threats, this paper produces a list of software requirements to ensure that proper security policies are implemented by a software development team when designing and implementing a multi-tenant based SaaS. This would then assist the cloud service providers to define, implement, and manage security policies as per tenant customisation requirements whilst assuring security for the customers’ data.

Keywords: cloud computing, data management, multi-tenancy, requirements, security

Procedia PDF Downloads 131

Authors: Alaa A. Almarzuki, Nora A. Farraj, Aisha M. Alshiky, Omar A. Batarfi

Abstract:

The number of internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for native users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers’ snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user’s browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack successes, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution succeeds in preventing this type of attack.

Keywords: CSRF, CSRF detection extension, attackers, attacks

Procedia PDF Downloads 388

Authors: Hosuk Shin, Young-Hyun Seo, Eunhak Lee, Seung-Young Kho

Abstract:

Currently, in Seoul, users have the privilege to avoid riding crowded buses with the installation of Bus Information System (BIS). BIS has three levels of on-board bus ridership level information (spacious, normal, and crowded). However, there are flaws in the system due to it being real time which could provide incomplete information to the user. For example, a bus comes to the station, and on the BIS it shows that the bus is crowded, but on the stop that the user is waiting many people get off, which would mean that this station the information should show as normal or spacious. To fix this problem, this study predicts the bus ridership level using smart card data to provide more accurate information about the passenger ridership level on the bus. An Artificial Neural Network (ANN) is an interconnected group of nodes, that was created based on the human brain. Forecasting has been one of the major applications of ANN due to the data-driven self-adaptive methods of the algorithm itself. According to the results, the ANN algorithm was stable and robust with somewhat small error ratio, so the results were rational and reasonable.

Keywords: smartcard data, ANN, bus, ridership

Procedia PDF Downloads 144

Authors: Ali A. Ukasha

Abstract:

Data security needed in data transmission, storage, and communication to ensure the security. The single step parallel contour extraction (SSPCE) method is used to create the edge map as a key image from the different Gray level/Binary image. Performing the X-OR operation between the key image and each bit plane of the original image for image pixel values change purpose. The Arnold transform used to changes the locations of image pixels as image scrambling process. Experiments have demonstrated that proposed algorithm can fully encrypt 2D Gary level image and completely reconstructed without any distortion. Also shown that the analyzed algorithm have extremely large security against some attacks like salt & pepper and JPEG compression. Its proof that the Gray level image can be protected with a higher security level. The presented method has easy hardware implementation and suitable for multimedia protection in real time applications such as wireless networks and mobile phone services.

Keywords: SSPCE method, image compression, salt and peppers attacks, bitplanes decomposition, Arnold transform, lossless image encryption

Procedia PDF Downloads 463

Authors: Ambika Prasad Gupta, Harshit Sosan Lakra

Abstract:

Food security is an important issue that has been widely discussed in literature. However, there is a lack of research on the specific food security challenges faced by tribal communities. Tribal food security refers to the ability of indigenous or tribal communities to consistently access and afford an adequate and nutritious supply of food. These communities often have unique cultural, social, and economic contexts that can impact their food security. The study aims to assess the food security status of all thirty-two major tribes, including Particularly Vulnerable Tribal Groups (PVTG) people living in various blocks of Jharkhand State. The methodology of this study focuses on measuring the food security index of indigenous people by developing and redefining a new Tribal Food Security Index (TFSI) as per the indigenous community-level indicators identified by the Global Food Security Index and other indicators relevant to food security. Affordability, availability, quality and safety, and natural resources were the dimensions used to calculate the overall Tribal Food Security Index. A survey was conducted for primary data collection of tribes and PVTGs at the household level in various districts of Jharkhand with a considerable tribal population. The result shows that due to the transition from rural to urban areas, there is a considerable change in TFSI and a decrease in forest dependency of tribal communities. Socioeconomic factors like occupation and household size had a significant correlation with TFSI. Tribal households living in forests have a higher food security index than tribal households residing in urban transition areas. The study also shows that alternative methodology adopted to measure specific community-level food security creates high significant impact than using commonly used indices.

Keywords: indigenous people, tribal food security, particularly vulnerable tribal groups, Jharkhand

Procedia PDF Downloads 44

Authors: Samuel Mwangi, Josephine K. Mule

Abstract:

Access control as a security technique regulates who or what can access resources. It is a fundamental concept in security that minimizes risks to the institutions that use access control. Regulating access to institutions of higher learning is key to ensure only authorized personnel and students are allowed into the institutions. The use of biometrics has been criticized due to the setup and maintenance costs, hygiene concerns, and trepidations regarding data privacy, among other apprehensions. Facial recognition is arguably a fast and accurate way of validating identity in order to guard protected areas. It guarantees that only authorized individuals gain access to secure locations while requiring far less personal information whilst providing an additional layer of security beyond keys, fobs, or identity cards. This exploratory study sought to investigate the use of facial recognition in controlling access in institutions of higher learning in Kenya. The sample population was drawn from both private and public higher learning institutions. The data is based on responses from staff and students. Questionnaires were used for data collection and follow up interviews conducted to understand responses from the questionnaires. 80% of the sampled population indicated that there were many security breaches by unauthorized people, with some resulting in terror attacks. These security breaches were attributed to stolen identity cases, where staff or student identity cards were stolen and used by criminals to access the institutions. These unauthorized accesses have resulted in losses to the institutions, including reputational damages. The findings indicate that security breaches are a major problem in institutions of higher learning in Kenya. Consequently, access control would be beneficial if employed to curb security breaches. We suggest the use of facial recognition technology, given its uniqueness in identifying users and its non-repudiation capabilities.

Keywords: facial recognition, access control, technology, learning

Procedia PDF Downloads 101