Search results for: cybersecurity breaches

Authors: Sreejith Gopinath, Aspen Olmsted

Abstract:

This paper is based on our previous work that proposed a risk-transference-based architecture for healthcare systems to store sensitive data outside the system boundary, rendering the system unattractive to would-be bad actors. This architecture also allows a compromised system to be abandoned and a new system instance spun up in place to ensure business continuity without paying a ransom or engaging with a bad actor. This paper delves into the details of various attacks we simulated against the prototype system. In the paper, we discuss at length the time and computational costs associated with storing and retrieving data in the prototype system, abandoning a compromised system, and setting up a new instance with existing data. Lastly, we simulate some analytical workloads over the data stored in our specialized data storage system and discuss the time and computational costs associated with running analytics over data in a specialized storage system outside the system boundary. In summary, this paper discusses the total costs of data storage, access, and analytics incurred with the proposed architecture.

Keywords: cybersecurity, healthcare, ransomware, resilience, risk transference

Procedia PDF Downloads 132

Authors: Hongmei Chi

Abstract:

The Blockchain has become a necessity for many different societal industries and ordinary lives including cryptocurrency technology, supply chain, health care, public safety, education, etc. Therefore, training our future blockchain developers to know blockchain programming vulnerability and I.T. students' cyber security is in high demand. In this work, we propose a framework including learning modules and hands-on labs to guide future I.T. professionals towards developing secure blockchain programming habits and mitigating source code vulnerabilities at the early stages of the software development lifecycle following the concept of Secure Software Development Life Cycle (SSDLC). In this research, our goal is to make blockchain programmers and I.T. students aware of the vulnerabilities of blockchains. In summary, we develop a framework that will (1) improve students' skills and awareness of blockchain source code vulnerabilities, detection tools, and mitigation techniques (2) integrate concepts of blockchain vulnerabilities for IT students, (3) improve future IT workers’ ability to master the concepts of blockchain attacks.

Keywords: software vulnerability detection, hands-on lab, static analysis tools, vulnerabilities, blockchain, active learning

Procedia PDF Downloads 99

Authors: Abdulrahman Yarali, Machica McClain

Abstract:

In the context of the increasing use of Cyber-Physical Systems (CPS) across critical infrastructure sectors, this paper addresses a crucial and emerging topic: the integration of Identity and Access Management (IAM) with Internet of Things (IoT) devices in Medical Cyber-Physical Systems (MCPS). It underscores the significance of robust IAM solutions in the expanding interconnection of IoT devices in healthcare settings, leveraging AI, ML, DL, Zero Trust Architecture (ZTA), biometric authentication advancements, and blockchain technologies. The paper advocates for the potential benefits of transitioning from traditional, static IAM frameworks to dynamic, adaptive solutions that can effectively counter sophisticated cyber threats, ensure the integrity and reliability of CPS, and significantly bolster the overall security posture. The paper calls for strategic planning, collaboration, and continuous innovation to harness these benefits. By emphasizing the importance of securing CPS against evolving threats, this research contributes to the ongoing discourse on cybersecurity and advocates for a collaborative approach to foster innovation and enhance the resilience of critical infrastructure in the digital era.

Keywords: CPS, IAM, IoT, AI, ML, authentication, models, policies, healthcare

Procedia PDF Downloads 22

Authors: Andre Slonopas, Zona Kostic, Warren Thompson

Abstract:

Obfuscation is one of the most useful tools to prevent network compromise. Previous research focused on the obfuscation of the network communications between external-facing edge devices. This work proposes the use of two edge devices, external and internal facing, which communicate via private IPv4 addresses in a software-defined pseudo-random IP hopping. This methodology does not require additional IP addresses and/or resources to implement. Statistical analyses demonstrate that the hopping surface must be at least 1e3 IP addresses in size with a broad standard deviation to minimize the possibility of coincidence of monitored and communication IPs. The probability of breaking the hopping algorithm requires a collection of at least 1e6 samples, which for large hopping surfaces will take years to collect. The probability of dropped packets is controlled via memory buffers and the frequency of hops and can be reduced to levels acceptable for video streaming. This methodology provides an impenetrable layer of security ideal for information and supervisory control and data acquisition systems.

Keywords: moving target defense, cybersecurity, network security, hopping randomization, software defined network, network security theory

Procedia PDF Downloads 185

Authors: Mustafa Elfituri, Jonathan Cook

Abstract:

Recently, graph-based computations have become more important in large-scale scientific computing as they can provide a methodology to model many types of relations between independent objects. They are being actively used in fields as varied as biology, social networks, cybersecurity, and computer networks. At the same time, graph problems have some properties such as irregularity and poor locality that make their performance different than regular applications performance. Therefore, parallelizing graph algorithms is a hard and challenging task. Initial evidence is that standard computer architectures do not perform very well on graph algorithms. Little is known exactly what causes this. The Graph500 benchmark is a representative application for parallel graph-based computations, which have highly irregular data access and are driven more by traversing connected data than by computation. In this paper, we present results from analyzing the performance of various example implementations of Graph500, including a shared memory (OpenMP) version, a distributed (MPI) version, and a hybrid version. We measured and analyzed all the factors that affect its performance in order to identify possible changes that would improve its performance. Results are discussed in relation to what factors contribute to performance degradation.

Keywords: graph computation, graph500 benchmark, parallel architectures, parallel programming, workload characterization.

Procedia PDF Downloads 147

Authors: Agastya Pratap Singh

Abstract:

Generative Adversarial Networks (GANs) have emerged as powerful tools in the fields of image recognition and anomaly detection due to their ability to model complex data distributions and generate realistic images. This systematic review explores recent advancements and applications of GANs in both image recognition and anomaly detection tasks. We discuss various GAN architectures, such as DCGAN, CycleGAN, and StyleGAN, which have been tailored to improve accuracy, robustness, and efficiency in visual data analysis. In image recognition, GANs have been used to enhance data augmentation, improve classification models, and generate high-quality synthetic images. In anomaly detection, GANs have proven effective in identifying rare and subtle abnormalities across various domains, including medical imaging, cybersecurity, and industrial inspection. The review also highlights the challenges and limitations associated with GAN-based methods, such as instability during training and mode collapse, and suggests future research directions to overcome these issues. Through this review, we aim to provide researchers with a comprehensive understanding of the capabilities and potential of GANs in transforming image recognition and anomaly detection practices.

Keywords: generative adversarial networks, image recognition, anomaly detection, DCGAN, CycleGAN, StyleGAN, data augmentation

Procedia PDF Downloads 20

Authors: Sarah K. Taylor, Miratun M. Saharuddin, Zabri A. Talib

Abstract:

Cybercrime is on the rise, and yet many Law Enforcement Agencies (LEAs) in Malaysia have no Digital Forensics Laboratory (DFL) to assist them in the attrition and analysis of digital evidence. From the estimated number of 30 LEAs in Malaysia, sadly, only eight of them owned a DFL. All of the DFLs are concentrated in the capital of Malaysia and none at the state level. LEAs are still depending on the national DFL (CyberSecurity Malaysia) even for simple and straightforward cases. A survey was conducted among LEAs in Malaysia owning a DFL to understand their history of establishing the DFL, the challenges that they faced and the significance of the DFL to their case investigation. The results showed that the while some LEAs faced no challenge in establishing a DFL, some of them took seven to 10 years to do so. The reason was due to the difficulty in convincing their management because of the high costs involved. The results also revealed that with the establishment of a DFL, LEAs were better able to get faster forensic result and to meet agency’s timeline expectation. It is also found that LEAs were also able to get more meaningful forensic results on cases that require niche expertise, compared to sending off cases to the national DFL. Other than that, cases are getting more complex, and hence, a continuous stream of budget for equipment and training is inevitable. The result derived from the study is hoped to be used by other LEAs in justifying to their management the benefits of establishing an in-house DFL.

Keywords: digital evidence, digital forensics, digital forensics laboratory, law enforcement agency

Procedia PDF Downloads 176

Authors: Sharon Q. Yang, Robert J. Congleton

Abstract:

Information security is a broad concept that covers any issues and concerns about the proper access and use of information on the Internet, including measures and procedures to protect intellectual property and private data from illegal access and online theft; the act of hacking; and any defensive technologies that contest such cybercrimes. As more research and commercial activities are conducted online, cybercrimes have increased significantly, putting sensitive information at risk. Information security has become critically important for organizations and private citizens alike. Hackers scan for network vulnerabilities on the Internet and steal data whenever they can. Cybercrimes disrupt our daily life, cause financial losses, and instigate fear in the public. Since the start of the pandemic, most data related cybercrimes targets have been either financial or health information from companies and organizations. Libraries also should have a high interest in understanding and adopting information security methods to protect their patron data and copyrighted materials. But according to information security professionals, higher education and cultural organizations, including their libraries, are the least prepared entities for cyberattacks. One recent example is that of Steven’s Institute of Technology in New Jersey in the US, which had its network hacked in 2020, with the hackers demanding a ransom. As a result, the network of the college was down for two months, causing serious financial loss. There are other cases where libraries, colleges, and universities have been targeted for data breaches. In order to build an effective defense, we need to understand the most common types of cybercrimes, including phishing, whaling, social engineering, distributed denial of service (DDoS) attacks, malware and ransomware, and hacker profiles. Our research will focus on each hacking technique and related defense measures; and the social background and reasons/purpose of hacker and hacking. Our research shows that hacking techniques will continue to evolve as new applications, housing information, and data on the Internet continue to be developed. Some cybercrimes can be stopped with effective measures, while others present challenges. It is vital that people understand what they face and the consequences when not prepared.

Keywords: cybercrimes, hacking technologies, higher education, information security, libraries

Procedia PDF Downloads 134

Authors: Paloma Mendes Saldanha

Abstract:

Access to information is a prerequisite for democracy while also guiding the material construction of fundamental rights. The exercise of citizenship requires knowing, understanding, questioning, advocating for, and securing rights and responsibilities. In other words, it goes beyond mere active electoral participation and materializes through awareness and the struggle for rights and responsibilities in the various spaces occupied by the population in their daily lives. In times of hyper-cultural connectivity, active citizenship is shaped through ethical trust processes, most often established between humans and algorithms. Automated decisions, so prevalent in various everyday situations, such as purchase preference predictions, virtual voice assistants, reduction of accidents in autonomous vehicles, content removal, resume selection, etc., have already found their place as a normalized discourse that sometimes does not reveal or make clear what violations of fundamental rights may occur when algorithmic explainability is lacking. In other words, technological and market development promotes a normalization for the use of automated decisions while silencing possible restrictions and/or breaches of rights through a culturally modeled, unethical, and unexplained trust process, which hinders the possibility of the right to a healthy, transparent, and complete exercise of citizenship. In this context, the article aims to identify the violations caused by the absence of algorithmic explainability in the exercise of citizenship through the construction of an unethical and silent trust process between humans and algorithms in automated decisions. As a result, it is expected to find violations of constitutionally protected rights such as privacy, data protection, and transparency, as well as the stipulation of algorithmic explainability as a fundamental right in the exercise of Brazilian citizenship in the era of virtualization, facing a threefold foundation called trust: culture, rules, and systems. To do so, the author will use a bibliographic review in the legal and information technology fields, as well as the analysis of legal and official documents, including national documents such as the Brazilian Federal Constitution, as well as international guidelines and resolutions that address the topic in a specific and necessary manner for appropriate regulation based on a sustainable trust process for a hyperconnected world.

Keywords: artificial intelligence, ethics, citizenship, trust

Procedia PDF Downloads 64

Authors: Sivakumar Kottapalli, Abdesselam Abdelouas, Christoph Hartnack

Abstract:

Spent nuclear fuel generates a mixed field of ionizing radiation to the water. This radiation field is generally dominated by gamma rays and a limited flux of fast neutrons. The fuel cladding effectively attenuates beta and alpha particle radiation. Small fraction of the spent nuclear fuel exhibits some degree of fuel cladding penetration due to pitting corrosion and mechanical failure. Breaches in the fuel cladding allow the exposure of small volumes of water in the cask to alpha and beta ionizing radiation. The safety of the transport of radioactive material is assured by the package complying with the IAEA Requirements for the Safe Transport of Radioactive Material SSR-6. It is of high interest to avoid generation of hydrogen inside the cavity which may to an explosive mixture. The risk of hydrogen production along with other radiation gases should be analyzed for a typical spent fuel for safety issues. This work aims to perform a realistic study of the production of hydrogen by radiolysis assuming most penalizing initial conditions. It consists in the calculation of the radionuclide inventory of a pellet taking into account the burn up and decays. Westinghouse 17X17 PWR fuel has been chosen and data has been analyzed for different sets of enrichment, burnup, cycles of irradiation and storage conditions. The inventory is calculated as the entry point for the simulation studies of hydrogen production by radiolysis kinetic models by MAKSIMA-CHEMIST. Dose rates decrease strongly within ~45 μm from the fuel surface towards the solution(water) in case of alpha radiation, while the dose rate decrease is lower in case of beta and even slower in case of gamma radiation. Calculations are carried out to obtain spectra as a function of time. Radiation dose rate profiles are taken as the input data for the iterative calculations. Hydrogen yield has been found to be around 0.02 mol/L. Calculations have been performed for a realistic scenario considering a capsule containing the spent fuel rod. Thus, hydrogen yield has been debated. Experiments are under progress to validate the hydrogen production rate using cyclotron at > 5MeV (at ARRONAX, Nantes).

Keywords: radiolysis, spent fuel, hydrogen, cyclotron

Procedia PDF Downloads 521

Authors: Awad A. Younis, Elise Stronberg, Shifa Noor

Abstract:

Malware attacks due to end-user vulnerabilities have been noticeably increased in the past few years. Investigating the factors that make an end-user vulnerable to those attacks is critical because they can be utilized to set up proactive strategies such as awareness and education to mitigate the impacts of those attacks. Some existing studies investigated demographic, behavioral, and cultural factors that make an end-user susceptible to malware attacks. However, it has been challenging to draw more general conclusions from individual studies due to the varieties in the type of end-users and different types of malware. Therefore, we conducted a systematic literature review (SLR) of the existing research for end-user susceptibility factors to malware attacks. The results showed while some demographic factors are mostly associated with malware infection regardless of the end users' type, age, and gender are not consistent among the same and different types of end-users. Besides, the association of culture and personality factors with malware infection are consistent in most of the selected studies and for all type of end-users. Moreover, malware infection varies based on age, geographic location, and host types. We propose that future studies should carefully take into consideration the type of end-users because different end users may be exposed to different threats or be targeted based on their user domains’ characteristics. Additionally, as different types of malware use different tactics to trick end-users, taking the malware types into consideration is important.

Keywords: cybersecurity, malware, end-users, demographics, personality, culture, systematic literature review

Procedia PDF Downloads 230

Authors: Shreya Goyal

Abstract:

The study aims to build user-friendly software to understand patient arrival patterns and compute the number of potential patients who will visit a particular health facility for a given period by using a machine learning algorithm. The underlying machine learning algorithm used in this study is the Support Vector Machine (SVM). Accurate prediction of patient arrival allows hospitals to operate more effectively, providing timely and efficient care while optimizing resources and improving patient experience. It allows for better allocation of staff, equipment, and other resources. If there's a projected surge in patients, additional staff or resources can be allocated to handle the influx, preventing bottlenecks or delays in care. Understanding patient arrival patterns can also help streamline processes to minimize waiting times for patients and ensure timely access to care for patients in need. Another big advantage of using this software is adhering to strict data protection regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States as the hospital will not have to share the data with any third party or upload it to the cloud because the software can read data locally from the machine. The data needs to be arranged in. a particular format and the software will be able to read the data and provide meaningful output. Using software that operates locally can facilitate compliance with these regulations by minimizing data exposure. Keeping patient data within the hospital's local systems reduces the risk of unauthorized access or breaches associated with transmitting data over networks or storing it in external servers. This can help maintain the confidentiality and integrity of sensitive patient information. Historical patient data is used in this study. The input variables used to train the model include patient age, time of day, day of the week, seasonal variations, and local events. The algorithm uses a Supervised learning method to optimize the objective function and find the global minima. The algorithm stores the values of the local minima after each iteration and at the end compares all the local minima to find the global minima. The strength of this study is the transfer function used to calculate the number of patients. The model has an output accuracy of >95%. The method proposed in this study could be used for better management planning of personnel and medical resources.

Keywords: machine learning, SVM, HIPAA, data

Procedia PDF Downloads 65

Authors: Katie Wood

Abstract:

Cyber criminals are constantly on the lookout for new opportunities to exploit organisation and cause destruction. This could lead to significant cause of economic loss for organisations in the form of destruction in finances, reputation and even the overall survival of the organization. Additionally, this leads to serious consequences on national security. The threat of possible cyber attacks places further pressure on organisations to ensure they are secure, at a time where international scale cyber attacks have occurred in a range of sectors. Stakeholders are wanting confidence that their data is protected. This is only achievable if a business fosters a resilient supply chain strategy which is implemented throughout its supply chain by having a strong cyber leadership culture. This paper will discuss the essential role and need for organisations to adopt a cyber leadership culture and direction to learn about own internal processes to ensure mitigating systemic vulnerability of its supply chains. This paper outlines that to protect national security there is an urgent need for cyber awareness culture change. This is required in all organisations, regardless of their sector or size, to implementation throughout the whole supplier chain to support and protect economic prosperity to make the UK more resilient to cyber-attacks. Through businesses understanding the supply chain and risk management cycle of their own operates has to be the starting point to ensure effective cyber migration strategies.

Keywords: cyber leadership, cyber migration strategies, resilient supply chain strategy, cybersecurity

Procedia PDF Downloads 242

Authors: Zhiyan Meng, Dan Liu, Jintao Meng

Abstract:

Dependable encrypted traffic classification is crucial for improving cybersecurity and handling the growing amount of data. Large language models have shown that learning from large datasets can be effective, making pre-trained methods for encrypted traffic classification popular. However, attention-based pre-trained methods face two main issues: their large neural parameters are not suitable for low-computation environments like mobile devices and real-time applications, and they often overfit by getting stuck in local minima. To address these issues, we developed a lightweight transformer model, which reduces the computational parameters through lightweight vocabulary construction and Squeeze-and-Excitation Block. We use sharpness-aware optimization to avoid local minima during pre-training and capture temporal features with relative positional embeddings. Our approach keeps the model's classification accuracy high for downstream tasks. We conducted experiments on four datasets -USTC-TFC2016, VPN 2016, Tor 2016, and CICIOT 2022. Even with fewer than 18 million parameters, our method achieves classification results similar to methods with ten times as many parameters.

Keywords: sharpness-aware optimization, encrypted traffic classification, squeeze-and-excitation block, pretrained model

Procedia PDF Downloads 30

Authors: Md. Mustakimur Rahman

Abstract:

On the one hand, while dealing with temporally distant international crimes (TDICs), prosecutors are likely to encounter many defendants suffering from severe physical or mental disorders. The concept of a defendant's "fitness," on the other hand, is based on the notion that an alleged perpetrator must be protected from a conviction resulting from a lack of participation or competence in making proper judgments. As a result, if a defendant is temporarily or permanently mentally ill, going through a formal criminal trial may be highly unlikely. TheExtraordinary Chambers in the Courts of Cambodia(ECCC), for example, arrested and tried IengThirth for crimes against humanity, grave breaches of the 1949 Geneva Conventions, and genocide. Still, the Trial Chamber found her incompetent to stand trial and released her in 2011. Although the prosecution had a lot of evidence against her, she was free from prosecution. It suggests that alleged war criminals may be granted immunity due to their unfitness, implying that unfitness is a hurdle to combating impunity. Given the absence of a formal criminal trial, international criminal law (ICL) should take steps to address this issue. ICL, according to Mark A. Drumbl, has yet to develop its penology; hence it borrows penological rationales from domestic criminal law. For example, international crimes tribunals such as the Nuremberg Tribunal and the Tokyo Tribunal, ad hoc tribunals have used retribution, utilitarianism, and rehabilitation as punishment justifications. On the other hand, like in the case of IengThirth, a criminal trial may not always be feasible. As a result, instead of allowing impunity, this paper proposes informal trials. This paper, for example, suggests two approaches to dealing with unfit defendants: 1) trial without punishment and 2) punishment without trial. Trial without punishment is a unique method of expressing condemnation without incarceration. "Expressivism has a broader basis than communication of punishment and sentencing," says Antony Duff. According to Drumbl, we can untangle our understanding of punishment from "the iconic preference for jailhouses" to include a larger spectrum of non-incarcerative measures like "recrimination, shame, consequence, and sanction." Non-incarcerative measures allow offenders to be punished without going through a formal criminal trial. This strategy denotes accountability for unlawful behavior. This research concludes that in many circumstances, prosecuting elderly war crimes suspects is difficult or unfeasible, but their age or illness should not be grounds for impunity. They should be accountable for their heinous activities through criminal trials or other mechanisms.

Keywords: international criminal law, international criminal punishment, international crimes tribunal, temporally distant international crimes

Procedia PDF Downloads 81

Authors: Shalini Shawari Matharage

Abstract:

The worldwide refugee challenge has arisen as a critical concern, with millions of individuals fleeing their home countries owing to conflict, persecution, and human rights violations. Since the establishment of an international framework in 1951 for tackling the humanitarian needs of refugees and asylum seekers, many developed and developing countries have adopted a refugee admittance framework into their national immigration policy and steadily changed their domestic legislation to assist the resettlement of refugees. However, many developed nations have put forth strict limitations on refugee admission in the midst of the continuing refugee crisis, claiming factors including national sovereignty, security of their borders, and national economy. Two such developed nations that have been restrictive on refugees is Japan and the United Kingdom. Despite their contrasting histories, migration methods, and viewpoints on diversity in modern society, the two notably developed nations have taken similar restrictive approaches in refugee policy in the recent years. This study attempts to investigate the underlying causes that led these countries to adopt strict refugee policies and how those policies have affected their compliance with international human rights responsibilities. The study employs a head-to-head methodology to examine the structural inequities in Japan and the United Kingdom's refugee policies. Using data from the UNHCR Refugee Data Finder, official government policy proposals, statements, and academic works, the study evaluates the contemporary refugee legislations, fundamental causes, and subsequent implications. The study illustrates a combination of economic, security, and demographic issues, as well as political rigidity and negative public perceptions, as major determinants of the two countries' restrictive refugee policies. The findings shed light on the restrictive actions taken by Japan and the UK, raising concerns about potential breaches in obligations to their commitments to international law and human rights obligations. Understanding the underlying issues influencing these policies allows lawmakers and activists to establish more compassionate refugee policies that adhere to international human rights and protect vulnerable individuals fleeing persecution. Ultimately, this study aims to contribute to the development of sensible refugee policies that uphold human rights and humanitarian values.

Keywords: immigration, Japan, refugee policy, united kingdom

Procedia PDF Downloads 72

Authors: Abdal-Hafeez Alhussein

Abstract:

Artificial Intelligence (AI) has become a transformative force in the field of information technologies, reshaping how data is processed, analyzed, and utilized across various domains. This paper explores the multifaceted applications of AI within information technology, focusing on three key areas: automation, scalability, and data-driven decision-making. We delve into how AI-powered automation is optimizing operational efficiency in IT infrastructures, from automated network management to self-healing systems that reduce downtime and enhance performance. Scalability, another critical aspect, is addressed through AI’s role in cloud computing and distributed systems, enabling the seamless handling of increasing data loads and user demands. Additionally, the paper highlights the use of AI in cybersecurity, where real-time threat detection and adaptive response mechanisms significantly improve resilience against sophisticated cyberattacks. In the realm of data analytics, AI models—especially machine learning and natural language processing—are driving innovation by enabling more precise predictions, automated insights extraction, and enhanced user experiences. The paper concludes with a discussion on the ethical implications of AI in information technologies, underscoring the importance of transparency, fairness, and responsible AI use. It also offers insights into future trends, emphasizing the potential of AI to further revolutionize the IT landscape by integrating with emerging technologies like quantum computing and IoT.

Keywords: artificial intelligence, information technology, automation, scalability

Procedia PDF Downloads 17

Authors: Bisola Stella Sonde

Abstract:

Digital innovation has emerged as a pivotal driver of business transformation in the contemporary landscape. This case study research explores the dynamic interplay between digital innovation and the profound metamorphosis of businesses across industries. It delves into the multifaceted dimensions of digital innovation, elucidating its impact on organizational structures, customer experiences, and operational paradigms. The study investigates real-world instances of businesses harnessing digital technologies to enhance their competitiveness, agility, and sustainability. It scrutinizes the strategic adoption of digital platforms, data analytics, artificial intelligence, and emerging technologies as catalysts for transformative change. The cases encompass a diverse spectrum of industries, spanning from traditional enterprises to disruptive startups, offering insights into the universal relevance of digital innovation. Moreover, the research scrutinizes the challenges and opportunities posed by the digital era, shedding light on the intricacies of managing cultural shifts, data privacy, and cybersecurity concerns in the pursuit of innovation. It unveils the strategies that organizations employ to adapt, thrive, and lead in the era of digital disruption. In summary, this case study research underscores the imperative of embracing digital innovation as a cornerstone of business transformation. It offers a comprehensive exploration of the contemporary digital landscape, offering valuable lessons for organizations striving to navigate the ever-evolving terrain of the digital age.

Keywords: business transformation, digital innovation, emerging technologies, organizational structures

Procedia PDF Downloads 60

Authors: Muhammad Muhammad Suleiman

Abstract:

The Nigerian political system has witnessed rising occurrences of election malpractice in the last decade. This has been due to election rigging and other forms of electoral fraud. In order to find a sustainable solution to this malpractice, the introduction of electronic voting (e-voting) has been suggested. This paper reviews the challenges, benefits, and issues associated with e-voting as a panacea for election malpractice in Nigeria. The review of existing literature revealed that e-voting can reduce the cost of conducting elections and reduce the opportunity for electoral fraud. The review suggests that the introduction of e-voting in the Nigerian political system would require adequate cybersecurity measures, trust-building initiatives, and proper legal frameworks to ensure its successful implementation. It is recommended that there should be an effective policy that would ensure the security of the system as well as the credibility of the results. Furthermore, a comprehensive awareness campaign needs to be conducted to ensure that voters understand the process and are comfortable using the system. In conclusion, e-voting has the potential to reduce the occurrence of election malpractice in the Nigerian political system. However, the successful implementation of e-voting will require effective policy interventions and trust-building initiatives. Additionally, the costs of acquiring the necessary infrastructure and equipment and implementing proper legal frameworks need to be considered.

Keywords: electronic voting, general election, candidate, INEC, cyberattack

Procedia PDF Downloads 104

Authors: Kenneth Harper

Abstract:

The secure sharing of Electronic Health Records (EHRs) is a critical challenge in modern healthcare, demanding solutions to enhance interoperability, privacy, and data integrity. Traditional standards like Health Information Exchange (HIE) and HL7 have made significant strides in facilitating data exchange between healthcare entities. However, these approaches rely on centralized architectures that are often vulnerable to data breaches, lack sufficient privacy measures, and have scalability issues. This paper proposes a framework for secure, decentralized sharing of EHRs using blockchain technology, cryptographic tokens, and Non-Fungible Tokens (NFTs). The blockchain's immutable ledger, decentralized control, and inherent security mechanisms are leveraged to improve transparency, accountability, and auditability in healthcare data exchanges. Furthermore, we introduce the concept of tokenizing patient data through NFTs, creating unique digital identifiers for each record, which allows for granular data access controls and proof of data ownership. These NFTs can also be employed to grant access to authorized parties, establishing a secure and transparent data sharing model that empowers both healthcare providers and patients. The proposed approach addresses common privacy concerns by employing privacy-preserving techniques such as zero-knowledge proofs (ZKPs) and homomorphic encryption to ensure that sensitive patient information can be shared without exposing the actual content of the data. This ensures compliance with regulations like HIPAA and GDPR. Additionally, the integration of Fast Healthcare Interoperability Resources (FHIR) with blockchain technology allows for enhanced interoperability, enabling healthcare organizations to exchange data seamlessly and securely across various systems while maintaining data governance and regulatory compliance. Through real-world case studies and simulations, this paper demonstrates how blockchain-based EHR sharing can reduce operational costs, improve patient outcomes, and enhance the security and privacy of healthcare data. This decentralized framework holds great potential for revolutionizing healthcare information exchange, providing a transparent, scalable, and secure method for managing patient data in a highly regulated environment.

Keywords: blockchain, electronic health records (ehrs), fast healthcare interoperability resources (fhir), health information exchange (hie), hl7, interoperability, non-fungible tokens (nfts), privacy-preserving techniques, tokens, secure data sharing,

Procedia PDF Downloads 22

Authors: Pubudu K. Hitigala Kaluarachchilage, Champike Attanayake, Sasith Rajasooriya, Chris P. Tsokos

Abstract:

Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occurring. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux are assessed for their discovered vulnerabilities and the risk associated with each. Each discovered and reported vulnerability has an exploitability score assigned in CVSS score of the national vulnerability database. In this study the risk from vulnerabilities in each of the five Operating Systems is compared. Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability. Statistical methodology and underlying mathematical approach is described. Initially, parametric procedures are conducted and measured. There were, however, violations of some statistical assumptions observed. Therefore the need for non-parametric approaches was recognized. 6838 vulnerabilities recorded were considered in the analysis. According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk levels for some operating systems, indicating that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant test results revealing a statistically significant difference in the Risk levels of different OSs are presented.

Keywords: cybersecurity, Markov chain, non-parametric analysis, vulnerability, operating system

Procedia PDF Downloads 183

Authors: Papathanasiou Anastasios, Liontos George, Liagkou Vasiliki, Glavas Euripides

Abstract:

The purpose of this paper is to describe the growing problem of various cyber fraud schemes that exist on the internet and are currently among the most prevalent. The main focus of this paper is to provide a detailed description of the modus operandi, tools, and techniques utilized in four basic typologies of cyber frauds: Business Email Compromise (BEC) attacks, investment fraud, romance scams, and online sales fraud. The paper aims to shed light on the methods employed by cybercriminals in perpetrating these types of fraud, as well as the strategies they use to deceive and victimize individuals and businesses on the internet. Furthermore, this study outlines defense strategies intended to tackle the issue head-on, with a particular emphasis on the crucial role played by European Legislation. European legislation has proactively adapted to the evolving landscape of cyber fraud, striving to enhance cybersecurity awareness, bolster user education, and implement advanced technical controls to mitigate associated risks. The paper evaluates the advantages and innovations brought about by the European Legislation while also acknowledging potential flaws that cybercriminals might exploit. As a result, recommendations for refining the legislation are offered in this study in order to better address this pressing issue.

Keywords: business email compromise, cybercrime, European legislation, investment fraud, NIS, online sales fraud, romance scams

Procedia PDF Downloads 98

Authors: M. A. H. Barry

Abstract:

The concept of Good faith (husn al-niyyah) and fair-dealing (Nadl) are the fundamental guiding elements in all contracts and other agreements under Islamic law. The preaching of Al-Quran and Prophet Muhammad’s (Peace Be upon Him) firmly command people to act in good faith in all dealings. There are several Quran verses and the Prophet’s saying which stressed the significance of dealing honestly and fairly in all transactions. Under the English law, the good faith is not considered a fundamental requirement for the formation of a legal contract. However, the concept of Good Faith in private contracts is recognized by the civil law system and in Article 7(1) of the Convention on International Sale of Goods (CISG-Vienna Convention-1980). It took several centuries for the international trading community to recognize the significance of the concept of good faith for the international sale of goods transactions. Nevertheless, the recognition of good faith in Civil law is only confined for the commercial contracts. Subsequently to the CISG, this concept has made inroads into the private international law. There are submissions in favour of applying the good faith concept to public international law based on tacit recognition by the international conventions and International Tribunals. However, under public international law the concept of good faith is not recognized as a source of rights or obligations. This weakens the spirit of the good faith concept, particularly when determining the international disputes. This also creates a fundamental flaw because the absence of good faith application means the breaches tainted by bad faith are tolerated. The objective of this research is to evaluate, examine and analyze the application of the concept of good faith in the modern laws and identify its limitation, in comparison with Islamic concept of good faith. This paper also identifies the problems and issues connected with the non-application of this concept to public international law. This research consists of three key components (1) the preliminary inquiry (2) subject analysis and discovery of research results, and (3) examining the challenging problems, and concluding with proposals. The preliminary inquiry is based on both the primary and secondary sources. The same sources are used for the subject analysis. This research also has both inductive and deductive features. The Islamic concept of good faith covers all situations and circumstances where the bad faith causes unfairness to the affected parties, especially the weak parties. Under the Islamic law, the concept of good faith is a source of rights and obligations as Islam prohibits any person committing wrongful or delinquent acts in any dealing whether in a private or public life. This rule is applicable not only for individuals but also for institutions, states, and international organizations. This paper explains how the unfairness is caused by non-recognition of the good faith concept as a source of rights or obligations under public international law and provides legal and non-legal reasons to show why the Islamic formulation is important.

Keywords: good faith, the civil law system, the Islamic concept, public international law

Procedia PDF Downloads 148

Authors: Saska Alexandria Hayes

Abstract:

Multiple Convention Refugees in New Zealand are stuck in a state of immigration limbo due to a lack of defined immigration policies. The Refugee Convention of 1951 does not give the right to be issued a permanent right to live and work in the country of asylum. A gap in New Zealand's immigration law and policy has left Convention Refugees without the right to obtain a resident or temporary entry visa. The significant lack of literature on this topic suggests that the lack of visa options for Convention Refugees in New Zealand is a widely unknown or unacknowledged issue. Refugees in New Zealand enjoy the right of non-refoulement contained in Article 33 of the Refugee Convention 1951, whether lawful or unlawful. However, a number of rights contained in the Refugee Convention 1951, such as the right to gainful employment and social security, are limited to refugees who maintain lawful immigration status. If a Convention Refugee is denied a resident visa, the only temporary entry visa a Convention Refugee can apply for in New Zealand is discretionary. The appeal cases heard at the Immigration Protection Tribunal establish that Immigration New Zealand has declined resident and discretionary temporary entry visa applications by Convention Refugees for failing to meet the health or character immigration instructions. The inability of a Convention Refugee to gain residency in New Zealand creates a dependence on the issue of discretionary temporary entry visas to maintain lawful status. The appeal cases record that this reliance has led to Convention Refugees' lawful immigration status being in question, temporarily depriving them of the rights contained in the Refugee Convention 1951 of lawful refugees. In one case, the process of applying for a discretionary temporary entry visa led to a lawful Convention Refugee being temporarily deprived of the right to social security, breaching Article 24 of the Refugee Convention 1951. The judiciary has stated a constant reliance on the issue of discretionary temporary entry visas for Convention Refugees can lead to a breach of New Zealand's international obligations under Article 7 of the International Covenant on Civil and Political Rights. The appeal cases suggest that, despite successful judicial proceedings, at least three persons have been made to rely on the issue of discretionary temporary entry visas potentially indefinitely. The appeal cases establish that a Convention Refugee can be denied a discretionary temporary entry visa and become unlawful. Unlawful status could ultimately breach New Zealand's obligations under Article 33 of the Refugee Convention 1951 as it would procedurally deny Convention Refugees asylum. It would force them to choose between the right of non-refoulement or leaving New Zealand to seek the ability to access all the human rights contained in the Universal Declaration of Human Rights elsewhere. This paper discusses how the current system has given rise to these breaches and emphasizes a need to create a designated temporary entry visa category for Convention Refugees.

Keywords: domestic policy, immigration, migration, New Zealand

Procedia PDF Downloads 102

Authors: Agbana Olaseinde Julius, Opadere Olaolu Stephen

Abstract:

The concept of cross carpeting is as old as politics itself. Basically, it entails an individual leaving a political party/group, to join another. The reasons for which cross carpeting is embarked upon are diverse: ideological differences; ethnic and/or religious differences; access to actual or perceived better political opportunities; liberty of association; rancor; etc. The current democratic dispensation in Nigeria has experienced renewed and rather alarming rate of cross carpeting, for reasons including those enumerated above and others. Right to cross carpet is inherent in a democratic setting as well as the political stakeholder; so does it also comprise of the constitutional right of ‘freedom of association’. However, the current species of cross carpeting in Nigeria requires scrutiny, in view of some potential legal and moral challenges it poses for both the present and the future. Cross carpeting is considered both legal and constitutional, but the current spate raises the question of expediency, particularly in a nascent democracy. It is considered to have a propensity of negatively impacting political stability in a polity with fragile nerves. Importantly too, cross carpeting is considered a potential damage to the psyche of posterity with regards to a warped disposition to promises, honour and integrity. The perceived peculiar dimension of cross carpeting in Nigeria raises questions on the quality of leadership presently obtainable in the country, vis-à-vis greed, self-centeredness, disregard for the concern and interest of avowed followers/fans, entrenchment of distrust, etc. Thus, the study made use of primary and secondary sources of information. The primary sources included the Constitutions of the Federal Republic of Nigeria 1999 (as amended); judicial decisions; and the Electoral Act, 2010 (as Amended). The secondary sources comprised of information from books, journals, newspapers, magazines and Internet documents. Data obtained from these sources were subjected to content analysis. Findings of this study show that though the act of cross carpeting may not be in breach of any Statute or Law, it however, in most cases, breaches the morals of expediency. The morality thereof is far from justifiable, and should be condemned in the interest of the present and posterity. There is a great and urgent need to embark on a re-entrenchment of the culture of political ideology in the Nigerian polity, as obtainable in developed democracies. In conclusion, the need to exercise the right of cross carpeting with caution cannot be overemphasized. Membership of a political group/party should be backed by commitment to well defined ideologies and values. Commitment to them should be regarded akin to that found in the family, which is not easily or flippantly jettisoned.

Keywords: cross-carpeting, Nigeria, legal, moral issues, politics

Procedia PDF Downloads 447

Authors: Rafat Rob, Khaled Alotaibi, Dana Nour, Abdullah Albadrani, Abdulmohsen Mulhim

Abstract:

Power systems digitization solutions provides a comprehensive smart, cohesive, interconnected network, extensive connectivity between digital assets, physical power plants, and resources to form digital economies. However, digitization has exposed the classical air gapped power plants to the rapid spread of cyber threats and attacks in the process delaying and forcing many organizations to rethink their cyber security policies and standards before they can augment their operation the new advanced digital devices. Cyber Security requirements for power systems (and industry control systems therein) demand a new approach, unique methodology, and design process that is completely different to Cyber Security measures designed for the IT systems. In practice, Cyber Security strategy, as applied to power systems, tends to be closely aligned to those measures applied for IT system purposes. The differentiator for Cyber Security in terms of power systems are the physical assets and applications used, alongside the ever-growing rate of expansion within the industry controls sector (in comparison to the relatively saturated growth observed for corporate IT systems). These factors increase the magnitude of the cyber security risk within such systems. The introduction of smart devices and sensors along the grid initiate vulnerable entry points to the systems. Every installed Smart Meter is a target; the way these devices communicate with each other may instigate a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack. Attacking one sensor or meter has the potential to propagate itself throughout the power grid reaching the IT network, where it may manifest itself as a malware infiltration.

Keywords: supply chain, cybersecurity, maturity model, risk, smart grid

Procedia PDF Downloads 114

Authors: Xiaoyuan Suo

Abstract:

3D object reconstruction is a broad research area within the computer vision field involving many stages and still open problems. One of the existing challenges in this field lies with micromotion, such as the facial expressions on the appearance of the human or animal face. Similar literatures in this field focuses on 3D reconstruction in stable conditions such as an existing image or photos taken in a rather static environment, while the purpose of this work is to discuss a flexible scan system using multiple cameras that can correctly reconstruct 3D stable and moving objects -- human face with expression in particular. Further, a mathematical model is proposed at the end of this literature to automate the 3D object reconstruction process. The reconstruction process takes several stages. Firstly, a set of simple 2D lines would be projected onto the object and hence a set of uneven curvy lines can be obtained, which represents the 3D numerical data of the surface. The lines and their shapes will help to identify object’s 3D construction in pixels. With the two-recorded angles and their distance from the camera, a simple mathematical calculation would give the resulting coordinate of each projected line in an absolute 3D space. This proposed research will benefit many practical areas, including but not limited to biometric identification, authentications, cybersecurity, preservation of cultural heritage, drama acting especially those with rapid and complex facial gestures, and many others. Specifically, this will (I) provide a brief survey of comparable techniques existing in this field. (II) discuss a set of specialized methodologies or algorithms for effective reconstruction of 3D objects. (III)implement, and testing the developed methodologies. (IV) verify findings with data collected from experiments. (V) conclude with lessons learned and final thoughts.

Keywords: 3D photogrammetry, 3D object reconstruction, facial expression recognition, facial recognition

Procedia PDF Downloads 150

Authors: Mojtaba Fayaz, Richard Hallal

Abstract:

This study examines the various types of dangers that our virtual environment is vulnerable to, including how it can be attacked and how to avoid/secure our data. The terrain of cyberspace is never completely safe, and Covid- 19 has added to the confusion, necessitating daily periodic checks and evaluations. Cybercriminals have been able to enact with greater skill and undertake more conspicuous and sophisticated attacks while keeping a higher level of finesse by operating from home. Different types of cyberattacks, such as operation-based attacks, authentication-based attacks, and software-based attacks, are constantly evolving, but research suggests that software-based threats, such as Ransomware, are becoming more popular, with attacks expected to increase by 93 percent by 2020. The effectiveness of cyber frameworks has shifted dramatically as the pandemic has forced work and private life to become intertwined, destabilising security overall and creating a new front of cyber protection for security analysis and personal. The high-rise formats in which cybercrimes are carried out, as well as the types of cybercrimes that exist, such as phishing, identity theft, malware, and DDoS attacks, have created a new front of cyber protection for security analysis and personal safety. The overall strategy for 2022 will be the introduction of frameworks that address many of the issues associated with offsite working, as well as education that provides better information about commercialised software that does not provide the highest level of security for home users, allowing businesses to plan better security around their systems.

Keywords: cyber security, authentication, software, hardware, malware, COVID-19, threat actors, awareness, home users, confidentiality, integrity, availability, attacks

Procedia PDF Downloads 116

Authors: Gina M. Newton

Abstract:

Australia’s Environment Protection and Biodiversity Conservation Act (EPBC Act) is the premiere, national law under which species and 'ecological communities' (i.e., like ecosystems) can be formally recognised and 'listed' as threatened across all jurisdictions. The listing process involves assessment against a range of criteria (similar to the IUCN process) to demonstrate conservation status (i.e., vulnerable, endangered, critically endangered, etc.) based on the best available science. Over the past decade in Australia, there’s been a transition from almost solely terrestrial to the first aquatic threatened ecological community (TEC or ecosystem) listings (e.g., River Murray, Macquarie Marshes, Coastal Saltmarsh, Salt-wedge Estuaries). All constitute large areas, with some including multiple state jurisdictions. Development of these conservation and listing advices has enabled, for the first time, a more forensic analysis of three key factors across a range of aquatic and coastal ecosystems: -the contribution of invasive species to conservation status, -how to demonstrate and attribute decline in 'ecological integrity' to conservation status, and, -identification of related priority conservation actions for management. There is increasing global recognition of the disproportionate degree of biodiversity loss within aquatic ecosystems. In Australia, legislative protection at Commonwealth or State levels remains one of the strongest conservation measures. Such laws have associated compliance mechanisms for breaches to the protected status. They also trigger the need for environment impact statements during applications for major developments (which may be denied). However, not all jurisdictions have such laws in place. There remains much opposition to the listing of freshwater systems – for example, the River Murray (Australia's largest river) and Macquarie Marshes (an internationally significant wetland) were both disallowed by parliament four months after formal listing. This was mainly due to a change of government, dissent from a major industry sector, and a 'loophole' in the law. In Australia, at least in the immediate to medium-term time frames, invasive species (aliens, native pests, pathogens, etc.) appear to be the number one biotic threat to the biodiversity and ecological function and integrity of our aquatic ecosystems. Consequently, this should be considered a current priority for research, conservation, and management actions. Another key outcome from this analysis was the recognition that drawing together multiple lines of evidence to form a 'conservation narrative' is a more useful approach to assigning conservation status. This also helps to addresses a glaring gap in long-term ecological data sets in Australia, which often precludes a more empirical data-driven approach. An important lesson also emerged – the recognition that while conservation must be underpinned by the best available scientific evidence, it remains a 'social and policy' goal rather than a 'scientific' goal. Communication, engagement, and 'politics' necessarily play a significant role in achieving conservation goals and need to be managed and resourced accordingly.

Keywords: aquatic ecosystem conservation, conservation law, ecological integrity, invasive species

Procedia PDF Downloads 132

Authors: Konstantine Eristavi

Abstract:

The paper will contribute to the discussion on the pitfalls, limits, and possibilities of legal and rights discourse in opposing large infrastructural projects in the context of neoliberal globalisation. To this end, the paper will analyse the struggle against the Namakhvani HPP project in Georgia. The latter has been hailed by the government as one of the largest energy projects in the history of the country, with an enormous potential impact on energy security, energy independence, economic growth, and development. This takes place against the backdrop of decades of market-led -or neoliberal- model of development in Georgia, characterised by structural adjustments, deregulation, privatisation, and Laissez-Fair approach to foreign investment. In this context, the Georgian state vies with other low and middle-income countries for foreign capital by offering to potential investors, on the one hand, exemptions from social and environmental regulations and, on the other hand, huge legal concessions and safeguards, thereby participating in what is often called a “race to the bottom.” The Namakhvani project is a good example of this. At every stage, the project has been marred with violations of laws and regulations concerning transparency, participation, social and environmental regulations, and so on. Moreover, the leaked contract between the state and the developer reveals the contractual safeguards which effectively insulate the investment throughout the duration of the contract from the changes in the national law that might adversely affect investors’ rights and returns. These clauses, aimed at preserving investors' economic position, place the contract above national law in many respects and even conflict with fundamental constitutional rights. In response to the perceived deficiencies of the project, one of the largest and most diverse social movements in the history of post-soviet Georgia has been assembled, consisting of the local population, conservative and leftist groups, human rights and environmental NGOs, etc. Crucially, the resistance movement is actively using legal tools. In order to analyse both the limitations and possibilities of legal discourse, the paper will distinguish between internal and immanent critiques. Law as internal critique, in the context of the struggles around the Namakhvani project, while potentially fruitful in hindering the project, risks neglecting and reproducing those factors -e.g., the particular model of development- that made such contractual concessions and safeguards and concomitant rights violations possible in the first place. On the other hand, the use of rights and law as part of immanent critique articulates a certain incapacity on the part of the addressee government to uphold existing laws and rights due to structural factors, hence, pointing to a need for a fundamental change. This 'ruptural' form of legal discourse that the movement employs makes it possible to go beyond the discussion around the breaches of law and enables a critical deliberation on the development model within which these violations and extraordinary contractual safeguards become necessary. It will be argued that it is this form of immanent critique that expresses the emancipatory potential of legal discourse.

Keywords: law, resistance, development, rights

Procedia PDF Downloads 80