Search results for: confidential information

Authors: Haythem Yahyaoui, Samir Moalla, Mounir Bouden, Skander ghorbel

Abstract:

Nowadays, Cloud environments are becoming a need for companies, this new technology gives the opportunities to access to the data anywhere and anytime, also an optimized and secured access to the resources and gives more security for the data which stored in the platform, however, some companies do not trust Cloud providers, in their point of view, providers can access and modify some confidential data such as bank accounts, many works have been done in this context, they conclude that encryption methods realized by providers ensure the confidentiality, although, they forgot that Cloud providers can decrypt the confidential resources. The best solution here is to apply some modifications on the data before sending them to the Cloud in the objective to make them unreadable. This work aims on enhancing the quality of service of providers and improving the trust of the customers.

Keywords: cloud, confidentiality, cryptography, security issues, trust issues

Procedia PDF Downloads 342

Authors: O. A. Ajigini, E. N. Mwim

Abstract:

Cybersecurity is the protection of computers, programs, networks, and data from attack, damage, unauthorised, unintended access, change, or destruction. Organisations collect, process and store their confidential and sensitive information on computers and transmit this data across networks to other computers. Moreover, the advent of internet technologies has led to various cyberattacks resulting in dangerous consequences for organisations. Therefore, with the increase in the volume and sophistication of cyberattacks, there is a need to develop models and make recommendations for the management of cybersecurity threats in organisations. This paper reports on various threats that cause malicious damage to organisations in cyberspace and provides measures on how these threats can be eliminated or reduced. The paper explores various aspects of protection measures against cybersecurity threats such as handling of sensitive data, network security, protection of information assets and cybersecurity awareness. The paper posits a model and recommendations on how to manage cybersecurity threats in organisations effectively. The model and the recommendations can then be utilised by organisations to manage the threats affecting their cyberspace. The paper provides valuable information to assist organisations in managing their cybersecurity threats and hence protect their computers, programs, networks and data in cyberspace. The paper aims to assist organisations to protect their information assets and data from cyberthreats as part of the contributions toward community engagement.

Keywords: confidential information, cyberattacks, cybersecurity, cyberspace, sensitive information

Procedia PDF Downloads 217

Authors: Butta Singh

Abstract:

This paper presents a chaotic map based approach for secured embedding of patient’s confidential data in electrocardiogram (ECG) signal. The chaotic map generates predefined locations through the use of selective control parameters. The sample value difference method effectually hides the confidential data in ECG sample pairs at these predefined locations. Evaluation of proposed method on all 48 records of MIT-BIH arrhythmia ECG database demonstrates that the embedding does not alter the diagnostic features of cover ECG. The secret data imperceptibility in stego-ECG is evident through various statistical and clinical performance measures. Statistical metrics comprise of Percentage Root Mean Square Difference (PRD) and Peak Signal to Noise Ratio (PSNR). Further, a comparative analysis between proposed method and existing approaches was also performed. The results clearly demonstrated the superiority of proposed method.

Keywords: chaotic maps, ECG steganography, data embedding, electrocardiogram

Procedia PDF Downloads 146

Authors: Neetesh Saxena, Narendra S. Chaudhari

Abstract:

Nowadays, SMS is a very popular mobile service and even the poor, illiterate people and those living in rural areas use SMS service very efficiently. Although many mobile operators have already started 3G and 4G services, 2G services are still being used by the people in many countries. In 2G (GSM), only encryption provided is between the MS and the BTS, there is no end-to-end encryption available. Sometimes we all need to send some confidential message to other person containing bank account number, some password, financial details, etc. Normally, a message is sent in plain text only to the recipient and it is not an acceptable standard for transmitting such important and confidential information. Authors propose an end-to-end encryption approach by proposing a terminal for sending/receiving a secure message. An asymmetric key exchange algorithm is used in order to transmit secret shared key securely to the recipient. The proposed approach with terminal device provides authentication, confidentiality, integrity and non-repudiation.

Keywords: AES, DES, Diffie-Hellman, ECDH, A5, SMS

Procedia PDF Downloads 378

Authors: Mohamed Sarrab, Hadj Bourdoucen

Abstract:

Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as availability, integrity, and confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the information, such as credit card data, personal medical information or personal emails being processed by mobile application, the more important it is to ensure the confidentiality of this information. Monitoring non-trusted mobile application during execution in an environment where sensitive information is present is difficult and unnerving. The paper addresses the issue of monitoring and controlling the flow of confidential information during non-trusted mobile application execution. The approach concentrates on providing a dynamic and usable information security solution by interacting with the mobile users during the run-time of mobile application in response to information flow events.

Keywords: mobile application, run-time verification, usable security, direct information flow

Procedia PDF Downloads 351

Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki

Abstract:

Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.

Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering

Procedia PDF Downloads 121

Authors: Ramya P, Lino Abraham Varghese, S. Bose

Abstract:

By cloud storage services, the data can be stored in the cloud, and can be shared across multiple users. Due to the unexpected hardware/software failures and human errors, which make the data stored in the cloud be lost or corrupted easily it affected the integrity of data in cloud. Some mechanisms have been designed to allow both data owners and public verifiers to efficiently audit cloud data integrity without retrieving the entire data from the cloud server. But public auditing on the integrity of shared data with the existing mechanisms will unavoidably reveal confidential information such as identity of the person, to public verifiers. Here a privacy-preserving mechanism is proposed to support public auditing on shared data stored in the cloud. It uses group signatures to compute verification metadata needed to audit the correctness of shared data. The identity of the signer on each block in shared data is kept confidential from public verifiers, who are easily verifying shared data integrity without retrieving the entire file. But on demand, the signer of the each block is reveal to the owner alone. Group private key is generated once by the owner in the static group, where as in the dynamic group, the group private key is change when the users revoke from the group. When the users leave from the group the already signed blocks are resigned by cloud service provider instead of owner is efficiently handled by efficient proxy re-signature scheme.

Keywords: data integrity, dynamic group, group signature, public auditing

Procedia PDF Downloads 360

Authors: Ajish Sreedharan

Abstract:

Security in transmission and storage of digital images has its importance in today’s image communications and confidential video conferencing. Due to the increasing use of images in industrial process, it is essential to protect the confidential image data from unauthorized access. Advanced Encryption Standard (AES) is a well known block cipher that has several advantages in data encryption. However, it is not suitable for real-time applications. This paper presents modifications to the Advanced Encryption Standard to reflect a high level security and better image encryption. The modifications are done by adjusting the ShiftRow Transformation and using On Dynamic chaotic S-BOX. In AES the Substitute bytes, Shift row and Mix columns by themselves would provide no security because they do not use the key. In Dynamic chaotic S-BOX Based AES the Substitute bytes provide security because the S-Box is constructed from the key. Experimental results verify and prove that the proposed modification to image cryptosystem is highly secure from the cryptographic viewpoint. The results also prove that with a comparison to original AES encryption algorithm the modified algorithm gives better encryption results in terms of security against statistical attacks.

Keywords: advanced encryption standard (AES), on dynamic chaotic S-BOX, image encryption, security analysis, ShiftRow transformation

Procedia PDF Downloads 401

Authors: Olaiya Folorunsho, Comfort Y. Daramola, Joel N. Ugwu, Lawrence B. Adewole, Olufisayo S. Ekundayo

Abstract:

In today world, there is a tremendous rise in the usage of internet due to the fact that almost all the communication and information sharing is done over the web. Conversely, there is a continuous growth of unauthorized access to confidential data. This has posed a challenge to information security expertise whose major goal is to curtail the menace. One of the approaches to secure the safety delivery of data/information to the rightful destination without any modification is steganography. Steganography is the art of hiding information inside an embedded information. This research paper aimed at designing a secured algorithm with the use of image steganographic technique that makes use of Least Significant Bit (LSB) algorithm for embedding the data into the bit map image (bmp) in order to enhance security and reliability. In the LSB approach, the basic idea is to replace the LSB of the pixels of the cover image with the Bits of the messages to be hidden without destroying the property of the cover image significantly. The system was implemented using C# programming language of Microsoft.NET framework. The performance evaluation of the proposed system was experimented by conducting a benchmarking test for analyzing the parameters like Mean Squared Error (MSE) and Peak Signal to Noise Ratio (PSNR). The result showed that image steganography performed considerably in securing data hiding and information transmission over the networks.

Keywords: steganography, image steganography, least significant bits, bit map image

Procedia PDF Downloads 234

Authors: Ajish Sreedharan

Abstract:

With the fast evolution of digital data exchange, security information becomes much important in data storage and transmission. Due to the increasing use of images in industrial process, it is essential to protect the confidential image data from unauthorized access. As encryption process is applied to the whole image in AES ,it is difficult to improve the efficiency. In this paper, wavelet decomposition is used to concentrate the main information of image to the low frequency part. Then, AES encryption is applied to the low frequency part. The high frequency parts are XORed with the encrypted low frequency part and a wavelet reconstruction is applied. Theoretical analysis and experimental results show that the proposed algorithm has high efficiency, and satisfied security suits for image data transmission.

Keywords: discrete wavelet transforms, AES, dynamic SBox

Procedia PDF Downloads 398

Authors: Chariton Christou, David Cornwell

Abstract:

Production Sharing Contract (PSC) is the type of contract that is being used widely in our time. The financial crisis made the governments tightfisted and they do not have the resources to participate in a development of a field. Therefore, more and more countries introduce the PSC. The companies have the power and the money to develop the field with their own way. The main problem is the transparency of oil and gas companies especially in the PSC and how this can be achieved. Many discussions have been made especially in the U.K. What we are suggesting is a dynamic financial simulation with the help of a flow meter. The flow meter will count the production of each field every day (it will be installed in a pipeline). The production will be the basic input of the simulation. It will count the profit, the costs and more according to the information of the flow meter. In addition it will include the terms of the contract and the costs that have been paid. By all these parameters the simulation will be able to present in real time the information of a field (taxes, employees, R-factor). By this simulation the company will share some information with the government but not all of them. The government will know the taxes that should be paid and what is the sharing percentage of it. All of the other information could be confidential for the company. Furthermore, oil company could control the R-factor by changing the production each day to maximize its sharing percentages and as a result of this the profit. This idea aims to change the way that governments 'control' oil companies and bring a transparency evolution in the industry. With the help of a simulation every country could be next to the company and have a better collaboration.

Keywords: production sharing contracts, transparency, simulation

Procedia PDF Downloads 341

Authors: Anna Fowler

Abstract:

When considering assets that may need protection, the mind begins to contemplate homes, cars, and investment funds. In most cases, the protection of those assets can be covered through security systems and insurance. Data is not the first thought that comes to mind that would need protection, even though data is at the core of most supply chain operations. It includes trade secrets, management of personal identifiable information (PII), and consumer data that can be used to enhance the overall experience. Data is considered a critical element of success for supply chains and should be one of the most critical areas to protect. In the supply chain industry, there are two major misconceptions about protecting data: (i) We do not manage or store confidential/personally identifiable information (PII). (ii) Reliance on Third-Party vendor security. These misconceptions can significantly derail organizational efforts to adequately protect data across environments. These statistics can be exciting yet overwhelming at the same time. The first misconception, “We do not manage or store confidential/personally identifiable information (PII)” is dangerous as it implies the organization does not have proper data literacy. Enterprise employees will zero in on the aspect of PII while neglecting trade secret theft and the complete breakdown of information sharing. To circumvent the first bullet point, the second bullet point forges an ideology that “Reliance on Third-Party vendor security” will absolve the company from security risk. Instead, third-party risk has grown over the last two years and is one of the major causes of data security breaches. It is important to understand that a holistic approach should be considered when protecting data which should not involve purchasing a Data Loss Prevention (DLP) tool. A tool is not a solution. To protect supply chain data, start by providing data literacy training to all employees and negotiating the security component of contracts with vendors to highlight data literacy training for individuals/teams that may access company data. It is also important to understand the origin of the data and its movement to include risk identification. Ensure processes effectively incorporate data security principles. Evaluate and select DLP solutions to address specific concerns/use cases in conjunction with data visibility. These approaches are part of a broader solutions framework called Data Security Assurance (DSA). The DSA Framework looks at all of the processes across the supply chain, including their corresponding architecture and workflows, employee data literacy, governance and controls, integration between third and fourth-party vendors, DLP as a solution concept, and policies related to data residency. Within cloud environments, this framework is crucial for the supply chain industry to avoid regulatory implications and third/fourth party risk.

Keywords: security by design, data security architecture, cybersecurity framework, data security assurance

Procedia PDF Downloads 58

Authors: Aspalella A. Rahman

Abstract:

It is widely accepted that the investigation of money laundering and the tracing and confiscation of criminal proceeds have intruded into the principles of banking secrecy. The inroads into banking secrecy present serious threats to democracy, and more importantly, to the traditional banker-customer relationship. It is generally accepted that the fight against money laundering is in conflict with the secrecy rule. Banking secrecy is a customer privilege whereas combating crime is critical for public safety and security. Indeed, achieving a proper balance is a desirable goal. But how we go about achieving such a balance is a question encountered by many law enforcement authorities. Therefore, this paper examines the effect of disclosure under the Malaysian anti-money laundering laws on the traditional duty of banks to keep the customer’s information confidential. It also analyzes whether the Malaysian laws provide a right balance between a duty to keep customer’s information secret and a duty to disclose such information in the fight against money laundering. On closer inspection, it is submitted that the Malaysian laws provide sufficient safeguards to ensure that the disclosure of customer’s information is carried out in a manner that is not prejudicial to the interest of legitimate customers. This is a positive approach that could protect the innocent customers from being mistreated by the law. Ultimately, it can be said that the growing threat of global money laundering and terrorism makes the overriding of banking secrecy justified because without a flow of information from the banks, the effective prevention of the menace is not possible.

Keywords: anti-money laundering law, banker-customer relationship, banking secrecy, confidentiality, money laundering

Procedia PDF Downloads 392

Authors: Aria Teimourzadeh, Marc Favier, Samaneh Kakavand

Abstract:

The emergence of social networks has revolutionized the exchange of information. Every behavior on these platforms contributes to the generation of data known as social network data that are processed, stored and published by the social network service providers. Hence, it is vital to investigate the role of these platforms in user data by considering the privacy measures, especially when we observe the increased number of individuals and organizations engaging with the current virtual platforms without being aware that the data related to their positioning, connections and behavior is uncovered and used by third parties. Performing analytics on social network datasets may result in the disclosure of confidential information about the individuals or organizations which are the members of these virtual environments. Analyzing separate datasets can reveal private information about relationships, interests and more, especially when the datasets are analyzed jointly. Intentional breaches of privacy is the result of such analysis. Addressing these privacy concerns requires an understanding of the nature of data being accumulated and relevant data privacy regulations, as well as motivations for disclosure of personal information on social network platforms. Some significant points about how user's online information is controlled by the influence of social factors and to what extent the users are concerned about future use of their personal information by the organizations, are highlighted in this paper. Firstly, this research presents a short literature review about the structure of a network and concept of privacy in Online Social Networks. Secondly, the factors of user behavior related to privacy protection and self-disclosure on these virtual communities are presented. In other words, we seek to demonstrates the impact of identified variables on user information disclosure that could be taken into account to explain the privacy preservation of individuals on social networking platforms. Thirdly, a few research directions are discussed to address this topic for new researchers.

Keywords: information disclosure, privacy measures, privacy preservation, social network analysis, user experience

Procedia PDF Downloads 248

Authors: M. Hilani, B. Nassih

Abstract:

Phishing is one of the oldest and best known scams on the Internet. It can be defined as any type of telecommunications fraud that uses social engineering tricks to obtain confidential data from its victims. It’s a cybercrime aimed at stealing your sensitive information. Phishing is generally done via private email, so scammers impersonate large companies or other trusted entities to encourage victims to voluntarily provide information such as login credentials or, worse yet, credit card numbers. The COVID-19 theme is used by cybercriminals in multiple malicious campaigns like phishing. In this environment, messaging filtering solutions have become essential to protect devices that will now be used outside of the secure perimeter. Despite constantly updating methods to avoid these cyberattacks, the end result is currently insufficient. Many researchers are looking for optimal solutions to filter phishing emails, but we still need good results. In this work, we concentrated on solving the problem of detecting phishing emails using the different steps of NLP preprocessing, and we proposed and trained a model using one-dimensional CNN. Our study results show that our model obtained an accuracy of 99.99%, which demonstrates how well our model is working.

Keywords: phishing, e-mail, NLP preprocessing, CNN, e-mail filtering

Procedia PDF Downloads 80

Authors: Ben Cheikh Asma, Bouafia Nabiha, Ammar Asma, Ezzi Olfa, Meddeb Khaoula, Chouchène Imed, Boussarsar Hamadi, Njah Mansour

Abstract:

Background: Hospital Acquired Infection (HAI) constitutes an important worldwide health problem. It was associated with high mortality rate in intensive care units (ICU). This study aimed to determine HAI mortality rate in Tunisian intensive care units and identify its risk factors. Methods: We conducted a prospective observational cohort study over a 12 months period (September 15th 2015 to September 15 th 2016) in the adult medical ICU of University Hospital-Farhat Hached (Sousse-Tunisia). All patients admitted in the ICU for more than 48 hours were included in the study. We used an anonymous standardized survey record form to collect data by a medical hygienist assisted by an intensivist. We adopted definitions of Center for Diseases Control and prevention of Atlanta to detect HAI, Kaplan Meier survival analysis and Cox proportional hazard regression to identify independent risk factor of HAI mortality. Results: Of 171 patients, 67 developed ICU-acquired infection (global incidence rate=39.2%). The mean age of patients was 59 ± 21.2 years and 60.8% were male. The most frequently identified infections were pulmonary acquired infection (ventilator associated pneumonia (VAP) and infected atelectasis with density rates 21.4 VAP/1000 days of mechanical ventilation and 9.4 infected atelectasis /1000 days of mechanical ventilation; respectively) and central venous catheter associated infection (CVC - AI) with density rate 28.4 CVC-AI / 1000 CVC-days). HAI mortality rate was 66.7% (n=44). The median survival was 20 days 3.36, 95% Confidential Interval [13.39 – 26.60]. Specific mortality rates according to infectious site were 65.5%, 36.4% and 4.5% respectively for VAP, CVC associated infection and infected atelectasis. In univariate analysis, a significant associations between mortality and cardiovascular history (p=0.04) tracheotomy (p=0.00), peripheral venous catheterization (p=0.04), VAP (p=0.04) and infected atelectasis (p=0.04) were detected. Independent risk factors for HAI mortality were VAP with Hazard Ratio = 3.14, 95% Confidential Interval [1.63 – 6.05] (p=0.001) and tracheotomy (Hazard Ratio=0.22, 95% Confidential Interval [0.10 – 0.44], p=0.000). Conclusions: In the present study, hospital acquired infection mortality rate was relatively high. We need to intensify the fight against these infections especially ventilator-associated pneumonia that is associated with higher risk of mortality in many studies. Thus, more effective infection control interventions were necessary in our hospital.

Keywords: hospital acquired infection, intensive care unit, mortality, risk factors

Procedia PDF Downloads 453

Authors: Pratama R. Yunia, Firmansyah, I., Ariani, Ulfa R. Maharani, Fikri M. Al

Abstract:

Nowadays, notwithstanding that the role of SMS as a means of communication has been largely replaced by online applications such as WhatsApp, Telegram, and others, the fact that SMS is still used for certain and important communication needs is indisputable. Among them is for sending one time password (OTP) as an authentication media for various online applications ranging from chatting, shopping to online banking applications. However, the usage of SMS does not pretty much guarantee the security of transmitted messages. As a matter of fact, the transmitted messages between BTS is still in the form of plaintext, making it extremely vulnerable to eavesdropping, especially if the message is confidential, for instance, the OTP. One solution to overcome this problem is to use an SMS application which provides security services for each transmitted message. Responding to this problem, in this study, an automatic key SMS encryption scheme was designed as a means to secure SMS communication. The proposed scheme allows SMS sending, which is automatically encrypted with keys that are constantly changing (automatic key update), automatic key exchange, and automatic key generation. In terms of the security method, the proposed scheme applies cryptographic techniques with a hybrid cryptosystem mechanism. Proofing the proposed scheme, a client to client SMS encryption application was developed using Java platform with AES-256 as encryption algorithm, RSA-768 as public and private key generator and SHA-256 for message hashing function. The result of this study is a secure automatic key SMS encryption scheme using hybrid cryptosystem which can guarantee the security of every transmitted message, so as to become a reliable solution in sending confidential messages through SMS although it still has weaknesses in terms of processing time.

Keywords: encryption scheme, hybrid cryptosystem, one time password, SMS security

Procedia PDF Downloads 101

Authors: Lethola Tshikose, Munyaradzi Katurura

Abstract:

Information and Communication Technology (ICT) plays a critical role in improving daily healthcare processes. The South African healthcare organizations have adopted Information Systems to integrate their patient records. This has made it much easier for healthcare organizations because patient information can now be accessible at any time. The primary purpose of this research study was to investigate the best practices that can be applied to enhance patient security and confidentiality when using e-health systems in South Africa. Security and confidentiality are critical in healthcare organizations as they ensure safety in EHRs. The research study used an inductive research approach that included a thorough literature review; therefore, no data was collected. The research paper’s scope included patient data and possible security threats associated with healthcare systems. According to the study, South African healthcare organizations discovered various patient data security and confidentiality issues. The study also revealed that when it comes to handling patient data, health professionals sometimes make mistakes. Some may not be computer literate, which posed issues and caused data to be tempered with. The research paper recommends that healthcare organizations ensure that security measures are adequately supported and promoted by their IT department. This will ensure that adequate resources are distributed to keep patient data secure and confidential. Healthcare organizations must correctly use standards set up by IT specialists to solve patient data security and confidentiality issues. Healthcare organizations must make sure that their organizational structures are adaptable to improve security and confidentiality.

Keywords: E-health, EHR, security, confidentiality, healthcare

Procedia PDF Downloads 23

Authors: Sam Ng, Lewis Leighton, Sam Atkinson, Carson Yan, Landan Hu, Leslie Cheung, Brian Yap, Kent Lung, Ketat Sarakune

Abstract:

This paper introduces a method for verifying cryptocurrency reserves that balances the need for both transparency and data confidentiality. Our methodology employs cryptographic techniques, including Merkle Trees, Bulletproof, and zkSnark, to verify that total assets equal or exceed total liabilities, represented by customer funds. Importantly, this verification is achieved without disclosing sensitive information such as the total asset value, customer count, or cold wallet addresses. We delve into the construction and implementation of this methodology. While the system is robust and scalable, we also identify areas for potential enhancements to improve its efficiency and versatility. As the digital asset landscape continues to evolve, our approach provides a solid foundation for ensuring continued trust and security in digital asset platforms.

Keywords: cryptocurrency, crypto-currency, proof-of-reserve, por, zero-knowledge, ZKP

Procedia PDF Downloads 37

Authors: Hiroaki Nasu, Ryota Miyamoto, Yuta Kodera, Yasuyuki Nogami

Abstract:

To promote Industry 4.0 and Society 5.0 and so on, it is important to connect and share data so that every member can trust it. Blockchain (BC) technology is currently attracting attention as the most advanced tool and has been used in the financial field and so on. However, the data collaboration using BC has not progressed sufficiently among companies on the supply chain of manufacturing industry that handle sensitive data such as product quality, manufacturing conditions, etc. There are two main reasons why data utilization is not sufficiently advanced in the industrial supply chain. The first reason is that manufacturing information is top secret and a source for companies to generate profits. It is difficult to disclose data even between companies with transactions in the supply chain. In the blockchain mechanism such as Bitcoin using PKI (Public Key Infrastructure), in order to confirm the identity of the company that has sent the data, the plaintext must be shared between the companies. Another reason is that the merits (scenarios) of collaboration data between companies are not specifically specified in the industrial supply chain. For these problems this paper proposes a Business to Business (B2B) collaboration system using homomorphic encryption and BC technique. Using the proposed system, each company on the supply chain can exchange confidential information on encrypted data and utilize the data for their own business. In addition, this paper considers a scenario focusing on quality data, which was difficult to collaborate because it is a top secret. In this scenario, we show a implementation scheme and a benefit of concrete data collaboration by proposing a comparison protocol that can grasp the change in quality while hiding the numerical value of quality data.

Keywords: business to business data collaboration, industrial supply chain, blockchain, homomorphic encryption

Procedia PDF Downloads 100

Authors: John Ayoade

Abstract:

Radio Frequency Identification (RFID) has gained a lot of popularity in all walks of life due to its usefulness and diverse use of the technology in almost every application. However, there have been some security concerns most especially in regards to how authentic readers and tags can confirm their authenticity before confidential data is exchanged between them. In this paper, Kerberos protocol is adopted for the mutual authentication of RFID system components in order to ensure the secure communication between those components and to realize the authenticity of the communicating components.

Keywords: RFID, security, mutual authentication, Kerberos

Procedia PDF Downloads 431

Authors: N. Nalini, Bhanu Prakash Gopularam

Abstract:

The term data security refers to the degree of resistance or protection given to information from unintended or unauthorized access. The core principles of information security are the confidentiality, integrity and availability, also referred as CIA triad. Cloud computing services are classified as SaaS, IaaS and PaaS services. With cloud adoption the confidential enterprise data are moved from organization premises to untrusted public network and due to this the attack surface has increased manifold. Several cloud computing platforms like OpenStack, Eucalyptus, Amazon EC2 offer users to build and configure public, hybrid and private clouds. While the traditional encryption based on PKI infrastructure still works in cloud scenario, the management of public-private keys and trust certificates is difficult. The Identity based Public Key Cryptography (also referred as ID-PKC) overcomes this problem by using publicly identifiable information for generating the keys and works well with decentralized systems. The users can exchange information securely without having to manage any trust information. Another advantage is that access control (role based access control policy) information can be embedded into data unlike in PKI where it is handled by separate component or system. In OpenStack cloud platform the keystone service acts as identity service for authentication and authorization and has support for public key infrastructure for auto services. In this paper, we explain OpenStack security architecture and evaluate the PKI infrastructure piece for data confidentiality. We provide method to integrate ID-PKC schemes for securing data while in transit and stored and explain the key measures for safe guarding data against security attacks. The proposed approach uses JPBC crypto library for key-pair generation based on IEEE P1636.3 standard and secure communication to other cloud services.

Keywords: data confidentiality, identity based cryptography, secure communication, open stack key stone, token scoping

Procedia PDF Downloads 343

Authors: Divyans Mahansaria

Abstract:

User authentication is an important security measure for protecting confidential data and systems. However, the vulnerability while authenticating into a system has significantly increased. Thus, necessary mechanisms must be deployed during the process of authenticating a user to safeguard him/her from the vulnerable attacks. The proposed solution implements a novel authentication mechanism to counter various forms of security breach attacks including phishing, Trojan horse, replay, key logging, Asterisk logging, shoulder surfing, brute force search and others. QR code (Quick Response Code) is a type of matrix barcode or two-dimensional barcode that can be used for storing URLs, text, images and other information. In the proposed solution, during each new authentication request, a QR code is dynamically generated and presented to the user. A piece of generic information is mapped to plurality of elements and stored within the QR code. The mapping of generic information with plurality of elements, randomizes in each new login, and thus the QR code generated for each new authentication request is for one-time use only. In order to authenticate into the system, the user needs to decode the QR code using any QR code decoding software. The QR code decoding software needs to be installed on handheld mobile devices such as smartphones, personal digital assistant (PDA), etc. On decoding the QR code, the user will be presented a mapping between the generic piece of information and plurality of elements using which the user needs to derive cipher secret information corresponding to his/her actual password. Now, in place of the actual password, the user will use this cipher secret information to authenticate into the system. The authentication terminal will receive the cipher secret information and use a validation engine that will decipher the cipher secret information. If the entered secret information is correct, the user will be provided access to the system. Usability study has been carried out on the proposed solution, and the new authentication mechanism was found to be easy to learn and adapt. Mathematical analysis of the time taken to carry out brute force attack on the proposed solution has been carried out. The result of mathematical analysis showed that the solution is almost completely resistant to brute force attack. Today’s standard methods for authentication are subject to a wide variety of software, hardware, and human attacks. The proposed scheme can be very useful in controlling the various types of authentication related attacks especially in a networked computer environment where the use of username and password for authentication is common.

Keywords: authentication, QR code, cipher / decipher text, one time password, secret information

Procedia PDF Downloads 240

Authors: Sajad Shokohuyar, Mahsa Zomorrodi Anbaji, Saghar Pouyan Shad

Abstract:

According to fast technology growth, modern banking tries to decrease going to banks’ branches and increase customers’ consent. One of the problems which banks face is securing customer’s password. The banks’ solution is one time password creation system. In this research by adapting from acceptance of technology model theory, assesses factors that are effective on banking in Iran especially in using one time password machine by one of the private banks of Iran customers. The statistical population is all of this bank’s customers who use electronic banking service and one time password technology and the questionnaires were distributed among members of statistical population in 5 selected groups of north, south, center, east and west of Tehran. Findings show that confidential preservation, education, ease of utilization and advertising and informing has positive relations and distinct hardware and age has negative relations.

Keywords: security, electronic banking, one time password, information technology

Procedia PDF Downloads 418

Authors: Darshan Lal

Abstract:

The paper describes the concept of Information literacy. It is a critical component of this information age. Information literacy is the vital process in modern changing world. Information Literacy initiatives in India was also discussed. Paper also discussed Information literacy programmes for LIS professionals. Information literacy makes person capable to recognize when information is needed and how to locate, evaluate and use effectively of the needed information.

Keywords: information literacy, information communication technology (ICT), information literacy programmes

Procedia PDF Downloads 334

Authors: Loh Fu Quan, Fong Zi Heng, Burra Venkata Durga Kumar

Abstract:

Cloud computing has completely transformed the way many businesses operate. Traditionally, confidential data of a business is stored in computers located within the premise of the business. Therefore, a lot of business capital is put towards maintaining computing resources and hiring IT teams to manage them. The advent of cloud computing changes everything. Instead of purchasing and managing their infrastructure, many businesses have started to shift towards working with the cloud with the help of a cloud service provider (CSP), leading to cost savings. However, it also introduces security risks. This research paper focuses on the security risks that arise during data migration and user authentication in cloud computing. To overcome this problem, this paper provides a comprehensive framework that includes Transport Layer Security (TLS), user authentication, security tokens and multi-level data encryption. This framework aims to prevent authorized access to cloud resources and data leakage, ensuring the confidentiality of sensitive information. This framework can be used by cloud service providers to strengthen the security of their cloud and instil confidence in their users.

Keywords: Cloud computing, Cloud security, Cloud security issues, Cloud security framework

Procedia PDF Downloads 70

Authors: Vinay Jain, Meena Jain

Abstract:

Thee is generally used in Shakespeare by a master to a servant. Being the appropriate address to a servant, it is used in confidential and good-humoured utterances. You was received by a master. Hindi tu, tum, and aap express roughly the same social meanings as English thou/thee and you used to express respectively. The pronouns thou, thee and you have been reduced to you whereas in Hindi we still have all three pronouns – aap, tum and tu. It reveals that our society has not yet reached the unidimensional solidarity semantics toward which the present European pronominal usage seems to be moving. Shakespeare’s use of pronouns and Hindi pronouns are correlated with the interlocutor’s social status and intimacy.

Keywords: brown and gilman, elizabethan pronouns, honorific pronoun, power, solidarity

Procedia PDF Downloads 37

Authors: Gaurav Kumar

Abstract:

An information literate person is one who uses information effectively in all its forms. When presented with questions or problems, an information literate person would know what information to look for, how to search efficiently and be able to access relevant sources. In addition, an information literate person would have the ability to evaluate and select appropriate information sources and to use the information effectively and ethically to answer questions or solve problems. Information literacy has become an important element in higher education. The information literacy movement has internationally recognized standards and learning outcomes. The step-by-step process of achieving information literacy is particularly crucial in an era where knowledge could be disseminated through a variety of media. What is the relationship between information literacy as we define it in higher education and information literacy among non-academic populations? What forces will change how we think about the definition of information literacy in the future and how we will apply the definition in all environments?

Keywords: information literacy, human beings, visual media and computer network etc, information literacy

Procedia PDF Downloads 301

Authors: Thaveesha Dheerasekera, Dileeka Sandamali Alwis

Abstract:

The escalating prevalence of mental health issues, such as depression and suicidal ideation, is a matter of significant global concern. It is plausible that a variety of factors, such as life events, social isolation, and preexisting physiological or psychological health conditions, could instigate or exacerbate these conditions. Traditional approaches to diagnosing depression entail a considerable amount of time and necessitate the involvement of adept practitioners. This underscores the necessity for automated systems capable of promptly detecting and diagnosing symptoms of depression. The PsyVBot system employs sophisticated natural language processing and machine learning methodologies, including the use of the NLTK toolkit for dataset preprocessing and the utilization of a Long Short-Term Memory (LSTM) model. The PsyVBot exhibits a remarkable ability to diagnose depression with a 94% accuracy rate through the analysis of user input. Consequently, this resource proves to be efficacious for individuals, particularly those enrolled in academic institutions, who may encounter challenges pertaining to their psychological well-being. The PsyVBot employs a Long Short-Term Memory (LSTM) model that comprises a total of three layers, namely an embedding layer, an LSTM layer, and a dense layer. The stratification of these layers facilitates a precise examination of linguistic patterns that are associated with the condition of depression. The PsyVBot has the capability to accurately assess an individual's level of depression through the identification of linguistic and contextual cues. The task is achieved via a rigorous training regimen, which is executed by utilizing a dataset comprising information sourced from the subreddit r/SuicideWatch. The diverse data present in the dataset ensures precise and delicate identification of symptoms linked with depression, thereby guaranteeing accuracy. PsyVBot not only possesses diagnostic capabilities but also enhances the user experience through the utilization of audio outputs. This feature enables users to engage in more captivating and interactive interactions. The PsyVBot platform offers individuals the opportunity to conveniently diagnose mental health challenges through a confidential and user-friendly interface. Regarding the advancement of PsyVBot, maintaining user confidentiality and upholding ethical principles are of paramount significance. It is imperative to note that diligent efforts are undertaken to adhere to ethical standards, thereby safeguarding the confidentiality of user information and ensuring its security. Moreover, the chatbot fosters a conducive atmosphere that is supportive and compassionate, thereby promoting psychological welfare. In brief, PsyVBot is an automated conversational agent that utilizes an LSTM model to assess the level of depression in accordance with the input provided by the user. The demonstrated accuracy rate of 94% serves as a promising indication of the potential efficacy of employing natural language processing and machine learning techniques in tackling challenges associated with mental health. The reliability of PsyVBot is further improved by the fact that it makes use of the Reddit dataset and incorporates Natural Language Toolkit (NLTK) for preprocessing. PsyVBot represents a pioneering and user-centric solution that furnishes an easily accessible and confidential medium for seeking assistance. The present platform is offered as a modality to tackle the pervasive issue of depression and the contemplation of suicide.

Keywords: chatbot, depression diagnosis, LSTM model, natural language process

Procedia PDF Downloads 31

Authors: Sameut Bouhaik Mostafa

Abstract:

Information Act is the Canadian law gives the right of access to information for the institution of government. It declares the availability of government information to the public, but that exceptions should be limited and the necessary right of access to be specific, and also states the need to constantly re-examine the decisions on the disclosure of any government information independently from the government. By 1982, it enacted a dozen countries, including France, Denmark, Finland, Sweden, the Netherlands and the United States (1966) newly legally to access the information. It entered access to Canadian information into force of the Act of 1983, under the government of Pierre Trudeau, allowing Canadians to recover information from government files, and the development of what can be accessed from the information, and the imposition of timetables to respond. It has been applied by the Information Commissioner in Canada.

Keywords: law, information, management, legal

Procedia PDF Downloads 376