Search results for: privacy and security threats

Authors: Tao Feng, Fei Xing, Ye Lu, Jun Li Fang

Abstract:

NDN is a kind of future Internet architecture. Due to the NDN design introduces four privacy challenges,Many research institutions began to care about the privacy issues of naming data network(NDN).In this paper, we are in view of the major NDN’s privacy issues to investigate privacy protection,then put forwards more effectively anonymous transfer policy for NDN.Firstly,based on mutual anonymity communication for MP2P networks,we propose NDN mutual anonymity protocol.Secondly,we add interest package authentication mechanism in the protocol and encrypt the coding coefficient, security of this protocol is improved by this way.Finally, we proof the proposed anonymous transfer protocol security and anonymity.

Keywords: NDN, mutual anonymity, anonymous routing, network coding, authentication mechanism

Procedia PDF Downloads 417

Authors: Nancy Michail, Niloufer Selvadurai, Doron Goldbarsht

Abstract:

This study analyses the development of a central bank digital currency (CBDC) in Australia and the framework being developed to ensure that national security and privacy considerations are appropriately addressed. Through the use of doctrinal methodology, the research closely and critically examines current legislation and regulation on privacy federal laws and the need to comply with anti-money laundering and counter-terrorism financing laws (AML/CTF). It is argued that the introduction of CBDCs may lead to potential tension between the application of AML/CTF laws and the upholding of individuals’ fundamental and legislated rights to privacy; therefore, it emphasises the need for clear delineation of ambits and support between different laws and regulations to ensure they operate within their intended purposes and suggests that the calibration of potential tensions between AML/CTF and privacy laws may be achieved through the innovative application of the proportionality principle.

Keywords: anti-money laundering and counter terrorism financing, central bank digital currency, privacy, proportionality principle

Procedia PDF Downloads 25

Authors: Haitham Assiri, Priyadarsi Nanda

Abstract:

The world is gradually entering the fourth industrial revolution. E-Government services are scaling government operations across the globe. However, as promising as an e-Government system would be, it is also susceptible to malicious attacks if not properly secured. This study found out that, in Saudi Arabia, the e-Government website, Yesser is vulnerable to external attacks. Obviously, this can lead to a breach of data integrity and privacy. In this paper, a Systematic Literature Review was conducted to explore possible ways the Kingdom of Saudi Arabia can take necessary measures to strengthen its e-Government system using Blockchain. Blockchain is one of the emerging technologies shaping the world through its applications in finance, elections, healthcare, etc. It secures systems and brings more transparency. A total of 28 papers were selected for this SLR, and 19 of the papers significantly showed that blockchain could enhance the security and privacy of Saudi’s e-government system. Other papers also concluded that blockchain is effective, albeit with the integration of other technologies like IoT, AI and big data. These papers have been analysed to sieve out the findings and set the stage for future research into the subject.

Keywords: blockchain, data integrity, e-government, security threats

Procedia PDF Downloads 215

Authors: Faisal Al Yahmadi, Muhammad R. Ahmed

Abstract:

Electric power is a fundamental necessity in the 21^st century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.

Keywords: smart grid network, security, threats, vulnerabilities

Procedia PDF Downloads 108

Authors: Kitty Kioskli, Theofanis Fotis, Nineta Polemi

Abstract:

The European Union (EU) directive Artificial Intelligence (AI) Act in Article 9 requires that risk management of AI systems includes both technical and human oversight, while according to NIST_AI_RFM (Appendix C) and ENISA AI Framework recommendations, claim that further research is needed to understand the current limitations of social threats and human-AI interaction. AI threats within social contexts significantly affect the security and trustworthiness of the AI systems; they are interrelated and trigger technical threats as well. For example, lack of explainability (e.g. the complexity of models can be challenging for stakeholders to grasp) leads to misunderstandings, biases, and erroneous decisions. Which in turn impact the privacy, security, accountability of the AI systems. Based on the NIST four fundamental criteria for explainability it can also classify the explainability threats into four (4) sub-categories: a) Lack of supporting evidence: AI systems must provide supporting evidence or reasons for all their outputs. b) Lack of Understandability: Explanations offered by systems should be comprehensible to individual users. c) Lack of Accuracy: The provided explanation should accurately represent the system's process of generating outputs. d) Out of scope: The system should only function within its designated conditions or when it possesses sufficient confidence in its outputs. Biases may also stem from historical data reflecting undesired behaviors. When present in the data, biases can permeate the models trained on them, thereby influencing the security and trustworthiness of the of AI systems. Social related AI threats are recognized by various initiatives (e.g., EU Ethics Guidelines for Trustworthy AI), standards (e.g. ISO/IEC TR 24368:2022 on AI ethical concerns, ISO/IEC AWI 42105 on guidance for human oversight of AI systems) and EU legislation (e.g. the General Data Protection Regulation 2016/679, the NIS 2 Directive 2022/2555, the Directive on the Resilience of Critical Entities 2022/2557, the EU AI Act, the Cyber Resilience Act). Measuring social threats, estimating the risks to AI systems associated to these threats and mitigating them is a research challenge. In this paper it will present the efforts of two European Commission Projects (FAITH and THEMIS) from the HorizonEurope programme that analyse the social threats by building cyber-social exercises in order to study human behaviour, traits, cognitive ability, personality, attitudes, interests, and other socio-technical profile characteristics. The research in these projects also include the development of measurements and scales (psychometrics) for human-related vulnerabilities that can be used in estimating more realistically the vulnerability severity, enhancing the CVSS4.0 measurement.

Keywords: social threats, artificial Intelligence, mitigation, social experiment

Procedia PDF Downloads 28

Authors: Constantinos Adamides, Petros Petrikkos

Abstract:

In the era of growing hybrid threats, small states find themselves in need to re-evaluate existing foreign and defense policies. The pressure to establishing or maintain a status of a reliable partner in the community in which they belong to, vis-à-vis their multilateral relations with other organisations and entities, small states may need to shift their policies in the field to accommodate security needs that are not only pertinent to their security, but also to that of the organisations (bloc) in which they interact. Unlike potential shortcomings in a small state’s mainstream security and defence framework where the threat would be limited to the state itself, in more contemporary times with dominating hybrid threats, the small states’ security shortcomings may also become a security problem for the bloc in which these states belong to. An indicative example is small states like Cyprus and Malta, which belong and 'interact' in the European Union. As a result, the nature of hybrid threats can be utilised to hurt bigger states in a bloc by exploiting the small states’ vulnerabilities and security gaps. Inevitably, both the defensive and foreign policy collaborations of small states with bigger states have been and are constantly re-evaluated to tackle and prevent such problems. In essence, the goal of this ‘re-evaluation’ aims to achieve a twofold goal: The first is the small states’ quest to appear as a reliable partner within the bloc, while the second is to avoid being the weakest security link in the bloc’s defence against hybrid threats. Indeed, the hybrid arena is a security area where they can excel in the bloc, despite the potential and expected conventional military deficiencies. This new environment prompts us to think security from the perspective of small states differently and in relation to their role as members or big organisations. The paper focuses on the case of Cyprus following its accession to the European Union and examines how a country that has had a very focused security orientation –not least due to its ongoing security problems– altered its foreign and defence policies within the European Union to ensure compliance with the rest of the bloc, while at the same time maximizing its role as a security player. Specifically, it examines the methods through which the country shifted its policies as well as the challenges and opportunities that emerged from these security shifts.

Keywords: Cyprus, defence, foreign policy, hybrid threats, ontological security, small states

Procedia PDF Downloads 108

Authors: Tosin Ige

Abstract:

Ethics must be a condition of the world, like logic. (Ludwig Wittgenstein, 1889-1951). As important as data mining is, it possess a significant threat to ethics, privacy, and legality, since data mining makes it difficult for an individual or consumer (in the case of a company) to control the accessibility and usage of his data. This research focuses on Current issues and the latest research and development on Privacy preserving data mining methods as at year 2022. It also discusses some advances in those techniques while at the same time highlighting and providing a new technique as a solution to an existing technique of privacy preserving data mining methods. This paper also bridges the wide gap between Data mining and the Web Application Programing Interface (web API), where research is urgently needed for an added layer of security in data mining while at the same time introducing a seamless and more efficient way of data mining.

Keywords: data, privacy, data mining, association rule, privacy preserving, mining technique

Procedia PDF Downloads 127

Authors: N. Meddeb, A. M. Makhlouf, M. A. Ben Ayed

Abstract:

Due to the real-time requirement of message in Vehicular Ad hoc NETworks (VANET), it is necessary to authenticate vehicles to achieve security, efficiency, and conditional privacy-preserving. Privacy is of utmost relevance in VANETs. For this reason, we have proposed a new protocol called ‘Multilevel Authentication Protocol’ (MAP) that considers different vehicle categories. The proposed protocol is based on our Multilevel Authentication protocol for Vehicular networks (MAVnet). But the MAP leads to human safety, where the priority is given to the ambulance vehicles. For evaluation, we used the Java language to develop a demo application and deployed it on the Network Security Simulation (Nessi2). Compared with existing authentication protocols, MAP markedly enhance the communication overhead and decreases the delay of exchanging messages while preserving conditional privacy.

Keywords: Vehicular Ad hoc NETworks (VANET), vehicle categories, safety, databases, privacy, authentication, throughput, delay

Procedia PDF Downloads 263

Authors: Badri Gechbaia

Abstract:

Adaptive management as a fundamental element of the concept of the assurance of economy`s sustainability to the economic security of the system-synergetic type has been considered. It has been proved that the adaptive sustainable development is a transitional phase from the extensive one and later on from the rapid growth to the sustainable development. It has been determined that the adaptive system of the strategic assurance of the sustainability of the economy to the economic security threats is formed on the principles of the domination in its complex of the subsystems with weightier adaptive characteristics that negate the destructive influence of external and internal environmental factors on the sustainability of the national economy.

Keywords: adaptive management, adaptive properties, economic security, strategic assurance

Procedia PDF Downloads 465

Authors: Arun Prabhakar

Abstract:

Threat modeling is an important activity carried out in the initial stages of the development lifecycle that helps in building proactive security measures in the product. Though there are many techniques and tools available today, one of the common challenges with the traditional methods is the lack of a systematic approach in identifying security threats. The proposed solution describes an organized model by defining ontologies that help in building patterns to enumerate threats. The concepts of graph theory are applied to build the pattern for discovering threats for any given scenario. This graph-based solution also brings in other benefits, making it a customizable and scalable model.

Keywords: directed acyclic graph, ontology, patterns, threat identification, threat modeling

Procedia PDF Downloads 110

Authors: Celina Nowak

Abstract:

The development of information and communication technologies (ICT) and a consequent growth of cyberspace have become a reality of modern societies. The newest addition to this complex structure has been Internet of Things which is due to the appearance of smart devices. IoT creates a new dimension of the network, as the communication is no longer the domain of just humans, but has also become possible between devices themselves. The possibility of communication between devices, devoid of human intervention and real-time supervision, generated new societal and legal challenges. Some of them may and certainly will eventually be connected to criminal law. Legislators both on national and international level have been struggling to cope with this technologically evolving environment in order to address new threats created by the ICT. There are legal instruments on cybercrime, however imperfect and not of universal scope, sometimes referring to specific types of prohibited behaviors undertaken by criminals, such as money laundering, sex offences. However, the criminal law seems largely not prepared to the challenges which may arise because of the development of IoT. This is largely due to the fact that criminal law, both on national and international level, is still based on the concept of perpetration of an offence by a human being. This is a traditional approach, historically and factually justified. Over time, some legal systems have developed or accepted the possibility of commission of an offence by a corporation, a legal person. This is in fact a legal fiction, as a legal person cannot commit an offence as such, it needs humans to actually behave in a certain way on its behalf. Yet, the legislators have come to understand that corporations have their own interests and may benefit from crime – and therefore need to be penalized. This realization however has not been welcome by all states and still give rise to doubts of ontological and theoretical nature in many legal systems. For this reason, in many legislations the liability of legal persons for commission of an offence has not been recognized as criminal responsibility. With the technological progress and the growing use of IoT the discussions referring to criminal responsibility of corporations seem rather inadequate. The world is now facing new challenges and new threats related to the ‘smart’ things. They will have to be eventually addressed by legislators if they want to, as they should, to keep up with the pace of technological and societal evolution. This will however require a reevaluation and possibly restructuring of the most fundamental notions of modern criminal law, such as perpetration, guilt, participation in crime. It remains unclear at this point what norms and legal concepts will be and may be established. The main goal of the research is to point out to the challenges ahead of the national and international legislators in the said context and to attempt to formulate some indications as to the directions of changes, having in mind serious threats related to privacy and security related to the use of IoT.

Keywords: criminal law, internet of things, privacy, security threats

Procedia PDF Downloads 131

Authors: H. Parveen Begam, M. A. Maluk Mohamed

Abstract:

Grid computing is an environment that allows sharing and coordinated use of diverse resources in dynamic, heterogeneous and distributed environment using Virtual Organization (VO). Security is a critical issue due to the open nature of the wireless channels in the grid computing which requires three fundamental services: authentication, authorization, and encryption. The privacy and anonymity are considered as an important factor while communicating over publicly spanned network like web. To ensure a high level of security we explored an extension of onion routing, which has been used with dynamic token exchange along with protection of privacy and anonymity of individual identity. To improve the performance of encrypting the layers, the elliptic curve cryptography is used. Compared to traditional cryptosystems like RSA (Rivest-Shamir-Adelman), ECC (Elliptic Curve Cryptosystem) offers equivalent security with smaller key sizes which result in faster computations, lower power consumption, as well as memory and bandwidth savings. This paper presents the estimation of the performance improvements of onion routing using ECC as well as the comparison graph between performance level of RSA and ECC.

Keywords: grid computing, privacy, anonymity, onion routing, ECC, RSA

Procedia PDF Downloads 372

Authors: Mohamed Rasslan, Doaa Abdelrahman, Mahmoud M. Nasreldin, Ghada Farouk, Heba K. Aslan

Abstract:

Blockchain is a distributed database that endorses transparency while bitcoin is a decentralized cryptocurrency (electronic cash) that endorses anonymity and is powered by blockchain technology. Smart contracts are programs that are stored on a blockchain. Smart contracts are executed when predetermined conditions are fulfilled. Smart contracts automate the agreement execution in order to make sure that all participants immediate-synchronism of the outcome-certainty, without any intermediary's involvement or time loss. Currently, the Bitcoin market worth billions of dollars. Bitcoin could be transferred from one purchaser to another without the need for an intermediary bank. Network nodes through cryptography verify bitcoin transactions, which are registered in a public-book called “blockchain”. Bitcoin could be replaced by other coins, merchandise, and services. Rapid growing of the bitcoin market-value, encourages its counterparts to make use of its weaknesses and exploit vulnerabilities for profit. Moreover, it motivates scientists to define known vulnerabilities, offer countermeasures, and predict future threats. In his paper, we study blockchain technology and bitcoin from the attacker’s point of view. Furthermore, mitigations for the attacks are suggested, and contemporary security solutions are discussed. Finally, research methods that achieve strict security and privacy protocol are elaborated.

Keywords: Cryptocurrencies, Blockchain, Bitcoin, Smart Contracts, Peer-to-Peer Network, Security Issues, Privacy Techniques

Procedia PDF Downloads 49

Authors: Wajdan Al Malwi, Karen Renaud, Lewis Mackenzie

Abstract:

The privacy paradox describes a phenomenon whereby there is no connection between stated privacy concerns and privacy behaviours. We need to understand the underlying reasons for this paradox if we are to help users to preserve their privacy more effectively. In particular, the Social Networking System (SNS) domain offers a rich area of investigation due to the risks of unwise information disclosure decisions. Our study thus aims to untangle the complicated nature and underlying mechanisms of online privacy-related decisions in SNSs. In this paper, we report on the findings of a Systematic Literature Review (SLR) that revealed a number of factors that are likely to influence online privacy decisions. Our deductive analysis approach was informed by Communicative Privacy Management (CPM) theory. We uncovered a lack of clarity around privacy attitudes and their link to behaviours, which makes it challenging to design privacy-protecting SNS platforms and to craft legislation to ensure that users’ privacy is preserved.

Keywords: privacy paradox, self-disclosure, privacy attitude, privacy behavior, social networking sites

Procedia PDF Downloads 130

Authors: Sartaj Singh, Amar Singh, Ashok Sharma, Sandeep Kaur

Abstract:

With upcoming threats in a digital world, we need to work continuously in the area of security in all aspects, from hardware to software as well as data modelling. The rise in social media activities and hunger for data by various entities leads to cybercrime and more attack on the privacy and security of persons. Cryptography has always been employed to avoid access to important data by using many processes. Symmetric key and asymmetric key cryptography have been used for keeping data secrets at rest as well in transmission mode. Various cryptosystems have evolved from time to time to make the data more secure. In this research article, we are studying various cryptosystems in asymmetric cryptography and their application with usefulness, and much emphasis is given to Elliptic curve cryptography involving algebraic mathematics.

Keywords: cryptography, symmetric key cryptography, asymmetric key cryptography

Procedia PDF Downloads 88

Authors: Obinna Emmanuel Nkomadu

Abstract:

A major maritime problem in the African continent is the widespread proliferation of threats to maritime security, and one of which is the traffic in persons (TIP) at sea, which victims are sometimes assaulted, injured, killed, and in many cases go missing. The South African and Nigerian law on TIP at sea is the Prevention and Combating of Trafficking in Persons Act and the Trafficking in Persons (Prohibition) Enforcement and Administration Act, respectively. These legislation prohibits TIP at sea but does not provides effective and efficient national coordination structures and international cooperation measures against traffickers who engage on human trafficking on the African maritime domain. As a result of the limitations on the maritime security laws of most African States and the maritime security threats on the continent, the African Union in 2016 adopted the African Charter on Maritime Security and Safety and Development in Africa (Lome Charter). The Lomé Charter provides mechanisms for national and international cooperation on maritime security threats, including TIP at sea. However, the Charter is yet to come into force due to the number of States required to accede or ratify the Charter. This paper identifies gaps on existing instruments on TIP at sea by those States and justify on South Africa and Nigeria should adopt the Charter. The justification flow from analysing relevant international law instruments, as well as legislation on human trafficking.

Keywords: cooperation against trafficking in persons at sea, lomé charter, maritime security, Nigerian legislation on trafficking in persons, South African legislation on trafficking in person, and trafficking in persons at sea

Procedia PDF Downloads 112

Authors: Serkan Tezgel

Abstract:

The two qualities of the sea, as a medium of transportation and as a resource, necessitate maritime security for economic stability and good order at sea. The borderless nature of the sea makes it one of the best platforms to contribute to regional peace and international order. For this reason, the establishment of maritime security in East Mediterranean will enhance the security-peace-democracy triangle in the region. This paper proposes the application of the Smart Security Concept in the East Mediterranean. Smart Security aims to secure critical infrastructure, such as hydrocarbon platforms, against asymmetrical threats. The concept is based on Anti Asymmetrical Area Denial (A3D) which necessitates limiting freedom of action of maritime terrorists and piracy by founding safe and secure maritime areas through sea lines of communication using short range capabilities. Smart Security is a regional maritime cooperation concept for the narrow seas. Cooperation and interoperability are essential attributes of this regional security concept. Therefore, multinational excellence centers such as Multinational Maritime Security Center of Excellence-Aksaz in Turkey, which will determine necessary capabilities and plan/coordinate workshops, training and exercises, are bound to be the principal characteristic of Smart Security concept and similar regional concepts. Smart Security, a crucial enabler of energy and regional security, can provide an enduring approach for operating in the challenging environment of narrow seas and for countering asymmetrical threats.

Keywords: security, cooperation, asymmetrical, area denial

Procedia PDF Downloads 777

Authors: Huang Dennis, Aurelio Aziel, Burra Venkata Durga Kumar

Abstract:

Nowadays, smartphones and mobile operating systems have been popularly widespread in our daily lives. As people use smartphones, they tend to store more private and essential data on their devices, because of this it is very important to develop more secure mobile operating systems and cloud storage to secure the data. However, several factors can cause security risks in mobile operating systems such as malware, malicious app, phishing attacks, ransomware, and more, all of which can cause a big problem for users as they can access the user's private data. Those problems can cause data loss, financial loss, identity theft, and other serious consequences. Other than that, during the pandemic, people will use their mobile devices more and do all sorts of transactions online, which may lead to more victims of online scams and inexperienced users being the target. With the increase in attacks, researchers have been actively working to develop several countermeasures to enhance the security of operating systems. This study aims to provide an overview of the security and privacy issues in mobile operating systems, identifying the potential risk of operating systems, and the possible solutions. By examining these issues, we want to provide an easy understanding to users and researchers to improve knowledge and develop more secure mobile operating systems.

Keywords: mobile operating system, security, privacy, Malware

Procedia PDF Downloads 48

Authors: Ku Aina Afiqah Ku Adzman, Manmeet Mahinderjit Singh, Zarul Fitri Zaaba

Abstract:

NFC operates on low-range 13.56 MHz frequency within a distance from 4cm to 10cm, and the applications can be categorized as touch and go, touch and confirm, touch and connect, and touch and explore. NFC applications are vulnerable to various security and privacy attacks such due to its physical nature; unprotected data stored in NFC tag and insecure communication between its applications. This paper aims to determine the likelihood of security risks happening in an NFC technology and application. We present an NFC technology taxonomy covering NFC standards, types of application and various security and privacy attack. Based on observations and the survey presented to evaluate the risk assessment within the touch and go application demonstrates two security attacks that are high risks namely data corruption and DOS attacks. After the risks are determined, risk countermeasures by using AHP is adopted. The guideline and solutions to these two high risks, attacks are later applied to a secure NFC-enabled Smartphone Attendance System.

Keywords: Near Field Communication (NFC), risk assessment, multi-criteria decision making, Analytical Hierarchy Process (AHP)

Procedia PDF Downloads 272

Authors: Victor Onomza Waziri, John K. Alhassan, Idris Ismaila, Noel Dogonyara

Abstract:

This paper describes the problem of building secure computational services for encrypted information in the Cloud. Computing without decrypting the encrypted data; therefore, it meets the yearning of computational encryption algorithmic aspiration model that could enhance the security of big data for privacy or confidentiality, availability and integrity of the data and user’s security. The cryptographic model applied for the computational process of the encrypted data is the Fully Homomorphic Encryption Scheme. We contribute a theoretical presentations in a high-level computational processes that are based on number theory that is derivable from abstract algebra which can easily be integrated and leveraged in the Cloud computing interface with detail theoretic mathematical concepts to the fully homomorphic encryption models. This contribution enhances the full implementation of big data analytics based on cryptographic security algorithm.

Keywords: big data analytics, security, privacy, bootstrapping, Fully Homomorphic Encryption Scheme

Procedia PDF Downloads 441

Authors: Henry Foulds, Magda Huisman, Gunther R. Drevin

Abstract:

Privacy is regarded as a fundamental human right and it is clear that the study of digital privacy is an important field. Digital privacy is influenced by new and constantly evolving technologies and this continuous change makes it hard to create legislation to protect people’s privacy from being exploited by misuse of these technologies.

This study aims to benefit digital privacy legislation efforts by evaluating the awareness and perceived importance of digital privacy legislation among computer science students. The chosen fixed variables for the population are study year and gamer classification.

The use of location based services in mobile applications and games are a concern for digital privacy. For this reason the study focused on computer science students as they have a high likelihood to use and develop this type of software. Surveys were used to evaluate awareness and perceived importance of digital privacy legislation.

The results of the study show that privacy legislation and awareness of privacy legislation are important to people. The perception of the importance of privacy legislation increases with academic experience. Awareness of privacy legislation increases from non-gamers to pro gamers. 

Keywords: digital privacy, legislation awareness, gaming, privacy legislation

Procedia PDF Downloads 332

Authors: O. A. Ajigini, E. N. Mwim

Abstract:

Cybersecurity is the protection of computers, programs, networks, and data from attack, damage, unauthorised, unintended access, change, or destruction. Organisations collect, process and store their confidential and sensitive information on computers and transmit this data across networks to other computers. Moreover, the advent of internet technologies has led to various cyberattacks resulting in dangerous consequences for organisations. Therefore, with the increase in the volume and sophistication of cyberattacks, there is a need to develop models and make recommendations for the management of cybersecurity threats in organisations. This paper reports on various threats that cause malicious damage to organisations in cyberspace and provides measures on how these threats can be eliminated or reduced. The paper explores various aspects of protection measures against cybersecurity threats such as handling of sensitive data, network security, protection of information assets and cybersecurity awareness. The paper posits a model and recommendations on how to manage cybersecurity threats in organisations effectively. The model and the recommendations can then be utilised by organisations to manage the threats affecting their cyberspace. The paper provides valuable information to assist organisations in managing their cybersecurity threats and hence protect their computers, programs, networks and data in cyberspace. The paper aims to assist organisations to protect their information assets and data from cyberthreats as part of the contributions toward community engagement.

Keywords: confidential information, cyberattacks, cybersecurity, cyberspace, sensitive information

Procedia PDF Downloads 221

Authors: Aisha F. Bushager

Abstract:

Today we are more exposed than ever to cyber threats and attacks at personal, community, organizational, national, and international levels. More aspects of our lives are operating on computer networks simply because we are living in the fifth domain, which is called the Cyberspace. One of the most sensitive areas that are vulnerable to cyber threats and attacks is the Electronic Banking (e-Banking) area, where the banking sector is providing online banking services to its clients. To be able to obtain the clients trust and encourage them to practice e-Banking, also, to maintain the services provided by the banks and ensure safety, cyber security and risks control should be given a high priority in the e-banking area. The aim of the study is to carry out risk assessment on the e-banking services and determine the cyber threats, cyber attacks, and vulnerabilities that are facing the e-banking area specifically in the Kingdom of Bahrain. To collect relevant data, structured interviews were taken place with e-banking experts in different banks. Then, collected data where used as in input to the risk management framework provided by the National Institute of Standards and Technology (NIST), which was the model used in the study to assess the risks associated with e-banking services. The findings of the study showed that the cyber threats are commonly human errors, technical software or hardware failure, and hackers, on the other hand, the most common attacks facing the e-banking sector were phishing, malware attacks, and denial-of-service. The risks associated with the e-banking services were around the moderate level, however, more controls and countermeasures must be applied to maintain the moderate level of risks. The results of the study will help banks discover their vulnerabilities and maintain their online services, in addition, it will enhance the cyber security and contribute to the management and control of risks that are facing the e-banking sector.

Keywords: cyber security, e-banking, risk assessment, threats identification

Procedia PDF Downloads 320

Authors: John Hardy

Abstract:

The domestic security environment in Europe has changed dramatically in recent years. Since January 2015, a significant number of domestic security threats that emerged in Europe were located in Belgium, France and the United Kingdom. While some threats were detected in the planning phase, many also resulted in terrorist attacks. Authorities in all three countries instituted special or emergency measures to provide additional security to their populations. Each country combined an additional policing presence with a specific military operation to contribute to a comprehensive security response to domestic threats. This study presents a cross-case analysis of three countries’ civilian and military responses to domestic security threats in Europe. Each case study features a unique approach to combining civilian and military capabilities in similar domestic security operations during the same time period and threat environment. The research design focuses on five variables relevant to the relationship between civilian and military roles in each security response. These are the distinction between policing and military roles, the legal framework for the domestic deployment of military forces, prior experience in civil-military coordination, the institutional framework for threat assessments, and the level of public support for the domestic use of military forces. These variables examine the influence of domestic social, political, and legal factors on the design of combined civil-military operations in response to domestic security threats. Each case study focuses on a specific operation: Operation Vigilant Guard in Belgium, Operation Sentinel in France, and Operation Temperer in the United Kingdom. The results demonstrate that the level of distinction between policing and military roles and the existence of a clear and robust legal framework for the domestic use force by military personnel significantly influence the design and implementation of civilian and military roles in domestic security operations. The findings of this study indicate that Belgium, France and the United Kingdom experienced different design and implementation challenges for their domestic security operations. Belgium and France initially had less-developed legal frameworks for deploying the military in domestic security operations than the United Kingdom. This was offset by public support for enacting emergency measures and the strength of existing civil-military coordination mechanisms. The United Kingdom had a well-developed legal framework for integrating civilian and military capabilities in domestic security operations. However, its experiences in Ireland also made the government more sensitive to public perceptions regarding the domestic deployment of military forces.

Keywords: counter-terrorism, democracy, homeland security, intelligence, militarization, policing

Procedia PDF Downloads 108

Authors: Waziri Victor Onomza, John K. Alhassan, Idris Ismaila, Noel Dogonyaro Moses

Abstract:

This paper describes the problem of building secure computational services for encrypted information in the Cloud Computing without decrypting the encrypted data; therefore, it meets the yearning of computational encryption algorithmic aspiration model that could enhance the security of big data for privacy, confidentiality, availability of the users. The cryptographic model applied for the computational process of the encrypted data is the Fully Homomorphic Encryption Scheme. We contribute theoretical presentations in high-level computational processes that are based on number theory and algebra that can easily be integrated and leveraged in the Cloud computing with detail theoretic mathematical concepts to the fully homomorphic encryption models. This contribution enhances the full implementation of big data analytics based cryptographic security algorithm.

Keywords: big data analytics, security, privacy, bootstrapping, homomorphic, homomorphic encryption scheme

Procedia PDF Downloads 337

Authors: Manvar Sagar, Nikul Virpariya

Abstract:

The advancement in data mining techniques plays an important role in many applications. In context of privacy and security issues, the problems caused by association rule mining technique are investigated by many research scholars. It is proved that the misuse of this technique may reveal the database owner’s sensitive and private information to others. Many researchers have put their effort to preserve privacy in Association Rule Mining. Amongst the two basic approaches for privacy preserving data mining, viz. Randomization based and Cryptography based, the later provides high level of privacy but incurs higher computational as well as communication overhead. Hence, it is necessary to explore alternative techniques that improve the over-heads. In this work, we propose an efficient, collusion-resistant cryptography based approach for distributed Association Rule mining using Shamir’s secret sharing scheme. As we show from theoretical and practical analysis, our approach is provably secure and require only one time a trusted third party. We use secret sharing for privately sharing the information and code based identification scheme to add support against malicious adversaries.

Keywords: Privacy, Privacy Preservation in Data Mining (PPDM), horizontally partitioned database, EMHS, MFI, shamir secret sharing

Procedia PDF Downloads 377

Authors: Ananya Gangavarapu

Abstract:

Convolutional Neural Networks (CNN) based models are providing diagnostic capabilities on par with the medical specialists in many specialty areas. However, collecting the medical data for training purposes is very challenging because of the increased regulations around data collections and privacy concerns around personal health data. The gathering of the data becomes even more difficult if the capture devices are edge-based mobile devices (like smartphones) with feeble wireless connectivity in rural/remote areas. In this paper, I would like to highlight Federated Learning approach to mitigate data privacy and security issues.

Keywords: deep learning in healthcare, data privacy, federated learning, training in distributed environment

Procedia PDF Downloads 113

Authors: Wiseborn Manfe Danquah, D. Turgay Altilar

Abstract:

Vehicular Ad-hoc Network (VANET) is an integral component of Intelligent Transport Systems (ITS) that has enjoyed a lot of attention from the research community and the automotive industry. This is mainly due to the opportunities and challenges it presents. Vehicular Ad-hoc Network being a class of Mobile Ad-hoc Networks (MANET) has all the security concerns existing in traditional MANET as well as new security and privacy concerns introduced by the unique vehicular communication environment. This paper provides a survey of the possible attacks in vehicular environment, as well as security and privacy concerns in VANET. It also provides an insight into the development of a comprehensive cloud framework to provide a more robust and secured communication among vehicular nodes and road side units. Our proposal, a Metropolitan Based Public Interconnected Vehicular Cloud (MIVC) infrastructure seeks to provide a more reliable and secured vehicular communication network.

Keywords: mobile Ad-hoc networks, vehicular ad hoc network, cloud, ITS, road side units (RSU), metropolitan interconnected vehicular cloud (MIVC)

Procedia PDF Downloads 323

Authors: Vahid Bairami Rad

Abstract:

Wireless communications offer organizations and users many benefits such as portability and flexibility, increased productivity, and lower installation costs. Wireless networks serve as the transport mechanism between devices and among devices and the traditional wired networks (enterprise networks and the internet). Wireless networks are many and diverse but are frequently categorized into three groups based on their coverage range: WWAN, WLAN, and WPAN. WWAN, representing wireless wide area networks, includes wide coverage area technologies such as 2G cellular, Cellular Digital Packet Data (CDPD), Global System for Mobile Communications (GSM), and Mobitex. WLAN, representing wireless local area networks, includes 802.11, Hyper lan, and several others. WPAN, represents wireless personal area network technologies such as Bluetooth and Infrared. The security services are provided largely by the WEP (Wired Equivalent Privacy) protocol to protect link-level data during wireless transmission between clients and access points. That is, WEP does not provide end-to-end security but only for the wireless portion of the connection.

Keywords: wireless lan, wired equivalent privacy, wireless network security, wlan security

Procedia PDF Downloads 533

Authors: Mohammed Nadir Djedid, Abdallah Chouarfia

Abstract:

Transparency of the system and its integration into the natural environment of the user are some of the important features of pervasive computing. But these characteristics that are considered as the strongest points of pervasive systems are also their weak points in terms of the user’s privacy. The privacy in pervasive systems involves more than the confidentiality of communications and concealing the identity of virtual users. The physical presence and behavior of the user in the pervasive space cannot be completely hidden and can reveal the secret of his/her identity and affect his/her privacy. This paper shows that the application of major techniques for protecting the user’s privacy still insufficient. A new solution named Shadow Protocol is proposed, which allows the users to authenticate and interact with the surrounding devices within an ubiquitous computing environment while preserving their privacy.

Keywords: pervasive systems, identification, authentication, privacy

Procedia PDF Downloads 446