Search results for: security of business

Authors: Serkan Tezgel, Osman Gül, İskender Cahit Şafak

Abstract:

This paper proposes the application of the Smart Security Concept in the East Mediterranean. Smart Security aims to secure critical infrastructure, such as hydrocarbon platforms, against asymmetrical threats. The concept is based on Anti Asymmetrical Area Denial (A3D) which necessitates limiting freedom of action of maritime terrorists and piracy by founding safe and secure maritime areas through sea lines of communication using short range capabilities.

Keywords: Partnership, A3D, Maritime Security, Centers.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1830

Authors: Ralf God, Lothar Kerschgens, Leonardo Goratti, Steven Lemaire

Abstract:

Ubiquitous connectivity is a reality and a basic need for users on ground. Air travel connectivity in the cabin is also becoming increasingly important for passengers during cabin use. Wireless sensor networks that provide information to cabin management systems are being used by airlines to optimize cabin crew workload. In networked cabin systems, communications and digitally transmitted data must be managed by airlines in every direction. Security and privacy, information processing and knowledge management are the current and future requirements for a smart and connected cabin.

Keywords: Smart and connected cabin management, Internet of Things, power management, airline business.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 332

Authors: Sultan Alharby, Nick Harris, Alex Weddell, Jeff Reeve

Abstract:

The concept of the Internet of Things (IoT) has received much attention over the last five years. It is predicted that the IoT will influence every aspect of our lifestyles in the near future. Wireless Sensor Networks are one of the key enablers of the operation of IoTs, allowing data to be collected from the surrounding environment. However, due to limited resources, nature of deployment and unattended operation, a WSN is vulnerable to various types of attack. Security is paramount for reliable and safe communication between IoT embedded devices, but it does, however, come at a cost to resources. Nodes are usually equipped with small batteries, which makes energy conservation crucial to IoT devices. Nevertheless, security cost in terms of energy consumption has not been studied sufficiently. Previous research has used a security specification of 802.15.4 for IoT applications, but the energy cost of each security level and the impact on quality of services (QoS) parameters remain unknown. This research focuses on the cost of security at the IoT media access control (MAC) layer. It begins by studying the energy consumption of IEEE 802.15.4 security levels, which is followed by an evaluation for the impact of security on data latency and throughput, and then presents the impact of transmission power on security overhead, and finally shows the effects of security on memory footprint. The results show that security overhead in terms of energy consumption with a payload of 24 bytes fluctuates between 31.5% at minimum level over non-secure packets and 60.4% at the top security level of 802.15.4 security specification. Also, it shows that security cost has less impact at longer packet lengths, and more with smaller packet size. In addition, the results depicts a significant impact on data latency and throughput. Overall, maximum authentication length decreases throughput by almost 53%, and encryption and authentication together by almost 62%.

Keywords: Internet of Things, IEEE 802.15.4, security cost evaluation, wireless sensor network, energy consumption.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1439

Authors: Jiri F. Urbanek, Jiri Barta, Oldrich Svoboda, Jiri J. Urbanek

Abstract:

The organizations of European and Czech critical infrastructure have specific position, mission, characteristics and behaviour in European Union and Czech state/business environments, regarding specific requirements for regional and global security environments. They must respect policy of national security and global rules, requirements and standards in all their inherent and outer processes of supply - customer chains and networks. A controlling is generalized capability to have control over situational policy. This paper aims and purposes are to introduce the controlling as quite new necessary process attribute providing for critical infrastructure is environment the capability and profit to achieve its commitment regarding to the effectiveness of the quality management system in meeting customer/ user requirements and also the continual improvement of critical infrastructure organization’s processes overall performance and efficiency, as well as its societal security via continual planning improvement via DYVELOP modelling.

Keywords: Added Value, DYVELOP, Controlling, Environments, Process Approach.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1713

Authors: Ki Hyun Kim, Jang-Hee Yoo, Kyo Il Chung

Abstract:

This paper proposes a VPN Accelerator Board (VPN-AB), a virtual private network (VPN) protocol designed for trust channel security system (TCSS). TCSS supports safety communication channel between security nodes in internet. It furnishes authentication, confidentiality, integrity, and access control to security node to transmit data packets with IPsec protocol. TCSS consists of internet key exchange block, security association block, and IPsec engine block. The internet key exchange block negotiates crypto algorithm and key used in IPsec engine block. Security Association blocks setting-up and manages security association information. IPsec engine block treats IPsec packets and consists of networking functions for communication. The IPsec engine block should be embodied by H/W and in-line mode transaction for high speed IPsec processing. Our VPN-AB is implemented with high speed security processor that supports many cryptographic algorithms and in-line mode. We evaluate a small TCSS communication environment, and measure a performance of VPN-AB in the environment. The experiment results show that VPN-AB gets a performance throughput of maximum 15.645Gbps when we set the IPsec protocol with 3DES-HMAC-MD5 tunnel mode.

Keywords: TCSS(Trust Channel Security System), VPN(VirtualPrivate Network), IPsec, SSL, Security Processor, Securitycommunication.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2054

Authors: Adriano Bessa Albuquerque, Francisco Jose Barreto Nunes

Abstract:

Software vulnerabilities are increasing and not only impact services and processes availability as well as information confidentiality, integrity and privacy, but also cause changes that interfere in the development process. Security test could be a solution to reduce vulnerabilities. However, the variety of test techniques with the lack of real case studies of applying tests focusing on software development life cycle compromise its effective use. This paper offers an overview of how a Systematic Mapping Study (MS) about security verification, validation and test (VVT) was performed, besides presenting general results about this study.

Keywords: Software test, software security verification validation and test, security test institutionalization, systematic mapping study.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1566

Authors: Sulaiman Ainin, Yusniza Kamar ulzaman, Abdul Ghani Farinda

Abstract:

This study was initiated with a three prong objective. One, to identify the relationship between Technological Competencies factors (Technical Capability, Firm Innovativeness and E-Business Practices and professional service firms- business performance. To investigate the predictors of professional service firms business performance and finally to evaluate the predictors of business performance according to the type of professional service firms, a survey questionnaire was deployed to collect empirical data. The questionnaire was distributed to the owners of the professional small medium size enterprises services in the Accounting, Legal, Engineering and Architecture sectors. Analysis showed that all three Technology Competency factors have moderate effect on business performance. In addition, the regression models indicate that technical capability is the most highly influential that could determine business performance, followed by e-business practices and firm innovativeness. Subsequently, the main predictor of business performance for all types of firms is Technical capability.

Keywords: technology competency, technology capability, innovativeness, E-business practice

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1583

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: Secure software development, software development, software security, systematic literature review.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2410

Authors: Ando Leppiman, Kati Kõrbe Kaare, Ott Koppel

Abstract:

Growing demand for gas has rekindled a debate on gas security of supply due to supply interruptions, increasing gas prices, cross-border bottlenecks and a growing reliance on imports over longer distances. Security of supply is defined mostly as an infrastructure package to satisfy N-1 criteria. In case of Estonia, Finland, Latvia and Lithuania all the gas infrastructure is built to supply natural gas only from one single supplier, Russia. In 2012 almost 100% of natural gas to the Eastern Baltic Region was supplied by Gazprom. Under such circumstances infrastructure N-1 criteria does not guarantee security of supply. In the Eastern Baltic Region, the assessment of risk of gas supply disruption has been worked out by applying the method of risk scenarios. There are various risks to be tackled in Eastern Baltic States in terms of improving security of supply, such as single supplier risk, physical infrastructure risk, regulatory gap, fair price and competition. The objective of this paper is to evaluate the energy security of the Eastern Baltic Region within the framework of the European Union’s policies and to make recommendations on how to better guarantee the energy security of the region.

Keywords: Security of supply, supply routes for natural gas, energy balance, diversified supply options, common regulative package.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1856

Authors: Jong-Whoi Shin, Soon-Tai Park, Chong-Sun Hwang

Abstract:

Active network was developed to solve the problem of the current sharing-based network–difficulty in applying new technology, service or standard, and duplicated operation at several protocol layers. Active network can transport the packet loaded with the executable codes, which enables to change the state of the network node. However, if the network node is placed in the sharing-based network, security and safety issues should be resolved. To satisfy this requirement, various security aspects are required such as authentication, authorization, confidentiality and integrity. Among these security components, the core factor is the encryption key. As a result, this study is designed to propose the scheme that manages the encryption key, which is used to provide security of the comprehensive active directory, based on the domain.

Keywords: Active Network, Domain-based Key Management, Security Components.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1628

Authors: Katalina Grigorova, Kaloyan Mironov

Abstract:

The paper focuses on the benefits of business process modeling. Although this discipline is developing for many years, there is still necessity of creating new opportunities to meet the ever increasing users’ needs. Because one of these needs is related to the conversion of business process models from one standard to another, the authors have developed a converter between BPMN and EPC standards using workflow patterns as intermediate tool. Nowadays there are too many systems for business process modeling. The variety of output formats is almost the same as the systems themselves. This diversity additionally hampers the conversion of the models. The presented study is aimed at discussing problems due to differences in the output formats of various modeling environments.

Keywords: Business process modeling, business process modeling standards, workflow patterns, converting models.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1618

Authors: Sandesh Achar

Abstract:

Cloud computing security is a broad term that covers a variety of security concerns for organizations that use cloud services. Multi-cloud service providers must consider several factors when addressing security for their customers, including identity and access management, data at rest and in transit, egress and ingress traffic control, vulnerability and threat management, and auditing. This paper explores each of these aspects of cloud security in detail and provides recommendations for best practices for multi-cloud service providers. It also discusses the challenges inherent in securing a multi-cloud environment and offers solutions for overcoming these challenges. By the end of this paper, readers should have a good understanding of the various security concerns associated with multi-cloud environments in the context of today’s modern cyber threats and how to address them.

Keywords: Multi-cloud service, SOC, system organization control, data loss prevention, DLP, identity and access management, IAM.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 596

Authors: María Fernández-Ropero, Ricardo Pérez-Castillo, Ismael Caballero, Mario Piattini

Abstract:

Appropriate description of business processes through standard notations has become one of the most important assets for organizations. Organizations must therefore deal with quality faults in business process models such as the lack of understandability and modifiability. These quality faults may be exacerbated if business process models are mined by reverse engineering, e.g., from existing information systems that support those business processes. Hence, business process refactoring is often used, which change the internal structure of business processes whilst its external behavior is preserved. This paper aims to choose the most appropriate set of refactoring operators through the quality assessment concerning understandability and modifiability. These quality features are assessed through well-proven measures proposed in the literature. Additionally, a set of measure thresholds are heuristically established for applying the most promising refactoring operators, i.e., those that achieve the highest quality improvement according to the selected measures in each case.

Keywords: business process model, modifiability, refactoring, understandability

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1465

Authors: Aravind Mohan Krishnan

Abstract:

This paper identifies a research gap in the literature on tourism entrepreneurship in Malawi, Africa, and investigates how entrepreneurs from the Malawian tourism sector discover and exploit business opportunities. In particular, the importance of prior experience and business networks in the opportunity development process is debated. Another area of empirical research examined here is the opportunity recognition-venture creation sequence. While Malawi presents fruitful business opportunities, exploiting these opportunities into fully realized business ideas is a real challenge due to the country’s difficult business environment and poor promotional and marketing efforts. The study concludes by calling for further research in Sub-Saharan Africa in order to develop our understanding of entrepreneurship in this (African) context.

Keywords: Tourism, entrepreneurship, Malawi, business opportunities.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2299

Authors: Jong-Whoi Shin, Chong-Sun Hwang

Abstract:

Various security APIs (Application Programming Interfaces) are being used in a variety of application areas requiring the information security function. However, these standards are not compatible, and the developer must use those APIs selectively depending on the application environment or the programming language. To resolve this problem, we propose the standard draft of the information security component, while SSL (Secure Sockets Layer) using the confidentiality and integrity component interface has been implemented to verify validity of the standard proposal. The implemented SSL uses the lower-level SSL component when establishing the RMI (Remote Method Invocation) communication between components, as if the security algorithm had been implemented by adding one more layer on the TCP/IP.

Keywords: Component Based Design, Application Programming Interface, Secure Socket Layer, Remote Method Invocation.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1463

Authors: Ayush Chugh, Gaurav Gupta

Abstract:

Today’s technology is heavily dependent on web applications. Web applications are being accepted by users at a very rapid pace. These have made our work efficient. These include webmail, online retail sale, online gaming, wikis, departure and arrival of trains and flights and list is very long. These are developed in different languages like PHP, Python, C#, ASP.NET and many more by using scripts such as HTML and JavaScript. Attackers develop tools and techniques to exploit web applications and legitimate websites. This has led to rise of web application security; which can be broadly classified into Declarative Security and Program Security. The most common attacks on the applications are by SQL Injection and XSS which give access to unauthorized users who totally damage or destroy the system. This paper presents a detailed literature description and analysis on Web Application Security, examples of attacks and steps to mitigate the vulnerabilities.

Keywords: Attacks, Injection, JavaScript, SQL, Vulnerability, XSS.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4912

Authors: Mabrouka Algherinai, Fatma Karkouri

Abstract:

Today, Short Message Service (SMS) is an important means of communication. SMS is not only used in informal environment for communication and transaction, but it is also used in formal environments such as institutions, organizations, companies, and business world as a tool for communication and transactions. Therefore, there is a need to secure the information that is being transmitted through this medium to ensure security of information both in transit and at rest. But, encryption has been identified as a means to provide security to SMS messages in transit and at rest. Several past researches have proposed and developed several encryption algorithms for SMS and Information Security. This research aims at comparing the performance of common Asymmetric encryption algorithms on SMS security. The research employs the use of three algorithms, namely RSA, McEliece, and RABIN. Several experiments were performed on SMS of various sizes on android mobile device. The experimental results show that each of the three techniques has different key generation, encryption, and decryption times. The efficiency of an algorithm is determined by the time that it takes for encryption, decryption, and key generation. The best algorithm can be chosen based on the least time required for encryption. The obtained results show the least time when McEliece size 4096 is used. RABIN size 4096 gives most time for encryption and so it is the least effective algorithm when considering encryption. Also, the research shows that McEliece size 2048 has the least time for key generation, and hence, it is the best algorithm as relating to key generation. The result of the algorithms also shows that RSA size 1024 is the most preferable algorithm in terms of decryption as it gives the least time for decryption.

Keywords: SMS, RSA, McEliece, RABIN.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 616

Authors: Kavitha Thamadharan, Nurazean Maarop

Abstract:

The implementation of e-assessment as tool to support the process of teaching and learning in university has become a popular technological means in universities. E-Assessment provides many advantages to the users especially the flexibility in teaching and learning. The e-assessment system has the capability to improve its quality of delivering education. However, there still exists a drawback in terms of security which limits the user acceptance of the online learning system. Even though there are studies providing solutions for identified security threats in e-learning usage, there is no particular model which addresses the factors that influences the acceptance of e-assessment system by lecturers from security perspective. The aim of this study is to explore security aspects of eassessment in regard to the acceptance of the technology. As a result a conceptual model of secure acceptance of e-assessment is proposed. Both human and security factors are considered in formulation of this conceptual model. In order to increase understanding of critical issues related to the subject of this study, interpretive approach involving convergent mixed method research method is proposed to be used to execute the research. This study will be useful in providing more insightful understanding regarding the factors that influence the user acceptance of e-assessment system from security perspective.

Keywords: Secure Technology Acceptance, E-Assessment Security, E-Assessment, Education Technology.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2371

Authors: Salha Alshamrani, Maha Aljohni, Eman Aldhaheri

Abstract:

With the proliferation of Internet of Things (IoT) devices in various industries, there has been a concurrent rise in security vulnerabilities, particularly spoofing attacks. This study explores the potential of blockchain technology in enhancing the security of IoT systems and mitigating these attacks. Blockchain's decentralized and immutable ledger offers significant promise for improving data integrity, transaction transparency, and tamper-proofing. This research develops and implements a blockchain-based IoT architecture and a reference network to simulate real-world scenarios and evaluate a blockchain-integrated intrusion detection system. Performance measures including time delay, security, and resource utilization are used to assess the system's effectiveness, comparing it to conventional IoT networks without blockchain. The results provide valuable insights into the practicality and efficacy of employing blockchain as a security mechanism, shedding light on the trade-offs between speed and security in blockchain deployment for IoT. The study concludes that despite minor increases in time consumption, the security benefits of incorporating blockchain technology into IoT systems outweigh potential drawbacks, demonstrating a significant potential for blockchain in bolstering IoT security.

Keywords: Internet of Thing, Spoofing, IoT, Access control, Blockchain, Raspberry pi.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 18

Authors: T. Arudchelvam, W. W. E. N. Fernando

Abstract:

Mobile phone has become as an essential thing in our life. Therefore, security is the most important thing to be considered in mobile communication. Short message service is the cheapest way of communication via the mobile phones. Therefore, security is very important in the short message service as well. This paper presents a method to maintain the security at user level. Different types of encryption methods are used to implement the user level security in mobile phones. Caesar cipher, Rail Fence, Vigenere cipher and RSA are used as encryption methods in this work. Caesar cipher and the Rail Fence methods are enhanced and implemented. The beauty in this work is that the user can select the encryption method and the key. Therefore, by changing the encryption method and the key time to time, the user can ensure the security of messages. By this work, while users can safely send/receive messages, they can save their information from unauthorised and unwanted people in their own mobile phone as well.

Keywords: SMS, user level security, encryption, mobile communication.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1023

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: Interoperability, threats, attacks, medical devices.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1465

Authors: Jiho Park, Yong-Gyu Lee, Gilwon Yoon

Abstract:

Data security in u-Health system can be an important issue because wireless network is vulnerable to hacking. However, it is not easy to implement a proper security algorithm in an embedded u-health monitoring because of hardware constraints such as low performance, power consumption and limited memory size and etc. To secure data that contain personal and biosignal information, we implemented several security algorithms such as Blowfish, data encryption standard (DES), advanced encryption standard (AES) and Rivest Cipher 4 (RC4) for our u-Health monitoring system and the results were successful. Under the same experimental conditions, we compared these algorithms. RC4 had the fastest execution time. Memory usage was the most efficient for DES. However, considering performance and safety capability, however, we concluded that AES was the most appropriate algorithm for a personal u-Health monitoring system.

Keywords: biosignal, data encryption, security measures, u-health

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2082

Authors: Peter Ndichu Muriuki

Abstract:

The 9/11 suicide attacks in New York, Washington, D.C., and Pennsylvania, triggered a number of security responses both in the United States of America and other Countries in the World. Kenya, which is an ally and a close partner to North America and Europe, was not left behind. While many states had been parties to numerous terrorism conventions, their response in implementing them had been slow and needed this catalyst. This special case offered a window of opportunity for many “security conscious" regimes in cementing their legal-criminological and political security apparatus. At the international level, the 9/11 case led to the hasty adoption of Security Council resolution 1373 in 2001, which called upon states to adopt wide-ranging and comprehensive steps and strategies to combat international terrorism and to become parties to the relevant international conventions and protocols relating to terrorism. Since then, Kenya has responded with speed in devising social-legal-criminological-political actions.

Keywords: Justice, Policing, Security, Terrorism

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1616

Authors: Jared Oluoch

Abstract:

Connected vehicles are equipped with wireless sensors that aid in Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication. These vehicles will in the near future provide road safety, improve transport efficiency, and reduce traffic congestion. One of the challenges for connected vehicles is how to ensure that information sent across the network is secure. If security of the network is not guaranteed, several attacks can occur, thereby compromising the robustness, reliability, and efficiency of the network. This paper discusses existing security mechanisms and unique properties of connected vehicles. The methodology employed in this work is exploratory. The paper reviews existing security solutions for connected vehicles. More concretely, it discusses various cryptographic mechanisms available, and suggests areas of improvement. The study proposes a combination of symmetric key encryption and public key cryptography to improve security. The study further proposes message aggregation as a technique to overcome message redundancy. This paper offers a comprehensive overview of connected vehicles technology, its applications, its security mechanisms, open challenges, and potential areas of future research.

Keywords: VANET, connected vehicles, 802.11p, WAVE, DSRC, trust, security, cryptography.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2200

Authors: Khalid Alnafjan, Tazar Hussain, Hanif Ullah, Zia ul haq Paracha

Abstract:

Software and applications are subjected to serious and damaging security threats, these threats are increasing as a result of increased number of potential vulnerabilities. Security testing is an indispensable process to validate software security requirements and to identify security related vulnerabilities. In this paper we analyze and compare different available vulnerabilities testing techniques based on a pre defined criteria using analytical hierarchy process (AHP). We have selected five testing techniques which includes Source code analysis, Fault code injection, Robustness, Stress and Penetration testing techniques. These testing techniques have been evaluated against five criteria which include cost, thoroughness, Ease of use, effectiveness and efficiency. The outcome of the study is helpful for researchers, testers and developers to understand effectiveness of each technique in its respective domain. Also the study helps to compare the inner working of testing techniques against a selected criterion to achieve optimum testing results.

Keywords: Software Security, Security Testing, Testing techniques, vulnerability, AHP.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2835

Authors: Ramon Santana

Abstract:

The use of biometric identifiers in the field of information security, access control to resources, authentication in ATMs and banking among others, are of great concern because of the safety of biometric data. In the general architecture of a biometric system have been detected eight vulnerabilities, six of them allow obtaining minutiae template in plain text. The main consequence of obtaining minutia templates is the loss of biometric identifier for life. To mitigate these vulnerabilities several models to protect minutiae templates have been proposed. Several vulnerabilities in the cryptographic security of these models allow to obtain biometric data in plain text. In order to increase the cryptographic security and ease of reversibility, a minutiae templates protection model is proposed. The model aims to make the cryptographic protection and facilitate the reversibility of data using two levels of security. The first level of security is the data transformation level. In this level generates invariant data to rotation and translation, further transformation is irreversible. The second level of security is the evaluation level, where the encryption key is generated and data is evaluated using a defined evaluation function. The model is aimed at mitigating known vulnerabilities of the proposed models, basing its security on the impossibility of the polynomial reconstruction.

Keywords: Fingerprint, template protection, bio-cryptography, minutiae protection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 779

Authors: Yung C. Ho, Hui C. Fang, Ming J. Hsieh

Abstract:

When consistently innovative business-models can give companies a competitive advantage, longitudinal empirical research, which can reflect dynamic business-model changes, has yet to prove a definitive connection. This study consequently employs a dynamic perspective in conjunction with innovation theory to examine the relationship between the types of business-model innovation and firm value. This study tries to examine various types of business-model innovation in high-end and low-end technology industries such as HTC and the 7-Eleven chain stores with research periods of 14 years and 32 years, respectively. The empirical results suggest that adopting radical business-model innovation in addition to expanding new target markets can successfully lead to a competitive advantage. Sustained advanced technological competences and service/product innovation are the key successful factors in high-end and low-end technology industry business-models respectively. In sum up, the business-model innovation can yield a higher market value and financial value in high-end technology industries than low-end ones.

Keywords: Business-model, Dynamic Perspective, Firm Value, Innovation

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2694

Authors: Dongwan Kang, Joohyung Oh, Chaetae Im

Abstract:

Advancement of communication technologies and smart devices in the recent times is leading to changes into the integrated wired and wireless communication environments. Since early days, businesses had started introducing environments for mobile device application to their operations in order to improve productivity (efficiency) and the closed corporate environment gradually shifted to an open structure. Recently, individual user's interest in working environment using mobile devices has increased and a new corporate working environment under the concept of BYOD is drawing attention. BYOD (bring your own device) is a concept where individuals bring in and use their own devices in business activities. Through BYOD, businesses can anticipate improved productivity (efficiency) and also a reduction in the cost of purchasing devices. However, as a result of security threats caused by frequent loss and theft of personal devices and corporate data leaks due to low security, companies are reluctant about adopting BYOD system. In addition, without considerations to diverse devices and connection environments, there are limitations in detecting abnormal behaviors, such as information leaks, using the existing network-based security equipment. This study suggests a method to detect abnormal behaviors according to individual behavioral patterns, rather than the existing signature-based malicious behavior detection, and discusses applications of this method in BYOD environment.

Keywords: BYOD, Security, Anomaly Behavior Detection.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2018

Authors: Mayada AlMeghari

Abstract:

Recently, grid middlewares have provided large integrated use of network resources as the shared data and the CPU to become a virtual supercomputer. In this work, we present the design and implementation of the middleware for Data Warehouse Signature (DWS) Framework. The aim of using the middleware in the proposed DWS framework is to achieve the high performance by the parallel computing. This middleware is developed on Alchemi.Net framework to increase the security among the network nodes through the authentication and group-key distribution model. This model achieves the key security and prevents any intermediate attacks in the middleware. This paper presents the flow process structures of the middleware design. In addition, the paper ensures the implementation of security for DWS middleware enhancement with the authentication and group-key distribution model. Finally, from the analysis of other middleware approaches, the developed middleware of DWS framework is the optimal solution of a complete covering of security issues.

Keywords: Middleware, parallel computing, data warehouse, security, group-key, high performance.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 265

Authors: Anwar Kashgari

Abstract:

COVID-19 has severe impacts on business all over the world. The great lockdown of many business owners requires a sage deal with this pandemic. This paper seeks to support business leaders with a standpoint about the COVID-19 situation and provides implications for the SMEs (Small and Medium Enterprises) and companies. The paper reflects the author's view about the impact of COVID-19 on business activities. We discussed the impact of COVID-19 upon three aspects, namely, startups, SMEs, and e-commerce. The KSA is taken as an example of the developing countries about which we present the current situation. Finally, recommendations to policy and decision-makers are given.

Keywords: COVID-19, business networking, globalization, Saudi Arabia.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 363