Pub Date : 2021-09-07DOI: 10.1080/19393555.2021.1971802
Sunitha Prabhu, Nik Thompson
ABSTRACT Though human factors are increasingly being acknowledged as a contributor to cybersecurity incidents, this domain is not widely understood by those in technical and applied disciplines. Humans can be influenced, are not always rational or predictable, and must be studied through psychology rather than technology. Consequently, this domain may represent uncharted territory for the technical practitioner leaving many promising areas of research and practice unexplored. This paper provides a broad primer on human factors in cybersecurity, specifically focusing on the threat posed by organizational insiders. We emphasize the pivotal role that users play in determining overall system security and aim to introduce non-experts to this field, stimulating new interest in this intersection of humans and computers.
{"title":"A primer on insider threats in cybersecurity","authors":"Sunitha Prabhu, Nik Thompson","doi":"10.1080/19393555.2021.1971802","DOIUrl":"https://doi.org/10.1080/19393555.2021.1971802","url":null,"abstract":"ABSTRACT Though human factors are increasingly being acknowledged as a contributor to cybersecurity incidents, this domain is not widely understood by those in technical and applied disciplines. Humans can be influenced, are not always rational or predictable, and must be studied through psychology rather than technology. Consequently, this domain may represent uncharted territory for the technical practitioner leaving many promising areas of research and practice unexplored. This paper provides a broad primer on human factors in cybersecurity, specifically focusing on the threat posed by organizational insiders. We emphasize the pivotal role that users play in determining overall system security and aim to introduce non-experts to this field, stimulating new interest in this intersection of humans and computers.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123813044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-07DOI: 10.1080/19393555.2021.1971803
D. Gothawal, S. Nagaraj
ABSTRACT Routing Protocol for Low power and Lossy network (RPL) offers a set of mechanisms to attain efficient communication over resource-limited heterogeneous IoT environments. RPL attacks downgrade the network performance by disrupting the optimal protocol structure. So it is crucial to develop lightweight security solutions to detect such attacks and maximize the RPL performance. This paper designs an intelligent and lightweight IDS model named RPL Attacks based on Intrusion Detection for Efficient Routing (RAIDER) to reinforce security of RPL routing mechanism. RAIDER addresses the lack of security over RPL by analyzing the impacts of four RPL attacks using simulation, incorporates an automata theory with the IDS nodes to scrutinize the node behavior and to diminish the impact of such attacks. The IDS nodes monitor the network and periodically transplant the observed information as different states based on the finite automata theory. RAIDAR takes attack decisions based on the state transitions pre-estimated threshold of context-aware attack decision-making model and detects RPL attacks. RAIDER improves the RPL routing performance with minimum energy consumption. The Contiki Cooja-based simulation results demonstrate the efficiency of the RAIDER in terms of the packet delivery ratio, energy consumption, delay, overhead, attack detection accuracy, and network lifetime.
{"title":"An intelligent and lightweight intrusion detection mechanism for RPL routing attacks by applying automata model","authors":"D. Gothawal, S. Nagaraj","doi":"10.1080/19393555.2021.1971803","DOIUrl":"https://doi.org/10.1080/19393555.2021.1971803","url":null,"abstract":"ABSTRACT Routing Protocol for Low power and Lossy network (RPL) offers a set of mechanisms to attain efficient communication over resource-limited heterogeneous IoT environments. RPL attacks downgrade the network performance by disrupting the optimal protocol structure. So it is crucial to develop lightweight security solutions to detect such attacks and maximize the RPL performance. This paper designs an intelligent and lightweight IDS model named RPL Attacks based on Intrusion Detection for Efficient Routing (RAIDER) to reinforce security of RPL routing mechanism. RAIDER addresses the lack of security over RPL by analyzing the impacts of four RPL attacks using simulation, incorporates an automata theory with the IDS nodes to scrutinize the node behavior and to diminish the impact of such attacks. The IDS nodes monitor the network and periodically transplant the observed information as different states based on the finite automata theory. RAIDAR takes attack decisions based on the state transitions pre-estimated threshold of context-aware attack decision-making model and detects RPL attacks. RAIDER improves the RPL routing performance with minimum energy consumption. The Contiki Cooja-based simulation results demonstrate the efficiency of the RAIDER in terms of the packet delivery ratio, energy consumption, delay, overhead, attack detection accuracy, and network lifetime.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125464808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-03DOI: 10.1080/19393555.2021.1980159
Erik B. Korn, Douglas M. Fletcher, Erica M. Mitchell, Aryn A. Pyke, Steven M. Whitham
ABSTRACT COVID-19 quickly gave rise to a newly expansive space wrought with unforeseen vulnerabilities. Cyber threat actors swiftly identified this space and immediately began seizing targets of opportunity amid chaotic conditions. Recognizing this emerging challenge, our goal was to find a mechanism that would support better understanding of holistic cyber incident response in the context of emergency management amid pandemic circumstances. Therefore, we conducted Jack Pandemus, a distributed event that simulated concurrent cyber and emergency incident response challenges. This event first occurred with Charleston, South Carolina followed by Savannah, Georgia. Each iteration included public and private sector entities whose positions corresponded with real-world cyber incident and/or emergency response. Jack Pandemus introduced a cascading multisector cyber incident under pandemic conditions with a focus on identifying cross-sector gaps, dependencies, constraints, strengths, and lessons learned. Jack Pandemus ultimately revealed: that physical pandemic stressors can significantly impact cyber incident response; that emergency response remains primarily focused on pandemic impacts despite concurrent cyber consequences; that locally shared resources are quickly exhausted during a multisector crisis; that significant confusion remains between public and private sectors regarding how and when to request additional support; and that cybersecurity is not treated as an operational problem despite considerable cascading potential.
{"title":"Jack pandemus – Cyber incident and emergency response during a pandemic","authors":"Erik B. Korn, Douglas M. Fletcher, Erica M. Mitchell, Aryn A. Pyke, Steven M. Whitham","doi":"10.1080/19393555.2021.1980159","DOIUrl":"https://doi.org/10.1080/19393555.2021.1980159","url":null,"abstract":"ABSTRACT COVID-19 quickly gave rise to a newly expansive space wrought with unforeseen vulnerabilities. Cyber threat actors swiftly identified this space and immediately began seizing targets of opportunity amid chaotic conditions. Recognizing this emerging challenge, our goal was to find a mechanism that would support better understanding of holistic cyber incident response in the context of emergency management amid pandemic circumstances. Therefore, we conducted Jack Pandemus, a distributed event that simulated concurrent cyber and emergency incident response challenges. This event first occurred with Charleston, South Carolina followed by Savannah, Georgia. Each iteration included public and private sector entities whose positions corresponded with real-world cyber incident and/or emergency response. Jack Pandemus introduced a cascading multisector cyber incident under pandemic conditions with a focus on identifying cross-sector gaps, dependencies, constraints, strengths, and lessons learned. Jack Pandemus ultimately revealed: that physical pandemic stressors can significantly impact cyber incident response; that emergency response remains primarily focused on pandemic impacts despite concurrent cyber consequences; that locally shared resources are quickly exhausted during a multisector crisis; that significant confusion remains between public and private sectors regarding how and when to request additional support; and that cybersecurity is not treated as an operational problem despite considerable cascading potential.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124321968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-24DOI: 10.1080/19393555.2021.1963018
Umar Hussain Mir, Deep Singh, Parveiz Nazir Lone
ABSTRACT This paper proposes an asymmetric encryption scheme for color images by introducing a new efficient triple-layered encryption scheme based on the RSA cryptosystem along with a chaotic map in the discrete Hartley domain. The present approach encrypts the image independently using the RSA cryptosystem and afterward transforms them into discrete Hartley domains to diffuse the image pixels. Further, the pixel positions are dislocated by applying a non-linear chaotic map to provide a complex structure of the scheme. The hardness of prime factorization of integers is intricacy in the RSA algorithm. The massive pixel confusion by a non-linear Hénon map gives rise to an efficient and robust system. Simulation results with performance analysis and the detailed comparison with extant systems assure robustness, validity, and security of the proposed scheme against various cryptanalytic attacks.
{"title":"Color image encryption using RSA cryptosystem with a chaotic map in Hartley domain","authors":"Umar Hussain Mir, Deep Singh, Parveiz Nazir Lone","doi":"10.1080/19393555.2021.1963018","DOIUrl":"https://doi.org/10.1080/19393555.2021.1963018","url":null,"abstract":"ABSTRACT This paper proposes an asymmetric encryption scheme for color images by introducing a new efficient triple-layered encryption scheme based on the RSA cryptosystem along with a chaotic map in the discrete Hartley domain. The present approach encrypts the image independently using the RSA cryptosystem and afterward transforms them into discrete Hartley domains to diffuse the image pixels. Further, the pixel positions are dislocated by applying a non-linear chaotic map to provide a complex structure of the scheme. The hardness of prime factorization of integers is intricacy in the RSA algorithm. The massive pixel confusion by a non-linear Hénon map gives rise to an efficient and robust system. Simulation results with performance analysis and the detailed comparison with extant systems assure robustness, validity, and security of the proposed scheme against various cryptanalytic attacks.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130460535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-18DOI: 10.1080/19393555.2021.1934197
Md. Siddiqur Rahman Tanveer, K. R. Alam, Y. Morimoto
ABSTRACT Usually, medical image relates to the disease. Its pixel distortion may cause an erroneous diagnosis. The multiple chaos-based encryptions can protect it significantly due to high sensitive control parameters. This paper proposes a multi-stage chaotic encryption technique by consecutively adopting Logistic map and Lorenz attractor to enrich the security level. At first, the usage of the Logistic map converts the plain medical image into a confusing image. Now, a confusion key encrypts this blur image. Later on, the involvement of the Lorenz attractor generates the final cipher image. Lastly, different security and statistical analyses including the National Institute of Standards and Technology (NIST) randomness test and comparisons ensure the strength of the cipher.
{"title":"A multi-stage chaotic encryption technique for medical image","authors":"Md. Siddiqur Rahman Tanveer, K. R. Alam, Y. Morimoto","doi":"10.1080/19393555.2021.1934197","DOIUrl":"https://doi.org/10.1080/19393555.2021.1934197","url":null,"abstract":"ABSTRACT Usually, medical image relates to the disease. Its pixel distortion may cause an erroneous diagnosis. The multiple chaos-based encryptions can protect it significantly due to high sensitive control parameters. This paper proposes a multi-stage chaotic encryption technique by consecutively adopting Logistic map and Lorenz attractor to enrich the security level. At first, the usage of the Logistic map converts the plain medical image into a confusing image. Now, a confusion key encrypts this blur image. Later on, the involvement of the Lorenz attractor generates the final cipher image. Lastly, different security and statistical analyses including the National Institute of Standards and Technology (NIST) randomness test and comparisons ensure the strength of the cipher.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114660641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-15DOI: 10.1080/19393555.2021.1959679
Payal Chaudhari, M. Das
ABSTRACT Proxy re-encryption is an essential prerequisite that facilitates a foreign entity (e.g., cloud server) to enforce the access of provisions of a document extended by one user to another user. While performing this task it is essential that the foreign entity does not learn any information about the actual document inside the encrypted envelop. In this paper, we present a scheme on Privacy-preserving Proxy Re-encryption for Access Control in Public Cloud, termed as PAC, that provides the proxy re-encryption of attribute-based encrypted data with receiver privacy. The proposed PAC scheme enables a proxy server to perform the re-encryption operation without learning anything about the data or the access policy. The PAC provides data confidentiality, and preserves receiver privacy. We show the PAC scheme adaptively secure against indistinguishability of ciphertext policy and chosen-plaintext attack (IND-CP-CPA) under the 2-Decisional Bilinear Diffie-Hellman Inversion assumption. The scheme is implemented on Google cloud instance and the experimental results show that the PAC scheme is storage and computation-efficient when compared to other related schemes.
{"title":"PAC: Privacy preserving proxy re-encryption for access control in public cloud","authors":"Payal Chaudhari, M. Das","doi":"10.1080/19393555.2021.1959679","DOIUrl":"https://doi.org/10.1080/19393555.2021.1959679","url":null,"abstract":"ABSTRACT Proxy re-encryption is an essential prerequisite that facilitates a foreign entity (e.g., cloud server) to enforce the access of provisions of a document extended by one user to another user. While performing this task it is essential that the foreign entity does not learn any information about the actual document inside the encrypted envelop. In this paper, we present a scheme on Privacy-preserving Proxy Re-encryption for Access Control in Public Cloud, termed as PAC, that provides the proxy re-encryption of attribute-based encrypted data with receiver privacy. The proposed PAC scheme enables a proxy server to perform the re-encryption operation without learning anything about the data or the access policy. The PAC provides data confidentiality, and preserves receiver privacy. We show the PAC scheme adaptively secure against indistinguishability of ciphertext policy and chosen-plaintext attack (IND-CP-CPA) under the 2-Decisional Bilinear Diffie-Hellman Inversion assumption. The scheme is implemented on Google cloud instance and the experimental results show that the PAC scheme is storage and computation-efficient when compared to other related schemes.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127593656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-09DOI: 10.1080/19393555.2021.1956023
Manasi Jana, Biswapati Jana
ABSTRACT Modern research in image watermarking focuses not only on security but also increasing the payload without having any detectable signature within the media. In this paper, a new Discrete Cosine Transform (DCT)-based image watermarking scheme has been proposed using Cellular Automata (CA). Here, a color cover image is split into three color channels: Red, Green and Blue. Then, DCT is applied on 8 x 8 non-overlapping blocks of each channel followed by a ZigZag scanning. Before embedding, the watermark is encrypted by applying CA rule-15 to make it more secure and robust. The encrypted watermark logo is embedded through DCT coefficients modification using CA rule-340 and mapping table. The proposed scheme is compared with existing state-of-the-art algorithms with respect to embedding capacity, imperceptibility and robustness. Results of the simulation show good imperceptibility measured in terms of Peak Signal-to-Noise Ratio (PSNR) with an average value of 54 dB and simultaneously having high payload of 1.48 bpp. Experimental results under different standard attacks show the superiority of the proposed algorithm as compared with other schemes in the field of image watermarking.
{"title":"A new DCT based robust image watermarking scheme using cellular automata","authors":"Manasi Jana, Biswapati Jana","doi":"10.1080/19393555.2021.1956023","DOIUrl":"https://doi.org/10.1080/19393555.2021.1956023","url":null,"abstract":"ABSTRACT Modern research in image watermarking focuses not only on security but also increasing the payload without having any detectable signature within the media. In this paper, a new Discrete Cosine Transform (DCT)-based image watermarking scheme has been proposed using Cellular Automata (CA). Here, a color cover image is split into three color channels: Red, Green and Blue. Then, DCT is applied on 8 x 8 non-overlapping blocks of each channel followed by a ZigZag scanning. Before embedding, the watermark is encrypted by applying CA rule-15 to make it more secure and robust. The encrypted watermark logo is embedded through DCT coefficients modification using CA rule-340 and mapping table. The proposed scheme is compared with existing state-of-the-art algorithms with respect to embedding capacity, imperceptibility and robustness. Results of the simulation show good imperceptibility measured in terms of Peak Signal-to-Noise Ratio (PSNR) with an average value of 54 dB and simultaneously having high payload of 1.48 bpp. Experimental results under different standard attacks show the superiority of the proposed algorithm as compared with other schemes in the field of image watermarking.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128589387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-08DOI: 10.1080/19393555.2021.1956650
Malika Bendechache, P. Lohar, G. Xie, Rob Brennan, R. Trestian, Edoardo Celeste, K. Kapanova, E. Jayasekera, Irina Tal
ABSTRACT This research focuses on designing methods aimed at assessing Irish public attitudes regarding privacy in COVID-19 times and their influence on the adoption of COVID-19 spread control technology such as the COVID tracker app. The success of such technologies is dependent on their adoption rate and privacy concerns may be a factor delaying or preventing thus adoption. An online questionnaire was built to collect: demographic data, participant’s general privacy profile using the Privacy Segmentation Index (PSI) which classifies individuals into 3 groups (privacy fundamentalists, pragmatists, and unconcerned), and the attitudes toward privacy in COVID-19 times. The questionnaire was shared via websites and social networks. The data was collected between 27/08/2020 to 27/9/2020. We received and analyzed 258 responses. The initial pilot study found that almost 73% of the respondents were pragmatists or unconcerned about privacy when it came to sharing their private data. Comparable results were obtained with other privacy studies that have employed PSI. The pilot indicates a huge increase, from 12% pre-pandemic to 61% during the pandemic, of people willing to share their data. The questionnaire developed following this study is further used in a national survey on privacy in COVID-19 times.
{"title":"Public attitudes towards privacy in COVID-19 times in the Republic of Ireland: A pilot study","authors":"Malika Bendechache, P. Lohar, G. Xie, Rob Brennan, R. Trestian, Edoardo Celeste, K. Kapanova, E. Jayasekera, Irina Tal","doi":"10.1080/19393555.2021.1956650","DOIUrl":"https://doi.org/10.1080/19393555.2021.1956650","url":null,"abstract":"ABSTRACT This research focuses on designing methods aimed at assessing Irish public attitudes regarding privacy in COVID-19 times and their influence on the adoption of COVID-19 spread control technology such as the COVID tracker app. The success of such technologies is dependent on their adoption rate and privacy concerns may be a factor delaying or preventing thus adoption. An online questionnaire was built to collect: demographic data, participant’s general privacy profile using the Privacy Segmentation Index (PSI) which classifies individuals into 3 groups (privacy fundamentalists, pragmatists, and unconcerned), and the attitudes toward privacy in COVID-19 times. The questionnaire was shared via websites and social networks. The data was collected between 27/08/2020 to 27/9/2020. We received and analyzed 258 responses. The initial pilot study found that almost 73% of the respondents were pragmatists or unconcerned about privacy when it came to sharing their private data. Comparable results were obtained with other privacy studies that have employed PSI. The pilot indicates a huge increase, from 12% pre-pandemic to 61% during the pandemic, of people willing to share their data. The questionnaire developed following this study is further used in a national survey on privacy in COVID-19 times.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125646766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-22DOI: 10.1080/19393555.2021.1923873
Melva M. Ratchford, O. El-Gayar, C. Noteboom, Yong Wang
ABSTRACT Organizations are exposed to new security risks when they allow employees’ personal mobile devices to access the network and the corporate data (a phenomenon called ‘Bring Your Own Device’ or BYOD). They are confronted with inherent security issues that need to be addressed in order to protect the organization and its information. What are the security issues and considerations associated with BYOD environments? With this in mind, the objective of this paper is to present a systematic literature review of scholarly literature (2010–2019) with respect to BYOD security, and to suggest a classification scheme that depicts a holistic approach to securing BYOD environments. The results of this review include the analysis of 38 scholarly articles, where 22 security issues were identified. Based on the proposed classification scheme, the analysis of the findings shows that 86% of the articles identified security issues and considerations associated with the IT domain, 51% identified security issues related to the Management domain, 45% related to the Users domain, and 19% related to the Mobile Device domain. The results also show that BYOD security issues corresponding to policies are among the most frequently addressed concerns, followed by network security, data protection, user’s attitude/behavior and governance.
{"title":"BYOD security issues: a systematic literature review","authors":"Melva M. Ratchford, O. El-Gayar, C. Noteboom, Yong Wang","doi":"10.1080/19393555.2021.1923873","DOIUrl":"https://doi.org/10.1080/19393555.2021.1923873","url":null,"abstract":"ABSTRACT Organizations are exposed to new security risks when they allow employees’ personal mobile devices to access the network and the corporate data (a phenomenon called ‘Bring Your Own Device’ or BYOD). They are confronted with inherent security issues that need to be addressed in order to protect the organization and its information. What are the security issues and considerations associated with BYOD environments? With this in mind, the objective of this paper is to present a systematic literature review of scholarly literature (2010–2019) with respect to BYOD security, and to suggest a classification scheme that depicts a holistic approach to securing BYOD environments. The results of this review include the analysis of 38 scholarly articles, where 22 security issues were identified. Based on the proposed classification scheme, the analysis of the findings shows that 86% of the articles identified security issues and considerations associated with the IT domain, 51% identified security issues related to the Management domain, 45% related to the Users domain, and 19% related to the Mobile Device domain. The results also show that BYOD security issues corresponding to policies are among the most frequently addressed concerns, followed by network security, data protection, user’s attitude/behavior and governance.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128080174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-02DOI: 10.1080/19393555.2021.1943572
A. H. Brahim, A. Ali-Pacha, N. Hadj-Said
ABSTRACT This paper studies a new image encryption scheme based on a hyperchaotic system & multi-specific S-boxes. First, the hyperchaotic system generates a sequence that is used to create a specific S-box. The S-box is obtained by sorting the values of the sequence of hyperchaotics of increasing sort, and then taking their index as a new sequence to create the S-box. The number of specific S-boxes needed to encrypt the image depends on the rows of the plain image. Second, each row of the plain image is substituted by a different S-box to obtain the rows of the pre-encrypted image. Third, to increase the level of security, each specific S-box is considered as a column of the mask matrix. Then, a permutation is applied to the mask matrix, which used the last sequence of the hyperchaotic to permuted the rows of the mask matrix to obtain the permuted mask matrix. Finally, the XOR operation is applied between the permuted mask matrix and the pre-encrypted image to obtain the final cipher image. Experimental and analysis results show that the proposed algorithm has a good performance in terms of security, high sensitivity, as well as low time complexity.
{"title":"A new image encryption scheme based on a hyperchaotic system & multi specific S-boxes","authors":"A. H. Brahim, A. Ali-Pacha, N. Hadj-Said","doi":"10.1080/19393555.2021.1943572","DOIUrl":"https://doi.org/10.1080/19393555.2021.1943572","url":null,"abstract":"ABSTRACT This paper studies a new image encryption scheme based on a hyperchaotic system & multi-specific S-boxes. First, the hyperchaotic system generates a sequence that is used to create a specific S-box. The S-box is obtained by sorting the values of the sequence of hyperchaotics of increasing sort, and then taking their index as a new sequence to create the S-box. The number of specific S-boxes needed to encrypt the image depends on the rows of the plain image. Second, each row of the plain image is substituted by a different S-box to obtain the rows of the pre-encrypted image. Third, to increase the level of security, each specific S-box is considered as a column of the mask matrix. Then, a permutation is applied to the mask matrix, which used the last sequence of the hyperchaotic to permuted the rows of the mask matrix to obtain the permuted mask matrix. Finally, the XOR operation is applied between the permuted mask matrix and the pre-encrypted image to obtain the final cipher image. Experimental and analysis results show that the proposed algorithm has a good performance in terms of security, high sensitivity, as well as low time complexity.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114835769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: