Pub Date : 2021-03-24DOI: 10.1080/19393555.2021.1902592
R. Shrivastava, Varun Natu, C. Hota
ABSTRACT This paper addresses the challenges of building a secure software system to prevent Man-at-the-End attacks. Ensuring the security of systems is challenging due to unfavorable constraints faced by the end-point host system. Constraints such as hostile environments leave the host system at the peril of would-be attackers. In this paper, we verify program integrity through L3 cache by monitoring the security-sensitive code points and verify them in memory. This paper uses a cache-based monitoring program to verify code integrity. In particular, we show that side-channel information can be used to encode the invariant of the program execution state. These invariants can be periodically and externally monitored as a proxy for application integrity. This monitoring system uses a sliding window scheme that can detect the violation of these invariant with high reliability. The proposed solution is transparent to the attacker and utilizes a side-channel technique (Flush + Reload) along with a sliding window scheme to monitor security-sensitive code and detect MATE attacks to prevent malicious manipulation of software.
{"title":"Code integrity verification using cache memory monitoring","authors":"R. Shrivastava, Varun Natu, C. Hota","doi":"10.1080/19393555.2021.1902592","DOIUrl":"https://doi.org/10.1080/19393555.2021.1902592","url":null,"abstract":"ABSTRACT This paper addresses the challenges of building a secure software system to prevent Man-at-the-End attacks. Ensuring the security of systems is challenging due to unfavorable constraints faced by the end-point host system. Constraints such as hostile environments leave the host system at the peril of would-be attackers. In this paper, we verify program integrity through L3 cache by monitoring the security-sensitive code points and verify them in memory. This paper uses a cache-based monitoring program to verify code integrity. In particular, we show that side-channel information can be used to encode the invariant of the program execution state. These invariants can be periodically and externally monitored as a proxy for application integrity. This monitoring system uses a sliding window scheme that can detect the violation of these invariant with high reliability. The proposed solution is transparent to the attacker and utilizes a side-channel technique (Flush + Reload) along with a sliding window scheme to monitor security-sensitive code and detect MATE attacks to prevent malicious manipulation of software.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115978781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-03-18DOI: 10.1080/19393555.2021.1900465
S. Srisakthi, Gufran Ahmad Ansari
ABSTRACT One of the major practices of cloud computing is the storage service that it offers. In spite of its many creditable advantages, it also has some disadvantages like data security and data availability. These two are the main issues that a user face. Many models have been proposed to solve these issues. These models use cryptographic methods to secure the data and data redundancy method to ensure data availability. Both these methods solved the issues at the cost of extra storage space and increased time consumption both at the user and at the server side. This paper recommends a model PCSP (Protected Cloud Service Provider) which solves these issues in a novel way. The model uses light weight techniques which does not employ cryptographic methods. PCSP uses a layered approach, with three entities – the user, the PCSP, and the vendor. Due to the use of light weight techniques, the execution time is reduced by 80% and the storage needed is also reduced by 60%. Thus, there is still more reduction in the storage space. The implementation and analysis serve as the proof of concept
云计算的主要实践之一是它提供的存储服务。尽管它有许多值得称道的优点,但它也有一些缺点,如数据安全性和数据可用性。这两个是用户面临的主要问题。人们提出了许多模型来解决这些问题。这些模型采用加密方法来保护数据,采用数据冗余方法来保证数据的可用性。这两种方法都以额外的存储空间为代价解决了问题,并增加了用户和服务器端的时间消耗。本文提出了一种新型的PCSP (Protected Cloud Service Provider)模型,以一种新颖的方式解决了这些问题。该模型使用轻量级技术,不使用加密方法。PCSP使用分层的方法,有三个实体——用户、PCSP和供应商。由于使用了轻量级技术,执行时间减少了80%,所需的存储也减少了60%。因此,存储空间的减少幅度更大。实现和分析作为概念的证明
{"title":"PCSP: A Protected Cloud Storage Provider employing light weight techniques","authors":"S. Srisakthi, Gufran Ahmad Ansari","doi":"10.1080/19393555.2021.1900465","DOIUrl":"https://doi.org/10.1080/19393555.2021.1900465","url":null,"abstract":"ABSTRACT One of the major practices of cloud computing is the storage service that it offers. In spite of its many creditable advantages, it also has some disadvantages like data security and data availability. These two are the main issues that a user face. Many models have been proposed to solve these issues. These models use cryptographic methods to secure the data and data redundancy method to ensure data availability. Both these methods solved the issues at the cost of extra storage space and increased time consumption both at the user and at the server side. This paper recommends a model PCSP (Protected Cloud Service Provider) which solves these issues in a novel way. The model uses light weight techniques which does not employ cryptographic methods. PCSP uses a layered approach, with three entities – the user, the PCSP, and the vendor. Due to the use of light weight techniques, the execution time is reduced by 80% and the storage needed is also reduced by 60%. Thus, there is still more reduction in the storage space. The implementation and analysis serve as the proof of concept","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116911427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-03-12DOI: 10.1080/19393555.2021.1896055
Mukesh Dalal, Mamta Juneja
ABSTRACT Videos are nowadays the most frequent and easy mode of communication over the internet; the reason behind the growth is the accessibility to video processing software available on the internet. Video steganography is a field where the data is embedded in video keeping the visual quality of the video intact. This study presents a new video steganography scheme with a stable trade-off between robustness and imperceptibility using 2D-DWT (Discrete Wavelet Transform) based on object detection and tracking. The main contribution of this paper includes embedding of secret data in the moving objects after applying object detection for the video frames where the secret bits are embedded in middle frequency sub-bands after applying 2D-DWT. To highlight the effectiveness of the proposed scheme, experimental results are carried out both quantitatively and qualitatively where quantitative analysis is done using different metrics such as PSNR, SSIM, BER and qualitative analysis is done using visual results of the frames. The experimental results illustrated that the proposed approach outperforms existing techniques in terms of qualitative and quantitative evaluation with high imperceptibility and robustness against noise attack. Eventually, the scheme has also been tested against existing steganalysis techniques to ensure the security of the proposed scheme.
{"title":"A secure video steganography scheme using DWT based on object tracking","authors":"Mukesh Dalal, Mamta Juneja","doi":"10.1080/19393555.2021.1896055","DOIUrl":"https://doi.org/10.1080/19393555.2021.1896055","url":null,"abstract":"ABSTRACT Videos are nowadays the most frequent and easy mode of communication over the internet; the reason behind the growth is the accessibility to video processing software available on the internet. Video steganography is a field where the data is embedded in video keeping the visual quality of the video intact. This study presents a new video steganography scheme with a stable trade-off between robustness and imperceptibility using 2D-DWT (Discrete Wavelet Transform) based on object detection and tracking. The main contribution of this paper includes embedding of secret data in the moving objects after applying object detection for the video frames where the secret bits are embedded in middle frequency sub-bands after applying 2D-DWT. To highlight the effectiveness of the proposed scheme, experimental results are carried out both quantitatively and qualitatively where quantitative analysis is done using different metrics such as PSNR, SSIM, BER and qualitative analysis is done using visual results of the frames. The experimental results illustrated that the proposed approach outperforms existing techniques in terms of qualitative and quantitative evaluation with high imperceptibility and robustness against noise attack. Eventually, the scheme has also been tested against existing steganalysis techniques to ensure the security of the proposed scheme.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132893638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-03-04DOI: 10.1080/19393555.2021.1883777
Ayei E. Ibor, F. Oladeji, O. Okunoye, C. Uwadia
ABSTRACT Some of the problems of extant cyberattack prediction approaches are low prediction accuracy, high false positive rate, very long training time, and the choice of hyperparameters to overcome overfitting or under fitting the model on the training data. These problems have culminated in the escalation of cyberattacks in recent times and as such significant improvement to the performance of extant models is crucial. Some deep learning architectures such as Recurrent Neural Networks (RNN) have been applied to cyberattack prediction. However, Recurrent Neural Networks (RNN) suffer from the vanishing and exploding gradient problem, and are difficult to train. Also, determining the different states and hyperparameters of the network for optimal prediction performance is difficult. Therefore, this paper proposes a novel approach called AdacDeep that uses an Enhanced Genetic Algorithm (EGA), Deep Autoencoder and a Deep Feedforward Neural Network (DFFNN) with backpropagation learning to accurately predict different attack types. The performance of AdacDeep is evaluated using two well-known datasets, namely, the CICIDS2017 and UNSW_NB15 datasets as the benchmark. The experimental results show that AdacDeep outperforms other state-of-the-art comparative models in terms of prediction accuracy with 0.22–35% improvement, F-Score with 0.1–34.7% improvement and very low false positive rate.
{"title":"Novel adaptive cyberattack prediction model using an enhanced genetic algorithm and deep learning (AdacDeep)","authors":"Ayei E. Ibor, F. Oladeji, O. Okunoye, C. Uwadia","doi":"10.1080/19393555.2021.1883777","DOIUrl":"https://doi.org/10.1080/19393555.2021.1883777","url":null,"abstract":"ABSTRACT Some of the problems of extant cyberattack prediction approaches are low prediction accuracy, high false positive rate, very long training time, and the choice of hyperparameters to overcome overfitting or under fitting the model on the training data. These problems have culminated in the escalation of cyberattacks in recent times and as such significant improvement to the performance of extant models is crucial. Some deep learning architectures such as Recurrent Neural Networks (RNN) have been applied to cyberattack prediction. However, Recurrent Neural Networks (RNN) suffer from the vanishing and exploding gradient problem, and are difficult to train. Also, determining the different states and hyperparameters of the network for optimal prediction performance is difficult. Therefore, this paper proposes a novel approach called AdacDeep that uses an Enhanced Genetic Algorithm (EGA), Deep Autoencoder and a Deep Feedforward Neural Network (DFFNN) with backpropagation learning to accurately predict different attack types. The performance of AdacDeep is evaluated using two well-known datasets, namely, the CICIDS2017 and UNSW_NB15 datasets as the benchmark. The experimental results show that AdacDeep outperforms other state-of-the-art comparative models in terms of prediction accuracy with 0.22–35% improvement, F-Score with 0.1–34.7% improvement and very low false positive rate.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130231033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-03-01DOI: 10.1080/19393555.2021.1893410
K. Chuma, M. Ngoepe
ABSTRACT Digital health technologies have changed the healthcare sector landscape and thus generated new opportunities for collecting, storing and accessing electronic personal health information (ePHI). However, this has also caused ePHI to be exposed to a variety of new security threats, attacks and vulnerabilities. This qualitative study explored the security of ePHI in a public hospital in South Africa. Data were collected through semi-structured interviews with purposively selected network controllers, IT technicians, administrative and records clerks and triangulated through document analysis. Data were coded and analyzed using ATLAS.ti, version 8. The findings showed that the public hospital is witnessing a deluge of cyber threats such as Worms, Trojan horses, and shortcut viruses. This is compounded by technological vulnerabilities such as power and system failure, obsolete computers, and systems. Security measures such as username-password, encryption, firewall, and antivirus and security audit log exist in the hospital to protect ePHI. The study recommends the need to implement an intrusion protection system and constantly update the firewall and antivirus. It is concluded that without proper security protocols, ePHI could be exposed to threats and cyber attacks. The public hospital is urged to use blockchain technology to strengthen the security of ePHI.
{"title":"Security of electronic personal health information in a public hospital in South Africa","authors":"K. Chuma, M. Ngoepe","doi":"10.1080/19393555.2021.1893410","DOIUrl":"https://doi.org/10.1080/19393555.2021.1893410","url":null,"abstract":"ABSTRACT Digital health technologies have changed the healthcare sector landscape and thus generated new opportunities for collecting, storing and accessing electronic personal health information (ePHI). However, this has also caused ePHI to be exposed to a variety of new security threats, attacks and vulnerabilities. This qualitative study explored the security of ePHI in a public hospital in South Africa. Data were collected through semi-structured interviews with purposively selected network controllers, IT technicians, administrative and records clerks and triangulated through document analysis. Data were coded and analyzed using ATLAS.ti, version 8. The findings showed that the public hospital is witnessing a deluge of cyber threats such as Worms, Trojan horses, and shortcut viruses. This is compounded by technological vulnerabilities such as power and system failure, obsolete computers, and systems. Security measures such as username-password, encryption, firewall, and antivirus and security audit log exist in the hospital to protect ePHI. The study recommends the need to implement an intrusion protection system and constantly update the firewall and antivirus. It is concluded that without proper security protocols, ePHI could be exposed to threats and cyber attacks. The public hospital is urged to use blockchain technology to strengthen the security of ePHI.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116317684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-12DOI: 10.1080/19393555.2021.1887413
M. Pishdar, Y. Seifi, M. Nasiri, M. Bag-Mohammadi
ABSTRACT RPL is a de facto routing protocol for IoT (Internet of Things). In this paper, an efficient IDS (intrusion detection system) is proposed to solve a major security vulnerability of RPL, which is called fabricated parent change. We show that many well-known attacks and security breaches are carried out via this vulnerability. The proposed method, which is called PCC-RPL (Parental Change Control RPL), prevents unsolicited parent changes by utilizing the trust concept. In PCC-RPL, all parents monitor their children behavior continuously. When a malicious activity is detected by the parent, it decreases the child's trust level and informs the root by sending a suspicion message. Our simulation results indicate that PCC-RPL can detect almost all common RPL attacks with an acceptable accuracy compared to a well-known method. Low control overhead, low energy consumption, short attack detection delay, and high precision are the main features of the proposed scheme.
{"title":"PCC-RPL: An efficient trust-based security extension for RPL","authors":"M. Pishdar, Y. Seifi, M. Nasiri, M. Bag-Mohammadi","doi":"10.1080/19393555.2021.1887413","DOIUrl":"https://doi.org/10.1080/19393555.2021.1887413","url":null,"abstract":"ABSTRACT RPL is a de facto routing protocol for IoT (Internet of Things). In this paper, an efficient IDS (intrusion detection system) is proposed to solve a major security vulnerability of RPL, which is called fabricated parent change. We show that many well-known attacks and security breaches are carried out via this vulnerability. The proposed method, which is called PCC-RPL (Parental Change Control RPL), prevents unsolicited parent changes by utilizing the trust concept. In PCC-RPL, all parents monitor their children behavior continuously. When a malicious activity is detected by the parent, it decreases the child's trust level and informs the root by sending a suspicion message. Our simulation results indicate that PCC-RPL can detect almost all common RPL attacks with an acceptable accuracy compared to a well-known method. Low control overhead, low energy consumption, short attack detection delay, and high precision are the main features of the proposed scheme.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114685253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-14DOI: 10.1080/19393555.2021.1873464
Shefali Arora, M. Bhatia
ABSTRACT Biometric systems identify individuals based on unique traits such as the face, fingerprints, iris etc. The main objective of the study is to understand the role of deep learning in the process of authentication as well as its application in the enhancement of security of biometric systems. We highlight the studies using deep learning approaches to authenticate enrolled users under ideal and non-ideal environmental conditions. We summarize these approaches and explore the challenges that continue to restrict the full potential of biometric systems. The foremost are: building robust algorithms for authentication, ensuring the security of enrolled templates and protecting systems against spoofing attacks. In this paper, we review the performance achieved by various studies in overcoming the aforesaid challenges, along with the potential improvements and future directions in this domain.
{"title":"Challenges and opportunities in biometric security: A survey","authors":"Shefali Arora, M. Bhatia","doi":"10.1080/19393555.2021.1873464","DOIUrl":"https://doi.org/10.1080/19393555.2021.1873464","url":null,"abstract":"ABSTRACT Biometric systems identify individuals based on unique traits such as the face, fingerprints, iris etc. The main objective of the study is to understand the role of deep learning in the process of authentication as well as its application in the enhancement of security of biometric systems. We highlight the studies using deep learning approaches to authenticate enrolled users under ideal and non-ideal environmental conditions. We summarize these approaches and explore the challenges that continue to restrict the full potential of biometric systems. The foremost are: building robust algorithms for authentication, ensuring the security of enrolled templates and protecting systems against spoofing attacks. In this paper, we review the performance achieved by various studies in overcoming the aforesaid challenges, along with the potential improvements and future directions in this domain.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123727693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-05DOI: 10.1080/19393555.2020.1859654
S. M. Kareem, A. M. Rahma
ABSTRACT This paper proposes a new modification to the AES in order to ensure a high-level security. This is accomplished by replacing the binary Exclusive OR (XOR) operation in each add-round-key stage of the AES with a new (#) operation. The (#) operation requires an additional and randomly generated control key to determine the state table (among 256 optional state tables) needed to apply the (#) operation. The 256 states tables are formed based on the addition operation in the Galois Field GF (28) to increase the randomness of the algorithm. The modified AES algorithm has been evaluated based on several security metrics. In our proposed algorithm, an attacker needs, at minimum, up to (2431)10 probabilities of keys to decrypt an encrypted message; thus, the proposed AES algorithm increases the complexity of the original AES against the differential cryptanalysis. Moreover, compared to the original AES, applying the (#) operation in our modified algorithm also improves the performance in other security metrics, such as NIST and histogram. Consequently, this replacement by using two keys in both the encryption and decryption process adds a new level of “protection and a greater degree of robustness against breaking methods.
{"title":"New method for improving add round key in the advanced encryption standard algorithm","authors":"S. M. Kareem, A. M. Rahma","doi":"10.1080/19393555.2020.1859654","DOIUrl":"https://doi.org/10.1080/19393555.2020.1859654","url":null,"abstract":"ABSTRACT This paper proposes a new modification to the AES in order to ensure a high-level security. This is accomplished by replacing the binary Exclusive OR (XOR) operation in each add-round-key stage of the AES with a new (#) operation. The (#) operation requires an additional and randomly generated control key to determine the state table (among 256 optional state tables) needed to apply the (#) operation. The 256 states tables are formed based on the addition operation in the Galois Field GF (28) to increase the randomness of the algorithm. The modified AES algorithm has been evaluated based on several security metrics. In our proposed algorithm, an attacker needs, at minimum, up to (2431)10 probabilities of keys to decrypt an encrypted message; thus, the proposed AES algorithm increases the complexity of the original AES against the differential cryptanalysis. Moreover, compared to the original AES, applying the (#) operation in our modified algorithm also improves the performance in other security metrics, such as NIST and histogram. Consequently, this replacement by using two keys in both the encryption and decryption process adds a new level of “protection and a greater degree of robustness against breaking methods.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133065003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-02DOI: 10.1080/19393555.2020.1797948
Richard Charles Hornberger
ABSTRACT The research question explores factors that create a feeling of privacy violation and discusses steps organizations can take to improve the perception of digital privacy for employees answering, “What intrusion, interference, and information access factors can be implemented by organizations to create a sense of digital privacy for employees in for-profit organizations?” Moor’s Theory of Privacy guides the research examining three components of normative privacy in a digital age: intrusion protection, interference protection, and information access protection. The method of inquiry is a systematic review of twenty-one articles containing published in peer-reviewed academic journals over the last five years. Intrusion protection recommendations include monitoring and compliance with existing legislation, exhibition of transparency on policies and procedures, creating or revisiting existing organizational policies, and providing or enhancing training practices. Interference protection recommendations include gaining consent on policies, and encouraging systems that allow self-control of privacy. Information access protection recommendations involve weighing benefits and costs of security controls, limiting excessive data collection, anonymizing or obfuscating data collection, deleting data when use is complete, creating sanctions for information security misbehavior, and reviewing mobile device management environments. This discovered framework can decrease levels of stress, improve task performance, and decrease bad behavior will improving levels of job satisfaction and organizational commitment.
{"title":"Creating a sense of digital privacy in the private sector","authors":"Richard Charles Hornberger","doi":"10.1080/19393555.2020.1797948","DOIUrl":"https://doi.org/10.1080/19393555.2020.1797948","url":null,"abstract":"ABSTRACT The research question explores factors that create a feeling of privacy violation and discusses steps organizations can take to improve the perception of digital privacy for employees answering, “What intrusion, interference, and information access factors can be implemented by organizations to create a sense of digital privacy for employees in for-profit organizations?” Moor’s Theory of Privacy guides the research examining three components of normative privacy in a digital age: intrusion protection, interference protection, and information access protection. The method of inquiry is a systematic review of twenty-one articles containing published in peer-reviewed academic journals over the last five years. Intrusion protection recommendations include monitoring and compliance with existing legislation, exhibition of transparency on policies and procedures, creating or revisiting existing organizational policies, and providing or enhancing training practices. Interference protection recommendations include gaining consent on policies, and encouraging systems that allow self-control of privacy. Information access protection recommendations involve weighing benefits and costs of security controls, limiting excessive data collection, anonymizing or obfuscating data collection, deleting data when use is complete, creating sanctions for information security misbehavior, and reviewing mobile device management environments. This discovered framework can decrease levels of stress, improve task performance, and decrease bad behavior will improving levels of job satisfaction and organizational commitment.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130832413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.1080/19393555.2020.1869356
Manal Mohamed Alhejazi, R. Mohammad
ABSTRACT Internet of Things (IoT) is expected to improve our lifestyle in a noticeable way. However, although the IoT holds a lot of chances, it contains a lot of serious risks. This leads to a focus on developing security techniques that can increase the security level of IoT. Blockchain is considered as an innovative technique for securing IoT and sharing data in a secure and tamperproof way. The blockchain is a peer-to-peer connection system that performs transactions securely by using consensus algorithms with no need for a trusted third party. Blockchain proved its applicability in securing IoT networks, and the research in this area is still enticing researchers to delve deeper and deeper. Decentralized voting is considered the fundamental principle that blockchain relies on for making the appropriate decision that would offer a proper security level for IoT. In this research a novel decentralized blockchain Weighted Majority Consensus Algorithm is proposed. The algorithm is inspired by the well-known weighted majority voting algorithm in the ensemble data mining learning approach. A java implementation of WMCA has been created for testing several scenarios with the aim of confirming the applicability of the proposed WMCA and the results were very promising.
{"title":"Enhancing the blockchain voting process in IoT using a novel blockchain Weighted Majority Consensus Algorithm (WMCA)","authors":"Manal Mohamed Alhejazi, R. Mohammad","doi":"10.1080/19393555.2020.1869356","DOIUrl":"https://doi.org/10.1080/19393555.2020.1869356","url":null,"abstract":"ABSTRACT Internet of Things (IoT) is expected to improve our lifestyle in a noticeable way. However, although the IoT holds a lot of chances, it contains a lot of serious risks. This leads to a focus on developing security techniques that can increase the security level of IoT. Blockchain is considered as an innovative technique for securing IoT and sharing data in a secure and tamperproof way. The blockchain is a peer-to-peer connection system that performs transactions securely by using consensus algorithms with no need for a trusted third party. Blockchain proved its applicability in securing IoT networks, and the research in this area is still enticing researchers to delve deeper and deeper. Decentralized voting is considered the fundamental principle that blockchain relies on for making the appropriate decision that would offer a proper security level for IoT. In this research a novel decentralized blockchain Weighted Majority Consensus Algorithm is proposed. The algorithm is inspired by the well-known weighted majority voting algorithm in the ensemble data mining learning approach. A java implementation of WMCA has been created for testing several scenarios with the aim of confirming the applicability of the proposed WMCA and the results were very promising.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122594086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: