Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970986
Z. A. A. Abdelsadeq, S. N. Omar, N. Basir, Nur Fatin Nabila Binti Mohd Rafei Heng
Most organisations see technological controls as the solution to their information security problems. However, with all these technologies, it was evidently investigated that human errors are unavoidable.Unintentional insider is the biggest insider threat of all.Thus the objective of this paper is to propose a conceptual model as a countermeasure towards unintentional insider threats The proposed model in this research was adapted from (Generic Mitigation Strategies for Information Leaks) developed by Wan (2018) and (2019), It was expanded by combining it with UIT Mitigation Strategies and Countermeasures recommendations mentioned by previous studies.
{"title":"Unintentional Insider Threats Countermeasures Model (UITCM)","authors":"Z. A. A. Abdelsadeq, S. N. Omar, N. Basir, Nur Fatin Nabila Binti Mohd Rafei Heng","doi":"10.1109/ICoCSec47621.2019.8970986","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970986","url":null,"abstract":"Most organisations see technological controls as the solution to their information security problems. However, with all these technologies, it was evidently investigated that human errors are unavoidable.Unintentional insider is the biggest insider threat of all.Thus the objective of this paper is to propose a conceptual model as a countermeasure towards unintentional insider threats The proposed model in this research was adapted from (Generic Mitigation Strategies for Information Leaks) developed by Wan (2018) and (2019), It was expanded by combining it with UIT Mitigation Strategies and Countermeasures recommendations mentioned by previous studies.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132127002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8971097
Abdulrahman Sameer Sadeq, R. Hassan, S. S. Al-Rawi, Ahmed Mahdi Jubair, A. Aman
Internet of Things (IoT) has been emerged as promising technology. The limited resources of the IoT objects have resulted in restrictions in data transfer. New protocols have been proposed to meet these requirements and restrictions. Message Queue Telemetry Transport (MQTT), Constrain Application Protocol (CoAP) and many other IoT application protocols have been proposed. In this paper a Quality of Service (QoS) approach using MQTT for IoT environment is proposed. MQTT provides three levels of QoS for different classes of traffic. However, the traffic flow between subscribers and publishers is not controlled since publishers send data to broker and broker forwards it to subscribers. The absent of reliable end to end flow control can result in an increased number of packet loss and delay. A flow control mechanism is designed to overcome the flow control problem of MQTTwhere publisher can overwhelm subscriber. The suggested flow control mechanism reduced the packet drop to 98%, while e2e delay reduced to 64% compared to the standard MQTT implementation.
{"title":"A Qos Approach For Internet Of Things (Iot) Environment Using Mqtt Protocol","authors":"Abdulrahman Sameer Sadeq, R. Hassan, S. S. Al-Rawi, Ahmed Mahdi Jubair, A. Aman","doi":"10.1109/ICoCSec47621.2019.8971097","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971097","url":null,"abstract":"Internet of Things (IoT) has been emerged as promising technology. The limited resources of the IoT objects have resulted in restrictions in data transfer. New protocols have been proposed to meet these requirements and restrictions. Message Queue Telemetry Transport (MQTT), Constrain Application Protocol (CoAP) and many other IoT application protocols have been proposed. In this paper a Quality of Service (QoS) approach using MQTT for IoT environment is proposed. MQTT provides three levels of QoS for different classes of traffic. However, the traffic flow between subscribers and publishers is not controlled since publishers send data to broker and broker forwards it to subscribers. The absent of reliable end to end flow control can result in an increased number of packet loss and delay. A flow control mechanism is designed to overcome the flow control problem of MQTTwhere publisher can overwhelm subscriber. The suggested flow control mechanism reduced the packet drop to 98%, while e2e delay reduced to 64% compared to the standard MQTT implementation.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131074804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970885
M. S. Abdullah, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim
Cyber-attack has become one of the main concern in our everyday life and being reported throughout online news website. As thousands of news article existed, it is difficult to go through all the news which lead to a slower analyzing process. Hence, a vital text mining component known as Information Extraction (IE) is needed in order to ease the knowledge discovery process for the wide collection of the cyber security news. To make IE process better and easier, the usage of tool such as General Architecture for Text Engineering (GATE) can help a lot especially in creating annotated corpus. In this paper, we will introduce and reviewing several annotation tools that are freely available and also to discuss steps needed to create an annotated corpus for the cyber security text documents.
{"title":"Using Text Annotation Tool on Cyber Security News — A Review","authors":"M. S. Abdullah, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970885","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970885","url":null,"abstract":"Cyber-attack has become one of the main concern in our everyday life and being reported throughout online news website. As thousands of news article existed, it is difficult to go through all the news which lead to a slower analyzing process. Hence, a vital text mining component known as Information Extraction (IE) is needed in order to ease the knowledge discovery process for the wide collection of the cyber security news. To make IE process better and easier, the usage of tool such as General Architecture for Text Engineering (GATE) can help a lot especially in creating annotated corpus. In this paper, we will introduce and reviewing several annotation tools that are freely available and also to discuss steps needed to create an annotated corpus for the cyber security text documents.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126450610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970786
Khairun Nisyak Zakaria, A. Zainal, S. H. Othman, Mohamad Nizam Kassim
Public sector and private organizations began using cybersecurity control in order to defend their assets against cybercriminals attack. Cybersecurity audits assist organizations to deal with cyber threats, cybercriminals, and cyber-attacks thatare growing in an aggressive cyber landscape. However, cyber-attacks and threats become more increase and complex in complicated cyber landscapes challenge auditors to perform an effective cybersecurity audit. This current situation puts in evidens ce the critical need for a new approach in the cybersecurity audit execution. This study reviews an alternative method in the execution of cybersecurity security checks. The analysis is on the character and behavioral of cyber-attacks and threats using feature extraction and selection method to get crucial elements from the common group of cyber-attacks and threats. Cyber-attacks and threats profile are systematic approaches driven by a clear understanding of the form of cyber-attacks and threats character and behavior patterns in cybersecurity requirements. As a result, this study proposes cyber-attacks and threats profiling for cybersecurity audit as a set of control elements that are harmonized with audit components that drive audits based on cyber threats.
{"title":"Feature Extraction and Selection Method of Cyber-Attack and Threat Profiling in Cybersecurity Audit","authors":"Khairun Nisyak Zakaria, A. Zainal, S. H. Othman, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970786","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970786","url":null,"abstract":"Public sector and private organizations began using cybersecurity control in order to defend their assets against cybercriminals attack. Cybersecurity audits assist organizations to deal with cyber threats, cybercriminals, and cyber-attacks thatare growing in an aggressive cyber landscape. However, cyber-attacks and threats become more increase and complex in complicated cyber landscapes challenge auditors to perform an effective cybersecurity audit. This current situation puts in evidens ce the critical need for a new approach in the cybersecurity audit execution. This study reviews an alternative method in the execution of cybersecurity security checks. The analysis is on the character and behavioral of cyber-attacks and threats using feature extraction and selection method to get crucial elements from the common group of cyber-attacks and threats. Cyber-attacks and threats profile are systematic approaches driven by a clear understanding of the form of cyber-attacks and threats character and behavior patterns in cybersecurity requirements. As a result, this study proposes cyber-attacks and threats profiling for cybersecurity audit as a set of control elements that are harmonized with audit components that drive audits based on cyber threats.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115239293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970996
Md Arif Hassan, Z. Shukur
The financial industry has proven to be an important factor in our daily lives through the adaption of new technology. Fintech companies are driven towards enhancing financial services currently being provided by consecutive financial institutions. Digital wallet is the latest invention of finance technology, which is a great tool for making our payment transaction very easily and fast. Many digital wallet applications have already been developed and implemented in payment transactions. An effective number of cyber threats targetting the monetary system have made security an imperative component of the banking system. This paper outlines the digital wallets’ threats and also provides the requirements of digital wallets that technically try to address the fear of security customers as usual providers,,while assisting in the successful implementation of digital wallets.
{"title":"Review of Digital Wallet Requirements","authors":"Md Arif Hassan, Z. Shukur","doi":"10.1109/ICoCSec47621.2019.8970996","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970996","url":null,"abstract":"The financial industry has proven to be an important factor in our daily lives through the adaption of new technology. Fintech companies are driven towards enhancing financial services currently being provided by consecutive financial institutions. Digital wallet is the latest invention of finance technology, which is a great tool for making our payment transaction very easily and fast. Many digital wallet applications have already been developed and implemented in payment transactions. An effective number of cyber threats targetting the monetary system have made security an imperative component of the banking system. This paper outlines the digital wallets’ threats and also provides the requirements of digital wallets that technically try to address the fear of security customers as usual providers,,while assisting in the successful implementation of digital wallets.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128929493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970800
M. Saudi, Azuan Ahmad, Sharifah Roziah Mohd Kassim, M. A. Husainiamer, Anas Zulkifli Kassim, N. J. Zaizi
Organisations and users face many challenges against smartphone in detecting mobile malware attacks. Many techniques have been developed by different solution providers to ensure that smartphones remain free from such attacks. Nonetheless, we still lack efficient techniques to detect mobile malware attacks, especially for the social media application. Hence, this paper presents mobile malware classifications based on API and permission that can be used for mobile malware detection with regard to the social media applications. A mobile malware classification based on correlation of malware behaviour, vulnerability exploitation and mobile phone has been developed for this purpose and a mobile application (app) has been sought to support this new classification. This research was conducted in a controlled lab environment using open source tools and by applying hybrid analysis. Based on the testing conducted, the results showed that the mobile apps were categorized as dangerous with 16% for call log exploitation, 13% for audio exploitation and 9% for GPS exploitation. These results indicated that the attackers could launch possible different cyber attacks. In future, this paper can be used as reference for other researchers with the same interest.
{"title":"Mobile Malware Classification for Social Media Application","authors":"M. Saudi, Azuan Ahmad, Sharifah Roziah Mohd Kassim, M. A. Husainiamer, Anas Zulkifli Kassim, N. J. Zaizi","doi":"10.1109/ICoCSec47621.2019.8970800","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970800","url":null,"abstract":"Organisations and users face many challenges against smartphone in detecting mobile malware attacks. Many techniques have been developed by different solution providers to ensure that smartphones remain free from such attacks. Nonetheless, we still lack efficient techniques to detect mobile malware attacks, especially for the social media application. Hence, this paper presents mobile malware classifications based on API and permission that can be used for mobile malware detection with regard to the social media applications. A mobile malware classification based on correlation of malware behaviour, vulnerability exploitation and mobile phone has been developed for this purpose and a mobile application (app) has been sought to support this new classification. This research was conducted in a controlled lab environment using open source tools and by applying hybrid analysis. Based on the testing conducted, the results showed that the mobile apps were categorized as dangerous with 16% for call log exploitation, 13% for audio exploitation and 9% for GPS exploitation. These results indicated that the attackers could launch possible different cyber attacks. In future, this paper can be used as reference for other researchers with the same interest.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114430131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970979
Eric Khoo Jiun Hooi, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim
Understanding of cybersecurity threat landscape especially information about threat actor is a challenging task as these information are usually hidden and scattered. The online news had became one of the popular and important source of information for cybersecurity personnels to understand about the activities conducted by these threat actors. In this paper, we propose a framework to create knowledge graph of threat actor by building ontology of threat actor and named entity recognition system to extract cybersecurity-related entities. The resulting ontology and model can be used to automatically extract cybesecurity-related entities from an article and create knowledge graph of threatactor.
{"title":"TAGraph: Knowledge Graph of Threat Actor","authors":"Eric Khoo Jiun Hooi, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970979","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970979","url":null,"abstract":"Understanding of cybersecurity threat landscape especially information about threat actor is a challenging task as these information are usually hidden and scattered. The online news had became one of the popular and important source of information for cybersecurity personnels to understand about the activities conducted by these threat actors. In this paper, we propose a framework to create knowledge graph of threat actor by building ontology of threat actor and named entity recognition system to extract cybersecurity-related entities. The resulting ontology and model can be used to automatically extract cybesecurity-related entities from an article and create knowledge graph of threatactor.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114912883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970795
Mohd Nazer Apau, Muliati Sedek, R. Ahmad
This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.
本文讨论了减轻内部威胁风险的可能努力,旨在激励组织考虑将内部威胁作为公司企业风险管理活动中的风险之一。本文提出可信任人框架(Trusted Human Framework, THF)作为一种持续循环的过程来检测和阻止潜在的员工,这些员工必然会成为违反访问和信任的欺诈者或犯罪者。缓解的控制声明来源于卡内基梅隆大学软件工程研究所(SEI-CMU)制作的“缓解内部威胁的常识指南”中的推荐实践。这些陈述通过一项由50名在马来西亚工作的受访者回应的调查得到了验证。
{"title":"A Theoretical Review: Risk Mitigation Through Trusted Human Framework for Insider Threats","authors":"Mohd Nazer Apau, Muliati Sedek, R. Ahmad","doi":"10.1109/ICoCSec47621.2019.8970795","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970795","url":null,"abstract":"This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"589 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133910891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970803
Ahmad Syukri Abdullah, M. Mohd
Phishing is an attack that uses social engineering techniques to steal users’ confidential information like passwords and banking information. It happens when cyber criminals disguised as a trusted entity and deceived users to click on fake links in e-mail received by the user. Cyber criminals also act to target phishing attacks from individuals to organizations that are specific to the country's critical sector, and this is known as a spear phishing. In fact, the telecommunication sector is one of the main targets of cyber criminals using spear phishing attacks to obtain user-sensitive information. The main objective of this work is to identify the level of cyber security in the organization under the telecommunication sector and defense sub-sector by using existing general simulation procedure. The procedure is adapted and modified according to the organization’s working environment. The first simulation was conducted on June 4, 2018 involving 39 employees. Findings showed that all respondents did not respond to the spear phishing e-mails received. In fact, the results of the questionnaire conducted after the end of the simulation found that all respondents were able to identify all indicators on spear phishing e-mails quickly and easily. This proves that the level of awareness and knowledge of cyber security of the population is high. The second simulation was conducted in stages, from October 29 to November 15, 2018 using a different approach. Of the 39 e-mails sent, 12 respondents (31%) responded to the received e-mail by clicking on the link in the e-mail content. Based on the results of this second simulation, this spear phishing attack was successfully implemented and proved that the new simulation procedure can be used in the telecommunication sector and defense sub-sector.
{"title":"Spear Phishing Simulation in Critical Sector: Telecommunication and Defense Sub-sector","authors":"Ahmad Syukri Abdullah, M. Mohd","doi":"10.1109/ICoCSec47621.2019.8970803","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970803","url":null,"abstract":"Phishing is an attack that uses social engineering techniques to steal users’ confidential information like passwords and banking information. It happens when cyber criminals disguised as a trusted entity and deceived users to click on fake links in e-mail received by the user. Cyber criminals also act to target phishing attacks from individuals to organizations that are specific to the country's critical sector, and this is known as a spear phishing. In fact, the telecommunication sector is one of the main targets of cyber criminals using spear phishing attacks to obtain user-sensitive information. The main objective of this work is to identify the level of cyber security in the organization under the telecommunication sector and defense sub-sector by using existing general simulation procedure. The procedure is adapted and modified according to the organization’s working environment. The first simulation was conducted on June 4, 2018 involving 39 employees. Findings showed that all respondents did not respond to the spear phishing e-mails received. In fact, the results of the questionnaire conducted after the end of the simulation found that all respondents were able to identify all indicators on spear phishing e-mails quickly and easily. This proves that the level of awareness and knowledge of cyber security of the population is high. The second simulation was conducted in stages, from October 29 to November 15, 2018 using a different approach. Of the 39 e-mails sent, 12 respondents (31%) responded to the received e-mail by clicking on the link in the e-mail content. Based on the results of this second simulation, this spear phishing attack was successfully implemented and proved that the new simulation procedure can be used in the telecommunication sector and defense sub-sector.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122926414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970973
A. Aman, Zainalabideen Ali Rahemm Al-Mayyah, R. Hassan, A. Hashim, Amjed Sid Ahmed Mohamed Sid, Ahmed Mahdi Jubair
Cloud computing is a vastly growing technology that enables more users and organizations to transfer their services to the cloud. With the exploitation of public cloud computing infrastructures, the usage of clouds to provide data query services is becoming an attractive solution due to its numerous benefits on scalability and cost-minimizing. The cloud services especially the database-as-a-service have tended to encrypt sensitive data before the migration over the cloud. Encrypting data would facilitate protecting private information from any violation by the service provider. Several studies have addressed the handling of cloud query processing by providing approaches to maintain the privacy of the data stored within the cloud. During their studies, researchers have proposed different types of encryption methods, each encryption method provides a specific level of security which comes with an opposite level of efficiency. This research is focused on framework design to evaluate cloud data query processing locally using two encryption methods namely AES and RSA. The parameters chosen are time consumption for encryption and decryption along with secrecy or the strength of the encryption and decryption.
{"title":"Framework Design for Secured Local Cloud Data Query Processing Analysis","authors":"A. Aman, Zainalabideen Ali Rahemm Al-Mayyah, R. Hassan, A. Hashim, Amjed Sid Ahmed Mohamed Sid, Ahmed Mahdi Jubair","doi":"10.1109/ICoCSec47621.2019.8970973","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970973","url":null,"abstract":"Cloud computing is a vastly growing technology that enables more users and organizations to transfer their services to the cloud. With the exploitation of public cloud computing infrastructures, the usage of clouds to provide data query services is becoming an attractive solution due to its numerous benefits on scalability and cost-minimizing. The cloud services especially the database-as-a-service have tended to encrypt sensitive data before the migration over the cloud. Encrypting data would facilitate protecting private information from any violation by the service provider. Several studies have addressed the handling of cloud query processing by providing approaches to maintain the privacy of the data stored within the cloud. During their studies, researchers have proposed different types of encryption methods, each encryption method provides a specific level of security which comes with an opposite level of efficiency. This research is focused on framework design to evaluate cloud data query processing locally using two encryption methods namely AES and RSA. The parameters chosen are time consumption for encryption and decryption along with secrecy or the strength of the encryption and decryption.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"176 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131731235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: