Pub Date : 2016-08-17DOI: 10.1109/ISSA.2016.7802923
Paulus Swartz, A. D. Veiga
Personal information is collected and processed by various companies when individuals buy products and services, share their information on social media or enter their details in competitions and so on. This personal information, which could potentially also be shared with third party companies, is analyzed to tailor services and products to consumer's preferences and online behavior, with the objective of creating a data value chain. When the Protection of Personal Information (PoPI) Act (2013) comes into effect in South Africa, companies will have to comply with the conditions of PoPI and protect individuals' personal information accordingly. Companies will only be allowed to use personal information for the agreed purpose it was collected for and must obtain individuals' consent to share or further process their information. This research sets out to monitor the flow of personal information through an experiment to establish if data value chains are shaped within the South African insurance industry, and to establish whether the consumer's personal information, which is part of the data value chain, is processed in line with certain conditions of PoPI. The experiment highlighted that some of the insurance companies in the selected sample did not comply with the opt-in or opt-out preferences of the researcher. In addition some did not meet with the condition to obtain consent before sharing personal information with third parties for marketing purposes. No formal data value chains could be identified during the time frame of this experiment as it was found that the researcher was contacted randomly about generic marketing and communication offerings.
{"title":"PoPI Act - opt-in and opt-out compliance from a data value chain perspective: A South African insurance industry experiment","authors":"Paulus Swartz, A. D. Veiga","doi":"10.1109/ISSA.2016.7802923","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802923","url":null,"abstract":"Personal information is collected and processed by various companies when individuals buy products and services, share their information on social media or enter their details in competitions and so on. This personal information, which could potentially also be shared with third party companies, is analyzed to tailor services and products to consumer's preferences and online behavior, with the objective of creating a data value chain. When the Protection of Personal Information (PoPI) Act (2013) comes into effect in South Africa, companies will have to comply with the conditions of PoPI and protect individuals' personal information accordingly. Companies will only be allowed to use personal information for the agreed purpose it was collected for and must obtain individuals' consent to share or further process their information. This research sets out to monitor the flow of personal information through an experiment to establish if data value chains are shaped within the South African insurance industry, and to establish whether the consumer's personal information, which is part of the data value chain, is processed in line with certain conditions of PoPI. The experiment highlighted that some of the insurance companies in the selected sample did not comply with the opt-in or opt-out preferences of the researcher. In addition some did not meet with the condition to obtain consent before sharing personal information with third parties for marketing purposes. No formal data value chains could be identified during the time frame of this experiment as it was found that the researcher was contacted randomly about generic marketing and communication offerings.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133622092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802925
R. D. Kock, L. Futcher
Cyber security threats are on the rise as the use of personally owned devices are increasing within higher education institutions. This is due to the rapid adoption of the Bring Your Own Device (BYOD) trend. In 2014, 92% of students used laptops globally for academic purposes, 44% used tablets, and 68% used smart phones. In addition, 89% of higher education institutions in the United States and United Kingdom allow students, faculty and non-academic staff to access their network using personally owned mobile devices. A great concern is that although BYOD is widely accepted in higher education institutions, security is somewhat lacking. In addition, cyber-security threats have switched their focus to mobile devices. Therefore, the number of new mobile vulnerabilities reported each year has increased. Furthermore, in 2014, 10% of global cyber security breaches took place in the education sector with a total of 31 breaches resulting in the exposure of 1,359,190 identities. This placed the educational sector at the top of the list with the third most cyber-security breaches in 2014, behind the healthcare and retail sectors. A literature survey, together with a single explanatory case study involving a higher education institution in South Africa were used to determine typical mobile device usage in an academic context. As a result of completing the study, it is clear that there is a high demand for the use of BYOD in higher education institutions in South Africa and that BYOD is vital to the academic success of its students. This paper discusses mobile device usage in higher education institutions in South Africa. In addition, it provides some key factors for higher education institutions to consider when dealing with the increased demand for BYOD usage.
{"title":"Mobile device usage in higher education institutions in South Africa","authors":"R. D. Kock, L. Futcher","doi":"10.1109/ISSA.2016.7802925","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802925","url":null,"abstract":"Cyber security threats are on the rise as the use of personally owned devices are increasing within higher education institutions. This is due to the rapid adoption of the Bring Your Own Device (BYOD) trend. In 2014, 92% of students used laptops globally for academic purposes, 44% used tablets, and 68% used smart phones. In addition, 89% of higher education institutions in the United States and United Kingdom allow students, faculty and non-academic staff to access their network using personally owned mobile devices. A great concern is that although BYOD is widely accepted in higher education institutions, security is somewhat lacking. In addition, cyber-security threats have switched their focus to mobile devices. Therefore, the number of new mobile vulnerabilities reported each year has increased. Furthermore, in 2014, 10% of global cyber security breaches took place in the education sector with a total of 31 breaches resulting in the exposure of 1,359,190 identities. This placed the educational sector at the top of the list with the third most cyber-security breaches in 2014, behind the healthcare and retail sectors. A literature survey, together with a single explanatory case study involving a higher education institution in South Africa were used to determine typical mobile device usage in an academic context. As a result of completing the study, it is clear that there is a high demand for the use of BYOD in higher education institutions in South Africa and that BYOD is vital to the academic success of its students. This paper discusses mobile device usage in higher education institutions in South Africa. In addition, it provides some key factors for higher education institutions to consider when dealing with the increased demand for BYOD usage.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131765125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802935
Edwin Donald Frauenstein, Stephen Flowerday
With the rise in number of reported phishing cases in statistical reports and online news, it is apparent that the threat of phishing is not retreating. Phishers continuously seek new methods to deceive individuals into sharing their confidential information. As a result, today the traditional form of conducting phishing solely through email and spoofed websites has evolved. Social network phishing is a serious threat as it reaches a far wider audience, consequently affecting both business and private individuals. This paper argues that due to the constant updates of information users are engaged in on social networking sites, users may become habituated to clicking and sharing links, liking posts, copying and pasting messages, and uploading and downloading media content, thus resulting in information overload. This behavioral priming leads users to becoming more susceptible to social engineering attacks on social networks as they do not cognitively process messages with a security lens. This paper introduces social network phishing and briefly discusses activities users engage in on social networks sites, thus highlighting the formation of “bad” habits. Further, existing information processing models applicable to this context are discussed.
{"title":"Social network phishing: Becoming habituated to clicks and ignorant to threats?","authors":"Edwin Donald Frauenstein, Stephen Flowerday","doi":"10.1109/ISSA.2016.7802935","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802935","url":null,"abstract":"With the rise in number of reported phishing cases in statistical reports and online news, it is apparent that the threat of phishing is not retreating. Phishers continuously seek new methods to deceive individuals into sharing their confidential information. As a result, today the traditional form of conducting phishing solely through email and spoofed websites has evolved. Social network phishing is a serious threat as it reaches a far wider audience, consequently affecting both business and private individuals. This paper argues that due to the constant updates of information users are engaged in on social networking sites, users may become habituated to clicking and sharing links, liking posts, copying and pasting messages, and uploading and downloading media content, thus resulting in information overload. This behavioral priming leads users to becoming more susceptible to social engineering attacks on social networks as they do not cognitively process messages with a security lens. This paper introduces social network phishing and briefly discusses activities users engage in on social networks sites, thus highlighting the formation of “bad” habits. Further, existing information processing models applicable to this context are discussed.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125830003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802939
Patrick M. Monamo, Vukosi Marivate, Bhekisipho Twala
The rampant absorption of Bitcoin as a cryptographic currency, along with rising cybercrime activities, warrants utilization of anomaly detection to identify potential fraud. Anomaly detection plays a pivotal role in data mining since most outlying points contain crucial information for further investigation. In the financial world which the Bitcoin network is part of by default, anomaly detection amounts to fraud detection. This paper investigates the use of trimmed k-means, that is capable of simultaneous clustering of objects and fraud detection in a multivariate setup, to detect fraudulent activity in Bitcoin transactions. The proposed approach detects more fraudulent transactions than similar studies or reports on the same dataset.
{"title":"Unsupervised learning for robust Bitcoin fraud detection","authors":"Patrick M. Monamo, Vukosi Marivate, Bhekisipho Twala","doi":"10.1109/ISSA.2016.7802939","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802939","url":null,"abstract":"The rampant absorption of Bitcoin as a cryptographic currency, along with rising cybercrime activities, warrants utilization of anomaly detection to identify potential fraud. Anomaly detection plays a pivotal role in data mining since most outlying points contain crucial information for further investigation. In the financial world which the Bitcoin network is part of by default, anomaly detection amounts to fraud detection. This paper investigates the use of trimmed k-means, that is capable of simultaneous clustering of objects and fraud detection in a multivariate setup, to detect fraudulent activity in Bitcoin transactions. The proposed approach detects more fraudulent transactions than similar studies or reports on the same dataset.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126693758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802926
Y. Motara, B. Irwin
The Strict Avalanche Criterion (SAC) is a measure of both confusion and diffusion, which are key properties of a cryptographic hash function. This work provides a working definition of the SAC, describes an experimental methodology that can be used to statistically evaluate whether a cryptographic hash meets the SAC, and uses this to investigate the degree to which compression function of the SHA-1 hash meets the SAC. The results (P <; 0.01) are heartening: SHA-1 closely tracks the SAC after the first 24 rounds, and demonstrates excellent properties of confusion and diffusion throughout.
{"title":"SHA-1 and the Strict Avalanche Criterion","authors":"Y. Motara, B. Irwin","doi":"10.1109/ISSA.2016.7802926","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802926","url":null,"abstract":"The Strict Avalanche Criterion (SAC) is a measure of both confusion and diffusion, which are key properties of a cryptographic hash function. This work provides a working definition of the SAC, describes an experimental methodology that can be used to statistically evaluate whether a cryptographic hash meets the SAC, and uses this to investigate the degree to which compression function of the SHA-1 hash meets the SAC. The results (P <; 0.01) are heartening: SHA-1 closely tracks the SAC after the first 24 rounds, and demonstrates excellent properties of confusion and diffusion throughout.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123181903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802937
Chollette C. Olisah, Peter Ogedebe
For humans, every face is unique and can be recognized amongst similar faces. This is yet to be so for machines. Our assumption is that beneath the uncertain primitive visual features of face images are intrinsic structural patterns that uniquely distinguish a sample face from those of other faces. In order to unlock the intrinsic structural patterns, this paper presents in a typical face recognition framework a new descriptor, namely the local edge gradient Gabor magnitude (LEGGM) descriptor. LEGGM first of all uncovers the primitive inherent structural pattern (PISP) locked in every pixel through determining the pixel gradient in relation to its neighbors. Then, the resulting output is embedded in the pixel original (grey-level) pattern using additive function. This forms a pixel's complete structural pattern, which is further encoded using Gabor wavelets to encode the frequency characteristics of the resulting pattern. From these steps emerges an efficient descriptor for describing every pixel point in a face image. The proposed descriptor-based face recognition method shows impressive results over contemporary descriptors on the Plastic surgery database despite using a base classifier and without employing subspace learning. The ability of the descriptor to be adapted to real-world face recognition scenario is demonstrated by running experiments with a heterogeneous database.
{"title":"Recognizing surgically altered faces using local edge gradient Gabor magnitude pattern","authors":"Chollette C. Olisah, Peter Ogedebe","doi":"10.1109/ISSA.2016.7802937","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802937","url":null,"abstract":"For humans, every face is unique and can be recognized amongst similar faces. This is yet to be so for machines. Our assumption is that beneath the uncertain primitive visual features of face images are intrinsic structural patterns that uniquely distinguish a sample face from those of other faces. In order to unlock the intrinsic structural patterns, this paper presents in a typical face recognition framework a new descriptor, namely the local edge gradient Gabor magnitude (LEGGM) descriptor. LEGGM first of all uncovers the primitive inherent structural pattern (PISP) locked in every pixel through determining the pixel gradient in relation to its neighbors. Then, the resulting output is embedded in the pixel original (grey-level) pattern using additive function. This forms a pixel's complete structural pattern, which is further encoded using Gabor wavelets to encode the frequency characteristics of the resulting pattern. From these steps emerges an efficient descriptor for describing every pixel point in a face image. The proposed descriptor-based face recognition method shows impressive results over contemporary descriptors on the Plastic surgery database despite using a base classifier and without employing subspace learning. The ability of the descriptor to be adapted to real-world face recognition scenario is demonstrated by running experiments with a heterogeneous database.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116432045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802922
N. Fani, R. V. Solms, M. Gerber
Information is a critically important asset that has been used for decades within organizations. Like any asset, there are threats to the information that impact processes such as; email retrieval and access to organizational system services. As a consequence of the threats, attention to the security of the information is important. Technology is utilized to secure information and the cost affiliated to the technology can be dire. As technology evolves with each transitory decade, there are different phenomenon's that attempt to process and secure organizational information whilst reducing costs. The evolution of technology has developed a new phenomenon called “Bring Your Own Device” (BYOD). BYOD is a phenomenon that allows employees to use their own personal mobile device to complete organizational tasks. The adoption of BYOD expands from large organizations to small, medium and micro enterprises (SMMEs). With the adoption of BYOD there are benefits and more significantly risks associated to BYOD. Therefore, this paper will discuss the SMME context and its challenges towards the governance of BYOD. In addition, there will be a discussion on how organizations can govern BYOD in an SMME context by considering the existing BYOD approaches and provide an approach suitable for SMMEs. Furthermore, the suitable BYOD approach for an SMME context will further be evaluated and compared against the existing BYOD approaches that were identified. The research process of the study is conducted within the design-oriented research paradigm utilizing a cyclic approach.
{"title":"A framework towards governing “Bring Your Own Device in SMMEs”","authors":"N. Fani, R. V. Solms, M. Gerber","doi":"10.1109/ISSA.2016.7802922","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802922","url":null,"abstract":"Information is a critically important asset that has been used for decades within organizations. Like any asset, there are threats to the information that impact processes such as; email retrieval and access to organizational system services. As a consequence of the threats, attention to the security of the information is important. Technology is utilized to secure information and the cost affiliated to the technology can be dire. As technology evolves with each transitory decade, there are different phenomenon's that attempt to process and secure organizational information whilst reducing costs. The evolution of technology has developed a new phenomenon called “Bring Your Own Device” (BYOD). BYOD is a phenomenon that allows employees to use their own personal mobile device to complete organizational tasks. The adoption of BYOD expands from large organizations to small, medium and micro enterprises (SMMEs). With the adoption of BYOD there are benefits and more significantly risks associated to BYOD. Therefore, this paper will discuss the SMME context and its challenges towards the governance of BYOD. In addition, there will be a discussion on how organizations can govern BYOD in an SMME context by considering the existing BYOD approaches and provide an approach suitable for SMMEs. Furthermore, the suitable BYOD approach for an SMME context will further be evaluated and compared against the existing BYOD approaches that were identified. The research process of the study is conducted within the design-oriented research paradigm utilizing a cyclic approach.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131914765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802936
Othoman Elaswad, C. Jensen
Governments are strengthening their identity (ID) management strategies to deliver new and improved online services to their citizens. Such online services typically include applications for different types of permissions, requests for different types of official documents and management of different types of entitlements. The ID management scheme must therefore be able to correctly authenticate citizens and link online presence to real world identities. Many countries, in particular in the developing world, are currently introducing national ID management schemes for the first time. While most of these countries have paper based records, many of these are regionally based and few of these have been consolidated, so these records may contain incorrect, incomplete, inconsistent or redundant information. In this paper, we explore the design space for national ID management and online authentication schemes, in this context. In particular, we propose a simple model for issuing national ID numbers that satisfy these goals and use this model to examine two different ID management schemes implemented in Libya, which allows us to compare different approaches to national identity management. The two schemes were implemented within a fairly short time, so we may assume that the cultural, social, educational and technological factors remain unchanged. This allows a direct comparison of objectives and means. Based on this examination, we evaluate the current Libyan ID number system with respect to the identified objectives. Our evaluation of the two Libyan NID schemes show that if National Identity Management does not fully meet the requirements identified in our simple model, then it may be vulnerable to various forms of online risks such as impersonation and identity theft attacks. Considering online crime, during the design of an Identity Management system, is especially important in developing countries, where such crimes have not previously existed in the society.
{"title":"Identity management for e-government Libya as a case study","authors":"Othoman Elaswad, C. Jensen","doi":"10.1109/ISSA.2016.7802936","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802936","url":null,"abstract":"Governments are strengthening their identity (ID) management strategies to deliver new and improved online services to their citizens. Such online services typically include applications for different types of permissions, requests for different types of official documents and management of different types of entitlements. The ID management scheme must therefore be able to correctly authenticate citizens and link online presence to real world identities. Many countries, in particular in the developing world, are currently introducing national ID management schemes for the first time. While most of these countries have paper based records, many of these are regionally based and few of these have been consolidated, so these records may contain incorrect, incomplete, inconsistent or redundant information. In this paper, we explore the design space for national ID management and online authentication schemes, in this context. In particular, we propose a simple model for issuing national ID numbers that satisfy these goals and use this model to examine two different ID management schemes implemented in Libya, which allows us to compare different approaches to national identity management. The two schemes were implemented within a fairly short time, so we may assume that the cultural, social, educational and technological factors remain unchanged. This allows a direct comparison of objectives and means. Based on this examination, we evaluate the current Libyan ID number system with respect to the identified objectives. Our evaluation of the two Libyan NID schemes show that if National Identity Management does not fully meet the requirements identified in our simple model, then it may be vulnerable to various forms of online risks such as impersonation and identity theft attacks. Considering online crime, during the design of an Identity Management system, is especially important in developing countries, where such crimes have not previously existed in the society.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125256202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802930
Lineo Mejaele, E. O. Ochola
Mobile Ad-hoc Networks (MANETs) features such as open medium, dynamic topology, lack of centralised management and lack of infrastructure expose them to a number of security attacks. Black hole attack is one type of attack that is more common in MANET reactive routing protocols such as Ad-hoc On-demand Distance Vector (AODV) and Dynamic Source Routing (DSR). Black hole attack takes advantage of route discovery process in reactive routing protocols. In this type of attack, a malicious node misleads other nodes in the network by pretending to have the shortest and updated route to a target node whose packets it wants to interrupt. It then redirects all packets destined to a target node to itself and discards them instead of forwarding. This paper analyses the performance of AODV and DSR when attacked by black hole, by varying the mobility of the nodes in the network. The analysis is carried out by simulating scenarios of AODV based MANET and DSR based MANET using Network Simulator 2 (NS-2) and introducing the black hole attack in each of the scenarios. The different scenarios are generated by changing the mobility of the nodes. The performance metrics that are used to do the analysis are throughput, packet delivery ratio and end-to-end delay. The simulation results show that the performance of both AODV and DSR degrades in the presence of black hole attack. Throughput and packet delivery ratio decrease when the network is attacked by black hole because the malicious node absorbs or discards some of the packets. End-to-end delay is also reduced in the presence of a black hole attack because a malicious node pretends to have a valid route to destination without checking the routing table, and therefore shortens the route discovery process. The results also show that throughput decreases slightly when mobility of the nodes is increased in the network. The increase in the speed of the nodes decreases both end-to-end delay and packet delivery ratio.
{"title":"Effect of varying node mobility in the analysis of black hole attack on MANET reactive routing protocols","authors":"Lineo Mejaele, E. O. Ochola","doi":"10.1109/ISSA.2016.7802930","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802930","url":null,"abstract":"Mobile Ad-hoc Networks (MANETs) features such as open medium, dynamic topology, lack of centralised management and lack of infrastructure expose them to a number of security attacks. Black hole attack is one type of attack that is more common in MANET reactive routing protocols such as Ad-hoc On-demand Distance Vector (AODV) and Dynamic Source Routing (DSR). Black hole attack takes advantage of route discovery process in reactive routing protocols. In this type of attack, a malicious node misleads other nodes in the network by pretending to have the shortest and updated route to a target node whose packets it wants to interrupt. It then redirects all packets destined to a target node to itself and discards them instead of forwarding. This paper analyses the performance of AODV and DSR when attacked by black hole, by varying the mobility of the nodes in the network. The analysis is carried out by simulating scenarios of AODV based MANET and DSR based MANET using Network Simulator 2 (NS-2) and introducing the black hole attack in each of the scenarios. The different scenarios are generated by changing the mobility of the nodes. The performance metrics that are used to do the analysis are throughput, packet delivery ratio and end-to-end delay. The simulation results show that the performance of both AODV and DSR degrades in the presence of black hole attack. Throughput and packet delivery ratio decrease when the network is attacked by black hole because the malicious node absorbs or discards some of the packets. End-to-end delay is also reduced in the presence of a black hole attack because a malicious node pretends to have a valid route to destination without checking the routing table, and therefore shortens the route discovery process. The results also show that throughput decreases slightly when mobility of the nodes is increased in the network. The increase in the speed of the nodes decreases both end-to-end delay and packet delivery ratio.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117094484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-08-01DOI: 10.1109/ISSA.2016.7802924
P. Delport, M. Gerber, Nader Sohrabi Safa
Information technology has changed organisational processes significantly. However, information security is still a controversial issue among experts in this domain. Information security breaches lead to loss of reputation, competitive advantages, intellectual properties, productivity, and revenue and in the worst scenario leads to bankruptcy. In this regard, awareness plays a vital role to mitigate information security threats. This study aims to present different threats that effect confidentiality, integrity and availability of information, pertaining to administrative employees, in an integrated and informative design, based on a review of literature. In addition, a possible interactive visual library is proposed, through a proof of concept that contributes to administrative employees' information security awareness. The results shed some light on this information security awareness issue, and provides the means for further academic study.
{"title":"An interactive visual library model to improve awareness in handling of business information","authors":"P. Delport, M. Gerber, Nader Sohrabi Safa","doi":"10.1109/ISSA.2016.7802924","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802924","url":null,"abstract":"Information technology has changed organisational processes significantly. However, information security is still a controversial issue among experts in this domain. Information security breaches lead to loss of reputation, competitive advantages, intellectual properties, productivity, and revenue and in the worst scenario leads to bankruptcy. In this regard, awareness plays a vital role to mitigate information security threats. This study aims to present different threats that effect confidentiality, integrity and availability of information, pertaining to administrative employees, in an integrated and informative design, based on a review of literature. In addition, a possible interactive visual library is proposed, through a proof of concept that contributes to administrative employees' information security awareness. The results shed some light on this information security awareness issue, and provides the means for further academic study.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133275662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: