Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166131
Z. Bhutto, K. Dahri, Iqra Lakho, S. Memon
The use of smartphones and android applications has become a part of our everyday life. People use it for communication, entertainment and socialization purposes. Many of these applications available in online application markets can be used to broadcast live video and most of these applications are for socializing purposes. In this paper an android application idea is presented to broadcast a video to help in stopping street crime. SVS(Social Video Streaming) enables mobile users to stream live videos of street crimes anywhere, using 3G/4GLTE or Wi-Fi connection This proposed prototype will provide a facility of live streaming of crimes onto a server through a mobile device which will let police or law enforcement agents get information on the spot to enhance a more robust policing. SVS is developed to enable users participate in reducing street crime. It uses the RTSP (Real Time Streaming Protocol) to transmit data in packets over a streaming media server.
{"title":"Social Video Streaming (SVS): A prototype application for street crime reporting","authors":"Z. Bhutto, K. Dahri, Iqra Lakho, S. Memon","doi":"10.1109/CyberSA.2015.7166131","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166131","url":null,"abstract":"The use of smartphones and android applications has become a part of our everyday life. People use it for communication, entertainment and socialization purposes. Many of these applications available in online application markets can be used to broadcast live video and most of these applications are for socializing purposes. In this paper an android application idea is presented to broadcast a video to help in stopping street crime. SVS(Social Video Streaming) enables mobile users to stream live videos of street crimes anywhere, using 3G/4GLTE or Wi-Fi connection This proposed prototype will provide a facility of live streaming of crimes onto a server through a mobile device which will let police or law enforcement agents get information on the spot to enhance a more robust policing. SVS is developed to enable users participate in reducing street crime. It uses the RTSP (Real Time Streaming Protocol) to transmit data in packets over a streaming media server.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116394562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CYBERSA.2015.7361120
Matija Stevanovic, J. Pedersen
Botnets represent one of the most serious threats to the Internet security today. This paper explores how network traffic classification can be used for accurate and efficient identification of botnet network activity at local and enterprise networks. The paper examines the effectiveness of detecting botnet network traffic using three methods that target protocols widely considered as the main carriers of botnet Command and Control (C&C) and attack traffic, i.e. TCP, UDP and DNS. We propose three traffic classification methods based on capable Random Forests classifier. The proposed methods have been evaluated through the series of experiments using traffic traces originating from 40 different bot samples and diverse non-malicious applications. The evaluation indicates accurate and time-efficient classification of botnet traffic for all three protocols. The future work will be devoted to the optimization of traffic analysis and the correlation of findings from the three analysis methods in order to identify compromised hosts within the network.
{"title":"An analysis of network traffic classification for botnet detection","authors":"Matija Stevanovic, J. Pedersen","doi":"10.1109/CYBERSA.2015.7361120","DOIUrl":"https://doi.org/10.1109/CYBERSA.2015.7361120","url":null,"abstract":"Botnets represent one of the most serious threats to the Internet security today. This paper explores how network traffic classification can be used for accurate and efficient identification of botnet network activity at local and enterprise networks. The paper examines the effectiveness of detecting botnet network traffic using three methods that target protocols widely considered as the main carriers of botnet Command and Control (C&C) and attack traffic, i.e. TCP, UDP and DNS. We propose three traffic classification methods based on capable Random Forests classifier. The proposed methods have been evaluated through the series of experiments using traffic traces originating from 40 different bot samples and diverse non-malicious applications. The evaluation indicates accurate and time-efficient classification of botnet traffic for all three protocols. The future work will be devoted to the optimization of traffic analysis and the correlation of findings from the three analysis methods in order to identify compromised hosts within the network.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129230089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166113
Andrius Rickus, E. Pfluegel, N. Atkins
Chaos-based cryptography is a promising and emerging field that offers a large variety of techniques particularly suitable for applications such as image encryption. The fundamental characteristics of chaotic systems are closely related to the properties of a strong cryptosystem. Most research on chaos-based encryption does not concentrate on the aspect of encryption modes of operation. This paper introduces a new chaos-based image encryption scheme using an all-or-nothing transform (AONT) mode of operation. This results in a novel non-separable chaos-based mode which we have implemented and evaluated. Our results show that the AONT mode achieves a security gain with little overhead on the overall efficiency of the encryption.
{"title":"Chaos-based image encryption using an AONT mode of operation","authors":"Andrius Rickus, E. Pfluegel, N. Atkins","doi":"10.1109/CyberSA.2015.7166113","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166113","url":null,"abstract":"Chaos-based cryptography is a promising and emerging field that offers a large variety of techniques particularly suitable for applications such as image encryption. The fundamental characteristics of chaotic systems are closely related to the properties of a strong cryptosystem. Most research on chaos-based encryption does not concentrate on the aspect of encryption modes of operation. This paper introduces a new chaos-based image encryption scheme using an all-or-nothing transform (AONT) mode of operation. This results in a novel non-separable chaos-based mode which we have implemented and evaluated. Our results show that the AONT mode achieves a security gain with little overhead on the overall efficiency of the encryption.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127639681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166111
Hatoon S. AlSagri, Saad S. Alaboodi
Online social networks are becoming increasingly popular in Saudi society, with their usage rising rapidly and with sites such as Twitter, Facebook, and LinkedIn in particular experiencing a dramatic uptake in new users over the last year. Indeed, Snapchat has indicated that Saudi Arabia is one of its ten strongest markets globally. In this study, we identify and measure various awareness aspects of privacy for online social networks in Saudi Arabia and contrast them with individuals protective actions. The results in this paper are based on a statistical analysis of a survey questionnaire. A reliability test was conducted to assure the internal consistency and the reliability of the measures used in the study. Analysis of the study showed high levels of privacy concerns among Saudi society. A correlation analysis was conducted and showed that although individuals seem to be concerned about privacy and the protection of their personal information, their behavior was not proportionate with their privacy concerns. This observation was further verified among the different genders and age groups with respect to their claimed privacy concerns, where the results revealed no significant difference between the different groups. A closer investigation of the awareness of privacy issues in Snapchat - the social platform chosen as the research subject for this study - revealed that users are highly aware of its privacy issues. The results of this study can be useful to assist developing new privacy techniques, whether technological or awareness-based, that can facilitate the safe use of social networks, with increased privacy protection capabilities.
{"title":"Privacy awareness of online social networking in Saudi Arabia","authors":"Hatoon S. AlSagri, Saad S. Alaboodi","doi":"10.1109/CyberSA.2015.7166111","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166111","url":null,"abstract":"Online social networks are becoming increasingly popular in Saudi society, with their usage rising rapidly and with sites such as Twitter, Facebook, and LinkedIn in particular experiencing a dramatic uptake in new users over the last year. Indeed, Snapchat has indicated that Saudi Arabia is one of its ten strongest markets globally. In this study, we identify and measure various awareness aspects of privacy for online social networks in Saudi Arabia and contrast them with individuals protective actions. The results in this paper are based on a statistical analysis of a survey questionnaire. A reliability test was conducted to assure the internal consistency and the reliability of the measures used in the study. Analysis of the study showed high levels of privacy concerns among Saudi society. A correlation analysis was conducted and showed that although individuals seem to be concerned about privacy and the protection of their personal information, their behavior was not proportionate with their privacy concerns. This observation was further verified among the different genders and age groups with respect to their claimed privacy concerns, where the results revealed no significant difference between the different groups. A closer investigation of the awareness of privacy issues in Snapchat - the social platform chosen as the research subject for this study - revealed that users are highly aware of its privacy issues. The results of this study can be useful to assist developing new privacy techniques, whether technological or awareness-based, that can facilitate the safe use of social networks, with increased privacy protection capabilities.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116038860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166125
Cyril Onwubiko
Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring. Further, a Cyber Defense Strategy, supported by the CSOC framework, is discussed. Overlaid atop the strategy is the well-known Her Majesty's Government (HMG) Protective Monitoring Controls (PMCs). Finally, the difficulty and benefits of operating a CSOC are explained.
{"title":"Cyber security operations centre: Security monitoring for protecting business and supporting cyber defense strategy","authors":"Cyril Onwubiko","doi":"10.1109/CyberSA.2015.7166125","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166125","url":null,"abstract":"Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring. Further, a Cyber Defense Strategy, supported by the CSOC framework, is discussed. Overlaid atop the strategy is the well-known Her Majesty's Government (HMG) Protective Monitoring Controls (PMCs). Finally, the difficulty and benefits of operating a CSOC are explained.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125776677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166121
Jussi Timonen
This paper focuses on discovering the key areas of Situational Awareness (SA) and Common Operational Picture (COP) in two different environments: the monitoring room and dismounted forces operations in urban areas. The research is based on scientific publications and on two implemented environments. In urban area warfare, the Mobile Urban Area Situational Awareness System is used to evaluate the requirements and usage of dismounted troops. The monitoring room is studied using the Situational Awareness of Critical Infrastructure and Networks System. These empirical environments were implemented during research projects at the Finnish National Defence University. The paper presents a model combining the joint model of laboratories, Endsley's model of SA and the results of goal-driven task analysis for creating a service-based architecture for defining and sharing COP. The main SA model used is Endsley's level model. It has been supplemented with cyber-related perspectives and fits the selected environments well, allowing techniques that can be used to measure the SA level and define the actor's most important goals.
{"title":"Improving situational awareness of cyber physical systems based on operator's goals","authors":"Jussi Timonen","doi":"10.1109/CyberSA.2015.7166121","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166121","url":null,"abstract":"This paper focuses on discovering the key areas of Situational Awareness (SA) and Common Operational Picture (COP) in two different environments: the monitoring room and dismounted forces operations in urban areas. The research is based on scientific publications and on two implemented environments. In urban area warfare, the Mobile Urban Area Situational Awareness System is used to evaluate the requirements and usage of dismounted troops. The monitoring room is studied using the Situational Awareness of Critical Infrastructure and Networks System. These empirical environments were implemented during research projects at the Finnish National Defence University. The paper presents a model combining the joint model of laboratories, Endsley's model of SA and the results of goal-driven task analysis for creating a service-based architecture for defining and sharing COP. The main SA model used is Endsley's level model. It has been supplemented with cyber-related perspectives and fits the selected environments well, allowing techniques that can be used to measure the SA level and define the actor's most important goals.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115426000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166126
Florian Skopik, Markus Wurzenberger, Giuseppe Settanni, Roman Fiedler
The number and type of threats to modern information and communication networks has increased massively in the recent years. Furthermore, the system complexity and interconnectedness has reached a level which makes it impossible to adequately protect networked systems with standard security solutions. There are simply too many unknown vulnerabilities, potential configuration mistakes and therefore enlarged attack surfaces and channels. A promising approach to better secure today's networked systems is information sharing about threats, vulnerabilities and indicators of compromise across organizations; and, in case something went wrong, to report incidents to national cyber security centers. These measures enable early warning systems, support risk management processes, and increase the overall situational awareness of organizations. Several cyber security directives around the world, such as the EU Network and Information Security Directive and the equivalent NIST Framework, demand specifically national cyber security centers and policies for organizations to report on incidents. However, effective tools to support the operation of such centers are rare. Typically, existing tools have been developed with the single organization as customer in mind. These tools are often not appropriate either for the large amounts of data or for the application use case at all. In this paper, we therefore introduce a novel incident clustering model and a system architecture along with a prototype implementation to establish situational awareness about the security of participating organizations. This is a vital prerequisite to plan further actions towards securing national infrastructure assets.
{"title":"Establishing national cyber situational awareness through incident information clustering","authors":"Florian Skopik, Markus Wurzenberger, Giuseppe Settanni, Roman Fiedler","doi":"10.1109/CyberSA.2015.7166126","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166126","url":null,"abstract":"The number and type of threats to modern information and communication networks has increased massively in the recent years. Furthermore, the system complexity and interconnectedness has reached a level which makes it impossible to adequately protect networked systems with standard security solutions. There are simply too many unknown vulnerabilities, potential configuration mistakes and therefore enlarged attack surfaces and channels. A promising approach to better secure today's networked systems is information sharing about threats, vulnerabilities and indicators of compromise across organizations; and, in case something went wrong, to report incidents to national cyber security centers. These measures enable early warning systems, support risk management processes, and increase the overall situational awareness of organizations. Several cyber security directives around the world, such as the EU Network and Information Security Directive and the equivalent NIST Framework, demand specifically national cyber security centers and policies for organizations to report on incidents. However, effective tools to support the operation of such centers are rare. Typically, existing tools have been developed with the single organization as customer in mind. These tools are often not appropriate either for the large amounts of data or for the application use case at all. In this paper, we therefore introduce a novel incident clustering model and a system architecture along with a prototype implementation to establish situational awareness about the security of participating organizations. This is a vital prerequisite to plan further actions towards securing national infrastructure assets.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"453 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123022870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166134
Hashem Dehghanniri, Emmanuel Letier, H. Borrion
Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
{"title":"Improving security decision under uncertainty: A multidisciplinary approach","authors":"Hashem Dehghanniri, Emmanuel Letier, H. Borrion","doi":"10.1109/CyberSA.2015.7166134","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166134","url":null,"abstract":"Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"119 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116888395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166120
Louai A. Maghrabi, E. Pfluegel
Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.
{"title":"Moving assets to the cloud: A game theoretic approach based on trust","authors":"Louai A. Maghrabi, E. Pfluegel","doi":"10.1109/CyberSA.2015.7166120","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166120","url":null,"abstract":"Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128230354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-06-08DOI: 10.1109/CyberSA.2015.7166118
Charles A. Clarke, E. Pfluegel, D. Tsaptsinos
As businesses, governments and professional institutions progressively seek to engage with consumers via social media platforms (SMPs), the capacity of SMP users to validate the source of received content and its integrity, becomes increasingly significant. Historically, SMPs have an associated legacy of security concerns, many of which pertain to content integrity. In this paper, we present designs for multi-channel overlay protocols, that are used to implement ad-hoc authentication of user-generated content (messages), in social media platforms. Our approach draws inspiration from protocols that are conventionally used for pairing wireless devices in ad-hoc networks. Hence, we compare and contrast conventional device pairing protocols with our own, as well as consider the security characteristics, benefits and limitations of our protocols.
{"title":"Multi-channel overlay protocols: Implementing ad-hoc message authentication in social media platforms","authors":"Charles A. Clarke, E. Pfluegel, D. Tsaptsinos","doi":"10.1109/CyberSA.2015.7166118","DOIUrl":"https://doi.org/10.1109/CyberSA.2015.7166118","url":null,"abstract":"As businesses, governments and professional institutions progressively seek to engage with consumers via social media platforms (SMPs), the capacity of SMP users to validate the source of received content and its integrity, becomes increasingly significant. Historically, SMPs have an associated legacy of security concerns, many of which pertain to content integrity. In this paper, we present designs for multi-channel overlay protocols, that are used to implement ad-hoc authentication of user-generated content (messages), in social media platforms. Our approach draws inspiration from protocols that are conventionally used for pairing wireless devices in ad-hoc networks. Hence, we compare and contrast conventional device pairing protocols with our own, as well as consider the security characteristics, benefits and limitations of our protocols.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133247696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: