Search results

Modern browsers are designed to inform users as to whether it is secure to login to a website, but most users are not aware of this information and even those who are sometimes ignore it. This study aims to assess users’ knowledge of security warnings communicated via browser indicators and the likelihood that their online decision-making adheres to this knowledge.

Participants from Amazon’s Mechanical Turk visited a series of secure and insecure websites and decided as quickly and as accurately as possible whether it was safe to login. An online survey was then used to assess their knowledge of information security.

Knowledge of information security was not necessarily a good predictor of decisions regarding whether to sign-in to a website. Moreover, these decisions were modulated by attention to security indicators, familiarity of the website and psychosocial stress induced by bonus payments determined by response times and accuracy.

Even individuals with security knowledge are unable to draw the necessary conclusions about digital risks when browsing the web. Users are being educated through daily use to ignore recommended security indicators.

This study represents a new way to entice participants into risky behavior by monetizing both speed and accuracy. This approach could be broadly useful as a way to study risky environments without placing participants at risk.

Customer reviews of mobile banking (m-banking) apps contain the most direct and first-hand accounts of customer experiences with m-banking. However, surprisingly little effort has been made to understand m-banking service quality using these reviews. Therefore, this study aims to discover m-banking service quality dimensions from customers' reviews of the m-banking apps through a text mining approach.

Reviews of m-banking apps of 24 banks operating in Pakistan were scraped from Google Play Store. Latent Dirichlet allocation (LDA) method was applied to discover the dimensions of m-banking service quality from 24,529 positive and 29,569 negative useable reviews.

Different dimensions of m-banking service quality are discussed in positive and negative reviews. Positive reviews focus on security, convenience, ease of use, continuous improvement, usefulness and app attributes, whereas negative reviews discuss system availability, responsiveness, faulty updates, login problems and reliability.

The results are based only on customer reviews in one country and generalization may not be possible. Moreover, due to the unavailability of demographic information about reviewers, the effect of demographic characteristics on users' perceptions of m-banking quality could not be determined.

The study provides managers with useful insights to improve the service experience of m-banking customers. The study also demonstrates how managers can employ text analytical techniques to assess and improve the quality of m-banking services.

In addition to enriching the understanding of m-banking quality based on direct and first-hand user experiences, the current study also provides initial evidence for the two-factor structure of m-banking service quality.

The growth of the Internet has greatly increased the demand for server‐side programming courses at colleges and universities. Students enrolled in such courses must be provided with server‐based accounts that support the technologies that they are learning. The process of creating, managing and removing large numbers of student server accounts is time consuming, error‐prone, and can create security risks. This paper describes a Web‐based file manager and editor program named ASPEN (Active Server Pages Editor.Net) that greatly simplifies server account management issues and provides a convenient Web interface for students to edit and execute their server‐side programs. This paper also describes implementation issues related to security, reliability, account creation, and maintenance.

Technological improvements in broadband and distributed computing are making it possible to distribute live media content cost‐effectively. Because of this, organizations are looking into cost‐effective approaches to implement e‐Learning initiatives. Indeed, computing resources are not enough by themselves to promote better e‐Learning experiences. Hence, our goal is to share preliminary results on testing a holistic evaluation method for e‐Learning environments. To this end, we have built an experience within class dynamics using an open source Learning Virtual Environment integrated with webcast and video archive features. Our proposed evaluation method capyures user feedback by classifying it according to motivation to e‐learn in groups, since we have found this approach simpler than using classic behavioural methods. This helped us to define practical design guidelines to yield faster and more efficient e‐Learning development processes. Our results show that consistent communication both online and offline, translates into efficiency. It also dampens negative perceptions during the transition from traditional to online learning environments. These results will contribute in designing intervention strategies to optimize organizational investments in e‐Learning across user groups and contexts.

This paper presents an internet‐based decision support system (DSS) conceptual proposal for the appraisal stage of healthcare construction projects. The underlying philosophy of the approach is to integrate architectural space programming and costestimating processes with a risk assessment approach in order to obtain a more accurate inception cost estimate of the healthcare project along with its preliminary space program outline. The system’s main objectives focus on assisting decision makers in the United Arab Emirates in examining different space program alternatives with their associated capital budgets. In addition, the system will assist in reflecting associated risk factors and affecting budget approval decisions in their inception stage. The Internet is utilized as a mechanism for communicating and updating project data and cost information. This paper describes a conceptual design proposal for the system and the proposed strategy for its design and construction.

The paper aims to assess the level of preparedness of the Central Libraries of the Indian Institutes of Technology (IITs) to personalize content and seeks to determine whether the personalization service prototype being developed at IIT Kharagpur can be extrapolated to the remaining IITs.

A questionnaire was sent to the Librarians of the seven IITs, designed to compare the available information resources and services, with special emphasis on user interests and personalization aspects. The survey was supplemented by study visits to a couple of the Institutes.

Kharagpur and Mumbai have implemented personalization services in some form while the remaining IITs plan to adopt them in the near future. There is also a strong case for extending Kharagpur's personalization service, currently in project mode, to the other IITs.

IIT Madras and IIT Kanpur failed to return the questionnaires, so relevant information regarding these Institutes had to be collected from their web sites and other available sources. There is also scope for further research to accurately access the current status of personalization activities in all the IITs.

With parallel interests and similar research and information facilities, personalization services in one IIT can be replicated and utilized by all the others, leading to greatly enhanced library services in all the Institutes.

This one of a kind survey underlines the need for and possibility of making content personalization a reality in advanced technical libraries. The results obtained are valuable to all IIT libraries in particular and academic/technical libraries in general.

The purpose of this paper is to develop a model to estimate the value of information generated by and stored within vehicles to help people, businesses and researchers.

The authors provide a taxonomy for data within connected vehicles, as well as for actors that value such data. The authors create a monetary value model for different data generation scenarios from the perspective of multiple actors.

Actors value data differently depending on whether the information is kept within the vehicle or on peripheral devices. The model shows the US connected vehicle data market is worth between US$11.6bn and US$92.6bn.

This model estimates the value of vehicle data, but a lack of academic references for individual inputs makes finding reliable inputs difficult. The model performance is limited by the accuracy of the authors’ assumptions.

The proposed model demonstrates that connected vehicle data has higher value than people and companies are aware of, and therefore we must secure these data and establish comprehensive rules pertaining to data ownership and stewardship.

Estimating the value of data of vehicle data will help companies understand the importance of responsible data stewardship, as well as drive individuals to become more responsible digital citizens.

This is the first paper to propose a model for computing the monetary value of connected vehicle data, as well as the first paper to provide an estimate of this value.

To develop an open‐source remote patron authentication system to replace a problematic, proprietary vendor product.

Functional requirements were developed using the vendor product as a model with additional requirements determined by the libraries planning to use the application. Using PHP on Apache web server with a connection to our ILS database on Sybase, a flexible system that can be configured to the local libraries requirements was created.

Overall, the new system has been welcomed and the most widespread problems we encountered have been resolved. Most importantly though, using an in‐house system empowers libraries to introduce enhancements and bug fixes as soon as possible and not rely on a vendor's schedule for doing so.

A project like this would not be possible if the ILS database was proprietary and inaccessible from other, open‐source technologies like PHP or the data structures were not published.

The remote patron authentication system is only one possible use of these technologies. Other applications using ILS data could be developed.

Using PHP with Apache and a connection to the ILS database, the necessary functionality was retained and added other features that improved reliability, configurability and cross‐browser usage. By embracing this approach, the authors also retained control on its future development and improvement.

The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly.

To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data.

Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices.

OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.

This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.

The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.

Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.