Search results

This paper introduces an audio encryption algorithm based on permutation of audio samples using discrete modified Henon map followed by substitution operation with keystream generated from the modified Lorenz-Hyperchaotic system. In this work, the audio file is initially compressed by Fast Walsh Hadamard Transform (FWHT) for removing the residual intelligibility in the transform domain. The resulting file is then encrypted in two phases. In the first phase permutation operation is carried out using modified discrete Henon map to weaken the correlation between adjacent samples. In the second phase it utilizes modified-Lorenz hyperchaotic system for substitution operation to fill the silent periods within the speech conversation. Dynamic keystream generation mechanism is also introduced to enhance the correlation between plaintext and encrypted text. Various quality metrics analysis such as correlation, signal to noise ratio (SNR), differential attacks, spectral entropy, histogram analysis, keyspace and key sensitivity are carried out to evaluate the quality of the proposed algorithm. The simulation results and numerical analyses demonstrate that the proposed algorithm has excellent security performance and robust against various cryptographic attacks.

The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.

This chapter focusses on the ethical issues raised by different types of surveillance and the varied ways in which surveillance can be covert. Three case studies are presented which highlight different types of surveillance and different ethical concerns. The first case concerns the use of undercover police to infiltrate political activist groups over a 40-year period in the UK. The second case study examines a joint operation by US and Australian law enforcement agencies: the FBI’s operation Trojan Shield and the AFP’s Operation Ironside. This involved distributing encrypted phone handsets to serious criminal organisations which included a ‘backdoor’ secretly sending encrypted copies of all messages to law enforcement. The third case study analyses the use of emotional artificial intelligence systems in educational digital learning platforms for children where technology companies collect, store and use intrusive personal data in an opaque manner. The authors discuss similarities and differences in the ethical questions raised by these cases, for example, the involvement of the state versus private corporations, the kinds of information gathered and how it is used.

Drug sales facilitated through digital communication on the surface web and on darknet cryptomarkets have increased during the past two decades. This has resulted in an increase in drug law enforcement efforts to combat these markets and a subsequent increase in judicial sentencing of people selling drugs online. The aim of this study was to analyze how Swedish courts describe sentenced sellers and how the courts apply case law.

The empirical material consists of 71 sentencing documents produced by Swedish courts in cases of online drug selling between January 1, 2010 and January 1, 2020. In total, 99 sentenced persons occur in the documents. Using a qualitative research design, the authors analyzed the material through thematic text analysis.

Overall, in their descriptions of online drug sale operations, the courts’ characterizations of the concepts of street capital and digital capital show a dichotomy. These forms of capital are situationally described as both aggravating and mitigating aspects in the application of case law, indicating that it may be fruitful to view both street and digital capital as resources used on contemporary drug markets in general.

Very little research exists into how judicial systems describe and perceive the developing phenomenon of online drug sales. Using a relatively large sample from a decade of sentencing, the authors provide an analysis of how Swedish courts view and valuate capital forms in the online drugs trade.

The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made.

A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used.

Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced.

Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations.

Embedded systems, Internet of Things (IoT) and mobile computing devices are used in various domains which include public-private infrastructure, industrial installation and critical environment. Generally, information handled by these devices is private and critical. Therefore, it must be appropriately secured from different attacks and hackers. Lightweight cryptography is an aspiring field which investigates the implementation of cryptographic primitives and algorithms for resource constrained devices. In this paper, a new compact hybrid lightweight encryption technique has been proposed. Proposed technique uses the fastest bit permutation instruction PERMS with S-box of PRESENT block cipher for non-linearity. An arbitrary n-bit permutation is performed using PERMS instruction in less than log (n) number of instructions. This new hybrid system has been analyzed for software performance on Advanced RISC Machine (ARM) and Intel processor whereas Cadens tool is used to analyze the hardware performance. The result of the proposed technique is improved by the factor of eight as compared to the PRESENT-GRP hybrid block cipher. Moreover, PERMS instruction bit permutation properties result a very good avalanche effect and compact implementation in the both hardware and software environment.

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

Buildings use approximately 40% of global energy and are responsible for almost a third of the worldwide greenhouse gas emissions. They also utilise about 60% of the world’s electricity. In the last decade, stringent building regulations have led to significant improvements in the quality of the thermal characteristics of many building envelopes. However, similar considerations have not been paid to the number and activities of occupants in a building, which play an increasingly important role in energy consumption, optimisation processes, and indoor air quality. More than 50% of the energy consumption could be saved in Demand Controlled Ventilation (DCV) if accurate information about the number of occupants is readily available (Mysen et al., 2005). But due to privacy concerns, designing a precise occupancy sensing/counting system is a highly challenging task. While several studies count the number of occupants in rooms/zones for the optimisation of energy consumption, insufficient information is available on the comparison, analysis and pros and cons of these occupancy estimation techniques. This paper provides a review of occupancy measurement techniques and also discusses research trends and challenges. Additionally, a novel privacy preserved occupancy monitoring solution is also proposed in this paper. Security analyses of the proposed scheme reveal that the new occupancy monitoring system is privacy preserved compared to other traditional schemes.

The purpose of this paper is to examine the extent to which HTTPS encryption and Google Analytics services have been implemented on academic library websites, and discuss the privacy implications of free services that introduce web tracking of users.

The home pages of 279 academic libraries were analyzed for the presence of HTTPS, Google Analytics services and privacy-protection features.

Results indicate that HTTPS implementation on library websites is not widespread, and many libraries continue to offer non-secured connections without an automatically enforced redirect to a secure connection. Furthermore, a large majority of library websites included in the study have implemented Google Analytics and/or Google Tag Manager, yet only very few connect securely to Google via HTTPS or have implemented Google Analytics IP anonymization.

Librarians are encouraged to increase awareness of this issue and take concerted and coherent action across five interrelated areas: implementing secure web protocols (HTTPS), user education, privacy policies, informed consent and risk/benefit analyses.

Third-party tracking of users is prevalent across the web, and yet few studies demonstrate its extent and consequences for academic library websites.