Search results
1 – 10 of 245Aisha Aseeri and Omaimah Bamasag
In the past few years, HB-like protocols have gained much attention in the field of lightweight authentication protocols due to their efficient functioning and large potential…
Abstract
Purpose
In the past few years, HB-like protocols have gained much attention in the field of lightweight authentication protocols due to their efficient functioning and large potential applications in low-cost radio frequency identification tags, which are on the other side spreading so fast. However, most published HB protocols are vulnerable to man-in-the-middle attacks such as GRS or OOV attacks. The purpose of this research is to investigate security issues pertaining to HB-like protocols with an aim of improving their security and efficiency.
Design/methodology/approach
In this paper, a new and secure variant of HB family protocols named HB-MP* is proposed and designed, using the techniques of random rotation. The security of the proposed protocol is proven using formal proofs. Also, a prototype of the protocol is implemented to check its applicability, test the security in implementation and to compare its performance with the most related protocol.
Findings
The HB-MP* protocol is found secure against passive and active adversaries and is implementable within the tight resource constraints of today’s EPC-type RFID tags. Accordingly, the HB-MP* protocol provides higher security than previous HB-like protocols without sacrificing performance.
Originality/value
This paper proposes a new HB variant called HB-MP* that tries to be immune against the pre-mentioned attacks and at the same time keeping the simple structure. It will use only lightweight operations to randomize the rotation of the secret.
Details
Keywords
Aggelos Kiayias, Thomas Zacharias and Bingsheng Zhang
This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply…
Abstract
Purpose
This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB).
Design/methodology/approach
Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect.
Findings
The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB “append” operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system.
Originality/value
As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters’ privacy and shows how auditing can be applied for providing strong provable privacy guarantees.
Details
Keywords
Radwa Tawfik, Sahar Attia, Ingy Mohamed Elbarmelgy and Tamer Mohamed Abdelaziz
Women's travel pattern is different from those of men. Women who have both paid employment and unpaid care work have more complex travel patterns. However, land-use policies and…
Abstract
Purpose
Women's travel pattern is different from those of men. Women who have both paid employment and unpaid care work have more complex travel patterns. However, land-use policies and urban mobility strategies in the Egyptian context do not consider these differences. This paper analyzes and discusses the travel patterns of the Egyptian working women with children. It examines the difference between men's and women's travel behavior in different income levels. The paper aims at determining the main factors that affect working women's travel patterns within the care economy framework and suggesting recommendations for enhancing women's travel patterns in Greater Cairo Region (GCR).
Design/methodology/approach
The methodology relies on conducting a quantitative and qualitative analysis using questionnaires and interviews with working women and men from different social/economic levels in two different workplaces in GCR.
Findings
The results demonstrate that income level, workplace locations, schools locations, and schools typologies greatly affect working women's travel patterns in GCR.
Originality/value
The study findings will help urban planners and decision-makers to improve working women's mobility to make their daily trips shorter and more accessible to achieve equitable cities through understanding the conducted affecting factors and considering the suggested recommendations.
Details
Keywords
Bettina Lynda Bastian and Mohammad Reza Zali
This study aims to investigate how educational attainment and entrepreneurial competencies affect entrepreneurial motives of women (vs men) in the Middle East and North Africa…
Abstract
Purpose
This study aims to investigate how educational attainment and entrepreneurial competencies affect entrepreneurial motives of women (vs men) in the Middle East and North Africa (MENA). This study shows that education has a more positive effect on women’s entrepreneurial motives compared with men. On the other hand, there is a greater positive effect of competencies on men’s motives. Moreover, the moderating effects of culture are compared. The results of the multiple regression analysis show that, within the MENA region, the cultural value of self-expressionism engenders increased opportunity-motivated entrepreneurship by men. Yet, it has no significant effect on women’s entrepreneurial motives.
Design/methodology/approach
This study analyses survey data using multiple regression analysis, relationship between independent variables, educational attainment and entrepreneurial competencies, as well as culture, and the dependent variable, entrepreneurial motivation. The present study focuses on data records concerning 13 MENA countries, notably, Algeria, Egypt, Iran, Jordan, Lebanon, Morocco, Pakistan, Saudi Arabia, Syria, Tunisia, Turkey, United Arab Emirates and Yemen. The sample includes early-stage and established female entrepreneurs, a total of 1,551 respondents, for all countries for the entire period.
Findings
Entrepreneurs with higher levels of education and competencies are more likely to exploit market opportunities. However, effects from educational attainments and competencies are significantly stronger for men. Moreover, the increasing introduction of liberal or post-modern values in MENA societies has significant effects on men but no effect on women, suggesting that men tend to benefit much more than women in the Arab world with regards to their entrepreneurial behaviour.
Originality/value
The study is one of the few attempts to clarify the relationship between individual factors, here represented by education and competencies, and environmental factors, here represented by culture (post-modern values) and entrepreneurial motivation. Moreover, it addresses the MENA region, which is a politically and economically important and challenging environment, and which, to date, has received relatively little attention in entrepreneurship research.
Details
Keywords
Joshua Arvin S. Lat, Rod Xavier R. Bondoc and Kevin Charles V. Atienza
The SOUL System aims to provide a low‐cost secure online two‐factor authentication system that involves both a password and a security token in the form of an ordinary electronic…
Abstract
Purpose
The SOUL System aims to provide a low‐cost secure online two‐factor authentication system that involves both a password and a security token in the form of an ordinary electronic container. Its main goal is to design and build a system that can easily be integrated to existing websites to make the login and registration processes more secure.
Design/methodology/approach
The three main parts of the system are the website, the ordinary hardware device, and trusted third party. The website must first be integrated with the web API provided and then registered to the trusted third party website to allow two‐factor authentication. It must be registered to the trusted third party so that it can be used to register and login to SOUL System integrated websites.
Findings
The design and implementation of the proposed two‐factor authentication system makes use of the hybrid cryptosystem, one‐time passwords, hash functions, trusted third parties, steganographic techniques, signed java applets and cross‐language cryptographic libraries. It protects users from well known attacks such as brute‐force attacks, collision attacks, dictionary attacks, keylogger attacks, man‐in‐the‐middle attacks, and even replay attacks. Currently, the system can be integrated to websites built in PHP, Python, and Java.
Originality/value
The SOUL System is the first two‐factor authentication system that uses both cryptography and steganography to provide secure online authentication with an ordinary USB flash drive. It is designed to work in major operating systems such as Windows, Mac OS X, and Linux with very minimal installation.
Details
Keywords
Eileen M. Decker, Matthew Morin and Eric M. Rosner
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a…
Abstract
Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.
Details
Keywords
Introduction This article describes some incidents which occurred because someone made a simple mistake, such as forgetting to open a valve or pressing the wrong button. The…
Abstract
Introduction This article describes some incidents which occurred because someone made a simple mistake, such as forgetting to open a valve or pressing the wrong button. The mistakes were not due to lack of training or ability—in all the cases described the men knew what they should do and were capable of doing it, but had a moment of aberration or forgetfulness. The article discusses the probability of such mistakes and the action that should be taken to prevent them.
Caner Asbaş and Şule Tuzlukaya
A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change…
Abstract
A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.
Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.
Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.
Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.
Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.
Details
Keywords
Nancy Ambritta P, Poonam N. Railkar and Parikshit N. Mahalle
This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative…
Abstract
Purpose
This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative Mutual Identity Establishment (CMIE) scheme which adopts the elliptical curve cryptography (ECC), to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as denial-of-service (DoS) and replay attack.
Design/methodology/approach
This paper provides a comparative analysis of the existing protocols that address the security issues in the FI and also provides a CMIE scheme, by adopting the ECC and digital signature verification mechanism, to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as DoS and replay attack. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Further, the algorithm is evaluated against Automated Validation of Internet Security Protocols and Application (AVISPA) tool to verify the security solutions that the CMIE scheme has claimed to address to have been effectively achieved in reality.
Findings
The algorithm is evaluated against AVISPA tool to verify the security solutions that the CMIE scheme has claimed to address and proved to have been effectively achieved in reality. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI.
Research limitations/implications
Considering the Internet of Things (IoT) scenario, another important aspect that is the device-to-location (D2L) aspect has not been considered in this protocol. Major focus of the protocol is centered around the device-to-device (D2D) and device-to-server (D2S) scenarios. Also, IoT basically works upon a confluence of hundreds for protocols that support the achievement of various factors in the IoT, for example Data Distribution Service, Message Queue Telemetry Transport, Extensible Messaging and Presence Protocol, Constrained Application Protocol (CoAP) and so on. Interoperability of the proposed CMIE algorithm with the existing protocols has to be considered to establish a complete model that fits the FI. Further, each request for mutual authentication requires a querying of the database and a computation at each of the participating entities side for verification which could take considerable amount of time. However, for applications that require firm authentication for maintaining and ensuring secure interactions between entities prior to access control and initiation of actual transfer of sensitive information, the negligible difference in computation time can be ignored for the greater benefit that comes with stronger security. Other factors such as quality of service (QoS) (i.e. flexibility of data delivery, resource usage and timing), key management and distribution also need to be considered. However, the user still has the responsibility to choose the required protocol that suits one’s application and serves the purpose.
Originality/value
The originality of the work lies in adopting the ECC and digital signature verification mechanism to develop a new scheme that ensures mutual authentication between participating entities in the FI based upon certain user information such as identities. ECC provides efficiency in terms of key size generated and security against main-in-middle attack. The proposed scheme provides secured interactions between devices/entities in the FI.
Details
Keywords
Xiao‐song Zhang, Ting Chen, Chun‐xiang Xu, Xiao‐hui Pan and Xue‐yang Wu
Nowadays, proactive P2P worm (PRWORM) poses a latent threat to internet infrastructure and common users for the fatal vulnerabilities in homogeneous P2P software. It is more…
Abstract
Purpose
Nowadays, proactive P2P worm (PRWORM) poses a latent threat to internet infrastructure and common users for the fatal vulnerabilities in homogeneous P2P software. It is more difficult to contain PRWORM because of its fast spread speed. Current techniques are not adequate to quarantine PRWORM, mainly because of their inaccuracy and slow response to attacks. The purpose of this paper is to propose an accurate and real‐time approach for PRWORM containment.
Design/methodology/approach
First, the authors present a new methodology to contain PRWORM via proper authentication of initiators of P2P communications. Second, three simple network protocols are proposed to fulfill automatic authentication.
Findings
Both simulations and strictly mathematical proof by Strand Space Model represent that the authors' work is able to accurately quarantine PRWORM in real time. Furthermore, proof shows the three network protocols are resistant to popular attacks such as man‐in‐the‐middle attack and replay attack.
Originality/value
First, the authors propose an authentication based method to contain proactive P2P worm and second, use strand space model to proof the effectiveness and security of the method.
Details