Search results
1 – 10 of 154Nsikak P. Owoh and M. Mahinderjit Singh
The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of…
Abstract
The proliferation of mobile phones with integrated sensors makes large scale sensing possible at low cost. During mobile sensing, data mostly contain sensitive information of users such as their real-time location. When such information are not effectively secured, users’ privacy can be violated due to eavesdropping and information disclosure. In this paper, we demonstrated the possibility of unauthorized access to location information of a user during sensing due to the ineffective security mechanisms in most sensing applications. We analyzed 40 apps downloaded from Google Play Store and results showed a 100% success rate in traffic interception and disclosure of sensitive information of users. As a countermeasure, a security scheme which ensures encryption and authentication of sensed data using Advanced Encryption Standard 256-Galois Counter Mode was proposed. End-to-end security of location and motion data from smartphone sensors are ensured using the proposed security scheme. Security analysis of the proposed scheme showed it to be effective in protecting Android based sensor data against eavesdropping, information disclosure and data modification.
Details
Keywords
Nikhil Kant, K.D. Prasad and Kumari Anjali
This paper aims to derive criteria for a strategic selection of learning management system (LMS) after making an analysis of the feedback data collected from learners and academic…
Abstract
Purpose
This paper aims to derive criteria for a strategic selection of learning management system (LMS) after making an analysis of the feedback data collected from learners and academic counselors in open and distance learning (ODL) to evaluate their perceptions. This analysis hints at the need to implement a learning management system (LMS) in ODL. Selecting an appropriate LMS can prove to be a strategic approach for ODL in achieving self-reliance and competitiveness.
Design/methodology/approach
Research design includes qualitative design intended to discuss the features, advantages and attributes of different popular LMSs and compare them. In addition, the quantitative design (a questionnaire-based online feedback) to analyze the perceptions of the learners and academic counselors in order to know their e-learning needs has also been used. Results have been exhibited in tabular/graphical formats for easy comprehension and enhanced understanding.
Findings
Findings of the study suggest that availability of plethora of LMSs in the market, which also include open source (OS) LMSs, makes the decision- making as regards selection of an appropriate LMS strategically crucial requiring adequate consideration of every aspect such as cost, quality, usage, capacity, budget and most importantly priorities and objectives.
Research limitations/implications
This study will help educational administrators and decision-makers in ODL for building a quality civilized life and empowered society by removing the constraints related to financial problems, disabilities, time, geographical conditions and many others in bringing education to the doorstep of every willing learner. The technical details of LMS, however, were intentionally kept simplified to achieve the objective and provide easy comprehensibility for the reader with little technical background, which might be a limitation of this study.
Originality/value
This study highlights that ODL has tasted success with optimum exploitation of different technological advancements in its transformational expedition from conventional learning to innovative e-learning and to the newest adaptive e-learning system. The huge potential of LMS, in providing learners and educators in ODL with an effective web-based learning system incorporating almost all the academic activities, has attracted organizations for using it not only for imparting education to learners but also for providing appropriate trainings to their human resources.
Details
Keywords
Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger and Roberto Maldonado
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software…
Abstract
Purpose
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.
Design/methodology/approach
An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.
Findings
Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.
Practical implications
A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.
Originality/value
Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.
Details
Keywords
- Software development
- Blockchain
- Cybersecurity
- Operational flight program
- Secure development environment
- Secure virtual machine
- Zero trust
- Embedded systems
- Mission-critical systems
- OFP
- DevOps
- DevSecOps
- Software support activity
- SSA
- SDE
- Permissioned blockchain
- Cryptocurrency
- Time-limited authorization for developer action
- TADA
- Code signing
- Trusted software guard
- SGX
- Trusted eXecution technology
- TXT
- Trusted platform module
- Self-hosting
- Controlled access blockchain
- CABlock
- Role-based access control
- RBAC
The purpose of this paper is to examine the blockchain as a trusted computing platform. Understanding the strengths and limitations of this platform is essential to execute…
Abstract
Purpose
The purpose of this paper is to examine the blockchain as a trusted computing platform. Understanding the strengths and limitations of this platform is essential to execute large-scale real-world applications in blockchains.
Design/methodology/approach
This paper proposes several modifications to conventional blockchain networks to improve the scale and scope of applications.
Findings
Simple modifications to cryptographic protocols for constructing blockchain ledgers, and digital signatures for authentication of transactions, are sufficient to realize a scalable blockchain platform.
Originality/value
The original contributions of this paper are concrete steps to overcome limitations of current blockchain networks.
Details
Keywords
Ahmad R. Pratama and Firman M. Firmansyah
In this study, the authors seek to understand factors that naturally influence users to adopt two-factor authentication (2FA) without even trying to intervene by investigating…
Abstract
Purpose
In this study, the authors seek to understand factors that naturally influence users to adopt two-factor authentication (2FA) without even trying to intervene by investigating factors within individuals that may influence their decision to adopt 2FA by themselves.
Design/methodology/approach
A total of 1,852 individuals from all 34 provinces in Indonesia participated in this study by filling out online questionnaires. The authors discussed the results from statistical analysis further through the lens of the loss aversion theory.
Findings
The authors found that loss aversion, represented by higher income that translates to greater potential pain caused by losing things to be the most significant demographic factor behind 2FA adoption. On the contrary, those with a low-income background, even if they have some college degree, are more likely to skip 2FA despite their awareness of this technology. The authors also found that the older generation, particularly females, to be among the most vulnerable groups when it comes to authentication-based cyber threats as they are much less likely to adopt 2FA, or even to be aware of its existence in the first place.
Originality/value
Authentication is one of the most important topics in cybersecurity that is related to human-computer interaction. While 2FA increases the security level of authentication methods, it also requires extra efforts that can translate to some level of inconvenience on the user's end. By identifying the associated factors from the user's ends, a necessary intervention can be made so that more users are willing to jump on the 2FA adopters' train.
Details
Keywords
Prabhat Pokharel, Roshan Pokhrel and Basanta Joshi
Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities…
Abstract
Analysis of log message is very important for the identification of a suspicious system and network activity. This analysis requires the correct extraction of variable entities. The variable entities are extracted by comparing the logs messages against the log patterns. Each of these log patterns can be represented in the form of a log signature. In this paper, we present a hybrid approach for log signature extraction. The approach consists of two modules. The first module identifies log patterns by generating log clusters. The second module uses Named Entity Recognition (NER) to extract signatures by using the extracted log clusters. Experiments were performed on event logs from Windows Operating System, Exchange and Unix and validation of the result was done by comparing the signatures and the variable entities against the standard log documentation. The outcome of the experiments was that extracted signatures were ready to be used with a high degree of accuracy.
Details
Keywords
Sherali Zeadally, Farhan Siddiqui, Zubair Baig and Ahmed Ibrahim
The aim of this paper is to identify some of the challenges that need to be addressed to accelerate the deployment and adoption of smart health technologies for ubiquitous…
Abstract
Purpose
The aim of this paper is to identify some of the challenges that need to be addressed to accelerate the deployment and adoption of smart health technologies for ubiquitous healthcare access. The paper also explores how internet of things (IoT) and big data technologies can be combined with smart health to provide better healthcare solutions.
Design/methodology/approach
The authors reviewed the literature to identify the challenges which have slowed down the deployment and adoption of smart health.
Findings
The authors discussed how IoT and big data technologies can be integrated with smart health to address some of the challenges to improve health-care availability, access and costs.
Originality/value
The results of this paper will help health-care designers, professionals and researchers design better health-care information systems.
Details
Keywords
Cris Koutsougeras, Mohammad Saadeh and Ahmad Fayed
This modeling facilitates the determination of control responses (or possibly reconfiguration) upon such events and the identification of which segments of the pipeline can…
Abstract
Purpose
This modeling facilitates the determination of control responses (or possibly reconfiguration) upon such events and the identification of which segments of the pipeline can continue to function uninterrupted. Based on this modeling, an algorithm is presented to implement the control responses and to establish this determination. In this work, the authors propose using Message Queuing Telemetry Transport (MQTT), which is an integrated method to perform the system-wide control based on message exchanging among local node controllers (agents) and the global controller (broker).
Design/methodology/approach
Complex manufacturing lines in industrial plants are designed to accomplish an overall task in an incremental mode. This typically consists of a sequence of smaller tasks organized as cascaded processing nodes with local controls, which must be coordinated and aided by a system-wide (global) controller. This work presents a logic modeling technique for such pipelines and a method for using its logic to determine the consequent effects of events where a node halts/fails on the overall operation.
Findings
The method uses a protocol for establishing communication of node events and the algorithm to determine the consequences of node events in order to produce global control directives, which are communicated back to node controllers over MQTT. The algorithm is simulated using a complex manufacturing line with arbitrary events to illustrate the sequence of events and the agents–broker message exchanging.
Originality/value
This approach (MQTT) is a relatively new concept in Cyber-Physical Systems. The proposed example of feed-forward is not new; however, for illustration purposes, it was suggested that a feed-forward be used. Future works will consider practical examples that are at the core of the manufacturing processes.
Details