Search results

For a good number of Indians, their smartphone is their first digital computing device. They have less experience in dealing with the Internet-enabled device and hence less experience in handling security threats like malware as compared to users of other countries who have gone through the learning curve of handling such security threats using other Internet-enabled devices such as laptop and desktop. Because of this, the inexperienced Indian smartphone user may be vulnerable to Internet-related security breaches, as compared to the citizens of developed economies. Hence, it is essential to understand the attitude, behaviour and security practices of smartphone users in India. Limited research is available about the security behaviour of smartphone users in India as the majority of research in this domain is done outside India.

In this empirical study, the researchers identified 28 cybersecurity behaviours and practices through a survey of relevant literature. An online survey of identified cybersecurity behaviours and practices was administered to 300 smartphone users. Frequency analysis of the respondent data was done to understand the adoption of recommended cybersecurity behaviours and practices. Pearson’s chi-square with 5% level of significance has been used to test the hypotheses. Post hoc analysis with Bonferroni correction was conducted for statistically significant associations.

Overall, the respondents did not exhibit good cybersecurity behaviour. Respondents have adopted some of the most popular security features of the smartphone such as the use of screen lock. However, respondents have not adopted or are not aware of the technical security controls such as encryption and remote wipe. Statistically significant differences were found between the cybersecurity behaviour and practices and independent variables such as gender, age, mobile operating system (OS) and mother tongue. Respondents reported high level of motivation to protect their device and data, whereas they reported moderate level of threat awareness and the ability to protect to their device and data. Results of the comparative analysis with a similar study in China and the USA are also reported in this study.

The main limitations of this study are as follows: the respondents' perceptions about their cybersecurity behaviours and practices were measured as opposed to their actual behaviours and practices and the generalizability of the study is limited because the sample size is small as compared to the total number of smartphone users in India.

The findings of this study may be useful for the design of effective cybersecurity prevention and intervention programs for general smartphone users of India.

This study provides an insight about cybersecurity behaviour of smartphone users in India. To the knowledge of the researchers, this is the first study to collect such quantitative data of smartphone users in India for a better understanding of the cybersecurity behaviours and practices. This study identified 28 cybersecurity behaviours and practices, which smartphone users should follow to improve cybersecurity.

The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices.

The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects.

The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length.

The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Security questions are one of the techniques used to recover forgotten passwords. However, security questions have both security and memorability limitations. To limit their security vulnerabilities, stronger answers need to be used. As serious games can motivate users to change their security behaviour, the purpose of this paper is to explore the features and functionalities that users would require in a serious game that educates them to provide stronger answers to security questions.

A lab study was conducted to collect users’ feedback on the desired game features and functionalities. In Stage 1, participants selected security questions/answers. In Stage 2, participants played a game and evaluated the usability and the provided features.

The main findings reveal that most participants found the current features and functionalities to be desirable; socially oriented functionalities (e.g. getting help from other players) did not seem desirable because users feared that their acquaintances could gain access to their security questions.

This research recommends that designers of serious games for security education should: use intrinsic rewards to motivate users to have a better learning experience; provide easier challenges during the training period and provide harder challenges only when the game determines that the users learned to play the game; and design their games for mobile devices because even users who usually do not play games would play a security education game on a mobile device.

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

The Bring-Your-Own-Device (BYOD) paradigm favors the use of personal and public devices and communication means in corporate environments, thus representing a challenge for the traditional security and risk management systems. In this dynamic and heterogeneous setting, the purpose of this paper is to present a methodology called opportunity-enabled risk management (OPPRIM), which supports the decision-making process in access control to remote corporate assets.

OPPRIM relies on a logic-based risk policy model combining estimations of trust, threats and opportunities. Moreover, it is based on a mobile client – server architecture, where the OPPRIM application running on the user device interacts with the company IT security server to manage every access request to corporate assets.

As a mandatory requirement in the highly flexible BYOD setting, in the OPPRIM approach, mobile device security risks are identified automatically and dynamically depending on the specific environment in which the access request is issued and on the previous history of events.

The main novelty of the OPPRIM approach is the combined treatment of threats (resp., opportunities) and costs (resp., benefits) in a trust-based setting. The OPPRIM system is validated with respect to an economic perspective: cost-benefit sensitivity analysis is conducted through formal methods using the PRISM model checker and through agent-based simulations using the Anylogic framework.

There is a need for behavioural research within the smartphone context to better understand users’ behaviour, as it is one of the reasons for the proliferation of mobile threats. This study aims to identify the human factors that affect smartphone users’ threat avoidance behaviour.

A structured literature review (SLR) was applied to answer the research question. A total of 27 sources were analysed, from which 16 codes emerged. After synthesis, six themes transpired.

Six factors were identified as drivers and/or challenges of smartphone users’ threat avoidance behaviour, namely, knowledge and awareness, misconceptions and trust, cost and benefit considerations, carelessness, perceived measure effectiveness and the user’s perceived skills and efficacy.

The results can encourage and provide a starting point for further research on human behaviour to improve smartphone user behaviour.

The mobile industry should focus on eradicating common misconceptions and undue trust in mobile security that is prevalent among smartphone users and make cost effective and usable interventions available. Training and awareness programs should be updated to include the factors that were identified in this study to affect smartphone users’ threat avoidance behaviour. In addition to improving users’ declarative knowledge concerning available smartphone measures and tools, procedural knowledge should also be improved to ensure proper use of available protective measures. Users should realise the importance of staying updated with evolving smartphone technology and associated threats.

This study acknowledges and supports the notion that addressing human behaviour is crucial in the fight against mobile threats. It addresses the need for behavioural research to analyse the factors that drive smartphone user behaviour. Furthermore, it uses and documents the use of a SLR, a research technique often unfamiliar among information security researchers.

The popularity of mobile devices and the evolving nature of the services and information they can delivery make them increasingly desirable targets for misuse. The ability to provide effective authentication of the user becomes imperative if protection against misuse of personally and financially sensitive information is to be provided. This paper discusses the application of biometrics to a mobile device in a transparent and continuous fashion and the subsequent advantages and disadvantages that are in contention with various biometric techniques.

An investigation was conducted to evaluate the feasibility of utilising signature recognition, to verify users based upon written words and not signatures, thereby enabling transparent handwriting verification. Participants were required to write a number of common words, such as “hello” “sorry” and “thank you”. The ability to correctly verify against their own template and to reject impostors was then established.

Totally, 20 users participated in the study and an average FAR and FRR of 0 and 1.2 per cent, respectively, were experienced across eight common words.

The initial study has proven very successful, however, further investigations need to be established with a larger population of users and a wider vocabulary of words.

This study has verified the feasibility of applying an existing signature recognition technique to transparent handwriting verification.

The purpose of this paper is to explore UK consumer perceptions of trust, risk and perceived usefulness of mobile payments through the use of sequential mixed methods.

A post-positivist philosophy is used with a social constructionist ontology with a questionnaire as the first survey instrument using an empirical sequential mixed methods approach. Summary quantitative analysis of the questionnaire data is undertaken followed by semi-structured interviews that produce qualitative data on which content analysis is undertaken to assess and explore UK consumer perspectives. The technology acceptance model is used as the underlying framework on which a conceptual model is developed.

UK consumers have significant risk and trust concerns with mobile payments, although these concerns can be overcome when clear consumer benefits are identified whilst bank supported mobile payments have an increased level of trust compared to new market entrants and other established companies. Furthermore, perceived trust positively influences perceived usefulness and mitigates perceived risk, whilst perceived risk negatively influences perceived usefulness. In addition, perceived usefulness significantly and positively influences UK consumer attitude which can lead to adoption.

Whilst 120 completed questionnaire responses are received, only 101 questionnaires are used for analysis. In addition, ten semi-structured interviews are undertaken using a purposeful sample to minimise any imbalance (Oakley, 1981) which increases the reliability of the research findings (Hackley, 2003). This mobile payments research does not have a statistically secure universalisation of the findings, which negates the application of these research findings to other groups and to different social settings (Lincoln and Guba, 1985).

Mobile payment organisations will need to focus on identifying the specific benefits of mobile payments to UK consumers as mitigating risk and increasing trust do not compensate for the absence of usefulness.

UK consumers indicate a lack of awareness of existing contactless payment guarantees provided by UK banks, although these payment guarantees significantly increase UK consumer trust.

Both quantitative and qualitative empirical data are obtained on UK consumer perspectives of risk, trust and perceived usefulness of mobile payments using sequential mixed methods.

Security technology on mobile devices is increasingly more important as smartphones are becoming more versatile and, thus, store more sensitive information. Among the three indispensable factors of owner authentication technologies on mobile devices, security, usability and system efficiency, usability is considered the key factor. This paper aims to challenge the limits of usability on mobile device authentication technology with respect to input size.

This paper introduces one tap authentication as a novel authentication method on mobile devices. A user just has to tap the screen of a smartphone once, and he or she will be authenticated.

One tap authentication is proven possible in this paper. The average equal error rate among 10 owners against 25 unauthorized users is as low as 3.8.

This paper focuses on verifying the possibility on one tap authentication. However, the application to various environments, such as when standing or walking or on a train, is not explored.

This research explores tap authentication with a single tap for the first time in the field. To the best of the authors’ knowledge, the minimum number of taps required in tap authentication has been 4.

The purpose of this paper is to develop a prototype system to demonstrate the potential benefits of deploying mobile technology to enhance asset maintenance processes in a small food manufacturing plant.

Design, development and deployment of a solution using open-source resources aimed at demonstrating improved asset maintenance functionality to principal stakeholders in a food manufacturing plant.

The development of a prototype system supporting user interaction via a mobile phone demonstrates the potential benefits of more flexible data capture and improved information management which offer clear advantages over the limitations imposed by a stand-alone terminal.

The solution was developed as a prototype. In this respect it serves to illustrate system benefits but more work is needed to extend system functionality.

Issues concerning data security and questions surrounding a suitable deployment platform would need to be addressed in deploying this technology.

The research demonstrates that mobile technology can successfully be utilised to enhance asset maintenance in a small manufacturing plant by improving data capture and information management. These initiatives are likely to be of interest to other SMEs seeking to enhance asset maintenance processes.