Search results

1 – 10 of over 14000
To view the access options for this content please click here
Article

A.B. Feroz Khan and Anandharaj G

The purpose of the paper is to analyze the layer wise security issues in IoT and to obtain the effective security mechanism for jamming attack .

Abstract

Purpose

The purpose of the paper is to analyze the layer wise security issues in IoT and to obtain the effective security mechanism for jamming attack .

Design/methodology/approach

In this study, the authors proposed a multi layer security approach for the detection of DDoS in IoT environment, which protects the smart devices from DDoS, this scheme also reduces the computational cost in the network under mobility condition.

Findings

Even though many works have been done for the security of wireless sensor network (WSN), all works have focused on encryption which depends on the key management strategy. In this study, the authors proposed a multilayer approach to analyze the layer wise security issues and also proposed a threshold-based countermeasure (TBC) for replay attack in each layer.

Originality/value

The results indicate that the proposed algorithm lowers the computational costs and energy consumption than in modern schemes. Also, the proposed research work improves the scalability of sensor networks using the TBC.

Details

International Journal of Intelligent Unmanned Systems, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2049-6427

Keywords

To view the access options for this content please click here
Article

Omerah Yousuf and Roohie Naaz Mir

Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is…

Abstract

Purpose

Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is an extremely critical issue for IoT that needs to be addressed efficiently. Heterogeneity being an inherent characteristic of IoT gives rise to many security issues that need to be addressed from the perspective of new architectures such as software defined networking, cryptographic algorithms, federated cloud and edge computing.

Design/methodology/approach

The paper analyzes the IoT security from three perspectives: three-layer security architecture, security issues at each layer and security countermeasures. The paper reviews the current state of the art, protocols and technologies used at each layer of security architecture. The paper focuses on various types of attacks that occur at each layer and provides the various approaches used to countermeasure such type of attacks.

Findings

The data exchanged between the different devices or applications in the IoT environment are quite sensitive; thus, the security aspect plays a key role and needs to be addressed efficiently. This indicates the urgent needs of developing general security policy and standards for IoT products. The efficient security architecture needs to be imposed but not at the cost of efficiency and scalability. The paper provides empirical insights about how the different security threats at each layer can be mitigated.

Originality/value

The paper fulfills the need of having an extensive and elaborated survey in the field of IoT security, along with suggesting the countermeasures to mitigate the threats occurring at each level of IoT protocol stack.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article

Swapan Purkait

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both…

Abstract

Purpose

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.

Design/methodology/approach

This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.

Findings

The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.

Originality/value

Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

Details

Information Management & Computer Security, vol. 20 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article

Uchenna Daniel Ani, Hongmei He and Ashutosh Tiwari

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within…

Abstract

Purpose

As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting human-factor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.

Design/methodology/approach

A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.

Findings

Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.

Practical implications

The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.

Originality/value

This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.

Details

Journal of Systems and Information Technology, vol. 21 no. 1
Type: Research Article
ISSN: 1328-7265

Keywords

To view the access options for this content please click here
Article

Ema Kusen and Mark Strembeck

Ever since Mark Weiser coined the term “ubiquitous computing” (ubicomp) in 1988, there has been a general interest in proposing various solutions that would support his…

Abstract

Purpose

Ever since Mark Weiser coined the term “ubiquitous computing” (ubicomp) in 1988, there has been a general interest in proposing various solutions that would support his vision. However, attacks targeting devices and services of a ubicomp environment have demonstrated not only different privacy issues, but also a risk of endangering user’s life (e.g. by modifying medical sensor readings). Thus, the aim of this paper is to provide a comprehensive overview of security challenges of ubicomp environments and the corresponding countermeasures proposed over the past decade.

Design/methodology/approach

The results of this paper are based on a literature review method originally used in evidence-based medicine called systematic literature review (SLR), which identifies, filters, classifies and summarizes the findings.

Findings

Starting from the bibliometric results that clearly show an increasing interest in the topic of ubicomp security worldwide, the findings reveal specific types of attacks and vulnerabilities that have motivated the research over the past decade. This review describes most commonly proposed countermeasures – context-aware access control and authentication mechanisms, cryptographic protocols that account for device’s resource constraints, privacy-preserving mechanisms, and trust mechanisms for wireless ad hoc and sensor networks.

Originality/value

To the best of our knowledge, this is the first SLR on security challenges in ubicomp. The findings should serve as a reference to an extensive list of scientific contributions, as well as a guiding point for the researchers’ novel to the security research in ubicomp.

Details

International Journal of Pervasive Computing and Communications, vol. 12 no. 2
Type: Research Article
ISSN: 1742-7371

Keywords

To view the access options for this content please click here
Article

David C. Chou, David C. Yen, Binshan Lin and Philip Hong‐Lam Cheng

Through the tremendous growth of Internet users during the last few years, organizations now realize the potential market of the information highway. However, these…

Abstract

Through the tremendous growth of Internet users during the last few years, organizations now realize the potential market of the information highway. However, these organizations now face the problem of Internet security. The open environment of the Internet contributes greatly to its success, but also plants inherent security problems. Discusses the security frameworks implemented in the cyberspace environment and the current developments and future trends involving this issue.

Details

Industrial Management & Data Systems, vol. 99 no. 8
Type: Research Article
ISSN: 0263-5577

Keywords

To view the access options for this content please click here
Article

Mohammad Moradi and Qi Li

Over the past decade, many research works in various disciplines have benefited from the endless ocean of people and their potentials (in the form of crowdsourcing) as an…

Abstract

Purpose

Over the past decade, many research works in various disciplines have benefited from the endless ocean of people and their potentials (in the form of crowdsourcing) as an effective problem-solving strategy and computational model. But nothing interesting is ever completely one-sided. Therefore, when it comes to leveraging people's power, as the dark side of crowdsourcing, there are some possible threats that have not been considered as should be, such as recruiting black hat crowdworkers for organizing targeted adversarial intentions. The purpose of this paper is to draw more attention to this critical issue through investigation of its different aspects.

Design/methodology/approach

To delve into details of such malicious intentions, the related literature and previous researches have been studied. Then, four major typologies for adversarial crowdsourced attacks as well as some real-world scenarios are discussed and delineated. Finally, possible future threats are introduced.

Findings

Despite many works on adversarial crowdsourcing, there are only a few specific research studies devoted to considering the issue in the context of cyber security. In this regard, the proposed typologies (and addressed scenarios) for such human-mediated attacks can shed light on the way of identifying and confronting such threats.

Originality/value

To the best of the authors' knowledge, this the first work in which the titular topic is investigated in detail. Due to popularity and efficiency of leveraging crowds' intelligence and efforts in a wide range of application domains, it is most likely that adversarial human-driven intentions gain more attention. In this regard, it is anticipated that the present research study can serve as a roadmap for proposing defensive mechanisms to cope with such diverse threats.

Details

Journal of Information, Communication and Ethics in Society, vol. 19 no. 1
Type: Research Article
ISSN: 1477-996X

Keywords

To view the access options for this content please click here
Article

Margaret Tan and Kathrine Sagala Aguilar

Various research investigations have found that students' awareness of information security issues continues to be poor and this is indeed a concern especially when…

Abstract

Purpose

Various research investigations have found that students' awareness of information security issues continues to be poor and this is indeed a concern especially when students use information technologies pervasively to communicate, to socialize as well as to work on academic assignments. As it is important to understand students' behaviors towards information security and safety in the digital cyberspace, the purpose of this paper is to investigate their awareness and perception, in particular, of Bluetooth security threats and risks, and whether they are able to take preventive measures to protect themselves from such security vulnerabilities. Bluetooth technology is used in this study as it is a widely used form of wireless networks that facilitates computing resources to be connected anytime anywhere; however, it has security weaknesses like any other digital networks.

Design/methodology/approach

A field survey was conducted to collect the empirical data from students at a local university. The survey instrument/questionnaire was developed based on various literatures on Bluetooth applications, Bluetooth security vulnerabilities, and users' usage and perception on computer security and safety.

Findings

The results show that most students do not take precautions to mitigate against security vulnerabilities; however, there is a difference on students' perceptions based on their academic major or domain knowledge, for instance, engineering students have demonstrated significant awareness of security risks compared to students from the business and social science colleges. It is therefore not surprising to note that engineering students are more cautious users of Bluetooth, hence are more secure users of technologies.

Practical implications

The findings provide useful information for academic institutions to understand students' behavior towards security risks especially in terms of identity theft, unsecured systems and inadequate security practices. Indeed, the findings of this study highlight or emphasize the importance of promoting security awareness to student cohorts especially on the use of mobile computing applications such as Bluetooth or wireless. Perhaps, universities should design curriculum to incorporate the study of information and cyber security so as to inculcate a culture of cyber safety as well as to prepare these prospective employees as more secured users when they enter the workplace. Indeed, considering the increasing number of users who tend to be naïve on security vulnerabilities, this research adds a critical message also to manufacturers and software developers to design more robust security features so as to minimize security breaches.

Originality/value

This paper provides further evidence to the body of research investigations on information and computing security threats and students' perceptions and behavior towards security risks and vulnerabilities. More important, this paper confirms that most students are not secure users, and it seems they not very capable of protecting themselves from security threats.

Details

Information Management & Computer Security, vol. 20 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article

Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas and Diomidis Spinellis

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

Abstract

Purpose

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

Design/methodology/approach

To defend against CIAs this approach involves detecting attacks by using location‐specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. The key property that differentiates the scheme presented in this paper is that these characteristics do not depend entirely on the code statement, but also take into account elements from its execution context.

Findings

The approach was applied successfully to defend against attacks targeting structured query language (SQL), XML Path Language and JavaScript with positive results.

Originality/value

Despite many countermeasures that have been proposed the number of CIAs has been increasing. Malicious users seem to find new ways to introduce compromised embedded executable code to applications by using a variety of languages and techniques. Hence, a generic approach that defends against such attacks would be a useful countermeasure. This approach can defend attacks that involve both domain‐specific languages (e.g. SQL) and general purpose languages (e.g. JavaScript) and can be used both against client‐side and server‐side attacks.

Details

Information Management & Computer Security, vol. 19 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

To view the access options for this content please click here
Article

Helen Kapodistria, Sarandis Mitropoulos and Christos Douligeris

The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking…

Abstract

Purpose

The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.

Design/methodology/approach

The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.

Findings

The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used open source application firewall, using over 200 attack patterns. The new tool had satisfying results for every attack category examined having a high percentage of success. Results for stored XSS could not be achieved since the other tools are not able to search and detect them in http responses. The fact that the new tool is very extensible, it makes it possible for future work to be done.

Originality/value

This paper introduces a new web server plug‐in, which has some advanced web application firewall features with a flexible attacks search engine which scans http requests and responses. By scanning http responses, attacks such as stored XSS can be detected, a feature that cannot be found on other web application firewalls.

Details

Information Management & Computer Security, vol. 19 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of over 14000