Search results

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.

This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.

While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.

The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

This paper aims to propose a tool to help policy makers understand the dynamic relationships between security and privacy on a strategic (macro) level.

The methodology is ported from the discipline of Macroeconomics, and applied to the information security and privacy domain. The methodology adopted is the so‐called “cross methodology” which claims ownership of the well‐known supply/demand market equilibrium exercise.

Early evaluation reveals that this is a potentially very effective tool in understanding societal behaviour and position towards information security and privacy and therefore makes this a suitable tool for investigating and exploring scenarios that can assist in policy making.

Up to date, research on the economics of security and privacy has been primarily focusing on a micro level. The main contribution of this paper is a methodology for investigating privacy and security on a macro level. We believe that our approach in undertaking this research is new and looking at the issues and relationships between security and privacy at a macro level, gives a better understanding of the problems at hand and how to resolve them.

The proposed tool may increase the efficiency of policy making and planning as it enables the policy makers on a governmental and strategic level to run scenarios in order to investigate the effect of their decisions (for example, an introduction of a stricter law relating to computer misuse) to the delicate balance of security and privacy.

The purpose of this paper is to investigate the feasibility of identifying the gender of an author by measuring the keystroke duration when typing a message.

Three classifiers were constructed and tested. The authors empirically evaluated the effectiveness of the classifiers by using empirical data. The authors used primary data as well as a publicly available dataset containing keystrokes from a different language to validate the language independence assumption.

The results of this paper indicate that it is possible to identify the gender of an author by analyzing keystroke durations with a probability of success in the region of 70 per cent.

The proposed approach was validated with a limited number of participants and languages, yet the statistical tests show the significance of the results. However, this approach will be further tested with other languages.

Having the ability to identify the gender of an author of a certain piece of text has value in digital forensics, as the proposed method will be a source of circumstantial evidence for “putting fingers on keyboard” and for arbitrating cases where the true origin of a message needs to be identified.

If the proposed method is included as part of a text-composing system (such as e-mail, and instant messaging applications), it could increase trust toward the applications that use it and may also work as a deterrent for crimes involving forgery.

The proposed approach combines and adapts techniques from the domains of biometric authentication and data classification.

The purpose of this paper is to develop an approach for investigating the impact of surveillance technologies used to facilitate security and its effect upon privacy.

The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving identity (ID) management and privacy is considered as being supported by ID assurance solutions.

Reflecting upon Ashby's Law of Requisite Variety, the authors conclude that surveillance policies will not meet espoused ends and investigate an alternative strategy for policy making.

The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level.

The paper extends the current literature on economics of privacy by incorporating methods from macroeconomics.

The purpose of this paper is to develop a model for online transactions, integrating the social influence approach, the trust‐risk framework, and the theory of reasoned action, and to test it in a non US/UK context such as Greece.

Structural equation modeling was used to survey data from 376 household respondents from two residential departments of the city of Thessaloniki in Greece in order to examine causal inferences.

The results of the model, where the trust‐risk‐subjective norms framework mediated the impact of information privacy on actual transactions, indicated that the individual's attitude toward using technology, through the intention to submit individual information, resulted in positive actual transaction outcomes.

Cross‐section data were used for testing the model. However, for properly investigating causality time‐series or longitudinal data should be employed.

For increasing online transactions, organizations should make their websites as simple and attractive as possible, develop their image that they do care about customers and are trustworthy, and develop privacy‐friendly policies for gaining competitive advantage.

This study proposes and empirically validates an integrative framework for online transactions at the individual level by adapting information privacy concerns and trust‐risk‐subjective norm beliefs and relates them to attitudes of individuals. Thus, the proposed integrative framework is critically engaging and well established but with limited information models.

This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics.

A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment.

The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency.

The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services.

PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions.

This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it.

To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users.

This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed.

The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed.

The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices.

The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions.

The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices.

The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware.

This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy.

The purpose of this paper is to present a vision for the future development of Kybernetes under a new editorship.

The new Editors are introduced, the strengths and history of the journal reviewed, and plans for its future development described.

The future of Kybernetes will build on its long and distinguished heritage, noting especially the strengths of interdisplinarity, internationality, and strong links with major cybernetic societies across the world. While maintaining these strengths, the new Editors will seek to develop further the conversations between diverse fields contributing to the journal and to bring a new emphasis to the interdisciplinary study of information, to studies of the social implications of cybernetics and related fields, and to profiles of thinkers in cybernetics, systems and management science.

This is only the second time that there has been a change of editor in the more than 40 years that Kybernetes has been published. The journal (and the whole field of cybernetics and systems) owes the past editors a great debt of thanks for their outstanding work, but the time has come for change. This paper starts to identify new directions under the new Editors.