Search results

This study attempts to develop an efficient concept to mitigate the risks of social engineering in the era of social networks. For instance friend requests on Facebook are often accepted blindly, thus granting unknown people access to profile details. These problems fuel requirements for an application, developed in this study, that raises awareness of security issues in Facebook.

The “Theory of Planned Behaviour” (TPB), a model from psychology to predict behaviour, is used as a theoretical foundation for the application. Attitudes, perceived behavioural control and social norms are the main variables of this model. Social norms can be massively affected by the Facebook friends and therefore an application is developed which uses this in order to raise awareness.

The application propagated itself virally. Out of 117 users of the application, 15 took action to change the public‐search option visibility from public to private. The use of the application took on average 10.5 minutes.

Applications that scan a Facebook profile for fishy content already exist. However, at the time of writing this paper, no application specifically written against social engineering was known to the author.

The purpose of this research is to explain particular implementation weaknesses of near field communication (NFC) systems done by several institutions which apply for critical purposes and provide practical solutions.

This research is done by literature studies of previous findings in NFC security, observations of some existing implemented systems and experimentations to provide practical solutions.

Unintentional lack of security protection of the NFC cards and tags by some card issuers make them a vulnerable target. The outcomes of this research are proposed solutions on methods to quickly detect vulnerability in NFC tags using an Android-based mobile application. Another solution involves the assembly of a detection device using the portable, low power and powerful Raspberry Pi to analyze the NFC tags or cards and NFC reader vulnerabilities.

This research is conducted in Indonesia; therefore, the results and solutions may lack generalizability. However, the findings may occur in other countries which newly apply NFC technology.

System implementer should become more aware about the security issue of old NFC tags like MIFARE Classic. Price should be considered after tag security. People also need to be aware of identity or money theft using NFC-enabled smartphones, as many identity cards and electronic money are now relying on NFC technology.

People also need to be aware of identity or money theft using NFC-enabled smartphones, as many identity cards and electronic money are now relying on NFC technology.

This research fulfills an identified need to evaluate the security aspect of a system that uses NFC as one of the main technologies. The results and solutions also provides cheap, easy and practical tools to analyze NFC security.

The purpose of this paper is to highlight the importance of cyber security education as a means of enabling skilled professionals and ensuring adequate awareness amongst end users.

The discussion examines the contribution made by the Kaspersky Academy student conference series, and then proceeds to consider some related questions posed to Eugene Kaspersky as the founder of the programme.

The question and answer segment of the discussion identifies the ways in which academic qualifications and professional certifications can align to support a rounded security education for those aiming to become practitioners.

The discussion provides a clear insight into the importance of security education and how it is being actively supported by one of the leading companies in the industry.

The purpose of this paper is to introduce VoxGrid, a mobile voice verification system intended for improving the security of the username‐password authentication scheme.

The system incorporates text‐dependant speaker verification via mobile devices that provides for a three‐factor authentication scheme for granting authorised access to certain websites or applications. The same speech recognition engine used by Google Voice Search is utilised to provide voice‐to‐text feature. All verification tasks are performed on a centralised server to minimise computing requirements on mobile platforms where feature extractions is executed using Mel Frequency Cepstral Coefficients. The resulting features are transmitted to the server instead of raw voice data to reduce network load. Actual voice verification takes place in the central server using Vector Quantisation.

The initial results have indicated that VoxGrid is capable of providing an additional level of security on user authentications at a low cost and without using extra security tokens other than one's voice with a good enough performance given the limited resources available during testing.

Past speaker verification experiments have been conducted but we see that this is the first time it is done on mobile devices with a client‐server architecture using K‐Means Clustering and Vector Quantisation. Future improvements on performance and testing could result in a more secure mobile computing environment.

The SOUL System aims to provide a low‐cost secure online two‐factor authentication system that involves both a password and a security token in the form of an ordinary electronic container. Its main goal is to design and build a system that can easily be integrated to existing websites to make the login and registration processes more secure.

The three main parts of the system are the website, the ordinary hardware device, and trusted third party. The website must first be integrated with the web API provided and then registered to the trusted third party website to allow two‐factor authentication. It must be registered to the trusted third party so that it can be used to register and login to SOUL System integrated websites.

The design and implementation of the proposed two‐factor authentication system makes use of the hybrid cryptosystem, one‐time passwords, hash functions, trusted third parties, steganographic techniques, signed java applets and cross‐language cryptographic libraries. It protects users from well known attacks such as brute‐force attacks, collision attacks, dictionary attacks, keylogger attacks, man‐in‐the‐middle attacks, and even replay attacks. Currently, the system can be integrated to websites built in PHP, Python, and Java.

The SOUL System is the first two‐factor authentication system that uses both cryptography and steganography to provide secure online authentication with an ordinary USB flash drive. It is designed to work in major operating systems such as Windows, Mac OS X, and Linux with very minimal installation.

This paper aims to study the influence of emotions on security behaviour by reviewing Information Systems Security (ISS) topics in Information Systems (IS) literature. Researchers in ISS study how to motivate people to adhere to security policies; they mainly focus on cognitive models such as the technology acceptance model (Davis, 1985), innovation diffusion theory (Brancheau and Wetherbe, 1990), theory of planned behaviour (Mathieson, 1991) and social cognitive theory (Compeau and Higgins, 1995). Applying positive emotions such as joy and interest is feasible by adding emoticons and positive messages; we use this approach to improve password choosing.

We apply differential emotional theory (Izard 2002) from psychology to the context of ISS. Twenty-two participants took part in an experiment with the task of choosing strong but memorable passphrases. The dependent variable is the strength of the chosen passphrase. The task for the user is to come up with a passphrase that is both strong and memorable. We choose a between-subject design. The independent variable is the emotional interface that the user is confronted with.

We found that 5.35 words was the mean when participants were shown positive smiley faces and messages. When exposed to negative emoticons, the mean was only 4.35 words. Through ANOVA, we find the differences to be statistically significant (F1; 20 = 3.16; p < 0.1). We derive from the experiment that positive emotions should be used in ISS when making users start a habit (e.g. developing a new, individual password strategy), and we conclude from our literature review that negative emotions should be used when reinforcing a habit (e.g. taking care of shoulder surfing).

We contribute to practice by developing a user script that can be installed in all established Internet browsers. The script supports the user to choose a good passphrase strategy when registering for a new service. We find that trainings should not rely on facts only but must make use of emotions, which are crucial for human motivation.

It is increasingly difficult to ignore the importance of anonymity on the internet. Tor has been proposed as a reliable way to keep our identity secret from governments and organizations. This research evaluates its ability to protect our activity on the Web.

Using traffic analysis over ACK packets among others, fingerprints of websites can be created and later on used to recognise Tor traffic.

Tor does not add enough entropy to HTTP traffic, which allows us to recognise the access to static websites without breaking Tor's cryptography.

This work shows that the method presented behaves well with a limited set of fingerprints. Further research should be performed on its reliability with larger sets.

Tor has been used by political dissidents and citizens in countries without freedom of speech to access banned websites such as Twitter or Facebook. This paper shows that it might be possible for their countries to know what they have done.

This paper shows that while Tor does a good work keeping the content of our communication, it is weak protecting the identity of the website being accessed.

This paper aims to educate the youth about information security. Cyber technologies and services are increasingly becoming integrated into individual’s daily lives. As such, individuals are constantly being exposed to the benefits and risks of these technologies. Cyber security knowledge and skills are becoming fundamental life skills for today’s users. This is particularly true for the current generation of digital natives.

Within the design science paradigm, several case studies are used to evaluate the research artefact.

The authors believe that the presented artefact could effectively convey basic information security concepts to the youth.

This study had a number of limitations. First, all the learner groups who participated in this study were too small to enable analysis of findings for statistical significance. Second, the data compiled on the long-term effectiveness of the game for Group B was incomplete. This limitation was the result of School B’s ethical concerns regarding learners being a vulnerable target audience.

This paper presents and evaluates a brain-compatible, information security educational game that can be used to introduce information security concepts to the youth from a very young age.

This research aims to propose an attack that de-obfuscates codes by exploiting the properties of context-free grammars since it is important to understand the strength of obfuscation provided by context-free grammar-based obfuscators. In addition, the possibility of automatically generated transformations is explored.

As part of our empirical investigation, a development environment for obfuscating transformations is built. The tool is used to simulate a context-free obfuscator and to devise ways of reversing such transformations. Furthermore, a theoretical investigation of subset grammars and subset languages is carried out.

It is concluded that context-free grammar-based obfuscators provide limited levels of protection. Nevertheless, their application is appropriate when combined with other obfuscating techniques.

The algorithms behave as expected on a limited number of test samples. Further work is required to increase their practicality and to establish their average reliability.

This research shows how a frequency analysis attack can threaten the security of code scrambled by context-free grammar-based obfuscators.