Information Security Journal: A Global Perspective最新文献_第6页

The role risk-management plays in reducing insider threat’s in the federal Government 风险管理在减少联邦政府内部威胁中的作用

Information Security Journal: A Global Perspective Pub Date : 2021-11-18 DOI: 10.1080/19393555.2021.1998735

A. Stone

引用次数: 1

Security and privacy consideration for the deployment of electronic health records: a qualitative study covering Greece and Oman 部署电子健康记录的安全和隐私考虑:一项涉及希腊和阿曼的定性研究

Information Security Journal: A Global Perspective Pub Date : 2021-11-17 DOI: 10.1080/19393555.2021.2003914

O. K. Xanthidou, D. Xanthidis, Christos Manolas, Han-I Wang

{"title":"Security and privacy consideration for the deployment of electronic health records: a qualitative study covering Greece and Oman","authors":"O. K. Xanthidou, D. Xanthidis, Christos Manolas, Han-I Wang","doi":"10.1080/19393555.2021.2003914","DOIUrl":"https://doi.org/10.1080/19393555.2021.2003914","url":null,"abstract":"ABSTRACT The deployment of an Electronic Health Record (EHR) introduced multiple and obvious benefits. Nevertheless, it also introduced various issues and challenges. Among others, these include considerations regarding the levels of system access, provisions for security and authorization protocols, provisions for backup and recovery mechanisms, and the training of IT staff and their appreciation of the system. The study focused on these areas, and introduced a number of related concepts and observations, based on the opinions of a sample population of EHR system stakeholders across Greece and Oman. The study adopted a qualitative methodology, utilizing field work and visits to the natural settings of medical units in the two countries, where a total of 40 professionals were interviewed. The results indicate that the views of professionals are largely divided in terms of patient access to their personal records. It was also observed that the access of third parties to such records should be both restricted and recorded. In terms of the security level, the ICTs training and the backup and recovery mechanism in place, professionals were generally satisfied, with the majority of the interviewees also confirming that an authorization scheme should be followed in order to access the EHR.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123312498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A tokenization technique for improving the security of EMV contactless cards 一种提高EMV非接触式卡安全性的标记化技术

Information Security Journal: A Global Perspective Pub Date : 2021-11-12 DOI: 10.1080/19393555.2021.2001120

Ossama Al-Maliki, H. Al-Assam

{"title":"A tokenization technique for improving the security of EMV contactless cards","authors":"Ossama Al-Maliki, H. Al-Assam","doi":"10.1080/19393555.2021.2001120","DOIUrl":"https://doi.org/10.1080/19393555.2021.2001120","url":null,"abstract":"ABSTRACT This paper focuses on the EMV contactless payment cards and their vulnerability of leaking sensitive information such as the cardholder name, Primary Account Number (PAN), and the expiry date of the EMV card. Such data can be sniffed using off-the-shelf hardware or software without the knowledge of the genuine cardholder. The paper proposes a tokenization technique to replace the PAN of the actual EMV contactless card’s with a token to protect the genuine data from being sniffed by an attacker and used in the Card-No-Present (CNP) attack or any other attacks. The proposal was inspired by the implementation of the tokenization in the EMV Mobile payment such as Apple, Google, and Samsung mobile payments. We argue that the proposed tokenization technique is easy to adopt and cost-effective to implement by EMV protocol as it does not require any changes to the infrastructure of existing payment systems. A vital feature of the proposal is that all the changes in the EMV protocol are at the personalization phase of the EMV card. The paper presents a successful implementation of the tokenization approach using a Java contactless card framework to represent EMV contactless cards to demonstrate its effectiveness in improving the security and protecting the privacy of the card’s information.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126509421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

New chaotic satellite image encryption by using some or all the rounds of the AES algorithm 采用部分或全部AES算法的新型混沌卫星图像加密

Information Security Journal: A Global Perspective Pub Date : 2021-11-10 DOI: 10.1080/19393555.2021.1982082

M. Naim, Ali Pacha, Oran Mohamed Boudiaf, Oran

{"title":"New chaotic satellite image encryption by using some or all the rounds of the AES algorithm","authors":"M. Naim, Ali Pacha, Oran Mohamed Boudiaf, Oran","doi":"10.1080/19393555.2021.1982082","DOIUrl":"https://doi.org/10.1080/19393555.2021.1982082","url":null,"abstract":"ABSTRACT This study suggests new satellite chaotic image encryption by using some or all the rounds of the AES algorithm to improve security techniques to protect sensitive data and images during transmission between satellites and ground stations. First, the 7D hyperchaotic system generates the initial key of the pseudo-AES algorithm by using the first and the second variables of the hyperchaotic system. Second, the pseudo-AES algorithm consists of several rounds, where two of them are fixed rounds (the first and the last rounds of the classical AES algorithm), while the number of the remaining rounds depends on the value of the third variable of the hyperchaotic system which considered as a determiner. Third, the permutation operation is applied to the output of the pseudo-AES algorithm by an arrangement permutation on the rows and the columns using the fourth and fifth variables of the hyperchaotic system. Finally, the remaining two variables of the hyperchaotic system are used to generate a mask matrix to be XORed with the output of the previous step to obtain the final cipher image. Moreover, the experimental results show that the proposed technique of encryption for satellite images has extraordinary resistance against well-known attacks.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114972504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

A systematic review of detection and prevention techniques of SQL injection attacks 一个系统的审查检测和预防技术的SQL注入攻击

Information Security Journal: A Global Perspective Pub Date : 2021-10-27 DOI: 10.1080/19393555.2021.1995537

Mohammed Nasereddin, Ashaar ALKhamaiseh, Malik Qasaimeh, Raad S. Al-Qassas

引用次数: 12

Steganalysis attacks resilient, imperceptible, blind, and keyed image hiding in ultra HD 4K video 隐写分析攻击弹性，难以察觉的，盲目的，以及隐藏在超高清4K视频中的键控图像

Information Security Journal: A Global Perspective Pub Date : 2021-10-19 DOI: 10.1080/19393555.2021.1986178

B. Banik, Abhinandan Banik

{"title":"Steganalysis attacks resilient, imperceptible, blind, and keyed image hiding in ultra HD 4K video","authors":"B. Banik, Abhinandan Banik","doi":"10.1080/19393555.2021.1986178","DOIUrl":"https://doi.org/10.1080/19393555.2021.1986178","url":null,"abstract":"ABSTRACT A novel data hiding approach is being proposed in this article, camouflaging secret data within a very high-quality video object. The proposed algorithm utilizes Discrete Wavelet Transform (DWT) and Discrete Cosine Transform (DCT) to hide image data, preprocessed using Arnold Transform. The novelty of this approach lies in the combination of five factors, which are – use of very high-resolution Ultra HD 4 K video as a cover object; Use of DCT coefficient in Scene Change Detection to identify cover frame; Scrambling the secret image by Arnold Transformation; Use of DCT-DWT in embedding and extraction process to that hide data in the blue plane of the RGB frame; and lastly, use of three different keys for data hiding to secure the proposed method against attacks, by adhering the Kerckhoff’s principle of a cryptosystem. Several quality metrics like Structural Content, Peak Signal-to-Noise Ratio, Normalized Cross-Correlation, Average Difference, Maximum Difference, and Normalized Absolute Error have been calculated to validate the imperceptibility. This method has also been validated against different steganalysis attacks like random cropping, rotating, resizing, noise addition, filtering, histogram attack, and lastly, compared with existing data hiding methods to prove superiority.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129399085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Benchmarking full version of GureKDDCup, UNSW-NB15, and CIDDS-001 NIDS datasets using rolling-origin resampling 使用滚动原点重采样对完整版的GureKDDCup、UNSW-NB15和CIDDS-001 NIDS数据集进行基准测试

Information Security Journal: A Global Perspective Pub Date : 2021-10-19 DOI: 10.1080/19393555.2021.1985191

Yee Jian Chew, Nicholas Lee, S. Ooi, Kok-Seng Wong, Y. Pang

{"title":"Benchmarking full version of GureKDDCup, UNSW-NB15, and CIDDS-001 NIDS datasets using rolling-origin resampling","authors":"Yee Jian Chew, Nicholas Lee, S. Ooi, Kok-Seng Wong, Y. Pang","doi":"10.1080/19393555.2021.1985191","DOIUrl":"https://doi.org/10.1080/19393555.2021.1985191","url":null,"abstract":"ABSTRACT Network intrusion detection system (NIDS) is a system that analyses network traffic to flag malicious traffic or suspicious activities. Several recent NIDS datasets have been published, however, the lack of baseline experimental results on the full version of datasets had made it difficult for researchers to perform benchmarking. As the train-test distribution of the datasets has yet to be pre-defined by the creators, this further obstruct the researchers to compare the performance unbiasedly across each of the machine classifiers. Moreover, cross-validation resampling scheme have also been addressed in the literatures to be inappropriate in the domain of NIDS. Thus, rolling-origin – a standard resampling technique which is also known as a common cross-validation scheme in the forecasting domain is employed to allocate the training and testing distributions. In this paper, rigorous experiments are conducted on the full version of the three recent NIDS datasets: GureKDDCup, UNSW-NB15, and CIDDS-001. While the datasets chosen might not be the latest available datasets, we have selected them as they include the essential IP address fields which are usually missing or removed due to some sort of privacy concerns. To deliver the baseline empirical results, 10 well-known classifiers from Weka are utilized.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127159713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Variables influencing the effectiveness of signature-based network intrusion detection systems 影响基于签名的网络入侵检测系统有效性的变量

Information Security Journal: A Global Perspective Pub Date : 2021-09-20 DOI: 10.1080/19393555.2021.1975853

T. Sommestad, Hannes Holm, Daniel Steinvall

{"title":"Variables influencing the effectiveness of signature-based network intrusion detection systems","authors":"T. Sommestad, Hannes Holm, Daniel Steinvall","doi":"10.1080/19393555.2021.1975853","DOIUrl":"https://doi.org/10.1080/19393555.2021.1975853","url":null,"abstract":"ABSTRACT Contemporary organizations often employ signature-based network intrusion detection systems to increase the security of their computer networks. The effectiveness of a signature-based system primarily depends on the quality of the rules used to associate system events to known malicious behavior. However, the variables that determine the quality of rulesets is relatively unknown. This paper empirically analyzes the detection probability in a test involving Snort for 1143 exploitation attempts and 12 Snort rulesets created by the Emerging Threats Labs and the Sourcefire Vulnerability Research Team. The default rulesets from Emerging Threats raised priority-1-alerts for 39% of the exploit attempts compared to 31% for rulesets from the Vulnerability Research Team. The following features predict detection probability: if the exploit is publicly known, if the ruleset references the exploited vulnerability, the payload, the type of software targeted, and the operating system of the targeted software. The importance of these variables depends on the ruleset used and whether default rules are used. A logistic regression model with these variables classifies 69–92% of the cases correctly for the different rulesets.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126885534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

Security analysis and enhancements of UAS architecture UAS体系结构的安全性分析和增强

Information Security Journal: A Global Perspective Pub Date : 2021-09-17 DOI: 10.1080/19393555.2021.1977873

Bilal Akhtar, A. Masood

{"title":"Security analysis and enhancements of UAS architecture","authors":"Bilal Akhtar, A. Masood","doi":"10.1080/19393555.2021.1977873","DOIUrl":"https://doi.org/10.1080/19393555.2021.1977873","url":null,"abstract":"ABSTRACT Unmanned Aerial Vehicles, known as UAVs, are controlled by the autopilot system remotely and autonomously. It is a component of Unmanned Aerial System (UAS) which contains a UAV, a Ground Control System (GCS), and Air link. They are used vastly in all applications; however, over a period of time, a number of security flaws have surfaced in UASs. While considerable research has been undertaken to propose secure solutions for UAS, the prior work on the subject fails to consider a holistic treatment of the security issues. Thereby, keeping in view the lack of a structured approach for UAS security, we have proposed an ISO 18028 standard-based framework for defining security architecture of UAS. ISO standard provides generic guidelines for the security architecture of a network; yet, the same has been extended in this work to propose a holistic security architecture for UASs, which effectively mitigates all the associated risks. Furthermore, the architecture has been used to evaluate two case studies: Commercial UAS based on Cube and Commercial UAS based on DJI A3. The appraisal undertaken in the case studies indicated a number of security limitations in the considered commercial solutions, thus leading to corresponding recommendations for security enhancements.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121929238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Comprehensive Survey of Phishing Email Detection and Protection Techniques 网络钓鱼电子邮件检测与防护技术综述

Information Security Journal: A Global Perspective Pub Date : 2021-09-15 DOI: 10.1080/19393555.2021.1959678

Santosh Kumar Birthriya, A. Jain

引用次数: 4