Biblio
In today's interconnected world, universities recognize the importance of protecting their information assets from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aware of this raising challenge. Understanding staff perception of compliance behaviour is critical for universities wanting to leverage their staff capabilities to mitigate Information Security risks. Therefore, this research seeks to get insights into staff perception based on factors adopted from several theories by using proposed constructs i.e. "perceived" practices/policies and "perceived" intention to comply. Drawing from the General Deterrence Theory, Protection Motivation Theory, Theory of Planned Behaviour and Information Reinforcement, within the context of Palestine universities, this paper integrates staff awareness of Information Security Policies (ISP) countermeasures as antecedents to ``perceived'' influencing factors (perceived sanctions, perceived rewards, perceived coping appraisal, and perceived information reinforcement). The empirical study is designed to follow a quantitative research approaches, use survey as a data collection method and questionnaires as the research instruments. Partial least squares structural equation modelling is used to inspect the reliability and validity of the measurement model and hypotheses testing for the structural model. The research covers ISP awareness among staff and seeks to assert that information security is the responsibility of all academic and administrative staff from all departments. Overall, our pilot study findings seem promising, and we found strong support for our theoretical model.
Data security is a major requirement of smart meter communication to control server through Advanced Metering infrastructure. Easy access of smart meters and multi-faceted nature of AMI communication network are the main reasons of smart meter facing large number of attacks. The different topology, bandwidth and heterogeneity in communication network prevent the existing security mechanisms in satisfying the security requirements of smart meter. Hence, advanced security mechanisms are essential to encrypt smart meter data before transmitting to control server. The emerging biocryptography technique has several advantages over existing techniques and is most suitable for providing security to communication of low processing devices like smart meter. In this paper, a lightweight encryption scheme using DNA sequence with suitable key management scheme is proposed for secure communication of smart meter in an efficient way. The proposed 2-phase DNA cryptography provides confidentiality and integrity to transmitted data and the authentication of keys is attained by exchanging through Diffie Hellman scheme. The strength of proposed encryption scheme is analyzed and its efficiency is evaluated by simulating an AMI communication network using Simulink/Matlab. Comparison of simulation results with various techniques show that the proposed scheme is suitable for secure communication of smart meter data.
Combining conventional power networks and information communication technologies forms smart grid concept. Researches on the evolution of conventional power grid system into smart grid continue thanks to the development of communication and information technologies hopefully. Testing of smart grid systems is usually performed in simulation environments. However, achieving more effective real-world implementations, a smart grid application needs a real-world test environment, called testbed. Smart grid, which is the combination of conventional electricity line with information communication technologies, is vulnerable to cyber-attacks and this is a key challenge improving the smart grid. The vulnerabilities to cyber-attacks in smart grid arise from information communication technologies' nature inherently. Testbeds, which cyber-security researches and studies can be performed, are needed to find effective solutions against cyber-attacks capabilities in smart grid practices. In this paper, an evaluation of existing smart grid testbeds with the capability of cyber security is presented. First, background, domains, research areas and security issues in smart grid are introduced briefly. Then smart grid testbeds and features are explained. Also, existing security-oriented testbeds and cyber-attack testing capabilities of testbeds are evaluated. Finally, we conclude the study and give some recommendations for security-oriented testbed implementations.
This study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 International Telecommunication Union global cybersecurity development index (GCI 2015). After analysing the various contextual factors affecting e-government development, the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relationship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services.
Supervisory control and data acquisition (SCADA) systems are the key driver for critical infrastructures and industrial facilities. Cyber-attacks to SCADA networks may cause equipment damage or even fatalities. Identifying risks in SCADA networks is critical to ensuring the normal operation of these industrial systems. In this paper we propose a Bayesian network-based cyber-security risk assessment model to dynamically and quantitatively assess the security risk level in SCADA networks. The major distinction of our work is that the proposed risk assessment method can learn model parameters from historical data and then improve assessment accuracy by incrementally learning from online observations. Furthermore, our method is able to assess the risk caused by unknown attacks. The simulation results demonstrate that the proposed approach is effective for SCADA security risk assessment.
With the advent of smart devices and lowering prices of sensing devices, adoption of Internet of Things (IoT) is gaining momentum. These IoT devices come with greater threat of being attacked or compromised that could lead to Denial of Service (DoS) and Distributed Denial of Service (DDoS). The high volume of IoT devices with high level of heterogeneity, magnify the possibility of security threats. So far, there is no protocol to guarantee the security of IoT devices. But to enable resilience, continuous monitoring is required along with adaptive decision making. These challenges can be addressed with the help of Software Defined Networking (SDN) which can effectively handle the security threats to the IoT devices in dynamic and adaptive manner without any burden on the IoT devices. In this paper, we propose an SDN-based secure IoT framework called SoftThings to detect abnormal behaviors and attacks as early as possible and mitigate as appropriate. Machine Learning is used at the SDN controller to monitor and learn the behavior of IoT devices over time. We have conducted experiments on Mininet emulator. Initial results show that this framework is capable to detect attacks on IoT with around 98% precision.
The video streaming between the sender and the receiver involves multiple unsecured hops where the video data can be illegally copied if the nodes run malicious forwarding logic. This paper introduces a novel method to stream video data through dual channels using dual data paths. The frames' pixels are also scrambled. The video frames are divided into two frame streams. At the receiver side video is re-constructed and played for a limited time period. As soon as small chunk of merged video is played, it is deleted from video buffer. The approach has been tried to formalize and initial simulation has been done over MATLAB. Preliminary results are optimistic and a refined approach may lead to a formal designing of network layer routing protocol with corrections in transport layer.
User authentication depends largely on the concept of passwords. However, users find it difficult to remember alphanumerical passwords over time. When user is required to choose a secure password, they tend to choose an easy, short and insecure password. Graphical password method is proposed as an alternative solution to text-based alphanumerical passwords. The reason of such proposal is that human brain is better in recognizing and memorizing pictures compared to traditional alphanumerical string. Therefore, in this paper, we propose a conceptual framework to better understand the user performance for new high-end graphical password method. Our proposed framework is based on hybrid approach combining different features into one. The user performance experimental analysis pointed out the effectiveness of the proposed framework.
We survey the state-of-the-art on the Internet-of-Things (IoT) from a wireless communications point of view, as a result of the European FP7 project BUTLER which has its focus on pervasiveness, context-awareness and security for IoT. In particular, we describe the efforts to develop so-called (wireless) enabling technologies, aimed at circumventing the many challenges involved in extending the current set of domains (“verticals”) of IoT applications towards a “horizontal” (i.e. integrated) vision of the IoT. We start by illustrating current research effort in machine-to-machine (M2M), which is mainly focused on vertical domains, and we discuss some of them in details, depicting then the necessary horizontal vision for the future intelligent daily routine (“Smart Life”). We then describe the technical features of the most relevant heterogeneous communications technologies on which the IoT relies, under the light of the on-going M2M service layer standardization. Finally we identify and present the key aspects, within three major cross-vertical categories, under which M2M technologies can function as enablers for the horizontal vision of the IoT.