International Journal of Information Privacy, Security and Integrity (6 papers in press)
A Novel Integrated Approach Using Euclids and Fuzzy Logic for Secure Communication
by Sailaja Rayi, Rupa CH, Chakravarthy A S N
Abstract: Today there is a terrific rise in internet security attacks. Even though many encryption algorithms are developed to fight against the attacks, most of them are key centric algorithms. The security of algorithm is very much dependent on security of the key. A new cryptographic algorithm has been proposed based on internal key table, Euclids theorem and fuzzy logic. The proposed algorithm doesnt involve key exchange or sharing. It takes the help of internal key table whose indexes will be converted in to numeric form using Euclids and fuzzy logic to get the cipher text. The secrecy of the communication will be compromised if key is compromised. So there is a desperate need for key less algorithms to thwart against man-in-the-middle and spoofing attacks. The proposed approach will provide a solution for key exchange attacks. The performance of proposed work is evaluated by comparing with existing approaches and it shows better results.
Keywords: Fuzzy logic; Euclid’s algorithm; Key table.
Privacy Preserving Association Rule Mining based on Homomorphic Computations
by Baby Vadlana, Subhash Chandra N
Abstract: The collection and analysis of data are continuously growing due to the pervasiveness of computing devices. The analysis of such information is fostering businesses and contributing beneficially to the society in many different fields. However, this storage and flow of possibly sensitive data poses serious privacy concerns. Methods that allow the knowledge extraction from data, while preserving privacy, are known as privacy-preserving data mining (PPDM) techniques. Many
of the researchers have recently made an effort to preserve privacy of
sensitive knowledge or information in a real database. Association rule mining and frequent itemset mining are two popular and widely studied data analysis techniques for a range of applications.To ensure data privacy, in this paper, we design an efficient homomorphic encryption based scheme for privacy preserving data mining. Later, we gave correctness proof, security analysis and experimental results for the proposed system. We also presented the comparison of our proposed method with other significant state of the art methods. The main issues with some of the known privacy preserving methods are - high computational complexity and large communication cost required for their execution. In this work, we achieved perfect secrecy and resist various attacks to some extent in association rule mining process.
Keywords: Security; Association rule mining; Homomorphic encryption,
Distributed computation; Transactional itemsets.
Towards an intercultural approach to information security
by Miloslava Plachkinova, Steven Andrés
Abstract: National culture plays an important role in the development and compliance with information security (InfoSec) policy and standards. A successful InfoSec policy must demonstrate understanding of the local workforce's culture and not just blindly impose rules and regulations. We conducted a quantitative study of 177 professionals across 35 national cultures to investigate whether national culture influences InfoSec training and best practices using Hofstede's six cultural dimensions. Our findings indicate that training programs should more directly address the variances in perception of InfoSec across cultures. These training programs should also reflect the significance of the organisation's InfoSec policies in the context of the local employee, while maintaining unified corporate governance. By increasing training comprehension, organisations can reduce security incidents resulting from unintentional policy violations and in turn, avoid costly remediation efforts.
Keywords: information security; InfoSec; training; education; compliance; national culture; insider threat; corporate governance.
How the modification of personality traits leave one vulnerable to manipulation in social engineering
by James Stewart, Maurice Dawson
Abstract: Research on cyber security related to social engineering has expanded from its purely technological orientation into explaining the role of human behaviour in detecting deception (Workman, 2007). In the broadest definition, social engineering, in the context of information security, is the manipulation of individuals to perform actions that cause harm or increase the probability of causing future harm. Human personality traits significantly contribute to the probability that an individual is susceptible to manipulation related to social engineering deception attacks and exploits (Maurya, 2013). The outcome of the attacks and objective is the alteration of normal and rational decision making as described in behaviour decision theory (Kamis, 2011). This quantitative and non-experimental study determined what makes an individual based on personality traits predisposed to social engineering treats in the context of susceptibility to deception manipulation and exploitation.
Keywords: social engineering personality traits; social engineering; deception susceptibility; behaviour modification; cyber-attack; risk management; decision theory.
Towards improving existing online social networks' privacy policies
by Alexandra K. Michota, Sokratis K. Katsikas
Enhanced tiny encryption algorithm for secure electronic health authentication system
by Yunusa Simpa Abdulsalam, Olayemi Mikail Olaniyi, Aliyu Ahmed
Abstract: One of the main worries circling the globe today is how to provide efficient and effective quality health services. Conventionally, part of the constraints in making these efficient quality health services possible is the fact that patients and consultants must be physically present in the same location. Modern development in information technology have been able to raise the number of possible ways healthcare can be delivered remotely to reduce medical access restraints, but the issue of patient authentication remains paramount. As more delicate data is stored in electronic health record (EHR) systems, there is need to provide effective security to avoid malicious attacks through illicit access to EHRs. This paper presents an enhancement to tiny encryption algorithm for secure near frequency communication based EHR system. The conventional tiny encryption algorithm was enhanced with Yarrow pseudo random number generator for better key randomisation. Results of the performance evaluation of the developed enhanced algorithm showed that the scheme is capable of providing countermeasures against replay and tag cloning attacks in data communication channels of clinic tele-consultations.
Keywords: electronic health record; EHR; security; authentication; privacy; tiny encryption algorithm; TEA; healthcare.