Abstract: With the advent of complex software and increased connectivity, security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact to human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices, it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which a human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which a human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we present a Medical Vulnerability Scoring System (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact to the safety of the patient if the vulnerability is exploited (e.g., potential harm, life threatening). We evaluate 15 different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring system and the foundational CVSS.
Abstract: The privacy paradox describes a phenomenon whereby there is no connection between stated privacy concerns and privacy behaviours. We need to understand the underlying reasons for this paradox if we are to help users to preserve their privacy more effectively. In particular, the Social Networking System (SNS) domain offers a rich area of investigation due to the risks of unwise information disclosure decisions. Our study thus aims to untangle the complicated nature and underlying mechanisms of online privacy-related decisions in SNSs. In this paper, we report on the findings of a Systematic Literature Review (SLR) that revealed a number of factors that are likely to influence online privacy decisions. Our deductive analysis approach was informed by Communicative Privacy Management (CPM) theory. We uncovered a lack of clarity around privacy attitudes and their link to behaviours, which makes it challenging to design privacy-protecting SNS platforms and to craft legislation to ensure that users’ privacy is preserved.
Abstract: The inability of organizations to put in place management control measures for Internet of Things (IoT) complexities persists to be a risk concern. Policy makers have been left to scamper in finding measures to combat these security and privacy concerns. IoT forensics is a cumbersome process as there is no standardization of the IoT products, no or limited historical data are stored on the devices. This paper highlights why IoT forensics is a unique adventure and brought out the legal challenges encountered in the investigation process. A quadrant model is presented to study the conflicting aspects in IoT forensics. The model analyses the effectiveness of forensic investigation process versus the admissibility of the evidence integrity; taking into account the user privacy and the providers’ compliance with the laws and regulations. Our analysis concludes that a semi-automated forensic process using machine learning, could eliminate the human factor from the profiling and surveillance processes, and hence resolves the issues of data protection (privacy and confidentiality).
Abstract: Vehicular Adhoc Networks (VANETs), a subset of Mobile Adhoc Networks (MANETs), refers to a set of smart vehicles used for road safety. This vehicle provides communication services among one another or with the Road Side Unit (RSU). Security is one of the most critical issues related to VANET as the information transmitted is distributed in an open access environment. As each vehicle is not a source of all messages, most of the communication depends on the information received from other vehicles. To protect VANET from malicious action, each vehicle must be able to evaluate, decide and react locally on the information received from other vehicles. Therefore, message verification is more challenging in VANET because of the security and privacy concerns of the participating vehicles. To overcome security threats, we propose Monitoring Algorithm that detects malicious nodes based on the pre-selected threshold value. The threshold value is compared with the distrust value which is inherently tagged with each vehicle. The proposed Monitoring Algorithm not only detects malicious vehicles, but also isolates the malicious vehicles from the network. The proposed technique is simulated using Network Simulator2 (NS2) tool. The simulation result illustrated that the proposed Monitoring Algorithm outperforms the existing algorithms in terms of malicious node detection, network delay, packet delivery ratio and throughput, thereby uplifting the overall performance of the network.
Abstract: Cybercrime investigation demands an appropriated evidence collection mechanism. If the investigator does not acquire digital proofs in a forensic sound, some important information can be lost, and judges can discard case evidence because the acquisition was inadequate. The correct digital forensic seizing involves preparation of professionals from fields of law, police, and computer science. This paper presents important challenges faced during evidence collection in different perspectives of places. The crime scene can be virtual or real, and technical obstacles and privacy concerns must be considered. All pointed challenges here highlight the precautions to be taken in the digital evidence collection and the suggested procedures contribute to the best practices in the digital forensics field.
Abstract: Location sharing is a fundamental service in mobile Online Social Networks (mOSNs), which raises significant privacy concerns in recent years. Now, most location-based service applications adopt client/server architecture. In this paper, a location sharing system, named CSLocShare, is presented to provide flexible privacy-preserving location sharing with client/server architecture in mOSNs. CSLocShare enables location sharing between both trusted social friends and untrusted strangers without the third-party server. In CSLocShare, Location-Storing Social Network Server (LSSNS) provides location-based services but do not know the users’ real locations. The thorough analysis indicates that the users’ location privacy is protected. Meanwhile, the storage and the communication cost are saved. CSLocShare is more suitable and effective in reality.
Abstract: This study discovers a novel framework of individual
level technology adoption known as I-P (Individual- Privacy) towards
health information application in Smart National Identity Card. Many
countries introduced smart national identity card (SNIC) with various
applications such as health information application embedded inside
it. However, the degree to which citizens accept and use some of the
embedded applications in smart national identity remains unknown to
many governments and application providers as well. Moreover, the
factors of trust, perceived risk, Privacy concern and perceived
credibility need to be incorporated into more comprehensive models
such as extended Unified Theory of Acceptance and Use of
Technology known as UTAUT2. UTAUT2 is a mainly widespread
and leading theory up to now. This research identifies factors
affecting the citizens’ behavioural intention to use health information
application embedded in SNIC and extends better understanding on
the relevant factors that the government and the application providers
would need to consider in predicting citizens’ new technology
acceptance in the future. We propose a conceptual framework by
combining the UTAUT2 and Privacy Calculus Model constructs and
also adding perceived credibility as a new variable. The proposed
framework may provide assistance to any government planning,
decision, and policy makers involving e-government projects.
Empirical study may be conducted in the future to provide proof and
empirically validate this I-P framework.
Abstract: With the advances in information and communications technology, mobile context-aware applications have become powerful marketing tools. In Apple online store, there are numerous mobile applications (APPs) developed for destination tour. This study investigated the determinants of adoption of context-aware APPs for destination tour services. A model is proposed based on Technology Acceptance Model and privacy concern theory. The model was empirically tested based on a sample of 259 users of a tourism APP published by Kaohsiung Tourism Bureau, Taiwan. The results showed that the fitness of the model is well and, among all the factors, the perceived usefulness and perceived ease of use have the most significant influences on the intention to adopt context-aware destination APPs. Finally, contrary to the findings of previous literature, the effect of privacy concern on the adoption intention of context-aware APP is insignificant.
Abstract: Nowadays, organizations and business has several motivating factors to protect an individual-s privacy. Confidentiality refers to type of sharing information to third parties. This is always referring to private information, especially for personal information that usually needs to keep as a private. Because of the important of privacy concerns today, we need to design a database system that suits with privacy. Agrawal et. al. has introduced Hippocratic Database also we refer here as a privacy-aware database. This paper will explain how HD can be a future trend for web-based application to enhance their privacy level of trustworthiness among internet users.
Abstract: The aim of this research is to develop the
understanding of corporate social responsibility (CSR) from
consumers- perspective toward Thai mobile service providers.
Based on the survey from 400 mobile customers, the result
shows that four dimensions of CSR of Thai mobile service
providers consist of economic, legal, ethical and philanthropic
responsibility. These four CSR factors have positive impacts
on enhancing customer satisfaction except one item of
economic responsibility - profitability to shareholders. Ethical
dimension has the strongest impact on customer satisfaction.
Economic, legal, ethical, philanthropic responsibility and
customer satisfaction have major impact on loyalty, whilst
philanthropic component mostly affects loyalty.
Abstract: Mobile marketing through mobile messaging service
has highly impressive growth as it enables e-business firms to
communicate with their customers effectively. Educational
institutions hence start using this service to enhance communication
with their students. Previous studies, however, have limited
understanding of applying mobile messaging service in education.
This study proposes a theoretical model to understand the drivers of
students- intentions to use the university-s mobile messaging service.
The model indicates that social influence, perceived control and
attitudes affect students- intention to use the university-s mobile
messaging service. It also provides five antecedents of students-
attitudes–perceived utility (information utility, entertainment utility,
and social utility), innovativeness, information seeking, transaction
specificity (content specificity, sender specificity, and time
specificity) and privacy concern. The proposed model enables
universities to understand what students concern about the use of a
mobile messaging service in universities and handle the service more
effectively. The paper discusses the model development and
concludes with limitations and implications of the proposed model.
Abstract: Privacy issues commonly discussed among
researchers, practitioners, and end-users in pervasive healthcare.
Pervasive healthcare systems are applications that can support
patient-s need anytime and anywhere. However, pervasive healthcare
raises privacy concerns since it can lead to situations where patients
may not be aware that their private information is being shared and
becomes vulnerable to threat. We have systematically analyzed the
privacy issues and present a summary in tabular form to show the
relationship among the issues. The six issues identified are medical
information misuse, prescription leakage, medical information
eavesdropping, social implications for the patient, patient difficulties
in managing privacy settings, and lack of support in designing
privacy-sensitive applications. We narrow down the issues and chose
to focus on the issue of 'lack of support in designing privacysensitive
applications' by proposing a privacy-sensitive architecture
specifically designed for pervasive healthcare monitoring systems.