Abstract: The world is gradually entering the fourth industrial revolution. E-Government services are scaling government operations across the globe. However, as promising as an e-Government system would be, it is also susceptible to malicious attacks if not properly secured. In our study, we found that in Saudi Arabia, the e-Government website, Yesser, is vulnerable to external attacks. Obviously, this can lead to a breach of data integrity and privacy. In this paper, a systematic literature review (SLR) was conducted to explore possible ways the Kingdom of Saudi Arabia can take necessary measures to strengthen its e-Government system using blockchain. Blockchain is one of the emerging technologies shaping the world through its applications in finance, elections, healthcare, etc. It secures systems and brings more transparency. A total of 28 papers were selected for this SLR, and 19 of the papers significantly showed that blockchain could enhance the security and privacy of Saudi’s e-Government system. Other papers also concluded that blockchain is effective, albeit with the integration of other technologies like IoT, AI and big data. These papers have been analyzed to sieve out the findings and set the stage for future research into the subject.
Abstract: With the advent of complex software and increased connectivity, security of life-critical medical devices is becoming an increasing concern, particularly with their direct impact to human safety. Security is essential, but it is impossible to develop completely secure and impenetrable systems at design time. Therefore, it is important to assess the potential impact on security and safety of exploiting a vulnerability in such critical medical systems. The common vulnerability scoring system (CVSS) calculates the severity of exploitable vulnerabilities. However, for medical devices, it does not consider the unique challenges of impacts to human health and privacy. Thus, the scoring of a medical device on which a human life depends (e.g., pacemakers, insulin pumps) can score very low, while a system on which a human life does not depend (e.g., hospital archiving systems) might score very high. In this paper, we present a Medical Vulnerability Scoring System (MVSS) that extends CVSS to address the health and privacy concerns of medical devices. We propose incorporating two new parameters, namely health impact and sensitivity impact. Sensitivity refers to the type of information that can be stolen from the device, and health represents the impact to the safety of the patient if the vulnerability is exploited (e.g., potential harm, life threatening). We evaluate 15 different known vulnerabilities in medical devices and compare MVSS against two state-of-the-art medical device-oriented vulnerability scoring system and the foundational CVSS.
Abstract: In this paper, we present a Platform-as-a-Service (PaaS) model for controlling the privacy enforcement mechanisms applied on user data when stored and processed in Cloud data centers. The proposed architecture consists of establishing user configurable ‘sticky’ policies on the Graphical User Interface (GUI) data-bound components during the application development phase to specify the details of privacy enforcement on the contents of these components. Various privacy classification classes on the data components are formally defined to give the user full control on the degree and scope of privacy enforcement including the type of execution containers to process the data in the Cloud. This not only enhances the privacy-awareness of the developed Cloud services, but also results in major savings in performance and energy efficiency due to the fact that the privacy mechanisms are solely applied on sensitive data units and not on all the user content. The proposed design is implemented in a real PaaS cloud computing environment on the Microsoft Azure platform.
Abstract: Internet of things (IOT) is a kind of advanced information technology which has drawn societies’ attention. Sensors and stimulators are usually recognized as smart devices of our environment. Simultaneously, IOT security brings up new issues. Internet connection and possibility of interaction with smart devices cause those devices to involve more in human life. Therefore, safety is a fundamental requirement in designing IOT. IOT has three remarkable features: overall perception, reliable transmission, and intelligent processing. Because of IOT span, security of conveying data is an essential factor for system security. Hybrid encryption technique is a new model that can be used in IOT. This type of encryption generates strong security and low computation. In this paper, we have proposed a hybrid encryption algorithm which has been conducted in order to reduce safety risks and enhancing encryption's speed and less computational complexity. The purpose of this hybrid algorithm is information integrity, confidentiality, non-repudiation in data exchange for IOT. Eventually, the suggested encryption algorithm has been simulated by MATLAB software, and its speed and safety efficiency were evaluated in comparison with conventional encryption algorithm.
Abstract: With the development of cloud computing, more and more users start to utilize the cloud storage service. However, there exist some issues: 1) cloud server steals the shared data, 2) sharers collude with the cloud server to steal the shared data, 3) cloud server tampers the shared data, 4) sharers and key generation center (KGC) conspire to steal the shared data. In this paper, we use advanced encryption standard (AES), hash algorithms, and accountable key-policy attribute-based encryption without key escrow (WOKE-AKP-ABE) to build a security cloud storage scheme. Moreover, the data are encrypted to protect the privacy. We use hash algorithms to prevent the cloud server from tampering the data uploaded to the cloud. Analysis results show that this scheme can resist conspired attacks.
Abstract: The advanced information technology is becoming an important factor in the development of financial services industry, especially the banking industry. It has introduced new ways of delivering banking to the customer, such as Internet Banking. Banks began to look at electronic banking (e-banking) as a means to replace some of their traditional branch functions using the Internet as a new distribution channel. Some consumers have at least more than one account, and across banks, and access these accounts using e-banking services. To look at the current net worth position, customers have to login to each of their accounts and get the details and work on consolidation. This not only takes ample time but it is a repetitive activity at a specified frequency. To address this point, an account aggregation concept is added as a solution. E-banking account aggregation, as one of the e-banking types, appeared to build a stronger relationship with customers. Account Aggregation Service generally refers to a service that allows customers to manage their bank accounts maintained in different institutions through a common Internet banking operating a platform, with a high concern to security and privacy. This paper presents an overview of an e-banking account aggregation approach as a new service in the e-banking field.
Abstract: Mining big data represents a big challenge nowadays. Many types of research are concerned with mining massive amounts of data and big data streams. Mining big data faces a lot of challenges including scalability, speed, heterogeneity, accuracy, provenance and privacy. In telecommunication industry, mining big data is like a mining for gold; it represents a big opportunity and maximizing the revenue streams in this industry. This paper discusses the characteristics of big data (volume, variety, velocity and veracity), data mining techniques and tools for handling very large data sets, mining big data in telecommunication and the benefits and opportunities gained from them.
Abstract: Privacy is sacred and would normally be expected and preserved by an individual. Online privacy is no longer about the right to be left alone, but also includes the right not to be monitored. However, with the revelations made by United States National Security Agency former employee Edward Snowden that the government is spying on internet communications, individuals’ privacy can no longer be expected. Therefore, this paper is intended to evaluate law related to privacy protection in the digital domain, who should govern it and whether invasion to a person’s privacy is a necessary justification to preserve national security.
Abstract: The legality of some countries or agencies’ acts to spy
on personal phone calls of the public became a hot topic to many
social groups’ talks. It is believed that this act is considered an
invasion to someone’s privacy. Such act may be justified if it is
singling out specific cases but to spy without limits is very
unacceptable. This paper discusses the needs for not only a simple
and light weight technique to secure mobile voice calls but also a
technique that is independent from any encryption standard or library.
It then presents and tests one encrypting algorithm that is based of
Frequency scrambling technique to show fair and delay-free process
that can be used to protect phone calls from such spying acts.
Abstract: This paper seeks to analyse the benefits of big data
and more importantly the challenges it pose to the subject of privacy
and data protection. First, the nature of big data will be briefly
deliberated before presenting the potential of big data in the present
days. Afterwards, the issue of privacy and data protection is
highlighted before discussing the challenges of implementing this
issue in big data. In conclusion, the paper will put forward the debate
on the adequacy of the existing legal framework in protecting
personal data in the era of big data.
Abstract: Privacy is regarded as a fundamental human right and it is clear that the study of digital privacy is an important field. Digital privacy is influenced by new and constantly evolving technologies and this continuous change makes it hard to create legislation to protect people’s privacy from being exploited by misuse of these technologies.
This study aims to benefit digital privacy legislation efforts by evaluating the awareness and perceived importance of digital privacy legislation among computer science students. The chosen fixed variables for the population are study year and gamer classification.
The use of location based services in mobile applications and games are a concern for digital privacy. For this reason the study focused on computer science students as they have a high likelihood to use and develop this type of software. Surveys were used to evaluate awareness and perceived importance of digital privacy legislation.
The results of the study show that privacy legislation and awareness of privacy legislation are important to people. The perception of the importance of privacy legislation increases with academic experience. Awareness of privacy legislation increases from non-gamers to pro gamers.
Abstract: The evolution of customer behavior in purchasing
products or services through the Internet leads to airline companies
engaging in the e-ticketing process in order to maintain their
business. A well-designed website is vitally significant for the airline
companies to provide effective communication, support, and
competitive advantage. This study was conducted to identify the
dimensions of website quality for low cost airline and to investigate
the relationship between the website quality and customer esatisfaction
at low cost airline. A total of 381 responses were
conveniently collected among local passengers at Low Cost Carrier
Terminal, Kuala Lumpur via questionnaire distribution. This study
found that the five determinant factors of website quality for AirAsia
were Information Content, Navigation, Responsiveness,
Personalization, and Security and Privacy. The results of this study
revealed that there is a positive relationship between the five
dimensions of website quality and customer e-satisfaction, and also
information content was the most significant contributor to customer
e-satisfaction.
Abstract: It is well-known that in wireless local area networks,
authenticating nodes by their MAC addresses is not secure since it is
very easy for an attacker to learn one of the authorized addresses and
change his MAC address accordingly. In this paper, in order to
prevent MAC address spoofing attacks, we propose to use
dynamically changing MAC addresses and make each address usable
for only one session. The scheme we propose does not require any
change in 802.11 protocols and incurs only a small performance
overhead. One of the nice features of our new scheme is that no third
party can link different communication sessions of the same user by
monitoring MAC addresses therefore our scheme is preferable also
with respect to user privacy.
Abstract: Current proposals for E-passport or ID-Card is similar to a regular passport with the addition of tiny contactless integrated circuit (computer chip) inserted in the back cover, which will act as a secure storage device of the same data visually displayed on the photo page of the passport. In addition, it will include a digital photograph that will enable biometric comparison, through the use of facial recognition technology at international borders. Moreover, the e-passport will have a new interface, incorporating additional antifraud and security features. However, its problems are reliability, security and privacy. Privacy is a serious issue since there is no encryption between the readers and the E-passport. However, security issues such as authentication, data protection and control techniques cannot be embedded in one process. In this paper, design and prototype implementation of an improved E-passport reader is presented. The passport holder is authenticated online by using GSM network. The GSM network is the main interface between identification center and the e-passport reader. The communication data is protected between server and e-passport reader by using AES to encrypt data for protection will transferring through GSM network. Performance measurements indicate a 19% improvement in encryption cycles versus previously reported results.
Abstract: Wireless sensor network can be applied to both abominable
and military environments. A primary goal in the design of
wireless sensor networks is lifetime maximization, constrained by
the energy capacity of batteries. One well-known method to reduce
energy consumption in such networks is data aggregation. Providing
efcient data aggregation while preserving data privacy is a challenging
problem in wireless sensor networks research. In this paper,
we present privacy-preserving data aggregation scheme for additive
aggregation functions. The Cluster-based Private Data Aggregation
(CPDA)leverages clustering protocol and algebraic properties of
polynomials. It has the advantage of incurring less communication
overhead. The goal of our work is to bridge the gap between
collaborative data collection by wireless sensor networks and data
privacy. We present simulation results of our schemes and compare
their performance to a typical data aggregation scheme TAG, where
no data privacy protection is provided. Results show the efficacy and
efficiency of our schemes.
Abstract: Digital signature is a useful primitive to attain the integrity and authenticity in various wire or wireless communications. Proxy signature is one type of the digital signatures. It helps the proxy signer to sign messages on behalf of the original signer. It is very useful when the original signer (e.g. the president of a company) is not available to sign a specific document. If the original signer can not forge valid proxy signatures through impersonating the proxy signer, it will be robust in a virtual environment; thus the original signer can not shift any illegal action initiated by herself to the proxy signer. In this paper, we propose a new proxy signature scheme. The new scheme can prevent the original signer from impersonating the proxy signer to sign messages. The proposed scheme is based on the regular ElGamal signature. In addition, the fair privacy of the proxy signer is maintained. That means, the privacy of the proxy signer is preserved; and the privacy can be revealed when it is necessary.
Abstract: Probability-based identity disclosure risk
measurement may give the same overall risk for different
anonymization strategy of the same dataset. Some entities in the
anonymous dataset may have higher identification risks than the
others. Individuals are more concerned about higher risks than the
average and are more interested to know if they have a possibility of
being under higher risk. A notation of overall risk in the above
measurement method doesn-t indicate whether some of the involved
entities have higher identity disclosure risk than the others. In this
paper, we have introduced an identity disclosure risk measurement
method that not only implies overall risk, but also indicates whether
some of the members have higher risk than the others. The proposed
method quantifies the overall risk based on the individual risk values,
the percentage of the records that have a risk value higher than the
average and how larger the higher risk values are compared to the
average. We have analyzed the disclosure risks for different
disclosure control techniques applied to original microdata and
present the results.
Abstract: The concept of privacy, seen in connection to the consumer's private space and personalization, has recently gained a higher importance as a consequence of the increasing marketing efforts of the organizations based on the capturing, processing and usage of consumer-s personal data.Paper intends to provide a definition of the consumer-s private space based on the types of personal data the consumer is willing to disclose, to assess the attitude toward personalization and to identify the means preferred by consumers to control their personal data and defend their private space. Several implications generated through the definition of the consumer-s private space are identified and weighted from both the consumers- and organizations- perspectives.
Abstract: Nowadays, organizations and business has several motivating factors to protect an individual-s privacy. Confidentiality refers to type of sharing information to third parties. This is always referring to private information, especially for personal information that usually needs to keep as a private. Because of the important of privacy concerns today, we need to design a database system that suits with privacy. Agrawal et. al. has introduced Hippocratic Database also we refer here as a privacy-aware database. This paper will explain how HD can be a future trend for web-based application to enhance their privacy level of trustworthiness among internet users.
Abstract: RFID tag is a small and inexpensive microchip which is
capable of transmitting unique identifier through wireless network in a
short distance. If a group of RFID tags can be scanned simultaneously
by one reader, RFID Group proof could be generated. Group proof can
be used in various applications, such as good management which is
usually achieved using barcode system. A lot of RFID group proof
schemes have been proposed by many researchers. In this paper, we
introduce some existing group proof schemes and then analyze their
vulnerabilities to the privacy. Moreover, we propose a new attack
model, which threats the privacy of user by tracking tags in a group.