4,360,318 research outputs found
Web Vulnerability Study of Online Pharmacy Sites
Consumers are increasingly using online pharmacies, but these sites may not provide an adequate level of security with the consumersâ personal data. There is a gap in this research addressing the problems of security vulnerabilities in this industry. The objective is to identify the level of web application security vulnerabilities in online pharmacies and the common types of flaws, thus expanding on prior studies. Technical, managerial and legal recommendations on how to mitigate security issues are presented. The proposed four-step method first consists of choosing an online testing tool. The next steps involve choosing a list of 60 online pharmacy sites to test, and then running the software analysis to compile a list of flaws. Finally, an in-depth analysis is performed on the types of web application vulnerabilities. The majority of sites had serious vulnerabilities, with the majority of flaws being cross-site scripting or old versions of software that have not been updated. A method is proposed for the securing of web pharmacy sites, using a multi-phased approach of technical and managerial techniques together with a thorough understanding of national legal requirements for securing systems
Randomness Quality of CI Chaotic Generators: Applications to Internet Security
Due to the rapid development of the Internet in recent years, the need to
find new tools to reinforce trust and security through the Internet has became
a major concern. The discovery of new pseudo-random number generators with a
strong level of security is thus becoming a hot topic, because numerous
cryptosystems and data hiding schemes are directly dependent on the quality of
these generators. At the conference Internet`09, we have described a generator
based on chaotic iterations, which behaves chaotically as defined by Devaney.
In this paper, the proposal is to improve the speed and the security of this
generator, to make its use more relevant in the Internet security context. To
do so, a comparative study between various generators is carried out and
statistical results are given. Finally, an application in the information
hiding framework is presented, to give an illustrative example of the use of
such a generator in the Internet security field.Comment: 6 pages,6 figures, In INTERNET'2010. The 2nd Int. Conf. on Evolving
Internet, Valencia, Spain, pages 125-130, September 2010. IEEE Computer
Society Press Note: Best Paper awar
A novel pseudo-random number generator based on discrete chaotic iterations
Security of information transmitted through the Internet, against passive or
active attacks is an international concern. The use of a chaos-based
pseudo-random bit sequence to make it unrecognizable by an intruder, is a field
of research in full expansion. This mask of useful information by modulation or
encryption is a fundamental part of the TLS Internet exchange protocol. In this
paper, a new method using discrete chaotic iterations to generate pseudo-random
numbers is presented. This pseudo-random number generator has successfully
passed the NIST statistical test suite (NIST SP800-22). Security analysis shows
its good characteristics. The application for secure image transmission through
the Internet is proposed at the end of the paper.Comment: The First International Conference on Evolving Internet:Internet 2009
pp.71--76 http://dx.doi.org/10.1109/INTERNET.2009.1
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
Toward a social compact for digital privacy and security
Executive summary
The Global Commission on Internet Governance (GCIG) was established in January 2014 to articulate and advance a strategic vision for the future of Internet governance. In recent deliberations, the Commission discussed the potential for a damaging erosion of trust in the absence of a broad social agreement on norms for digital privacy and security.
The Commission considers that, for the Internet to remain a global engine of social and economic progress that reflects the worldâs cultural diversity, confidence must be restored in the Internet because trust is eroding. The Internet should be open, freely available to all, secure and safe. The Commission thus agrees that all stakeholders must collaborate together to adopt norms for responsible behaviour on the Internet.
On the occasion of the April 2015 Global Conference on Cyberspace meeting in The Hague, the Commission calls on the global community to build a new social compact between citizens and their elected representatives, the judiciary, law enforcement and intelligence agencies, business, civil society and the Internet technical community, with the goal of restoring trust and enhancing confidence in the Internet.
It is now essential that governments, collaborating with all other stakeholders, take steps to build confidence that the right to privacy of all people is respected on the Internet. It is essential at the same time to ensure the rule of law is upheld. The two goals are not exclusive; indeed, they are mutually reinforcing. Individuals and businesses must be protected both from the misuse of the Internet by terrorists, cyber criminal groups and the overreach of governments and businesses that collect and use private data.
A social compact must be built on a shared commitment by all stakeholders in developed and less developed countries to take concrete action in their own jurisdictions to build trust and confidence in the Internet. A commitment to the concept of collaborative security and to privacy must replace lengthy and over-politicized negotiations and conferences
A state-dependent parameterization of saturated-unsaturated zone interaction
The relevance of groundwater as an important source of root zone moisture by means of capillary rise is increasingly being recognized. This is partly reflected in many current land surface schemes, which increasingly replace a one-way (i.e., downward) drainage of water by a two-way interaction flux between the root zone and a groundwater system. A fully physically correct implementation of this two-way saturated-unsaturated interaction flux requires transient simulations using the highly nonlinear Richards' equation, which is a computationally demanding approach. We test a classic simple approximation that computes the root zoneÂżgroundwater interaction flux as the net effect of a downward drainage flux and an upward capillary rise flux against the Darcy equation for quasi steady state conditions. We find that for a wet root zone and/or shallow groundwater, the errors within this approximation are significant and of the same magnitude as the interaction flux itself. We present a new closed-form parameterization of the Darcy equationÂżbased fluxes that accounts both for root zone soil moisture and depth to the water table. Parameter values for this parameterization are listed for 11 different, widely applied soil texture descriptions. The high numerical efficiency of the proposed method makes it suitable for inclusion into demanding applications, e.g., a Monte Carlo framework, or high spatial resolution
Development of an estimation model for the evaluation of the energy requirement of dilute acid pretreatments of biomass
This study aims to develop a mathematical model to evaluate the energy required by pretreatment processes used in the production of second generation ethanol. A dilute acid pretreatment process reported by National Renewable Energy Laboratory (NREL) was selected as an example for the model's development. The energy demand of the pretreatment process was evaluated by considering the change of internal energy of the substances, the reaction energy, the heat lost and the work done to/by the system based on a number of simplifying assumptions. Sensitivity analyses were performed on the solid loading rate, temperature, acid concentration and water evaporation rate. The results from the sensitivity analyses established that the solids loading rate had the most significant impact on the energy demand. The model was then verified with data from the NREL benchmark process. Application of this model on other dilute acid pretreatment processes reported in the literature illustrated that although similar sugar yields were reported by several studies, the energy required by the different pretreatments varied significantly
Patient access to complex chronic disease records on the internet
Background: Access to medical records on the Internet has been reported to be acceptable and popular with patients, although most published evaluations have been of primary care or office-based practice. We tested the feasibility and acceptability of making unscreened results and data from a complex chronic disease pathway (renal medicine) available to patients over the Internet in a project involving more than half of renal units in the UK.
Methods: Content and presentation of the Renal PatientView (RPV) system was developed with patient groups. It was designed to receive information from multiple local information systems and to require minimal extra work in units. After piloting in 4 centres in 2005 it was made available more widely. Opinions were sought from both patients who enrolled and from those who did not in a paper survey, and from staff in an electronic survey. Anonymous data on enrolments and usage were extracted from the webserver.
Results: By mid 2011 over 17,000 patients from 47 of the 75 renal units in the UK had registered. Users had a wide age range (<10 to >90âyrs) but were younger and had more years of education than non-users. They were enthusiastic about the concept, found it easy to use, and 80% felt it gave them a better understanding of their disease. The most common reason for not enrolling was being unaware of the system. A minority of patients had security concerns, and these were reduced after enrolling.
Staff responses were also strongly positive. They reported that it aided patient concordance and disease management, and increased the quality of consultations with a neutral effect on consultation length. Neither patient nor staff responses suggested that RPV led to an overall increase in patient anxiety or to an increased burden on renal units beyond the time required to enrol each patient.
Conclusions: Patient Internet access to secondary care records concerning a complex chronic disease is feasible and popular, providing an increased sense of empowerment and understanding, with no serious identified negative consequences. Security concerns were present but rarely prevented participation. These are powerful reasons to make this type of access more widely available
- âŠ