Phishing – the threat of internet banking

The attractiveness of Internet banking, the dynamics and the integration with e-business is still growing. The current use of electronic banking is defined by cyberspace and abused in the form of cyber terrorism as well. Therefore it is in the interest of all banks to focus on minimizing the real attacks. This article analyzes and compares the current possibilities against so-called phishing and identifies the area of the safe use of Internet banking in terms of the current potential threats in this area

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy

A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments

© 2020 by the authors. This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT 29 requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.Peer reviewe

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

SECURED AUTOMATED LOGON FOR WINDOWS USING PRESENCE DETECTION

This report focuses on the research and development of a reliable automated logon and logoff to Windows using tag presence detection and voice command. This project was developed to overcome the common problem of unauthorized user who scrutinizes other's personal computer by providing a more effective way for the large number of computer users to logon and logoff automatically. The reader that had been setup shall capture the movement of a tag. Each tag had been designed to be detected by each personalized computer. The reader will capture the movement on real-time basis, capturing the time and date of the logon or logoff process. To attend to security concerns, voice recognition will be used in this project. The user is allowed to enter a voice command through a microphone to logon and logoff. The project should be reliable, speaker independent and has a low total hardware price tag. A noise reducing headset is used to increase recognition accuracy. Implementation of this project is aimed to introduce a new approach in logging on and off personal computers, yet safe and protected. This paper describes the capability and functionality of the whole application

Smart security door system using SMS based energy harvest

Over the last decade, different studies have been conducted to increase security to identify sensor technology and provide alternative energy with other energy harvest techniques such as vibration energy harvester and sun energy harvester. There is no combinational approach to utilize the door to create energy and use it for security measures in the literature, making our system different and unique. This proposed system comprises the security and the energy harvest; the security section utilizes a motion detector sensor to detect intruders. For instance, the magnetic door lock type firmly locks the door, which can only open with a generated password. On the other side, the energy harvest section utilizes the door motion to generate electricity for the system, which solves power shortage and limited battery life issues. Moreover, this study includes a GSM module that allows authorized owners to receive a generated password as a security enhancement. This design mainly focuses on improving or optimizing the conventional security doors' overall performance as sliding door, panel door, or revolving door. The experimental results show the system efficiency in terms of power generation and the time needed to authenticate the property owner. Notably, the power generator can generate electricity more rapidly, while the needed time to receive the mobile device's security code is around 3.6 seconds

Case study:exploring children’s password knowledge and practices

Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal choice. Designing authentication for children requires acknowledgement of child-specific developmental challenges related to literacy, cognitive abilities and differing developmental stages. Understanding the current state of play is essential, to deliver insights that can inform the development of child-centred authentication mechanisms and processes. We carried out a systematic literature review of all research related to children and authentication since 2000. A distinct research gap emerged from the analysis. Thus, we designed and administered a survey to school children in the United States (US), so as to gain insights into their current password usage and behaviors. This paper reports preliminary results from a case study of 189 children (part of a much larger research effort). The findings highlight age-related differences in children’s password understanding and practices. We also discovered that children confuse concepts of safety and security. We conclude by suggesting directions for future research. This paper reports on work in progress.<br/

Digital places: location-based digital practices in higher education using Bluetooth Beacons

The physical campus is a shared space that enables staff and students, industry and the public, to collaborate in the acquisition, construction and consolidation of knowledge. However, its position as the primary place for learning is being challenged by blended modes of study that range from learning experiences from fully online to more traditional campus-based approaches. Bluetooth beacons offer the potential to combine the strengths of both the digital world and the traditional university campus by augmenting physical spaces to enhance learning opportunities, and the student experience more generally. This simple technology offers new possibilities to extend and enrich opportunities for learning by exploiting the near-ubiquitous nature of personal technology. This paper provides a high-level overview of Bluetooth beacon technology, along with an indication of some of the ways in which it is developing, and ways that it could be used to support learning in higher education