An Empirical Study on Android for Saving Non-shared Data on Public Storage

With millions of apps that can be downloaded from official or third-party market, Android has become one of the most popular mobile platforms today. These apps help people in all kinds of ways and thus have access to lots of user's data that in general fall into three categories: sensitive data, data to be shared with other apps, and non-sensitive data not to be shared with others. For the first and second type of data, Android has provided very good storage models: an app's private sensitive data are saved to its private folder that can only be access by the app itself, and the data to be shared are saved to public storage (either the external SD card or the emulated SD card area on internal FLASH memory). But for the last type, i.e., an app's non-sensitive and non-shared data, there is a big problem in Android's current storage model which essentially encourages an app to save its non-sensitive data to shared public storage that can be accessed by other apps. At first glance, it seems no problem to do so, as those data are non-sensitive after all, but it implicitly assumes that app developers could correctly identify all sensitive data and prevent all possible information leakage from private-but-non-sensitive data. In this paper, we will demonstrate that this is an invalid assumption with a thorough survey on information leaks of those apps that had followed Android's recommended storage model for non-sensitive data. Our studies showed that highly sensitive information from billions of users can be easily hacked by exploiting the mentioned problematic storage model. Although our empirical studies are based on a limited set of apps, the identified problems are never isolated or accidental bugs of those apps being investigated. On the contrary, the problem is rooted from the vulnerable storage model recommended by Android. To mitigate the threat, we also propose a defense framework

Girişimcilik bağlamında e-ticaret ortamına dayalı kurumsal bilgi yönetimi platformu

Addressing the e-commerce environment, this study is designed to validate the feasibility of an enterprise information management platform based on cloud storage technology and system testing. Experimental results show that the platform designed in this article has approximately 195 fluctuating processes per second in the average number of transactions per second, which has a better test effect in terms of business efficiency. In addition, other performance index tests have reached the standard. These include a user authentication time of just 0.96 seconds, a material information input time of 2.54 seconds, a material information query response time of only 0.97 seconds, and a relatively fast response time. This research is expected to provide an efficient information management platform for the entire production process for the sales of the enterprise and encourage the development of business management informatics in Turkey.E-ticaret ortamına değinen bu çalışma, bulut depolama teknolojisine ve sistem testlerine dayalı bir kurumsal bilgi yönetimi platformunun fizibilitesini doğrulamak için tasarlanmıştır. Deneysel sonuçlar, bu makalede tasarlanan platformun saniyede ortalama işlem sayısında saniyede yaklaşık 195 dalgalı işleme sahip olduğunu ve bunun iş verimliliği açısından daha iyi bir test etkisine sahip olduğunu göstermektedir. Buna ek olarak, diğer performans endeksi testleri standarda ulaşmıştır. Bunlar arasında yalnızca 0,96 saniyelik bir kullanıcı kimlik doğrulama süresi, 2,54 saniyelik bir malzeme bilgi giriş süresi, yalnızca 0,97 saniyelik bir malzeme bilgi sorgusu yanıt süresi ve nispeten hızlı bir yanıt süresi bulunur. Araştırma Türkiye ile sınırlıdır. Bu araştırmanın işletmenin satışları için tüm üretim süreci için verimli bir bilgi yönetim platformu sağlaması ve Türkiye'de işletme yönetimi bilişiminin geliştirilmesini teşvik etmesi beklenmektedir. Çalışma, bulut depolama teknolojisi konusu ile sınırlıdır ve sistem testine dayanmaktadır

Deep Dive into Deepfakes—Safeguarding Our Digital Identity

Deepfake technology is becoming increasingly sophisticated, and with it, the potential to pose a significant threat to the digital community, democratic institutions, and private individuals. With the creation of highly convincing but entirely fabricated audio, video, and images, there is a pressing need for the international community to address the vulnerabilities posed by deepfake technology in the current legal landscape through unambiguous legislation. This Note explores the ethical, legal, and social implications of deepfakes, including issues of privacy, identity theft, and political manipulation. It also reviews existing international legal frameworks, i.e., the Convention on Cybercrime (“Budapest Convention”) and proposes a set of principles that could guide the development of new legislation. This Note concludes that the digital nature of the deepfake threat requires a coordinated international response in the form of international policy development on the creation, distribution, and use of deepfakes. Most significantly, international legislation is essential to provide legal recourse for individuals and safeguard democratic institutions from the harm that deepfakes can cause in the digital age

A Comprehensive Survey on Deepfake Methods: Generation, Detection, and Applications

Due to recent advancements in AI and deep learning, several methods and tools for multimedia transformation, known as deepfake, have emerged. A deepfake is a synthetic media where a person's resemblance is used to substitute their presence in an already-existing image or video. Deepfakes have both positive and negative implications. They can be used in politics to simulate events or speeches, in translation to provide natural-sounding translations, in education for virtual experiences, and in entertainment for realistic special effects. The emergence of deepfake face forgery on the internet has raised significant societal concerns. As a result, detecting these forgeries has become an emerging field of research, and many deepfake detection methods have been proposed. This paper has introduced deepfakes and explained the different types of deepfakes that exist. It also explains a summary of various deep fake generation techniques, both traditional and AI detection techniques. Datasets used for deepfake-generating that are freely accessible are emphasized. To further advance the deepfake research field, we aim to provide relevant research findings, identify existing gaps, and propose emerging trends for future study

Development of a secure multi-factor authentication algorithm for mobile money applications

A Thesis Submitted in Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyWith the evolution of industry 4.0, financial technologies have become paramount and mobile money as one of the financial technologies has immensely contributed to improving financial inclusion among the unbanked population. Several mobile money schemes were developed but, they suffered severe authentication security challenges since they implemented two-factor authentication. This study focused on developing a secure multi-factor authentication (MFA) algorithm for mobile money applications. It uses personal identification numbers, one-time passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet encryption were used to secure the authentication factors, confidential financial information and data before transmission to the remote databases. A literature review, survey, evolutionary prototyping model, and heuristic evaluation and usability testing methods were used to identify authentication issues, develop prototypes of native genuine mobile money (G-MoMo) applications, and identify usability issues with the interface designs and ascertain their usability, respectively. The results of the review grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’ security issues. The researcher designed a secure MFA algorithm for mobile money applications and developed three native G-MoMo applications to implement the designed algorithm to prove the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy, and user anonymity, was highly effective against several attacks but had high communication overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the applications’ menu titles, search fields, actions needed for recovery, and help and documentation. Similarly, the usability testing revealed that they were easy to learn, effective, efficient, memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and understandable. Implementing a secure mobile money authentication and authorisation by combining multiple factors which are securely stored helps mobile money subscribers and other stakeholders to have trust in the developed native G-MoMo applications

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Characterizing and Understanding Development of Social Computing Through DBLP : A Data-Driven Analysis

During the past decades, the term 'social computing' has become a promising interdisciplinary area in the intersection of computer science and social science. In this work, we conduct a data-driven study to understand the development of social computing using the data collected from Digital Bibliography and Library Project (DBLP), a representative computer science bibliography website. We have observed a series of trends in the development of social computing, including the evolution of the number of publications, popular keywords, top venues, international collaborations, and research topics. Our findings will be helpful for researchers and practitioners working in relevant fields.publishedVersionPeer reviewe

Struggling to Remember: Perceptions, Potentials and Power in an Age of Mediatised Memory

What role do new, networked and pervasive technologies play in changing individual and collective memory processes? Many recent debates have focused on whether we are in the online era remembering ‘less’ or ‘more’ – informed, perhaps, by a tendency to think of memory spatially and quantifiably as working like an archive. Drawing on the philosophical theorising of Henri Bergson and its development through Gilbert Simondon, this thesis makes two interventions into the field. Firstly, conceptually, it establishes a process-based approach to perception, memory and consciousness in a shift away from the archive metaphor – thinking memory not as informing ‘knowledge of the past’ but ‘action in duration’. It situates the conscious, living being as transindividual – affectively relational to its perceived bodily and social environments, through psychic and collective individuation respectively. Moreover, it considers technologies as forms of transindividual extension of consciousness. Furthermore, it proposes the ‘antimetaphor’ of the anarchive as a conceptual tool with which to understand these durationbased, bodily and technological, action-oriented processes. Secondly, methodologically, it advocates a rephrasing of the question from how much we are remembering to how we are remembering differently. Armed now with a developed theoretical position and methodological approach, the thesis explores through three case-study chapters how personal and more historical pasts may be remembered, individually and more collectively, through new, prevalent technologies of memory such as search engines, forums and social-media sites. Analysing the material experiences of remembering, as well as examining the economic drives of the platforms and wider actors, and the resulting socio-political implications, the thesis sets out the original argument of a contemporary struggle for memory: a complex negotiation of tensions between agencies of the body, the social, and the multifarious and interconnected socio-political and economic interests of the technological platforms and hybridised media systems through which contemporary remembering increasingly takes place

Cyberspace and Artificial Intelligence: The New Face of Cyber-Enhanced Hybrid Threats

While, until recently, cyber operations have constituted a specific subset of defense and security concerns, the synergization of cyberspace and artificial intelligence (AI), which are driving the Fourth Industrial Revolution, has raised the threat level of cyber operations, making them a centerpiece of what are called hybrid threats. The concept of hybrid threat is presently a key concern for the defense and security community; cyber-enabled and cyber-enhanced hybrid operations have been amplified in scope, frequency, speed, and threat level due to the synergies that come from the use of cyberspace and machine learning (ML)-based solutions. In the present work, we address the relevance of cyberspace-based operations and artificial intelligence for the implementation of hybrid operations and reflect on what this cyber dimension of hybrid operations implies for the concept of what constitutes a cyberweapon, the concept of hybrid human intelligence (hybrid HUMINT) and possible responses to the hybrid threat patterns