Selected Computing Research Papers Volume 1 June 2012

An Evaluation of Anti-phishing Solutions (Arinze Bona Umeaku) ..................................... 1 A Detailed Analysis of Current Biometric Research Aimed at Improving Online Authentication Systems (Daniel Brown) .............................................................................. 7 An Evaluation of Current Intrusion Detection Systems Research (Gavin Alexander Burns) .................................................................................................... 13 An Analysis of Current Research on Quantum Key Distribution (Mark Lorraine) ............ 19 A Critical Review of Current Distributed Denial of Service Prevention Methodologies (Paul Mains) ............................................................................................... 29 An Evaluation of Current Computing Methodologies Aimed at Improving the Prevention of SQL Injection Attacks in Web Based Applications (Niall Marsh) .............. 39 An Evaluation of Proposals to Detect Cheating in Multiplayer Online Games (Bradley Peacock) ............................................................................................................... 45 An Empirical Study of Security Techniques Used In Online Banking (Rajinder D G Singh) .......................................................................................................... 51 A Critical Study on Proposed Firewall Implementation Methods in Modern Networks (Loghin Tivig) .................................................................................................... 5

Authentication Based on Blockchain

Across past decade online services have enabled individuals and organizations to perform different types of transactions such as banking, government transactions etc. The online services have also enabled more developments of applications, at cheap cost with elastic and scalable, fault tolerant system. These online services are offered by services providers which are use authentication, authorization and accounting framework based on client-server model. Though this model has been used over decades, study shows it is vulnerable to different hacks and it is also inconvenient to use for the end users. In addition, the services provider has total control over user data which they can monitor, trace, leak and even modify at their will. Thus, the user data ownership, digital identity and use of online services has raised privacy and security concern for the users. In this thesis, Blockchain and the e-pass application are studied and alternative model for authentication, authorization and accounting is proposed based on Ethereum Blockchain. Furthermore, a prototype is developed which enables users to consume online services by authenticating, authorizing, and accounting with a single identity without sharing any private user data with the services provider center server. Experiments are run with the prototype to verify that it works as expected. Measurements are done to assess the feasibility and scalability of the solution. In the final part of the thesis, pros and cons of the proposed solution are discussed and perspectives for further research are sketched

Exploratory study to explore the role of ICT in the process of knowledge management in an Indian business environment

In the 21st century and the emergence of a digital economy, knowledge and the knowledge base economy are rapidly growing. To effectively be able to understand the processes involved in the creating, managing and sharing of knowledge management in the business environment is critical to the success of an organization. This study builds on the previous research of the authors on the enablers of knowledge management by identifying the relationship between the enablers of knowledge management and the role played by information communication technologies (ICT) and ICT infrastructure in a business setting. This paper provides the findings of a survey collected from the four major Indian cities (Chennai, Coimbatore, Madurai and Villupuram) regarding their views and opinions about the enablers of knowledge management in business setting. A total of 80 organizations participated in the study with 100 participants in each city. The results show that ICT and ICT infrastructure can play a critical role in the creating, managing and sharing of knowledge in an Indian business environment

HANDLING WORK FROM HOME SECURITY ISSUES IN SALESFORCE

Security is a vital component when it is identified with an endeavor record or our genuine materials. To protect our home or valuable things like gold, cash we use bank storage administrations or underground secret storage spaces at home. Similarly, IT enterprises put tremendous measure of capital in expanding security to its business and the archives. Associations use cryptography procedures to get their information utilizing progressed encryption calculations like SHA-256, SHA-512, RSA-1024, RSA-2048 pieces’ key encryption and Elliptic Curve Cryptography (ECC) calculations. These industry standard calculations are difficult to break. For instance, to break RSA-2048-piece encryption key, an old-style PC needs around 300 trillion years. As indicated by the continuous examination, a quantum PC can break it in 10seconds, yet such a quantum PC doesn\u27t yet exist. Despite the fact that these cryptographic calculations guarantee an awesome degree of safety, there will be dependably a space for breaking the security. Programmers will attempt new techniques to break the security. Thus, the association likewise should continue to utilize new strategies to build the level and nature of the security. Now it is time to check how the security aspect is taken care of when the IT employees are at work from home. The 2020 year has made many professionals work from home because of the Covid-19 pandemic. The Covid-19 has transformed almost all organizations to work from home, this has become standard advice, and technology plays an important role during work from home to monitor the employee works and provide security when the work is being carried away from their respective organization. Employees\u27 information security awareness will become one of the most important parts of safeguarding against nefarious information security practices during this work from home. Most of the workers like the expediency of work from home and the flexibility provided for the employees. But in this situation, workers need guarantees that their privacy is secured when using company laptops and phones. Cyber security plays an important role in maintaining a secured environment when working from home. This work focusses on managing the security break attack in the course of work from home. The focus of the study is on dealing with security breaches that occur when salespeople operate from home. The problem of security isn\u27t new. Security issues existed prior to the lockdown or pandemic, but because the staff was working from the office at the time, the system administrator was available to address them. However, how can an employee\u27s laptop and account be secured when working from home? MFH\u27s salesforce has leveraged a variety of innovative technologies to address security concerns during their tenure. Because the IT behemoth Salesforce has made it possible for all employees, including freshly hired ones, to seek WFH on a permanent basis. To address the security breach difficulties faced by employees, the organization used a number of new approaches, including tracking working hours, raising password difficulty, employing VPN (virtual private network), mandating video during meetings, continuously checking right to use control, and MFA (multi-factor authentication). Improvement of existing multi-factor authentication (MFA) is the focused topic discussed in the thesis. To add an additional step of protection to the login process Blockchain technology is proposed and to identify the employee identification a hybrid recognition model is proposed using face and fingerprint recognition. This leads to the employee going through multiple processes to authenticate his or her identity in numerous ways in order to access the business laptop. This procedure entails connecting his or her laptop to his or her mobile phone or email account. Keywords: MFA, WFH, Cyber Security, Encryption, Decryption

BUILDING A DISTRIBUTED TRUST MODEL OF RESTFUL WEB SERVICES FOR MOBILE DEVICES

As of 2011, there were about 5,981 million mobile devices in the world [1] and there are 113.9 million mobile web users in 2012 [2]. With the popularity of web services for mobile devices, the concern of security for mobile devices has been brought up. Furthermore, with more and more cooperation of organizations, web services are now normally involved with more than one organization. How to trust coming requests from other organizations is an issue. This research focuses on building a trust model for the web services of mobile devices. It resolves the issues caused by mobile devices being stolen, lost, users abusing privileges, and cross-domain’s access control. The trust model is distributed in each node of the web servers. The trust value is calculated for every incoming request to decide whether the request should be served or not. The goals of the trust model are 1) flexible; 2) scalable; 3) lightweight. The implementation is designed and accomplished with the goals in mind. The experiments evaluate the overhead for the trust module and maximum capacity of the system

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

Identifying and combating cyber-threats in the field of online banking

This thesis has been carried out in the industrial environment external to the University, as an industrial PhD. The results of this PhD have been tested, validated, and implemented in the production environment of Caixabank and have been used as models for others who have followed the same ideas. The most burning threats against banks throughout the Internet environment are based on software tools developed by criminal groups, applications running on web environment either on the computer of the victim (Malware) or on their mobile device itself through downloading rogue applications (fake app's with Malware APP). Method of the thesis has been used is an approximation of qualitative exploratory research on the problem, the answer to this problem and the use of preventive methods to this problem like used authentication systems. This method is based on samples, events, surveys, laboratory tests, experiments, proof of concept; ultimately actual data that has been able to deduce the thesis proposal, using both laboratory research and grounded theory methods of data pilot experiments conducted in real environments. I've been researching the various aspects related to e-crime following a line of research focusing on intrinsically related topics: - The methods, means and systems of attack: Malware, Malware families of banker Trojans, Malware cases of use, Zeus as case of use. - The fixed platforms, mobile applications and as a means for malware attacks. - forensic methods to analyze the malware and infrastructure attacks. - Continuous improvement of methods of authentication of customers and users as a first line of defense anti- malware. - Using biometrics as innovative factor authentication.The line investigating Malware and attack systems intrinsically is closed related to authentication methods and systems to infect customer (executables, APP's, etc.), because the main purpose of malware is precisely steal data entered in the "logon "authentication system, to operate and thus, fraudulently, steal money from online banking customers. Experiments in the Malware allowed establishing a new method of decryption establishing guidelines to combat its effects describing his fraudulent scheme and operation infection. I propose a general methodology to break the encryption communications malware (keystream), extracting the system used to encrypt such communications and a general approach of the Keystream technique. We show that this methodology can be used to respond to the threat of Zeus and finally provide lessons learned highlighting some general principles of Malware (in general) and in particular proposing Zeus Cronus, an IDS that specifically seeks the Zeus malware, testing it experimentally in a network production and providing an effective skills to combat the Malware are discussed. The thesis is a research interrelated progressive evolution between malware infection systems and authentication methods, reflected in the research work cumulatively, showing an evolution of research output and looking for a progressive improvement of methods authentication and recommendations for prevention and preventing infections, a review of the main app stores for mobile financial services and a proposal to these stores. The most common methods eIDAMS (authentication methods and electronic identification) implemented in Europe and its robustness are analyzed. An analysis of adequacy is presented in terms of efficiency, usability, costs, types of operations and segments including possibilities of use as authentication method with biometrics as innovation.Este trabajo de tesis se ha realizado en el entorno industrial externo a la Universidad como un PhD industrial Los resultados de este PhD han sido testeados, validados, e implementados en el entorno de producción de Caixabank y han sido utilizados como modelos por otras que han seguido las mismas ideas. Las amenazas más candentes contra los bancos en todo el entorno Internet, se basan en herramientas software desarrolladas por los grupos delincuentes, aplicaciones que se ejecutan tanto en entornos web ya sea en el propio ordenador de la víctima (Malware) o en sus dispositivos móviles mediante la descarga de falsas aplicaciones (APP falsa con Malware). Como método se ha utilizado una aproximación de investigación exploratoria cualitativa sobre el problema, la respuesta a este problema y el uso de métodos preventivos a este problema a través de la autenticación. Este método se ha basado en muestras, hechos, encuestas, pruebas de laboratorio, experimentos, pruebas de concepto; en definitiva datos reales de los que se ha podido deducir la tesis propuesta, utilizando tanto investigación de laboratorio como métodos de teoría fundamentada en datos de experimentos pilotos realizados en entornos reales. He estado investigando los diversos aspectos relacionados con e-crime siguiendo una línea de investigación focalizada en temas intrínsecamente relacionadas: - Los métodos, medios y sistemas de ataque: Malware, familias de Malware de troyanos bancarios, casos de usos de Malware, Zeus como caso de uso. - Las plataformas fijas, los móviles y sus aplicaciones como medio para realizar los ataques de Malware. - Métodos forenses para analizar el Malware y su infraestructura de ataque. - Mejora continuada de los métodos de autenticación de los clientes y usuarios como primera barrera de defensa anti- malware. - Uso de la biometría como factor de autenticación innovador. La línea investiga el Malware y sus sistemas de ataque intrínsecamente relacionada con los métodos de autenticación y los sistemas para infectar al cliente (ejecutables, APP's, etc.) porque el objetivo principal del malware es robar precisamente los datos que se introducen en el "logon" del sistema de autenticación para operar de forma fraudulenta y sustraer así el dinero de los clientes de banca electrónica. Los experimentos realizados en el Malware permitieron establecer un método novedoso de descifrado que estableció pautas para combatir sus efectos fraudulentos describiendo su esquema de infección y funcionamiento Propongo una metodología general para romper el cifrado de comunicaciones del malware (keystream) extrayendo el sistema utilizado para cifrar dichas comunicaciones y una generalización de la técnica de Keystream. Se demuestra que esta metodología puede usarse para responder a la amenaza de Zeus y finalmente proveemos lecciones aprendidas resaltando algunos principios generales del Malware (en general) y Zeus en particular proponiendo Cronus, un IDS que persigue específicamente el Malware Zeus, probándolo experimentalmente en una red de producción y se discuten sus habilidades y efectividad. En la tesis hay una evolución investigativa progresiva interrelacionada entre el Malware, sistemas de infección y los métodos de autenticación, que se refleja en los trabajos de investigación de manera acumulativa, mostrando una evolución del output de investigación y buscando una mejora progresiva de los métodos de autenticación y de la prevención y recomendaciones para evitar las infecciones, una revisión de las principales tiendas de Apps para servicios financieros para móviles y una propuesta para estas tiendas. Se analizan los métodos más comunes eIDAMS (Métodos de Autenticación e Identificación electrónica) implementados en Europa y su robustez y presentamos un análisis de adecuación en función de eficiencia, usabilidad, costes, tipos de operación y segmentos incluyendo un análisis de posibilidades con métodos biométricos como innovación.Postprint (published version

Security issues and defences for Internet of Things

The Internet of Things (IoT) aims at linking billions of devices using the internet and other heterogeneous networks to share information. However, the issues of security in IoT environments are more challenging than with ordinary Internet. A vast number of devices are exposed to the attackers, and some of those devices contain sensitive personal and confidential data. For example, the sensitive flows of data such as autonomous vehicles, patient life support devices, traffic data in smart cities are extremely concerned by researchers from the security field. The IoT architecture needs to handle security and privacy requirements such as provision of authentication, access control, privacy and confidentiality. This thesis presents the architecture of IoT and its security issues. Additionally, we introduce the concept of blockchain technology, and the role of blockchain in different security aspects of IoT is discussed through a literature review. In case study of Mirai, we explain how snort and iptables based approach can be used to prevent IoT botnet from finding IoT devices by port scanning