119,631 research outputs found
On the security of NoSQL cloud database services
Processing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS introduces new challenges such as confidentiality violation and information leakage in the presence of privileged malicious insiders and adds new dimension to the data security. We address the problem of building a secure DBaaS for a public cloud infrastructure where, the Cloud Service Provider (CSP) is not completely trusted by the data owner. We present a high level description of several architectures combining modern cryptographic primitives for achieving this goal. A novel searchable security scheme is proposed to leverage secure query processing in presence of a malicious cloud insider without disclosing sensitive information. A holistic database security scheme comprised of data confidentiality and information leakage prevention is proposed in this dissertation. The main contributions of our work are: (i) A searchable security scheme for non-relational databases of the cloud DBaaS; (ii) Leakage minimization in the untrusted cloud. The analysis of experiments that employ a set of established cryptographic techniques to protect databases and minimize information leakage, proves that the performance of the proposed solution is bounded by communication cost rather than by the cryptographic computational effort
Conceptual evidence collection and analysis methodology for Android devices
Android devices continue to grow in popularity and capability meaning the
need for a forensically sound evidence collection methodology for these devices
also increases. This chapter proposes a methodology for evidence collection and
analysis for Android devices that is, as far as practical, device agnostic.
Android devices may contain a significant amount of evidential data that could
be essential to a forensic practitioner in their investigations. However, the
retrieval of this data requires that the practitioner understand and utilize
techniques to analyze information collected from the device. The major
contribution of this research is an in-depth evidence collection and analysis
methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201
An Efficient QR Code Based Web Authentication Scheme
Nowadays, web authentication is the main and important measure which guarantees the information security and data privacy. Web authentication provides the basis of user accessibility and data security. In the last few years, frequent outbreaks in the password databases lead to a main concern in the data security. The default method for the web authentication is password only mechanism. There are many security problems associated with the password only approach. Many users have a tendency to reuse the same password in different websites. So when one password is being compromised, it may lead to the password break of the other websites due to the password reuse. In order to improve the security, Two factor authentication (TFA) is strongly recommended. But despite of this, TFA has not been widely accepted in the web authentication mechanism. Due to the high scale and drastic popularity of the mobile phone and an inbuilt function of the barcode scanning through camera lead to a new two factor authentication method. In this paper, the proposed two factor authentication protocol uses mobile phone with one or more camera as the second factor for the authentication. The proposed TFA in web authentication counter various attacks such as man in the middle attack (MITM), phishing attacks and so on. Here password is the first factor and mobile is used as the second factor for the web authentication. The communication between the mobile phone and the PC is with the help of visible light. Visible light communication has many advantages as compared with other communication mechanisms. There is a less cellular cost in this scheme which indicates the user does not need cellular network or Wi-Fi for the authentication
DIAMOnDS - DIstributed Agents for MObile & Dynamic Services
Distributed Services Architecture with support for mobile agents between
services, offer significantly improved communication and computational
flexibility. The uses of agents allow execution of complex operations that
involve large amounts of data to be processed effectively using distributed
resources. The prototype system Distributed Agents for Mobile and Dynamic
Services (DIAMOnDS), allows a service to send agents on its behalf, to other
services, to perform data manipulation and processing. Agents have been
implemented as mobile services that are discovered using the Jini Lookup
mechanism and used by other services for task management and communication.
Agents provide proxies for interaction with other services as well as specific
GUI to monitor and control the agent activity. Thus agents acting on behalf of
one service cooperate with other services to carry out a job, providing
inter-operation of loosely coupled services in a semi-autonomous way. Remote
file system access functionality has been incorporated by the agent framework
and allows services to dynamically share and browse the file system resources
of hosts, running the services. Generic database access functionality has been
implemented in the mobile agent framework that allows performing complex data
mining and processing operations efficiently in distributed system. A basic
data searching agent is also implemented that performs a query based search in
a file system. The testing of the framework was carried out on WAN by moving
Connectivity Test agents between AgentStations in CERN, Switzerland and NUST,
Pakistan.Comment: 7 pages, 4 figures, CHEP03, La Jolla, California, March 24-28, 200
An Integrated Mobile Application for Enhancing Management of Nutrition Information in Arusha Tanzania
Based on the fact that management of nutrition information is still a problem
in many developing countries including Tanzania and nutrition information is
only verbally provided without emphasis, this study proposes mobile application
for enhancing management of nutrition information. The paper discusses the
implementation of an integrated mobile application for enhancing management of
nutrition information based on literature review and interviews, which were
conducted in Arusha region for the collection of key information and details
required for designing the mobile application. In this application, PHP
technique has been used to build the application logic and MySQL technology for
developing the back-end database. Using XML and Java, we have built an
application interface that provides easy interactive view
- …