178,724 research outputs found

    Consumer-Centric Protection for Online Social Networks

    Get PDF
    Online Social Networks (OSNs) are a unique construct that is shaped by the advancement and availability of Internet technologies. A large portion of internet users make use of OSN services to share and celebrate their personal lives with friends and family. A substantial proportion of these shared experiences revolve around privacy-sensitive information. The OSN services handling privacy-sensitive information deploy state-of-the-art security and privacy preserving mechanisms. However, these protections are, to a great extent, not consumer-centric: this is the main focus of this study. In this paper, we define the notion of Consumer-Centric Protection (CCP) for OSNs. In this proposal, the individual user controls how her data can be accessed by her contacts (e.g. friends and family members) and others, thus giving control of user data back to the rightful owner — the user. This work is still in progress and in this paper we present our preliminary result

    Similarity measure fuzzy soft set for phishing detection

    Get PDF
    Phishing is a serious web security problem, and the internet fraud technique involves mirroring genuine websites to trick online users into stealing their sensitive information and taking out their personal information, such as bank account information, usernames, credit card, and passwords. Early detection can prevent phishing behavior makes quick protection of personal information. Classification methods can be used to predict this phishing behavior. This paper presents an intelligent classification model for detecting Phishing by redefining a fuzzy soft set (FSS) theory for better computational performance. There are four types of similarity measures: (1) Comparison table, (2) Matching function, (3) Similarity measure, and (4) Distance measure. The experiment showed that the Similarity measure has better performance than the others in accuracy and recall, reached 95.45 % and 99.77 %, respectively. It concludes that FSS similarity measured is more precise than others, and FSS could be a promising approach to avoid phishing activities. This novel method can be implemented in social media software to warn the users as an early warning system. This model can be used for personal or commercial purposes on social media applications to protect sensitive data

    Enhancement of Safety in Cloud Computing Based on Intrusion Tolerance

    Get PDF
    As we uses a computer and access our personal information and business information and also store the data on web servers. This arises the new security challenges with new computing and communication paradigms. Encryption have failed in preventing data theft attacksin existing data protection mechanisms. One of the emerging technologies in the present world is Cloud computing. Many of the individual users and organizations have profound usage of cloud computing as they can access data base resources through internet from anywhere. This computing model is beneficiary as far as the terms cost reduction and data accessibility are concerned. But there is a need to consider the security concept in cloud computing as the users store the sensitive data on the cloud storage providers which cannot trusted always. By designing ‘intrusion tolerance’,the protectionagainst malicious attacks of cloud infrastructure can be solved.In this paper we provide method about security in cloud computing. This paper is mainly aims at the Enhancement of Safety based on Intrusion Tolerancein Cloud Computing. DOI: 10.17762/ijritcc2321-8169.15054

    Strategies for Improving Data Protection to Reduce Data Loss from Cyberattacks

    Get PDF
    Accidental and targeted data breaches threaten sustainable business practices and personal privacy, exposing all types of businesses to increased data loss and financial impacts. This single case study was conducted in a medium-sized enterprise located in Brevard County, Florida, to explore the successful data protection strategies employed by the information system and information technology business leaders. Actor-network theory was the conceptual framework for the study with a graphical syntax to model data protection strategies. Data were collected from semistructured interviews of 3 business leaders, archival documents, and field notes. Data were analyzed using thematic, analytic, and software analysis, and methodological triangulation. Three themes materialized from the data analyses: people--inferring security personnel, network engineers, system engineers, and qualified personnel to know how to monitor data; processes--inferring the activities required to protect data from data loss; and technology--inferring scientific knowledge used by people to protect data from data loss. The findings are indicative of successful application of data protection strategies and may be modeled to assess vulnerabilities from technical and nontechnical threats impacting risk and loss of sensitive data. The implications of this study for positive social change include the potential to alter attitudes toward data protection, creating a better environment for people to live and work; reduce recovery costs resulting from Internet crimes, improving social well-being; and enhance methods for the protection of sensitive, proprietary, and personally identifiable information, which advances the privacy rights for society

    SFTSDH: Applying Spring Security Framework with TSD-Based OAuth2 to Protect Microservice Architecture APIs

    Get PDF
    The Internet of Medical Things (IoMT) combines medical devices and applications that use network technologies to connect healthcare information systems (HIS). IoMT is reforming the medical industry by adopting information and communication technologies (ICTs). Identity verification, secure collection, and exchange of medical data are essential in health applications. In this study, we implemented a hybrid security solution to secure the collection and management of personal health data using Spring Framework (SF), Services for Sensitive Data (TSD) as a service platform, and Hyper-Text-Transfer-Protocol (HTTP (H)) security methods. The adopted solution (SFTSDH = SF + TSD + H) instigated the following security features: identity brokering, OAuth2, multifactor authentication, and access control to protect the Microservices Architecture Application Programming Interfaces (APIs), following the General Data Protection Regulation (GDPR). Moreover, we extended the adopted security solution to develop a digital infrastructure to facilitate the research and innovation work in the electronic health (eHealth) section, focusing on solution validation with theoretical evaluation and experimental testing. We used a web engineering security methodology to achieve and explain the adopted security solution. As a case study, we designed and implemented electronic coaching (eCoaching) prototype system and deployed the same in the developed infrastructure to securely record and share personal health data. Furthermore, we compared the test results with related studies qualitatively for the efficient evaluation of the implemented security solution. The SFTSDH implementation and configuration in the prototype system have effectively secured the eCoach APIs from an attack in all the considered scenarios. The eCoach prototype with the SFTSDH solution effectively sustained a load of (≈) 1000 concurrent users in the developed digital health infrastructure. In addition, we performed a qualitative comparison among the following security solutions: SF security, third-party security, and SFTSDH, where SFTSDH showed a promising outcome.publishedVersio

    A Survey on Image Encryption and Decryption using Blowfish & Watermarking

    Get PDF
    Internet means International Network. In the present era, to send and receive information, the internet is the main media. This information may be text, audio, graphics and video etc. There are many advantages of internet. Internet provides quickest data delivery services, security of data is major concern for all internet users. There is always a sense of insecurity amongst internet user after sending data or image until he gets an acknowledgment from the opposite side informing that they have received the data safely, that too without any manipulation in its content. The confidentiality, non-repudiation, validation, reliability, of the information (data or image) should be checked properly otherwise data manipulation can have big problem. We can get these objectives with cryptography which is simply the science of securing sensitive and confidential information as it is stored on media or transmitted through communication network paths. Here, images are considered with an aim to secure them during its storage and transmission. Blowfish Algorithm, a type of symmetric key cryptography is the best solution for this. The two processes, encryption and decryption together form the cryptographic process. For ensuring security, the images are encrypted by the sender before transmitting them and are decrypted by the receiver after receiving them so that only the sender and the intended person can see the content in the image. The blowfish algorithm is safe against unauthorized attack and runs faster than the popular accessible algorithms. For double protection, after the blowfish process, the encrypted image tends to go through a water marking process which is used to hide a secret or personal message to protect a products copyright or to demonstrate data integrity Watermarking is the process of embedding new data into image, audio or video. We perform watermarking on different types of images say JPEG, BMP etc. The anticipated work is designed and implemented using MATLAB. DOI: 10.17762/ijritcc2321-8169.150516

    Privacy-aware in the IoT applications: A systematic literature review

    Get PDF
    © 2017, Springer International Publishing AG. The Internet of Things (IoT) emerged as a paradigm in which smart things collaborate among them and with other physical and virtual objects using the Internet in order to perform high level tasks. These things appear in a variety of application domains, including smart grid, health care and smart spaces where several parties share data in order to tackle specific tasks. Data in such domains are rich in sensitive data and data owner-specific habits. Thus, IoT raises concerns about privacy and data protection. This paper reports on a systematic literature review of privacy preserving solutions used in Cooperative Information Systems (CIS) in the IoT field. To do so, and after retrieving scientific productions on the subject, we classify the results according to several facets. In this paper, we consider a subset of them: (i) data life cycle, (ii) privacy preserving techniques and (iii) ISO privacy principles. We combine the facets then express and analyze the results as bubble charts. We analyze the proposed solutions in terms of the techniques they deployed and the privacy principles they covered according to the ISO standard and the data privacy laws and regulations of the European Commission on the Protection of Personal Data. Finally, we identifies recommendations to involve privacy principle coverage and security requirement fulfillment in the IoT applications

    Identity principles in the digital age: a closer view

    Get PDF
    Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight
    corecore