Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

How WEIRD is Usable Privacy and Security Research? (Extended Version)

In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations.Comment: This paper is the extended version of the paper presented at USENIX SECURITY 202

Appraisal of Cashless Policy on the Nigerian Financial System

The Central Bank of Nigeria (CBN) has been active in the inauguration of policies and schemes to foster the implementation of the cashless policy in Nigeria. However the current transition to cashless economy raises a lot of concerns with no substantial evidence yet to justify its implementation. This study was carried out in order to appraise the implementation of the cashless policy since its introduction into the Nigerian financial system in 2012 and also to examine the persistent challenges facing its implementation. In view of the above stated objective, primary data were collected with the aid of the questionnaire, which was randomly administered to 120 respondents ranging from First Bank, Zenith Bank and United Bank for Africa. The banks were selected based on their total assets and the information collected covered the activities of the CBN and that of these banks towards implementation of the cashless policy from 2012 till date.The data collected were presented and analyzed with the aid of the Statistical Package for Social Sciences (SPSS) using descriptive statistics and one-sample t-test. The results led to the conclusion that despite the need to operate cashless transactions dominating the modern Nigerian economy, the cashless policy will have the desired impact only if a lot is done to ensure the implementation of an effective cashless system

Moving usable security research out of the lab: evaluating the use of VR studies for real-world authentication research

Empirical evaluations of real-world research artefacts that derive results from observations and experiments are a core aspect of usable security research. Expert interviews as part of this thesis revealed that the costs associated with developing and maintaining physical research artefacts often amplify human-centred usability and security research challenges. On top of that, ethical and legal barriers often make usability and security research in the field infeasible. Researchers have begun simulating real-life conditions in the lab to contribute to ecological validity. However, studies of this type are still restricted to what can be replicated in physical laboratory settings. Furthermore, historically, user study subjects were mainly recruited from local areas only when evaluating hardware prototypes. The human-centred research communities have recognised and partially addressed these challenges using online studies such as surveys that allow for the recruitment of large and diverse samples as well as learning about user behaviour. However, human-centred security research involving hardware prototypes is often concerned with human factors and their impact on the prototypes’ usability and security, which cannot be studied using traditional online surveys. To work towards addressing the current challenges and facilitating research in this space, this thesis explores if – and how – virtual reality (VR) studies can be used for real-world usability and security research. It first validates the feasibility and then demonstrates the use of VR studies for human-centred usability and security research through six empirical studies, including remote and lab VR studies as well as video prototypes as part of online surveys. It was found that VR-based usability and security evaluations of authentication prototypes, where users provide touch, mid-air, and eye-gaze input, greatly match the findings from the original real-world evaluations. This thesis further investigated the effectiveness of VR studies by exploring three core topics in the authentication domain: First, the challenges around in-the-wild shoulder surfing studies were addressed. Two novel VR shoulder surfing methods were implemented to contribute towards realistic shoulder surfing research and explore the use of VR studies for security evaluations. This was found to allow researchers to provide a bridge over the methodological gap between lab and field studies. Second, the ethical and legal barriers when conducting in situ usability research on authentication systems were addressed. It was found that VR studies can represent plausible authentication environments and that a prototype’s in situ usability evaluation results deviate from traditional lab evaluations. Finally, this thesis contributes a novel evaluation method to remotely study interactive VR replicas of real-world prototypes, allowing researchers to move experiments that involve hardware prototypes out of physical laboratories and potentially increase a sample’s diversity and size. The thesis concludes by discussing the implications of using VR studies for prototype usability and security evaluations. It lays the foundation for establishing VR studies as a powerful, well-evaluated research method and unfolds its methodological advantages and disadvantages

Designing and generating prototype for E-Governance based election strategy using biometric authentication and smart card device

Not availabl

The potential use of smart cards in vehicle management with particular reference to the situation in Western Australia

Vehicle management may be considered to consist of traffic management, usage control, maintenance, and security. Various regulatory authorities undertake the first aspect, fleet managers will be concerned with all aspects, and owner-drivers will be interested mainly in maintenance and security. Car theft poses a universal security problem. Personalisation, including navigational assistance, might be achieved as a by-product of an improved management system. Authorities and fleet managers may find smartcards to be key components of an improved system, but owners may feel that the need for improved security does not justify its cost. This thesis seeks to determine whether smartcards may be used to personalise vehicles in order to improve vehicle management within a forseeable time and suggest when it might happen. In the process four broad questions are addressed. • First, what improvements in technology are needed to make any improved scheme using smartcards practicable, and what can be expected in the near future? • Second, what problems and difficulties may impede the development of improved management? • Third, what non-vehicle applications might create an environment in which a viable scheme could emerge? • Finally, is there a perceived need for improved vehicle management? The method involved a literature search, the issue of questionnaires to owner drivers and fleet managers, discussions with fleet managers, the preparation of data-flow and state diagrams, and the construction of a simulation of a possible security approach. The study concludes that although vehicle personalisation is possible- and desirable it is unlikely to occur within the next decade because the environment needed to make it practicable will not emerge until a number of commercial and standardisation problems that obstruct all smartcard applications have been solved

Perceptions of online fraud and the impact on the countermeasures for the control of online fraud in Saudi Arabian financial institutions

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThis study addresses the impact of countermeasures in the control and prevention of online fraud in Saudi Arabia and the influence of the environmental context. Combatting online fraud is facilitated when the public is fully educated and is aware of its types and of the prevention methods available. People are reliant on the Internet; the possibility of being breached by hackers and fraudsters is growing, especially as socialising, online shopping and banking are carried out through personal computers or mobile devices. Online fraud has been described as an epidemic that has spread to most online activities. Its prevalence has been noted to be in regions where there is high adoption of e-commerce, and, along with it, large online financial transactions. The argument is therefore the measures taken are either are inadequate or have failed to effectively address all the issues because of the organisational and environmental context of the country. This research aims to examine online fraud perceptions and the countermeasures designed and used by financial institutions in Saudi Arabia to control and prevent online fraud in its environmental context, to examine the effectiveness/impact of the countermeasures and to examine the factors that may affect/influence the impact of the countermeasures. The qualitative method approach was chosen to ensure balanced coverage of the subject matter. The nature of the research requires a broader, in-depth, examination of the experiences of the participants from their own perspective. Meanwhile levels of awareness are low, because of lack of knowledge and training, a lack of government sensitisation and the religious inclinations of the population. The findings also confirm the efforts of organisations to put in place countermeasures using various technological means, coupled with procedural controls and checks. The measures create obstacles to most customers, who find it cumbersome to engage in online activities because of those procedures and checks. The findings also show two types of regulations: government and organisational rules, with different foci and purposes, which are mostly centred on the monitoring of Internet operations and operational guidelines. The enforcement of rules in the light of prosecuting offenders has also been minimal and passive. The countermeasures of most banks/organisations mostly focus on prevention and detection. However, the findings suggest that the activities in each component and their interrelationships have a collective impact on combatting online fraud. The success of any effort or approach to combat fraudulent activities therefore depends on the activities of the four countermeasure components