“This is the way ‘I’ create my passwords ...":does the endowment effect deter people from changing the way they create their passwords?

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines

A conceptual decentralized identity solution for state government

In recent years, state governments, exemplified by Mississippi, have significantly expanded their online service offerings to reduce costs and improve efficiency. However, this shift has led to challenges in managing digital identities effectively, with multiple fragmented solutions in use. This paper proposes a Self-Sovereign Identity (SSI) framework based on distributed ledger technology. SSI grants individuals control over their digital identities, enhancing privacy and security without relying on a centralized authority. The contributions of this research include increased efficiency, improved privacy and security, enhanced user satisfaction, and reduced costs in state government digital identity management. The paper provides background on digital identity management in the public sector, discusses existing practices, presents the SSI framework as a solution, and outlines potential future research areas

Security in Database Systems

The paper focuses on security issues that are associated with the database system that are often used by many firms in their operations. The rapid development and proliferation of Information technology has offered many opportunities for integrated business operations. It has enabled business enhances their efficiency and effectiveness in operations such as customer care, sales, human resources and production. However, these developments have served to bring issues of security. Many firms are falling victims of cyber crimes. These are malicious people who target their data and compromise its integrity. This is occasioned by unauthorized access, which makes data lose its integrity and lastly operations of the business are affected negatively. This paper will tackle various issues in database security such as the goals of the security measures, threats to database security and the process of database security maintenance

Parallel network file systems using authenticated key exchange protocols

The keyestablishment for secure many-to-many communications is very important nowadays. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. In this, a variety of authenticated key exchange protocols that are designed to address the issues. This shows that these protocols are capable of reducing the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client. This proposed three authenticated key exchange protocols for parallel network file system (pNFS). The protocols offer three appealing advantages over the existing Kerberos-based protocol. First, the metadata server executing these protocols has much lower workload than that of the Kerberos-based approach. Second, two of these protocols provide forward secrecy: one is partially forward secure (with respect to multiple sessions within a time period), while the other is fully forward secure (with respect to a session). Third, designed a protocol which not only provides forward secrecy, but is also escrow-free

A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing

Data Grids have been adopted as the platform for scientific communities that need to share, access, transport, process and manage large data collections distributed worldwide. They combine high-end computing technologies with high-performance networking and wide-area storage management techniques. In this paper, we discuss the key concepts behind Data Grids and compare them with other data sharing and distribution paradigms such as content delivery networks, peer-to-peer networks and distributed databases. We then provide comprehensive taxonomies that cover various aspects of architecture, data transportation, data replication and resource allocation and scheduling. Finally, we map the proposed taxonomy to various Data Grid systems not only to validate the taxonomy but also to identify areas for future exploration. Through this taxonomy, we aim to categorise existing systems to better understand their goals and their methodology. This would help evaluate their applicability for solving similar problems. This taxonomy also provides a "gap analysis" of this area through which researchers can potentially identify new issues for investigation. Finally, we hope that the proposed taxonomy and mapping also helps to provide an easy way for new practitioners to understand this complex area of research.Comment: 46 pages, 16 figures, Technical Repor

'E' for exposed? Email and privacy issues

In March 1996, American Libraries featured a piece about a librarian at the University of California/Irvine whose supervisor intercepted her e-mail while she was absent on medical leave. As a result of this, UC's Office for Academic Computing began a review of e-mail privacy on the nine-campus system. This article and UC's reaction prompted my research into this topic

An inevitable wave of prescription drug monitoring programs in the context of prescription opioids: pros, cons and tensions

BACKGROUND: In an effort to control non-medical use and/or medical abuse of prescription drugs, particularly prescription opioids, electronic prescription drug monitoring programs (PDMP) have been introduced in North-American countries, Australia and some parts of Europe. Paradoxically, there are simultaneous pressures to increase opioid prescribing for the benefit of individual patients and to reduce it for the sake of public health, and this pressure warrants a delicate balance of appropriate therapeutic uses of these drugs with the risk of developing dependence. This article discusses pros and cons of PDMP in reducing diversion of prescription opioids, without hampering access to those medications for those with genuine needs, and highlights tensions around PDMP implementation. DISCUSSION: PDMPs may help alleviate diversion, over-prescription and fraudulent prescribing/dispensing; prompt drug treatment referrals; avoid awkward drug urine test; and inform spatial changes in prescribing practices and help designing tailored interventions. Fear of legal retribution, privacy and data security, potential confusion about addiction and pseudo-addiction, and potential undue pressure of detecting misuse/diversion - are the major problems. There are tensions about unintended consequence of excessive regulatory enforcements, corresponding collateral damages particularly about inadequate prescribing for patients with genuine needs, and mandatory consultation requirements of PDMP. SUMMARY: In this era of information technology PDMP is likely to flourish and remain with us for a long time. A clear standard of practice against which physicians' care will be judged may expedite the utilisation of PDMP. In addition, adequate training on addiction and pain management along with public awareness, point-of-supply data entry from pharmacy, point-of-care real-time access to data, increasing access to addiction treatment and appropriate regulatory enforcement preferably through healthcare administration, together, may help remove barriers to PDMP use