Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions

Phishing has grown significantly in volume over the time, becoming the most usual web threat today. The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones. The present research is aimed at helping the IT environment get a more precise view over the phishing attacks in Romania; in order to achieve this goal we have designed an application able to retrieve and interpret phishing related data from five other trusted web sources and compile them into a meaningful and more targeted report. As a conclusion, besides making available regular reports, we underline the need for a higher degree of awareness related to this issue.Security, Phishing, Ev-SSL, Security Solutions

A modularized electronic payment system for agent-based e-commerce

With the explosive growth of the Internet, electronic-commerce (e-commerce) is an increasingly important segment of commercial activities on the web. The Secure Agent Fabrication, Evolution & Roaming (SAFER) architecture was proposed to further facilitate e-commerce using agent technology. In this paper, the electronic payment aspect of SAFER will be explored. The Secure Electronic Transaction (SET) protocol and E-Cash were selected as the bases for the electronic payment system implementation. The various modules of the payment system and how they interface with each other are shown. An extensible implementation done using JavaTM will also be elaborated. This application incorporates agent roaming functionality and the ability to conduct e-commerce transactions and carry out intelligent e-payment procedures

Implementing the Payment Card Industry (PCI) Data Security Standard (DSS)

Underpinned by the rise in online criminality, the payment card industry (PCI) data security standards (DSS) were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP) can be applied to meet the requirement of masking the primary account number (PAN).  Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought

INTELLIGENT HOSPITAL: PATIENT SMART CARD

The purpose of introducing smart card application in our lifestyle is to improve and develop the way of life to a more convenient style. This approach can be applied to various areas such like mobile communication, public transportation, finance, public sector, and even health care system. In this project, the main target is to design an application and basic system of interfacing between patient and medical institution, which is the Patient Smart Card. It will act as a synergy between clients or patients' personal information with the server or medical centre that complies with the system. Patient Smart Card application development involves several stages. Defining the methodology, there will be four phases, which are analyzing, designing, coding and testing. The cores of the project are the database development, smart card application and its interface program. Data structure of the system is obtained through research and detailed assessment. Entirely, the back end of the system is concerning the source code and interface design. To achieve those with fine results, there are tools required during the whole process. Thus, the result will be concluded based on the objectives set. Besides smart card and its reader, the system comprises of several forms which will act as the interface between database and client. The forms encompass the main menu, registration process, administration purpose, PIN number security system, patient particular information and related data regarding to mass patient medical records. All of them have the same focal purpose which is to ease and create simplicity for the current medical information record system applied at most of the health centers. Suggested works for further enhancement and realization are also stated

NFC Security Solution for Web Applications

Töö eesmärgiks on võrrelda erinevaid eksisteerivaid veebirakenduste turvalahendusi, analüüsida NFC sobivust turvalahenduste loomiseks ning pakkuda välja uus NFC autentimise ja signeerimise lahendus läbi Google Cloud Messaging teenuse ja NFC Java Card’i. Autori pakutud lahendus võimaldab kasutajal ennast autentida ja signeerida läbi NFC mobiiliseadme ja NFC Java Card’i, nõudmata kasutajalt eraldi kaardilugejat. Antud lahendust on võimalik kasutada kui ühtset kasutajatuvastamise viisi erinevatele rakendustele, ilma lisaarenduseta.This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made. This smart card solution can be used within multiple applications and gives the possibility to use same authentication solution within different applications

An Application for Decentralized Access Control Mechanism on Cloud Data using Anonymous Authentication

In the last few years, Cloud computing has gained a lot of popularity and technology analysts believe it will be the future, but only if the security problems are solved from time-to-time. For those who are unfamiliar with cloud computing, it is a practice wherein users can access the data from the servers that are located in remote places. Users can do so through the Internet to manage, process and store the relevant data, instead of depending on the personal computer or a local server. Many firms and organizations are using cloud computing, which eventually is faster, cheaper and easy to maintain. Even the regular Internet users are also relying on cloud computing services to access their files whenever and wherever they wish. There are also numerous challenges associated with cloud computing like abuse of cloud services, data security and cyber-attacks. When clients outsource sensitive data through cloud servers, access control is one of the fundamental requirements among all security requirements which ensures that no unauthorized access to secured data will be avoided. Hence, cloud computing has to build a feature that provides privacy, access control challenges and security to the user data. A suitable and reliable encryption technique with enhanced key management should be developed and applied to the user data before loading into the cloud with the goal to achieve secured storage. It also has to support file access control and all other files related functions in a policy-based manner for any file stored in a cloud environment. This research paper proposes a decentralized access control mechanism for the data storage security in clouds which also provides anonymous authentication. This mechanism allows the decryption of the stored information only by the valid users, which is an additional feature of access control. Access control mechanism are decentralized which makes it robust when compared to centralized access control schemes meant for clouds

A university wide smart card system

Presently, many tertiary educational institutions utilise card technologies for staff and student identification and the support of other related services within the institution. A new type of card technology has been developed known as a Smart Card, where an existing plastic card has an embedded integrated circuit and is capable of expanding the range of applications and services capable within an institution. This thesis will detail the advantages that these new Smart Cards have over existing institution cards, detail other institution\u27s attempts to use Smart Cards and finally, this thesis proposes a suitable system for integrating Smart Cards into an existing tertiary educational institution