3 research outputs found
Cybersecurity Readiness of E-tail Organisations:A Technical Perspective
Cybersecurity readiness is a challenging issue for online retail businesses which are losing billions of dollars due to cyber-crimes and a lack of readiness to manage these. Therefore, research into cybersecurity readiness in the online retail industry is needed. Technical tools are the foremost measures of defence against these attacks. This study investigates cybersecurity readiness from the technical perspective in some UK online retailers. This research adopted a qualitative case study approach with semi-structured interviews for collecting data. A total of 15 interviews were conducted with an online retail company’s staff and management who had responsibility for managing cybersecurity. A thematic analysis method was used to analyse the qualitative data. The research findings show that the company is facing internal and external threats to their information systems and their technical defences are not very effective at present. The company should consider investing more resources in the technical controls to prevent these attacks
Efficient and secure business model for content centric network using elliptic curve cryptography
https://onlinelibrary.wiley.com/doi/full/10.1002/dac.3839Initially, Internet has evolved as a resource sharing model where resources are identified by IP addresses. However, with rapid technological advancement, resources/hardware has become cheap and thus, the need of sharing hardware over Internet is reduced. Moreover, people are using Internet mainly for information exchange and hence, Internet has gradually shifted from resource sharing to information sharing model. To meet the recent growing demand of information exchange, Content Centric Network (CCN) is envisaged as a clean‐slate future network architecture which is specially destined for smooth content distribution over Internet. In CCN, content is easily made available using network caching mechanism which is misaligned with the existing business policy of content providers/publishers in IP‐based Internet. Hence, the transition from contemporary IP‐based Internet to CCN demands attention for redesigning the business policy of the content publishers/providers. In this paper, we have proposed efficient and secure communication protocols for flexible CCN business model to protect the existing business policies of the content publisher while maintaining the salient CCN features like in‐network content caching and Interest packet aggregation. To enhance the efficiency and security, the Elliptic Curve Cryptography (ECC) is used. The proposed ECC‐based scheme is analyzed to show that it is resilient to relevant existing cryptographic attacks. The performance analysis in terms of less computation and communication overheads and increased efficiency is given. Moreover, a formal security verification of the proposed scheme is done using widely used AVISPA simulator and BAN logic that shows our scheme is well secured
Development of a secure multi-factor authentication algorithm for mobile money applications
A Thesis Submitted in Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyWith the evolution of industry 4.0, financial technologies have become paramount and mobile
money as one of the financial technologies has immensely contributed to improving financial
inclusion among the unbanked population. Several mobile money schemes were developed but,
they suffered severe authentication security challenges since they implemented two-factor
authentication. This study focused on developing a secure multi-factor authentication (MFA)
algorithm for mobile money applications. It uses personal identification numbers, one-time
passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile
money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet
encryption were used to secure the authentication factors, confidential financial information and
data before transmission to the remote databases. A literature review, survey, evolutionary
prototyping model, and heuristic evaluation and usability testing methods were used to identify
authentication issues, develop prototypes of native genuine mobile money (G-MoMo)
applications, and identify usability issues with the interface designs and ascertain their usability,
respectively. The results of the review grouped the threat models into attacks against privacy,
authentication, confidentiality, integrity, and availability. The survey identified authentication
attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’
security issues. The researcher designed a secure MFA algorithm for mobile money applications
and developed three native G-MoMo applications to implement the designed algorithm to prove
the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to
non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy,
and user anonymity, was highly effective against several attacks but had high communication
overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the
G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the
applications’ menu titles, search fields, actions needed for recovery, and help and documentation.
Similarly, the usability testing revealed that they were easy to learn, effective, efficient,
memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and
understandable. Implementing a secure mobile money authentication and authorisation by
combining multiple factors which are securely stored helps mobile money subscribers and other
stakeholders to have trust in the developed native G-MoMo applications