Security, privacy and trust of user-centric solutions

International audienc

Image‐based malware classification using VGG19 network and spatial convolutional attention

In recent years the amount of malware spreading through the internet and infecting computers and other communication devices has tremendously increased. To date, countless techniques and methodologies have been proposed to detect and neutralize these malicious agents. However, as new and automated malware generation techniques emerge, a lot of malware continues to be produced, which can bypass some state‐of‐the‐art malware detection methods. Therefore, there is a need for the classification and detection of these adversarial agents that can compromise the security of people, organizations, and countless other forms of digital assets. In this paper, we propose a spatial attention and convolutional neural network (SACNN) based on deep learning framework for image‐based classification of 25 well‐known malware families with and without class balancing. Performance was evaluated on the Malimg benchmark dataset using precision, recall, specificity, precision, and F1 score on which our proposed model with class balancing reached 97.42%, 97.95%, 97.33%, 97.11%, and 97.32%. We also conducted experiments on SACNN with class balancing on benign class, also produced above 97%. The results indicate that our proposed model can be used for image‐based malware detection with high performance, despite being simpler as compared to other available solutions

Perceived influence of cybersecurity on the intention to use mobile banking applications

Banking institutions see the adoption and usage of mobile devices for banking namely mobile banking as an innovative financial service delivering strategy that bridges the gap between customers and banks. Mobile banking eliminates the need to visit bank branches for banking services and it eliminates the need to only perform banking services within fixed business hours. In mobile banking, mobile devices such as a cellphone, smartphone, or tablet’ are used to conduct non-financial and financial transactions such as checking account status, transferring money, making payments, or selling stocks. Mobile banking is suggested to take over the banking sector because it is economising and timesaving benefits. Despite these benefits, the adoption rate amongst consumers remains low, especially in developing countries where there is a knowledge gap in understanding why consumers do not engage in the frequent use of mobile banking applications. Apart from several factors identified in previous literature on mobile banking as influencers of limited usage and adoption of mobile banking, trust remains an important factor in the intention to adopt or use mobile banking applications. Also, because of the increasing prevalence of cyber threats in developing countries, the influence of cybersecurity is still questionable on their influences on the intention to adopt or use mobile baking applications. The increase in cyber threats and attacks has birthed the need for cybersecurity to be addressed. Given that most financial institutions see mobile banking as a strategy for their competitive advantage; it is important that they understand how best to address consumer’s fears brought about by cybersecurity threats. Literature has not covered more ground on the analysis of mobile banking applications (Uduimoh., Osho., Ismaila, & Shafi’i, 2019). The purpose of this study is to investigate the perceived influence of cybersecurity on the user’s intentions to use mobile banking applications. The study identified seven salient cybersecurity factors that influence the intention to use mobile banking applications. These cybersecurity factors were grouped into two groups, namely intrinsic factors and extrinsic factors and resulted in the development of a conceptual model. With this model, hypothesises were developed and tested statistically using quantitative data from an online selfadministered Qualtrics survey questionnaire. Data collected from 90 participants was statistically analysed in Smart PLS 3 (a quantitative data analysis software). Structural Equation Modeling (SEM) and Partial Least Squares path modelling approaches were adopted for data analysis. Hypothesis testing was performed on salient factors that influence the perception of cybersecurity on the intention to use mobile banking applications. The findings concluded that salient significant factors that influence the perception of mobile banking cybersecurity on the intention to use mobile banking applications were perceived data confidentiality and cybersecurity awareness. As a result, the study concluded that one’s perception on ability to avert cybersecurity threats and attacks, how they perceived the protection of their data from being modified by unauthorised users, how they perceive their data to be kept confidential and their knowledge of cybersecurity from legitimate sources influences their intention to use mobile banking applications. Finally, this study investigated the empirical evidence of the knowledge gap concerning the perceived influence of cybersecurity on the intention to use mobile banking applications

Mobile Technology Deployment Strategies for Improving the Quality of Healthcare

Ineffective deployment of mobile technology jeopardizes healthcare quality, cost control, and access, resulting in healthcare organizations losing customers and revenue. A multiple case study was conducted to explore the strategies that chief information officers (CIOs) used for the effective deployment of mobile technology in healthcare organizations. The study population consisted of 3 healthcare CIOs and 2 healthcare information technology consultants who have experience in deploying mobile technology in a healthcare organization in the United States. The conceptual framework that grounded the study was Wallace and Iyer\u27s health information technology value hierarchy. Data were collected using semistructured interviews and document reviews, followed by within-case and cross-case analyses for triangulation and data saturation. Key themes that emerged from data analysis included the application of disruptive technology in healthcare, ownership and management of mobile health equipment, and cybersecurity. The healthcare CIOs and consultants emphasized their concern about the lack of cybersecurity in mobile technology. CIOs were reluctant to deploy the bring-your-own-device strategy in their organizations. The implications of this study for positive social change include the potential for healthcare CIOs to emphasize the business practice of supporting healthcare providers in using secure mobile equipment deployment strategies to provide enhanced care, safety, peace of mind, convenience, and ease of access to patients while controlling costs

Protocolos para la seguridad de la información en eHealth: Criptografía en entornos mHeath

Abstract. The advance of technology has brought with it the evolution of tools in various fields, among which the medical field stands out. Today’s medicine has tools that 30 years ago were unthinkable making its functioning completely different. Thanks to this fusion of medicine and technology new terms concerning this symbiosis, such as eHealth or mHealth, may be found in our daily lives. Both users and all the areas that work in the protection and performance of health and safety benefit from it. In this doctoral thesis we have worked in several lines with the aim of improving information security in several mHealth systems trying to make the proposed solutions extrapolable to other environments. Firstly, a tool, supported by an expert system and using identity-based encryption for the protection of patient information, for the diagnosis, treatment and monitoring of children with attention deficit disorder is proposed. Second, a solution focused on geared towards enhancing solutions for two of the fundamental problems of medical data information security: the secure management of patient information and the identification of patients within the hospital environment, is included. The solution proposed for the identification problem is based on the use of NFC bracelets that store an identifier associated with the patient and is generated through an HMAC function. In the third work, the problem of identification is again analyzed, but this time in emergency environments where no stable communication networks are present. It also proposes a system for the classification of victims whose objective is to improve the management of health resources in these scenarios. The fourth contribution is a system for improving the traceability and management of small emergencies and everyday events based on the use of blockchains. To conclude with the contributions of this thesis, a cryptographic scheme which improves security in healthcare devices with little computing capacity is presented. The general aim of this thesis is providing improvements in current medicine through mHealth systems, paying special attention to information security. Specifically, measures for the protection of data integrity, identification, authentication and nonrepudiation of information are included. The completion of this doctoral thesis has been funded through a pre-doctoral FPI grant from the Canary Islands Government.El avance de la tecnología ha traído consigo la evolución de herramientas en diversos ámbitos, entre ellos destaca el de la medicina. La medicina actual posee unas herramientas que hace 30 años eran impensables, lo que hace que su funcionamiento sea completamente diferente. Gracias a esta fusión de medicina y tecnología encontramos en nuestro día a día nuevos términos, como eHealth o mHealth, que hacen referencia a esta simbiosis, en la que se benefician tanto los usuarios, como todas las áreas que trabajan en la protección y actuación de la salud y seguridad de las mismas. En esta tesis doctoral se ha trabajado en varias líneas con el objetivo de mejorar la seguridad de la información en varios sistemas mHealth intentando que las soluciones propuestas sean extrapolables a otros entornos. En primer lugar se propone una herramienta destinada al diagnóstico, tratamiento y monitorización de niños con trastorno de déficit de atención que se apoya en un sistema experto y usa cifrado basado en identidad para la protección de la información de los pacientes. En segundo lugar, se incluye una solución centrada en aportar mejoras en dos de los problemas fundamentales de la seguridad de la información de los datos médicos: la gestión segura de la información de los pacientes y la identificación de los mismos dentro del entorno hospitalario. La solución planteada para el problema de identificación se basa en la utilización de pulseras NFC que almacenan un identificador asociado al paciente y que es generado a través de una función HMAC. En el tercer trabajo se analiza de nuevo el problema de identificación de las personas pero esta vez en entornos de emergencia en los que no se cuenta con redes de comunicaciones estables. Además se propone un sistema de clasificación de víctimas en dichos entornos cuyo objetivo es mejorar la gestión de recursos sanitarios en estos escenarios. Como cuarta aportación se presenta un sistema de mejora de la trazabilidad y de la gestión de pequeñas emergencias y eventos cotidianos basada en el uso de blockchain. Para terminar con las aportaciones de esta tesis, se presenta un esquema criptográfico que mejora los esquemas actuales de seguridad utilizados para dispositivos del entorno sanitario que poseen poca capacidad computacional. La finalidad general perseguida en esta tesis es aportar mejoras al uso de la medicina actual a través de sistemas mHealth en los que se presta especial atención a la seguridad de la información. Concretamente se incluyen medidas para la protección de la integridad de los datos, identificación de personas, autenticación y no repudio de la información. La realización de esta tesis doctoral ha contando con financiación del Gobierno de Canarias a través de una beca predoctoral FPI