Ubic: Bridging the gap between digital cryptography and the physical world

Advances in computing technology increasingly blur the boundary between the digital domain and the physical world. Although the research community has developed a large number of cryptographic primitives and has demonstrated their usability in all-digital communication, many of them have not yet made their way into the real world due to usability aspects. We aim to make another step towards a tighter integration of digital cryptography into real world interactions. We describe Ubic, a framework that allows users to bridge the gap between digital cryptography and the physical world. Ubic relies on head-mounted displays, like Google Glass, resource-friendly computer vision techniques as well as mathematically sound cryptographic primitives to provide users with better security and privacy guarantees. The framework covers key cryptographic primitives, such as secure identification, document verification using a novel secure physical document format, as well as content hiding. To make a contribution of practical value, we focused on making Ubic as simple, easily deployable, and user friendly as possible.Comment: In ESORICS 2014, volume 8712 of Lecture Notes in Computer Science, pp. 56-75, Wroclaw, Poland, September 7-11, 2014. Springer, Berlin, German

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

A framework of mobile transaction use: the user’s perspective

The remarkable advances of mobile technologies and the prevalence of mobile devices have profoundly transformed telephony systems. They provide functionalities which surpass telephony needs, and which motivate the development of value-added mobile services and functions. The number of mobile phones in use far exceeds any other technical devices that could be used to market, sell, produce, or deliver products and services to consumers. These developments open lucrative opportunities to retailers and service providers. The literature highlights the fact that mobile transactions (m-transactions) are one of the most critical incentives for successful mobile commerce (m-commerce). However, the successfulness of m-transaction systems in Saudi Arabia requires a strong acceptance of the Saudi consumers. The importance of this study is accentuated by the fact that mobile commerce and its services are still in their infancy and there is still an apparent lack of acceptance of mobile transactions amongst Saudi users. Research needs to address the issue of acceptance of m-transactions from the user’s perspective, particularly within developing countries as they suffer from a noticeable lack of studies in this field. This research initially starts with a comprehensive literature review about the critical factors affecting the acceptance and use of electronic commerce (e-commerce), m-commerce and focuses on m-transactions, including different technology acceptance models and theories, helping to investigate whether there exists an effective comprehensive framework for adopting m-transactions within the context of Saudi Arabia and, more specifically, from a consumer’s perspective. Furthermore, to emphasize the true value measure of m-transaction, we must comprehend and evaluate the potency and limitations of mobile purchasing and the key factors affecting the m-transaction use decision. M-transactions hold a huge potential for online business and sales, but merely having an m-transaction service “hosted” on the World Wide Web (WWW) should not lead us to believe that customers will rush into mobile commercial websites for their desired products. Recognising that fact and realizing that there are different important factors and concerns over m-transactions playing a significant role, highlight the need for investigating and developing a framework that encompasses the critical factors affecting the intention to use m-transaction within the context of a Saudi consumer’s perspective. In order to achieve this goal, this study evolved in several stages aiming to reach a satisfactory level of maturity. These stages can be divided into three main phases: (1) exploratory phase which contains three exploratory studies which helped to add the cultural qualities as a further dimension that would play a significant role in such a unique cultural region. Consequently, a holistic framework is integrated that includes the key factors affecting the intention to use m-transactions. This framework is empirically validated in (2) a further study using a statistically representative sample size of 1008 Saudi users from different demographic backgrounds. The empirical analysis revealed that security, ease of use, usefulness, social influence, navigational structure, telecommunication infrastructure, individualism, masculinity, power distance, uncertainty avoidance, and visual appeal have a significant impact on the intention to use m-transactions. Amongst those factors, ease of use was the most significant influential factor. Therefore, this led to (3) another study aiming to empirically investigate the level of ease of use (usability) of conducting m-transactions within the Saudi context. In total, this research comprised five different empirical studies to extend our understanding of the phenomenon of m-transactions. The ultimate product of this research is to develop a consolidated framework for the intention to use m-transactions, combined with a set of recommendations for mobile websites and application developers, designers, government, and other organizations that intend to extend their business in the mobile commerce area, and this should eventually benefit the users

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Towards a framework to promote the development of secure and usable online information security applications

The proliferation of the internet and associated online activities exposes users to numerous information security (InfoSec) threats. Such online activities attract a variety of online users who include novice computer users with no basic InfoSec awareness knowledge. Information systems that collect and use sensitive and confidential personal information of users need to provide reliable protection mechanisms to safeguard this information. Given the constant user involvement in these systems and the notion of users being the weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability of online InfoSec systems can play an integral role in making sure that users use the applications effectively, thereby improving the overall security of the applications. The development of online InfoSec systems calls for addressing the InfoSec problem as a social problem, and such development must seek to find a balance between technical and social aspects. The research addressed the problem of usable security in online InfoSec applications by using an approach that enabled the consideration of both InfoSec and usability in viewing the system as a socio-technical system with technical and social sub-systems. Therefore, the research proposed a socio-technical framework that promotes the development of usable security for online information systems using online banking as a case study. Using a convergent mixed methods research (MMR) design, the research collected data from online banking users through a survey and obtained the views of online banking developers through unstructured interviews. The findings from the two research methods contributed to the selection of 12 usable security design principles proposed in the sociotechnical information security (STInfoSec) framework. The research contributed to online InfoSec systems theory by developing a validated STInfoSec framework that went through an evaluation process by seven field experts. Although intended for online banking, the framework can be applied to other similar online InfoSec applications, with minimum adaptation. The STInfoSec framework provides checklist items that allow for easy application during the development process. The checklist items can also be used to evaluate existing online banking websites to identify possible usable security problems.Computer ScienceD. Phil. (Computer Science

INTELLIGENT ADVISORY SYSTEM FOR SUPPORTING COMPUTER-BASED AUTHENTICATION USERS

Authentication is one of the cornerstones of computer security systems today, and most users of computers interact withthese mechanisms on a daily basis. However, human factor has often been described as one of the weakest part of computersecurity as users of authentication are often identified to be the weakest link in the security chain. In related development ithas been demanding to merge usability with security in the choice of authentication method by computer users. To addressthe serious problem, this paper presents an intelligent advisory system based on artificial neural network that can assist usersof authentication systems on making decision on the authentication method that best suits them.Keywords: Intelligent, Advisory system, Authentication, Human Factor

BioSecure: white paper for research in biometrics beyond BioSecure

This report is the output of a consultation process of various major stakeholders in the biometric community to identify the future biometrical research issues, an activity which employed not only researchers but representatives from the entire biometrical community, consisting of governments, industry, citizens and academia. It is one of the main efforts of the BioSecure Network of Excellence to define the agenda for future biometrical research, including systems and applications scenarios