Does the online card payment system unwittingly facilitate fraud?

PhD ThesisThe research work in this PhD thesis presents an extensive investigation into the security settings of Card Not Present (CNP) financial transactions. These are the transactions which include payments performed with a card over the Internet on the websites, and over the phone. Our detailed analysis on hundreds of websites and on multiple CNP payment protocols justifies that the current security architecture of CNP payment system is not adequate enough to protect itself from fraud. Unintentionally, the payment system itself will allow an adversary to learn and exploit almost all of the security features put in place to protect the CNP payment system from fraud. With insecure modes of accepting payments, the online payment system paves the way for cybercriminals to abuse even the latest designed payment protocols like 3D Secure 2.0. We follow a structured analysis methodology which identifies vulnerabilities in the CNP payment protocols and demonstrates the impact of these vulnerabilities on the overall payment system. The analysis methodology comprises of UML diagrams and reference tables which describe the CNP payment protocol sequences, software tools which implements the protocol and practical demonstrations of the research results. Detailed referencing of the online payment specifications provides a documented link between the exploitable vulnerabilities observed in real implementations and the source of the vulnerability in the payment specifications. We use practical demonstrations to show that these vulnerabilities can be exploited in the real-world with ease. This presents a stronger impact message when presenting our research results to a nontechnical audience. This has helped to raise awareness of security issues relating to payment cards, with our work appearing in the media, radio and T

Current State of Information Security Research In IS

The importance of information security in a pervasive networked environment is undeniable, yet there is a lack of research in this area. In this study we conduct a comprehensive survey of the information security articles published in leading IS journals. We then compared the research themes with those of the IBM Information Security Capability Reference Model

Analysing IoT cyber risk for estimating IoT cyber insurance

This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0

The Perceived Effectiveness of Container Security at Seaports Along the Gulf Coast

With approximately 90% of the world\u27s goods shipped via cargo containers, it is vital for the security of these containers to be complete and effective. However, given the volume of containers transiting U.S. seaports, the task of providing complete security is complicated and, arguably, impossible. Nevertheless, the data analyzed throughout this study indicates that the current container security paradigm can be enhanced to accommodate the significant workload. The research conducted throughout this study provided perceptions that were indicative of a security environment that can be and must be improved. More specifically, the data revealed that the biggest threat facing containers was their susceptibility to be exploited for smuggling purposes. All of the participants in this study acknowledged the use of a layered security framework at their respective ports. However, this layered approach was insufficient to scan even a fraction of the containers imported to the U.S. As a result of the limitations associated with container security, the majority of containers receive no form of inspection until their arrival to U.S. seaports. This makes it impossible to inspect and scan 100% of containers. With that in mind the participants in this study believe that container security could progress, but without knowledgeable, proper and efficient use of technology, no such improvement is achievable. Furthermore, cooperation from the rest of the global seaport community is essential for container security to advance. Finally, the insurmountable task of providing a dynamic and resilient security framework hinges on Custom and Border Protection\u27s ability to facilitate and collaborate with the entire seaport community

Digital CMOS ISFET architectures and algorithmic methods for point-of-care diagnostics

Over the past decade, the surge of infectious diseases outbreaks across the globe is redefining how healthcare is provided and delivered to patients, with a clear trend towards distributed diagnosis at the Point-of-Care (PoC). In this context, Ion-Sensitive Field Effect Transistors (ISFETs) fabricated on standard CMOS technology have emerged as a promising solution to achieve a precise, deliverable and inexpensive platform that could be deployed worldwide to provide a rapid diagnosis of infectious diseases. This thesis presents advancements for the future of ISFET-based PoC diagnostic platforms, proposing and implementing a set of hardware and software methodologies to overcome its main challenges and enhance its sensing capabilities. The first part of this thesis focuses on novel hardware architectures that enable direct integration with computational capabilities while providing pixel programmability and adaptability required to overcome pressing challenges on ISFET-based PoC platforms. This section explores oscillator-based ISFET architectures, a set of sensing front-ends that encodes the chemical information on the duty cycle of a PWM signal. Two initial architectures are proposed and fabricated in AMS 0.35um, confirming multiple degrees of programmability and potential for multi-sensing. One of these architectures is optimised to create a dual-sensing pixel capable of sensing both temperature and chemical information on the same spatial point while modulating this information simultaneously on a single waveform. This dual-sensing capability, verified in silico using TSMC 0.18um process, is vital for DNA-based diagnosis where protocols such as LAMP or PCR require precise thermal control. The COVID-19 pandemic highlighted the need for a deliverable diagnosis that perform nucleic acid amplification tests at the PoC, requiring minimal footprint by integrating sensing and computational capabilities. In response to this challenge, a paradigm shift is proposed, advocating for integrating all elements of the portable diagnostic platform under a single piece of silicon, realising a ``Diagnosis-on-a-Chip". This approach is enabled by a novel Digital ISFET Pixel that integrates both ADC and memory with sensing elements on each pixel, enhancing its parallelism. Furthermore, this architecture removes the need for external instrumentation or memories and facilitates its integration with computational capabilities on-chip, such as the proposed ARM Cortex M3 system. These computational capabilities need to be complemented with software methods that enable sensing enhancement and new applications using ISFET arrays. The second part of this thesis is devoted to these methods. Leveraging the programmability capabilities available on oscillator-based architectures, various digital signal processing algorithms are implemented to overcome the most urgent ISFET non-idealities, such as trapped charge, drift and chemical noise. These methods enable fast trapped charge cancellation and enhanced dynamic range through real-time drift compensation, achieving over 36 hours of continuous monitoring without pixel saturation. Furthermore, the recent development of data-driven models and software methods open a wide range of opportunities for ISFET sensing and beyond. In the last section of this thesis, two examples of these opportunities are explored: the optimisation of image compression algorithms on chemical images generated by an ultra-high frame-rate ISFET array; and a proposed paradigm shift on surface Electromyography (sEMG) signals, moving from data-harvesting to information-focused sensing. These examples represent an initial step forward on a journey towards a new generation of miniaturised, precise and efficient sensors for PoC diagnostics.Open Acces

Security and defence research in the European Union: a landscape review

This landscape report describes the state of play of the European Union’s policies and activities in security and defence and the EU-funded research aimed at supporting them, with an exclusive focus on intentional harm. It is organised around several thematic building blocks under the umbrella of the three core priorities defined in the European agenda on security. The report reviews the current main risks and threats but also those that may emerge within the next 5 years, the policy and operational means developed to combat them, the main active stakeholders and the EU legislation in force. In this context, a short history of EU research on security and defence is presented, followed by an inventory of relevant research and development projects funded under the Horizon 2020 framework programme during the period 2014-2018. The specific contributions of the Joint Research Centre to security research are also highlighted. Finally, future avenues for security and defence research and development are discussed. Please note that the executive summary of this landscape report has been published simultaneously as a companion document.JRC.E.7-Knowledge for Security and Migratio

Innovation in manufacturing through digital technologies and applications: Thoughts and Reflections on Industry 4.0

The rapid pace of developments in digital technologies offers many opportunities to increase the efficiency, flexibility and sophistication of manufacturing processes; including the potential for easier customisation, lower volumes and rapid changeover of products within the same manufacturing cell or line. A number of initiatives on this theme have been proposed around the world to support national industries under names such as Industry 4.0 (Industrie 4.0 in Germany, Made-in-China in China and Made Smarter in the UK). This book presents an overview of the state of art and upcoming developments in digital technologies pertaining to manufacturing. The starting point is an introduction on Industry 4.0 and its potential for enhancing the manufacturing process. Later on moving to the design of smart (that is digitally driven) business processes which are going to rely on sensing of all relevant parameters, gathering, storing and processing the data from these sensors, using computing power and intelligence at the most appropriate points in the digital workflow including application of edge computing and parallel processing. A key component of this workflow is the application of Artificial Intelligence and particularly techniques in Machine Learning to derive actionable information from this data; be it real-time automated responses such as actuating transducers or informing human operators to follow specified standard operating procedures or providing management data for operational and strategic planning. Further consideration also needs to be given to the properties and behaviours of particular machines that are controlled and materials that are transformed during the manufacturing process and this is sometimes referred to as Operational Technology (OT) as opposed to IT. The digital capture of these properties and behaviours can then be used to define so-called Cyber Physical Systems. Given the power of these digital technologies it is of paramount importance that they operate safely and are not vulnerable to malicious interference. Industry 4.0 brings unprecedented cybersecurity challenges to manufacturing and the overall industrial sector and the case is made here that new codes of practice are needed for the combined Information Technology and Operational Technology worlds, but with a framework that should be native to Industry 4.0. Current computing technologies are also able to go in other directions than supporting the digital ‘sense to action’ process described above. One of these is to use digital technologies to enhance the ability of the human operators who are still essential within the manufacturing process. One such technology, that has recently become accessible for widespread adoption, is Augmented Reality, providing operators with real-time additional information in situ with the machines that they interact with in their workspace in a hands-free mode. Finally, two linked chapters discuss the specific application of digital technologies to High Pressure Die Casting (HDPC) of Magnesium components. Optimizing the HPDC process is a key task for increasing productivity and reducing defective parts and the first chapter provides an overview of the HPDC process with attention to the most common defects and their sources. It does this by first looking at real-time process control mechanisms, understanding the various process variables and assessing their impact on the end product quality. This understanding drives the choice of sensing methods and the associated smart digital workflow to allow real-time control and mitigation of variation in the identified variables. Also, data from this workflow can be captured and used for the design of optimised dies and associated processes

Identity preservation & traceability: the state of the art - from a grain perspective (status of agricultural quality systems / traceability / certification systems)

A descriptive paper on the state of identity preservation and traceability (IPT) as it relates domestically and internationally to food safety and economics. While not exhaustive, it is illustrative of trends. Identity preservation and traceability (IPT) are not new concepts; however, the growth of public and business interest and concerns regarding them has grown tremendously during the past decade due to many events, which has resulted in these concepts joining together within a single concept (with the same title). This paper, while attempting to be thorough, will highlight the major systems of IPT from a US business perspective. Before and during the research of this study many companies and organizations have been created, bought out, or simply gone out of business. Government and non-government organizations have changed regulations and how they have adapted to current world events. Thus the state of IPT will be a sampling of the major players that are in existence during the research. Several of the examples of IPT programs will be of situations that affect the US grain industry, however, other examples will be provided.;Scope of this work; to provide an introduction to, and summary of, identity preservation and traceability (IPT) systems and programs presently available, develop a conceptual model of IPT at the farmer level, and interpretation of the overall art.;The purpose of this research is to provide a sampling of government, industry, and company approaches towards identity preservation and traceability (IPT) systems from the 1990s to early 2007. From this the audience should gain a better understanding of the complexity of IPT systems, rules that it functions under, how IPT is shaped and modified; primary, support, and ancillary components, and the diverse reasons why IPT is critical for food safety and the market.;The format of this work starts with IPT history followed by the theory, design, and general components of IPT, examples of IPT programs and standards, examples of auditing and laboratory firms, chapters that discuss domestic/foreign policy and advisory groups, software providers, process facilitators, food recalls/insurance, cost-benefit spreadsheet that focuses on farm level IP for comparison, farmer IP questionnaire, interpretation, conclusion, and appendixes, related products guide, glossary, directory of resources, and works cited

Enabling security and risk-based operation of container line supply chains under high uncertainties

Container supply chains are vulnerable to many risks. Vulnerability can be defined as an exposure to serious disturbances arising from the risks within the supply chain as well as the risks external to the supply chain. Vulnerability can also be defined as exposure to serious disturbances arising from a hazard or a threat. Containers are one of the major sources of security concerns and have been used, for example, to smuggle illegal immigrants, weapons, and drugs. The consequences of the use of a weapon of mass destruction or discovery of such a device in a container are serious. Estimates suggest that a weapon of mass destruction explosion and the resulting port closure could cost billions of dollars. The annual cost of container losses as consequences of serious disturbances arising from hazards is estimated as $500 million per year. The literature review, historical failure data, and statistical analysis in the context of containerships' accidents from a safety point of view clearly indicate that the container cargo damage, machinery failure, collision, grounding, fire/explosion, and contact are the most significant accident categories with high percentages of occurrences. Another important finding from the literature review is that the most significant basic event contributing to the supply chains' vulnerability is human error. Therefore, firstly, this research makes full use of the Evidential Reasoning (ER) advantages and further develops and extends the Fuzzy Evidential Reasoning (FER) by exploiting a conceptual and sound methodology for the assessment of a seafarer's reliability. Accordingly, control options to enhance seafarers' reliability are suggested. The proposed methodology enables and facilitates the decision makers to measure the reliability of a seafarer before his/her designation to any activities and during his/her seafaring period. Secondly, this research makes full use of the Bayesian Networks (BNs) advantages and further develops and extends the Fuzzy Bayesian Networks (FBNs) and a "symmetric method" by exploiting a conceptual and sound methodology for the assessment of human reliability. Furthermore a FBN model (i. e. dependency network), which is capable of illustrating the dependency among the variables, is constructed. By exploiting the proposed FBN model, a general equation for the reduction of human reliability attributable to a person's continuous hours of wakefulness, acute sleep loss and cumulative sleep debt is formulated and tested.A container supply chain includes dozens of stakeholders who can physically come into contact with containers and their contents and are potentially related with the container trade and transportation. Security-based disruptions can occur at various points along the supply chain. Experience has shown that a limited percentage of inspection, coupled with a targeted approach based on risk analysis, can provide an acceptable security level. Thus, in order not to hamper the logistics process in an intolerable manner, the number of physical checks should be chosen cautiously. Thirdly, a conceptual and sound methodology (i. e. FBN model) for evaluating a container's security score, based on the importer security filling, shipping documents, ocean or sea carriers' reliability, and the security scores of various commercial operators and premises, is developed. Accordingly, control options to avoid unnecessary delays and security scanning are suggested. Finally, a decision making model for assessing the security level of a port associated with ship/port interface and based on the security score of the ship's cargo containers, is developed. It is further suggested that regardless of scanning all import cargo containers, one realistic way to secure the supply chain, due to lack of information and number of variables, is to enhance the ocean or sea carriers' reliability through enhancing their ship staff's reliability. Accordingly a decision making model to analyse the cost and benefit (i.e. CBA) is developed