BYOD Security Policy Compliance Framework

Bring Your Own Device (BYOD) is an environment that allows employees to use their own personal device to access organisation’s resources to perform their work, but it has raised some security concerns as with BYOD, organisations face bigger challenges to safeguard their information assets. Compliance with ISP is a key factor in reducing organisation’s information security risks, as such, understanding employees’ compliance behaviour and other relevant factors that influence compliance with ISP is crucial. Hence, this study aims to explore this phenomenon by investigating the factors influencing employees in complying with BYOD Information Security Policy (ISP) in Malaysian public sector. A mixed method study on five (5) ministries in the public sector is proposed for the study. The understanding of these factors would assist in systematically developing a BYOD compliance framework for the public sector. This is critical as this trend is here to stay or even expand rapidly as employees carry more than one device to the workplace. The proposed framework will help improve ISP compliance to ensure organisational information assets are well protecte

A systematic review of approaches to assessing cyber security awareness

Purpose – The purpose of this paper is to survey, explore and inform researchers about the previous methodologies applied, target audience and coverage of previous assessment of cybersecurity awareness by capturing, summarizing, synthesizing and critically comment on it. It is also conducted to identify the gaps in the cybersecurity awareness assessment research which warrants the future work. Design/methodology/approach – The authors used a systematic literature review technique to search the relevant online databases by using pre-defined keywords. The authors limited the search to retrieve only English language academic articles published from 2005 to 2014. Relevant information was extracted from the retrieved articles, and the ensuing discussion centres on providing the answers to the research questions. Findings – From the online searches, 23 studies that matched the search criteria were retrieved, and the information extracted from each study includes the authors, publication year, assessment method used, target audiences, coverage of assessment and assessment goals. Originality/value – The review of the retrieved articles indicates that no previous research was conducted in the assessment of the cybersecurity awareness using a programme evaluation technique. It was also found that few studies focused on youngsters and on the issue of safeguarding personal information

Potential of support-vector regression for forecasting stream flow

Vodotok je važan za hidrološko proučavanje zato što određuje varijabilnost vode i magnitudu rijeke. Inženjerstvo vodnih resursa uvijek se bavi povijesnim podacima i pokušava procijeniti prognostičke podatke kako bi se osiguralo bolje predviđanje za primjenu kod bilo kojeg vodnog resursa, na pr. projektiranja vodnog potencijala brane hidroelektrana, procjene niskog protoka, i održavanja zalihe vode. U radu se predstavljaju tri računalna programa za primjenu kod rješavanja ovakvih sadržaja, tj. umjetne neuronske mreže - artificial neural networks (ANNs), prilagodljivi sustavi neuro-neizrazitog zaključivanja - adaptive-neuro-fuzzy inference systems (ANFISs), i support vector machines (SVMs). Za stvaranje procjene korištena je Rijeka Telom, smještena u Cameron Highlands distriktu Pahanga, Malaysia. Podaci o dnevnom prosječnom protoku rijeke Telom, kao što su količina padavina i podaci o vodostaju, koristili su se za period od ožujka 1984. do siječnja 2013. za podučavanje, ispitivanje i ocjenjivanje izabranih modela. SVM pristup je dao bolje rezultate nego ANFIS i ANNs kod procjenjivanja dnevne prosječne fluktuacije vodotoka.Stream flow is an important input for hydrology studies because it determines the water variability and magnitude of a river. Water resources engineering always deals with historical data and tries to estimate the forecasting records in order to give a better prediction for any water resources applications, such as designing the water potential of hydroelectric dams, estimating low flow, and maintaining the water supply. This paper presents three soft-computing approaches for dealing with these issues, i.e. artificial neural networks (ANNs), adaptive-neuro-fuzzy inference systems (ANFISs), and support vector machines (SVMs). Telom River, located in the Cameron Highlands district of Pahang, Malaysia, was used in making the estimation. The Telom River’s daily mean discharge records, such as rainfall and river-level data, were used for the period of March 1984 – January 2013 for training, testing, and validating the selected models. The SVM approach provided better results than ANFIS and ANNs in estimating the daily mean fluctuation of the stream’s flow

Game theory analysis and modeling of sophisticated multi-collusion attack in MANETs

Mobile Adhoc Network (MANET) has been a core topic of research since the last decade. Currently, this form of networking paradigm is increasingly being construed as an integral part of upcoming urban applications of Internet-of-Things (IoT), consisting of massive connectivity of diverse types of nodes. There is a significant barrier to the applicability of existing routing approaches in conventional MANETs when integrated with IoT. This routing mismatch can lead to security risks for the MANET-based application tied with the IoT platform. This paper examines a pragmatic scenario as a test case wherein the mobile nodes must exchange multimedia signals for supporting real-time streaming applications. There exist two essential security requirements viz. i) securing the data packet and ii) understanding the unpredictable behavior of the attacker. The current study considers sophistication on the part of attacker nodes. They are aware of each other’s identity and thereby collude to conduct lethal attacks, which is rarely reflected in existing security modeling statistics. This research harnesses the potential modeling aspect of game theory to model the multiple-collusion attacker scenario. It contributes towards i) modeling strategies of regular/malicious nodes and ii) applying optimization principle using novel auxiliary information to formulate the optimal strategies. The model advances each regular node’s capability to carry out precise computation about the opponent player’s strategy prediction, i.e., malicious node. The simulation outcome of the proposed mathematical model in MATLAB ascertains that it outperforms the game theory’s baseline approach

Decentralized blockchain network for resisting side-channel attacks in mobility-based IoT

The inclusion of mobility-based Internet-of-Things (IoT) devices accelerates the data transmission process, thereby catering to IoT users’ demands; however, securing the data transmission in mobility-based IoT is one complex and challenging concern. The adoption of unified security architecture has been identified to prevent side-channel attacks in the IoT, which has been discussed extensively in developing security solutions. Despite blockchain’s apparent superiority in withstanding a wide range of security threats, a careful examination of the relevant literature reveals that some common pitfalls are associated with these methods. Therefore, the proposed scheme introduces a novel computational security framework wherein a branched and decentralized blockchain network is formulated to facilitate coverage from different variants of side-channel IoT attacks that are yet to be adequately reported. A unique blockchain-based authentication approach is designed to secure communication among mobile IoT devices using multiple stages of security implementation with Smart Agreement and physically unclonable functions. Analytical modeling with lightweight finite field encryption is used to create this framework in Python. The study’s benchmark results show that the proposed scheme offers 4% less processing time, 5% less computational overhead, 1% more throughput, 12% less latency, and 30% less energy consumption compared to existing blockchain methods

Evolution and analysis of securehash algorithm (sha) family

With the rapid advancement of technologies and proliferation of intelligent devices, connecting to the internet challenges have grown manifold, such as ensuring communication security and keeping user credentials secret. Data integrity and user privacy have become crucial concerns in any ecosystem of advanced and interconnected communications. Cryptographic hash functions have been extensively employed to ensure data integrity in insecure environments. Hash functions are also combined with digital signatures to offer identity verification mechanisms and non-repudiation services. The federal organization National Institute of Standards and Technology (NIST) established the SHA to provide security and optimal performance over some time. The most well-known hashing standards are SHA-1, SHA-2, and SHA-3. This paper discusses the background of hashing, followed by elaborating on the evolution of the SHA family. The main goal is to present a comparative analysis of these hashing standards and focus on their security strength, performance and limitations against common attacks. The complete assessment was carried out using statistical analysis, performance analysis and extensive fault analysis over a defined test environment. The study outcome showcases the issues ofSHA-1 besides exploring the security benefits of all the dominant variants of SHA-2 and SHA-3. The study also concludes that SHA-3 is the best option to mitigate novice intruders while allowing better performance cost-effectivel

Modeling Traffic Congestion Based on Air Quality for Greener Environment: An Empirical Study

The primary focus of this paper is to govern traffic congestion on urban road networks based upon a cumulative approach comprising of traffic flow modeling, vehicle emission modeling, and air quality modeling. Based upon the traffic conditions, a simulation model is proposed and further tested for performance metrics, which is relative to three main aspects, namely, the waiting time of the vehicles at the junctions/intersections/signals, the type of pollutant emitted by a vehicle, and the traveling time. The experimental analysis and validation are carried out for different case studies in Malaysia, such as Petaling Jaya, Shah Alam, Mont Kiara, and Jalan Tun Razak. Three different scenarios (morning, afternoon, and evening) are analyzed and tested to explore the traffic usage parameter. The results showed that when traffic is modeled and governed based upon traffic flow, vehicle emission, and air quality index (AQI), nearly 75% of traffic congestion is mitigated, hence making the atmosphere pollution free as well as avoiding Urban Heat Island (UHI) effect due to the heat generated from vehicles. The experimental results are tested, validated, and compared with existing solutions for performance analysis. The proposed model is aimed toward overcoming the major drawbacks of existing approaches, such as single-path suggestions, traffic delay during peak hours/emergencies, non-recurring congestion consideration, congestion avoidance instead of recovering from it, improper reporting of road accidents, and notifications about traffic jam ahead to the users and high vehicle usage rate

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas

A Key Management Framework for Secure Group Communication in Wireless Mobile Environments

Multicast functionality can be used to enable group communication more efficiently than the traditional unicast networks. Like unicast environments, multicast or group-based applications are expected to deliver same level of service to both end users and service or content providers. One of the problem areas concerns with provision of secure group communication is the management of keying material, which is primarily managed by an infrastructure, referred to as a group key management framework (GKMF). The main function of a GKMF is providing common cryptographic key(s) to all group members of a multicast group communication. While security issues pertaining to deployment of secure group communication in fixed unicast networks are widely research, very little consideration is given for establishing such communications in wireless mobile environments (WMobEs). Inherent characteristics of WMobEs such as restricted capabilities of mobile devices, as well as mobility of group members provide further challenge for deploying secure group communication in such environments. Thus, this thesis concerns key management frameworks for secure group communication in WMobEs. There are three main parts to the work. First, we begin with an introduction to multicast technology, including its capability to enable group (or multicast) communication. Second, we focus the work on one area, the management of group keying material within a GKMF, including its main components and processes (or protocols). Third, we propose a specification for a GKMF for secure group communication, based on a specific wireless mobile architecture. Finally, we conclude our work by identifying future research directions. The main contribution of this thesis is to design, specify and analyze a GKMF for group communication in WMobEs