Exploring the adoption of physical security controls in smartphones

The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user’s data from unauthorized physical access. We conducted a survey to measure their adoption and the rea-sons behind users’ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

A multivariant secure framework for smart mobile health application

This is an accepted manuscript of an article published by Wiley in Transactions on Emerging Telecommunications Technologies, available online: https://doi.org/10.1002/ett.3684 The accepted version of the publication may differ from the final published version.Wireless sensor network enables remote connectivity of technological devices such as smart mobile with the internet. Due to its low cost as well as easy availability of data sharing and accessing devices, the Internet of Things (IoT) has grown exponentially during the past few years. The availability of these devices plays a remarkable role in the new era of mHealth. In mHealth, the sensors generate enormous amounts of data and the context-aware computing has proven to collect and manage the data. The context aware computing is a new domain to be aware of context of involved devices. The context-aware computing is playing a very significant part in the development of smart mobile health applications to monitor the health of patients more efficiently. Security is one of the key challenges in IoT-based mHealth application development. The wireless nature of IoT devices motivates attackers to attack on application; these vulnerable attacks can be denial of service attack, sinkhole attack, and select forwarding attack. These attacks lead intruders to disrupt the application's functionality, data packet drops to malicious end and changes the route of data and forwards the data packet to other location. There is a need to timely detect and prevent these threats in mobile health applications. Existing work includes many security frameworks to secure the mobile health applications but all have some drawbacks. This paper presents existing frameworks, the impact of threats on applications, on information, and different security levels. From this line of research, we propose a security framework with two algorithms, ie, (i) patient priority autonomous call and (ii) location distance based switch, for mobile health applications and make a comparative analysis of the proposed framework with the existing ones.Published onlin

In Cloud We Trust: Risk-Assessment-as-a-Service

Part 1: Full PapersInternational audienceCloud computing is an emerging paradigm that allows adoption of on-demand services in a cost-effective way. Migrating services to the Cloud also means been exposed to new threats and vulnerabilities, thus, resulting in a modified assessment of risk. Assessing risk in the Cloud remains an open research issue, as it requires a given level of trust of the Cloud service provider for providing assessment data and implementing controls. This paper surveys existing knowledge, regarding risk assessment for the Cloud, and highlights the requirements for the design of a cloud-targeted method that is offered as a service, which is also in compliance with the specific characteristics of the Cloud

Factors Influencing Smartphone Application Downloads

Part 2: Information Security Training and AwarenessInternational audienceMobile applications are increasingly being downloaded in modern society. Despite providing many benefits to potential users, many such applications pose security risks to their users including the leaking of personal information. When applications provide features that fulfil the users’ needs, smartphone users often neglect to consider security when downloading applications. This paper explores whether students consider relevant Security Factors when selecting an application to download. A Smartphone Simulation Exercise and related questions were used to determine students’ reported behaviour regarding smartphone application downloads. The findings suggest that many students do not consider relevant Security Factors important when downloading applications and, therefore, need to be educated in this regard

Forming the Abilities of Designing Information Security Maintenance Systems in the Implementation of Educational Programmes in Information Security

Part 3: Information Security Courses and CurriculaInternational audienceThe paper shares the NRNU MEPhI’s experience in forming the abilities to design the Information Security Maintenance Systems (ISMaS) in training Bachelors, Masters and Engineers in the field of Information Security (IS). It is proposed to form their abilities and teamwork skills when executing a course project by a team of students under supervision of their Professor within the framework of the “IS Management” discipline. Course projects help to reinforce the students’ theoretical knowledge and develop their ability to apply this knowledge to the solution of practical problems. They are assigned at a group basis and in our case are aimed at designing the ISMaS of a particular object, which automates the implementation of a separate organization’s process. A brief description of the process model for ensuring IS of such objects is given and the regulations for implementing the course project are presented in detail, indicating the types of abilities that are gained at each stage