Cyber crime: A portrait of the landscape

This paper reviews current evidence in relation to scale and impacts of cyber crime, including various approaches to defining and measuring the problem. A review and analysis of survey evidence is used to enable an understanding of the scope and scale of the cyber crime problem, and its effect upon those experiencing it. The analysis evidences that cyber crime exists in several dimensions, with costs and harms that can be similarly varied. There is also a sense that, moving forward, the 'cyber' label will become somewhat redundant as many crimes have the potential to have a technology component. The key evidence in this particular discussion has some geographic limitations, with much of the discussion focused upon data drawn from the the Crime Survey or England and Wales, as well as other UK-based sources. However, many of the broader points still remain more wider relevant. - A better understanding of the range and scale of cyber crime threats - Understanding of how the cyber element fits into the wider context of crime - Improving the appreciation of what cyber crime can mean for potential victims. - Recognition of the cost dimensions, and the implications for protection and response. The discussion will help businesses and individuals to have a better appreciation of the cyber crime threat, and what ought to be considered in response to it. The discussion is based upon recent evidence, and therefore represents a more up-to-date view of the cyber crime landscape than reviews already available in earlier literature

Graphical One-Time Password (GOTPass): A usability evaluation

Journal has two ISSNs: 1939-3555 (Print), 1939-3547 (Online)Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, to measure the efficiency, effectiveness, memorability, and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5s

Information security burnout: Identification of sources and mitigating factors from security demands and resources

This study examines how information security burnout can develop from complying with organisational security demands, and whether security burnout can be reduced by engaging organisational and personal resources. The Job Demands-Resources model was extended to the IT security context, to develop and empirically test a security burnout model, using a sample of 443 participants in Vietnam. The results demonstrate that security task overload and difficult access to security requirements increased security burnout while dealing with challenging security requirements reduced burnout. Neither organisational resources nor user self-efficacy were effective in reducing burnout. Moreover, simple security tasks did not guarantee a burnout-free experience for users. The findings emphasise the significance of providing resources and designing security tasks as challenging and rewarding experiences, rather than simply reducing user involvement as a source of decreasing cyber security risks. The research establishes a theoretical basis for further studying the phenomenon of security burnout and its role in user security management

A suspect-oriented intelligent and automated computer forensic analysis

Computer forensics faces a range of challenges due to the widespread use of computing technologies. Examples include the increasing volume of data and devices that need to be analysed in any single case, differing platforms, use of encryption and new technology paradigms (such as cloud computing and the Internet of Things). Automation within forensic tools exists, but only to perform very simple tasks, such as data carving and file signature analysis. Investigators are responsible for undertaking the cognitively challenging and time-consuming process of identifying relevant artefacts. Due to the volume of cyber-dependent (e.g., malware and hacking) and cyber-enabled (e.g., fraud and online harassment) crimes, this results in a large backlog of cases. With the aim of speeding up the analysis process, this paper investigates the role that unsupervised pattern recognition can have in identifying notable artefacts. A study utilising the Self-Organising Map (SOM) to automatically cluster notable artefacts was devised using a series of four cases. Several SOMs were created – a File List SOM containing the metadata of files based upon the file system, and a series of application level SOMs based upon metadata extracted from files themselves (e.g., EXIF data extracted from JPEGs and email metadata extracted from email files). A total of 275 sets of experiments were conducted to determine the viability of clustering across a range of network configurations. The results reveal that more than 93.5% of notable artefacts were grouped within the rank-five clusters in all four cases. The best performance was achieved by using a 10 × 10 SOM where all notables were clustered in a single cell with only 1.6% of the non-notable artefacts (noise) being present, highlighting that SOM-based analysis does have the potential to cluster notable versus noise files to a degree that would significantly reduce the investigation time. Whilst clustering has proven to be successful, operationalizing it is still a challenge (for example, how to identify the cluster containing the largest proportion of notables within the case). The paper continues to propose a process that capitalises upon SOM and other parameters such as the timeline to identify notable artefacts whilst minimising noise files. Overall, based solely upon unsupervised learning, the approach is able to achieve a recall rate of up to 93%. © 2016 Elsevier Lt

A perspective on using experiment and theory to identify design principles in dye-sensitized solar cells

Dye-sensitized solar cells (DSCs) have been the subject of wide-ranging studies for many years because of their potential for large-scale manufacturing using roll-to-roll processing allied to their use of earth abundant raw materials. Two main challenges exist for DSC devices to achieve this goal; uplifting device efficiency from the 12 to 14% currently achieved for laboratory-scale ‘hero’ cells and replacement of the widely-used liquid electrolytes which can limit device lifetimes. To increase device efficiency requires optimized dye injection and regeneration, most likely from multiple dyes while replacement of liquid electrolytes requires solid charge transporters (most likely hole transport materials – HTMs). While theoretical and experimental work have both been widely applied to different aspects of DSC research, these approaches are most effective when working in tandem. In this context, this perspective paper considers the key parameters which influence electron transfer processes in DSC devices using one or more dye molecules and how modelling and experimental approaches can work together to optimize electron injection and dye regeneration. This paper provides a perspective that theory and experiment are best used in tandem to study DSC device

Continuous and transparent multimodal authentication: reviewing the state of the art

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner

SMEs' Confidentiality Concerns for Security Information Sharing

Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22Comment: 10 pages, 2 figures, 14th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2020

Automating the Communication of Cybersecurity Knowledge: Multi-Case Study

Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company's capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the SMB's hands-on skills, tools adaptedness, and the users' willingness to documenting confidential information. The SMBs wanted to learn in simple, incremental steps, allowing them to understand what they do. An SMB's motivation to improve security depended on the fitness of assessment questions and recommendations with the SMB's business model and IT infrastructure. The results of this study indicate that automated counselling can help many SMBs in security adoption. The final publication is available at Springer via https://link.springer.com/chapter/10.1007%2F978-3-030-59291-2_8Comment: 14 pages, 1 figure, 13th World Conference on Information Security Educatio

The UKIRT Hemisphere Survey: Definition and Full J-band Data Release

This paper defines the UK Infra-red Telescope (UKIRT) Hemisphere Survey (UHS) and release of the complete J-band dataset. The UHS provides continuous coverage in the northern hemisphere from a declination of 0 deg to 60 deg by combining the existing Large Area Survey, Galactic Plane Survey and Galactic Clusters Survey conducted under the UKIRT Infra-red Deep Sky Survey (UKIDSS) programme with a new additional ~12,700 sq.deg area not covered by UKIDSS. This data release includes J-band imaging and source catalogues over the new area, which, together with UKIDSS, completes the J-band UHS coverage over the full ~17,900 sq.deg area. 98 per cent of the data in this release have passed quality control criteria, the remaining 2 per cent being scheduled for re-observation. The median 5-sigma point source sensitivity of the released data is 19.6 mag (Vega). The median full width at half-maximum of the point spread function across the dataset is 0.75 arcsec. In this paper, we outline the survey management, data acquisition, processing and calibration, quality control and archiving as well as summarising the characteristics of the released data products. The data are initially available to a limited consortium with a world-wide release scheduled for August 2018