113 research outputs found
Gamification techniques for raising cyber security awareness
Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlightedthat users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues
Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks
© 2004-2012 IEEE. The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, software-defined networks (SDNs) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches
A national certification programme for academic degrees in cyber security
With a growing need for cyber security skills, there has been a notable increase in the number of academic degrees targeting this topic area, at both undergraduate and postgraduate levels. However, with a widening and varied choice available to them, prospective students and employers require a means to identify academic degrees that offer appropriate and high-quality education in the subject area. This paper presents a case study of the establishment and operation of a certification programme for academic degrees in cyber security. It describes the means by which appropriate topic themes and subject areas for relevant degrees were identified and defined, leading to a certification programme that addresses degrees in general cyber security as well as notable specialisations including digital forensics and network security. The success of the programme is evidenced by 25 degrees across 19 universities having been certified to date, and a continued response to new calls for certification
Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment
In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party. In this paper, we present Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand. We move the trust relationship and identity propagation out of the application implementation and model them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt a platform-specific security infrastructure for the given business scenario at runtime. Secondly, we protect the confidentiality of PII in federated security domains. We propose our Purpose-based Encryption to protect the disclosure of PII from intermediary entities in a business transaction and from untrusted hosts. Our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast.</jats:p
A perspective on using experiment and theory to identify design principles in dye-sensitized solar cells
Dye-sensitized solar cells (DSCs) have been the subject of wide-ranging studies for many
years because of their potential for large-scale manufacturing using roll-to-roll processing
allied to their use of earth abundant raw materials. Two main challenges exist for DSC
devices to achieve this goal; uplifting device efficiency from the 12 to 14% currently
achieved for laboratory-scale âheroâ cells and replacement of the widely-used liquid
electrolytes which can limit device lifetimes. To increase device efficiency requires optimized
dye injection and regeneration, most likely from multiple dyes while replacement
of liquid electrolytes requires solid charge transporters (most likely hole transport materials
â HTMs). While theoretical and experimental work have both been widely applied to
different aspects of DSC research, these approaches are most effective when working in
tandem. In this context, this perspective paper considers the key parameters which
influence electron transfer processes in DSC devices using one or more dye molecules
and how modelling and experimental approaches can work together to optimize electron
injection and dye regeneration.
This paper provides a perspective that theory and experiment are best used in tandem to study
DSC device
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of usersâ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
Gravitational redshifting of galaxies in the SPIDERS cluster catalogue
Data from the SPectroscopic IDentification of ERosita Sources (SPIDERS) are searched for a detection of the gravitational redshifting of light from similar to 20 000 galaxies in similar to 2500 galaxy clusters using three definitions of the cluster centre: its Brightest Cluster Galaxy (BCG), the redMaPPer identified Central Galaxy (CG), or the peak of X-ray emission. Distributions of velocity offsets between galaxies and their host cluster's centre, found using observed redshifts, are created. The quantity (Delta) over cap, the average of the radial velocity difference between the cluster members and the cluster systemic velocity, reveals information on the size of a combination of effects on the observed redshift, dominated by gravitational redshifting. The change of (Delta) over cap with radial distance is predicted for SPIDERS galaxies in General Relativity (GR), and f(R) gravity, and compared to the observations. The values of (Delta) over cap = -13.5 +/- 4.7 kms(-1), (Delta) over cap = -12.5 +/- 5.1 kms(-1), and (Delta) over cap = -18.6 +/- 4.8 kms(-1) for the BCG, X-ray, and CG cases, respectively, broadly agree with the literature. There is no significant preference of one gravity theory over another, but all cases give a clear detection (>2.5 sigma) of (Delta) over cap. The BCG centroid is deemed to be the most robust method in this analysis, due to no well-defined central redshift when using an X-ray centroid, and CGs identified by redMaPPer with no associated spectroscopic redshift. For future gravitational redshift studies, an order-of-magnitude more galaxies, similar to 500 000, will be required - a possible feat with the forthcoming Vera C. Rubin Observatory, Euclid and eROSITA.Peer reviewe
Gravitational redshifting of galaxies in the SPIDERS cluster catalogue
Data from the SPectroscopic IDentification of ERosita Sources (SPIDERS) are searched for a detection of the gravitational redshifting of light from âŒ20,000 galaxies in âŒ2500 galaxy clusters using three definitions of the cluster centre: its Brightest Cluster Galaxy (BCG), the redMaPPer identified Central Galaxy (CG), or the peak of X-ray emission. Distributions of velocity offsets between galaxies and their host cluster's centre, found using observed redshifts, are created. The quantity Delta, the average of the radial velocity difference between the cluster members and the cluster systemic velocity, reveals information on the size of a combination of effects on the observed redshift, dominated by gravitational redshifting. The change of Î with radial distance is predicted for SPIDERS galaxies in General Relativity (GR), and f(R) gravity, and compared to the observations. The values of Î =-13.5\pm 4.7 km s-1, Î=-12.5pm 5.1 km s-1, and Î =-18.6\pm 4.8 km s-1 for the BCG, X-ray, and CG cases, respectively, broadly agree with the literature. There is no significant preference of one gravity theory over another, but all cases give a clear detection (>2.5Ï) of Î. The BCG centroid is deemed to be the most robust method in this analysis, due to no well-defined central redshift when using an X-ray centroid, and CGs identified by redMaPPer with no associated spectroscopic redshift. For future gravitational redshift studies, an order-of-magnitude more galaxies, âŒ500,000, will be required-a possible feat with the forthcoming Vera C. Rubin Observatory, Euclid and eROSITA
- âŠ