Gamification techniques for raising cyber security awareness

Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlightedthat users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

© 2004-2012 IEEE. The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, software-defined networks (SDNs) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches

A national certification programme for academic degrees in cyber security

With a growing need for cyber security skills, there has been a notable increase in the number of academic degrees targeting this topic area, at both undergraduate and postgraduate levels. However, with a widening and varied choice available to them, prospective students and employers require a means to identify academic degrees that offer appropriate and high-quality education in the subject area. This paper presents a case study of the establishment and operation of a certification programme for academic degrees in cyber security. It describes the means by which appropriate topic themes and subject areas for relevant degrees were identified and defined, leading to a certification programme that addresses degrees in general cyber security as well as notable specialisations including digital forensics and network security. The success of the programme is evidenced by 25 degrees across 19 universities having been certified to date, and a continued response to new calls for certification

Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment

In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party. In this paper, we present Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand. We move the trust relationship and identity propagation out of the application implementation and model them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt a platform-specific security infrastructure for the given business scenario at runtime. Secondly, we protect the confidentiality of PII in federated security domains. We propose our Purpose-based Encryption to protect the disclosure of PII from intermediary entities in a business transaction and from untrusted hosts. Our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast.</jats:p

A perspective on using experiment and theory to identify design principles in dye-sensitized solar cells

Dye-sensitized solar cells (DSCs) have been the subject of wide-ranging studies for many years because of their potential for large-scale manufacturing using roll-to-roll processing allied to their use of earth abundant raw materials. Two main challenges exist for DSC devices to achieve this goal; uplifting device efficiency from the 12 to 14% currently achieved for laboratory-scale ‘hero’ cells and replacement of the widely-used liquid electrolytes which can limit device lifetimes. To increase device efficiency requires optimized dye injection and regeneration, most likely from multiple dyes while replacement of liquid electrolytes requires solid charge transporters (most likely hole transport materials – HTMs). While theoretical and experimental work have both been widely applied to different aspects of DSC research, these approaches are most effective when working in tandem. In this context, this perspective paper considers the key parameters which influence electron transfer processes in DSC devices using one or more dye molecules and how modelling and experimental approaches can work together to optimize electron injection and dye regeneration. This paper provides a perspective that theory and experiment are best used in tandem to study DSC device

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Gravitational redshifting of galaxies in the SPIDERS cluster catalogue

Data from the SPectroscopic IDentification of ERosita Sources (SPIDERS) are searched for a detection of the gravitational redshifting of light from similar to 20 000 galaxies in similar to 2500 galaxy clusters using three definitions of the cluster centre: its Brightest Cluster Galaxy (BCG), the redMaPPer identified Central Galaxy (CG), or the peak of X-ray emission. Distributions of velocity offsets between galaxies and their host cluster's centre, found using observed redshifts, are created. The quantity (Delta) over cap, the average of the radial velocity difference between the cluster members and the cluster systemic velocity, reveals information on the size of a combination of effects on the observed redshift, dominated by gravitational redshifting. The change of (Delta) over cap with radial distance is predicted for SPIDERS galaxies in General Relativity (GR), and f(R) gravity, and compared to the observations. The values of (Delta) over cap = -13.5 +/- 4.7 kms(-1), (Delta) over cap = -12.5 +/- 5.1 kms(-1), and (Delta) over cap = -18.6 +/- 4.8 kms(-1) for the BCG, X-ray, and CG cases, respectively, broadly agree with the literature. There is no significant preference of one gravity theory over another, but all cases give a clear detection (>2.5 sigma) of (Delta) over cap. The BCG centroid is deemed to be the most robust method in this analysis, due to no well-defined central redshift when using an X-ray centroid, and CGs identified by redMaPPer with no associated spectroscopic redshift. For future gravitational redshift studies, an order-of-magnitude more galaxies, similar to 500 000, will be required - a possible feat with the forthcoming Vera C. Rubin Observatory, Euclid and eROSITA.Peer reviewe

Gravitational redshifting of galaxies in the SPIDERS cluster catalogue

Data from the SPectroscopic IDentification of ERosita Sources (SPIDERS) are searched for a detection of the gravitational redshifting of light from ∼20,000 galaxies in ∼2500 galaxy clusters using three definitions of the cluster centre: its Brightest Cluster Galaxy (BCG), the redMaPPer identified Central Galaxy (CG), or the peak of X-ray emission. Distributions of velocity offsets between galaxies and their host cluster's centre, found using observed redshifts, are created. The quantity Delta, the average of the radial velocity difference between the cluster members and the cluster systemic velocity, reveals information on the size of a combination of effects on the observed redshift, dominated by gravitational redshifting. The change of Δ with radial distance is predicted for SPIDERS galaxies in General Relativity (GR), and f(R) gravity, and compared to the observations. The values of Δ =-13.5\pm 4.7 km s-1, Δ=-12.5pm 5.1 km s-1, and Δ =-18.6\pm 4.8 km s-1 for the BCG, X-ray, and CG cases, respectively, broadly agree with the literature. There is no significant preference of one gravity theory over another, but all cases give a clear detection (>2.5σ) of Δ. The BCG centroid is deemed to be the most robust method in this analysis, due to no well-defined central redshift when using an X-ray centroid, and CGs identified by redMaPPer with no associated spectroscopic redshift. For future gravitational redshift studies, an order-of-magnitude more galaxies, ∼500,000, will be required-a possible feat with the forthcoming Vera C. Rubin Observatory, Euclid and eROSITA