Marko Hölbl | University of Maribor (original) (raw)
Papers by Marko Hölbl
Elektronika ir Elektrotechnika
eLearning has managed to penetrate into most classrooms nowadays and Moodle is one of wider accep... more eLearning has managed to penetrate into most classrooms nowadays and Moodle is one of wider accepted LMS. After years of its application in everyday teaching practice we were inspired to analyse the student communication and feedback habits using Moodle. In this paper, we will present the experiences and results of a questionnaire regarding Moodle and eLearning. Firstly we analyse which communications capabilities of Moodle. Additionally, we present an analysis of students’ feedback habits using Moodle regarding the grading of teachers, teaching assistants and the course in general. Finally, we also investigate student’s general opinion on eLearning and experiences with technical problem when using Moodle. Ill. 5, bibl. 10 (in English; abstracts in English, Russian and Lithuanian).
Zaradi hitre evolucije tehnologije smo vedno bolj obdani z vseprisotno inteligentnimi, med seboj ... more Zaradi hitre evolucije tehnologije smo vedno bolj obdani z vseprisotno inteligentnimi, med seboj povezanimi napravami, ki nam ponujajo nov vidik našega vsakdanjega življenja. Koncept Interneta stvari (angl. Internet of Things) je uporaba standardiziranih komunikacijskih protokolov in omrežne infrastrukture z namenom razširjanja navidezno prostorskih meja interneta na heterogene naprave, ki imajo sposobnost samostojne konfiguracije in medsebojnega sodelovanja. Kot končni uporabniki bomo prav tako del obogatenega internetnega prostora (tj. internet stvari). Zaradi vseobsežne in vsesplošne medsebojne povezanosti različnih naprav ali »stvari« se poraja vprašanje varnosti in zasebnosti. V prispevku bomo obravnavali osnovne principe in se osredotočili na arhitekturo in varnost Interneta stvari.
The Internet of Things (IOT) paradigm is increasingly infiltrating into our lives. Although still... more The Internet of Things (IOT) paradigm is increasingly infiltrating into our lives. Although still not standardised it already expanded into new paradigms, e.g. Web of Things and Social Web/Internet of Things. Despite the fact that numerous IOT applications already exists, there does not exist any comprehensive methodology or tool for developing IOT applications. Furthermore, the development of such applications is highly challenging because of various IOT particularities as the heterogeneity, resource constrained architecture, scalability, etc. In this paper we evaluate the IOT application development challenges and present some recent methodological solutions.
Facebook is the most popular social networking site (SNS) and attracts new users every day. The u... more Facebook is the most popular social networking site (SNS) and attracts new users every day. The users of Facebook are given the option of disclosing their data to everyone on Facebook. This paper focuses on students and their awareness of privacy, and the possibilities for setting up their own privacy settings. Users often disclose information about themselves whilst being unaware of who will see it. Past papers that have already conducted research on user awareness regarding privacy, were investigated and compared with present results of our research conducted among Slovenian students. Based on previous research, the results show that it is possible to raise user awareness regarding privacy on Facebook and based on our research it can be concluded that privacy is important to Slovenian students but they often forget about their control over published information.
In this paper, we present experience with learning management system Moodle when used in our educ... more In this paper, we present experience with learning management system Moodle when used in our educational process. We discuss the use of a feedback form enabling students to asses and comment courses. Additionally, the results of a questionnaire compiled to gain data on student experiences with Moodle with focus on features of the platform and specific privacy concerns are presented. Further, the relation between the experience gained with the course and the questionnaire results is described. Students were asked about Moodle features they use and specific privacy concerns, including visibility of profiles, results and grades. Also students' relation to giving feedback feature of Moodle is analysed.
The most popular social networking site (SNS) Facebook gets new users every day. Users of Faceboo... more The most popular social networking site (SNS) Facebook gets new users every day. Users of Facebook are being given an option to disclose their data to everyone with internet access. Some users are not aware of importance of privacy and possibilities to set up privacy settings. We explored the area of user awareness of data security and user privacy. Users often disclose information by themselves while not being aware of it. We investigate papers on user awareness of privacy. We can conclude that it is possible to raise user awareness of the importance of information disclosure on Facebook. Although users find privacy very important, they often forget about the control over published information.
Today's databases store information with sensitivity levels that range from public to highly ... more Today's databases store information with sensitivity levels that range from public to highly sensitive, hence ensuring confidentiality can be highly important, but also requires costly control. This paper focuses on the inference problem on different database structures. It presents possible treats on privacy with relation to the inference, and control methods for mitigating these treats. The paper shows that using only access control, without any inference control is inadequate, since these models are unable to protect against indirect data access. Furthermore, it covers new inference problems which rise from the dimensions of new technologies like XML, semantics, etc.
Facebook has launched a facial recognition feature and incorporated it by default for all users. ... more Facebook has launched a facial recognition feature and incorporated it by default for all users. This feature is also known as Photo Tag Suggest. It enables the automatic scanning of faces on newly uploaded photos and matches these faces with new photos with Facebook users on existing photos. To the best of our knowledge, Facebook has never published any information about the technologies that this feature uses and, therefore, we have investigated the possible technologies used for a feature seen as this. Facebook’s facial recognition feature associates tags with the accounts of other Facebook users. This is most likely done by comparing different faces within their database and by also taking their social contexts into account. This paper also reviews privacy concerns relating to Facebook’s facial recognition features based on a research conducted amongst students using Facebook and also presents guidelines and suggestions for increasing privacy awareness.
Ad Hoc Networks, 2015
Please cite this article as: M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user a... more Please cite this article as: M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment, Ad Hoc Networks (2015), doi: http://dx.doi.org/10.1016/j.adhoc.2015.05.014
2009 International Conference on Availability, Reliability and Security, 2009
Recently, Yoon and Yoo proposed a new authentication protocol based on a one-way hash function an... more Recently, Yoon and Yoo proposed a new authentication protocol based on a one-way hash function and Diffie-Hellman key exchange, which is based on the protocol by Wu-Chieu and Lee-Lin-Chang. They claim that their protocol is secure, but we show it is susceptible to password guessing if an adversary gains possession of the smart card. Additionally, we propose an improved protocol
In a supervised learning, the relationship between the available data and the performance (what i... more In a supervised learning, the relationship between the available data and the performance (what is learnt) is not well understood. How much data to use, or when to stop the learning process, are the key questions.
ABSTRACT Recently quantum computation and cryptography principles are exploited in the design of ... more ABSTRACT Recently quantum computation and cryptography principles are exploited in the design of security systems for wireless sensor networks (WSNs), which are consequently named as quantum WSN. Quantum cryptography is presumably secure against any eavesdropper and thus labeled as providing unconditional security. This paper tries to analyze the aspect of the applicative use of quantum principles in WSN. The outcome of the analysis elaborates a summary about the inadequacy of applicative use of quantum cryptography in WSN and presents an overview of all possible applicative challenges and problems while designing quantum-based security systems for WSN. Since WSNs are highly complex frameworks, with many restrictions and constraints, every security system has to be fully compatible and worthwhile. The aim of the paper was to contribute a verdict about this topic, backed up by equitable facts.
Wireless Personal Communications, 2013
ABSTRACT Xue et al. recently proposed an innovative mutual authentication and key agreement schem... more ABSTRACT Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.
Journal of Medical Internet Research, 2013
In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create s... more In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.
Journal of Medical Internet Research, 2013
Medical data are gold mines for deriving the knowledge that could change the course of a single p... more Medical data are gold mines for deriving the knowledge that could change the course of a single patient's life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confidentiality of medical data legal regulations, especially when the data analyst is not affiliated with the data owner. Our first objective was to analyze the privacy and confidentiality issues and the associated regulations pertaining to medical data, and to identify technologies to properly address these issues. Our second objective was to develop a procedure to protect medical data in such a way that the outsourced analyst would be capable of doing analyses on protected data and the results would be comparable, if not the same, as if they had been done on the original data. Specifically, our hypothesis was there would not be a difference between the outsourced decision trees built on encrypted data and the ones built on original data. Using formal definitions, we developed an algorithm to protect medical data for outsourced analyses. The algorithm was applied to publicly available datasets (N=30) from the medical and life sciences fields. The analyses were performed on the original and the protected datasets and the results of the analyses were compared. Bootstrapped paired t tests for 2 dependent samples were used to test whether the mean differences in size, number of leaves, and the accuracy of the original and the encrypted decision trees were significantly different. The decision trees built on encrypted data were virtually the same as those built on original data. Out of 30 datasets, 100% of the trees had identical accuracy. The size of a tree and the number of leaves was different only once (1/30, 3%, P=.19). The proposed algorithm encrypts a file with plain text medical data into an encrypted file with the data protected in such a way that external data analyses are still possible. The results show that the results of analyses on original and on protected data are identical or comparably similar. The approach addresses the privacy and confidentiality issues that arise with medical data and is adherent to strict legal rules in the United States and Europe regarding the processing of the medical data.
Electronics and Electrical Engineering, 2013
User authentication is an important issue in wireless sensor networks. Das et al. recently propos... more User authentication is an important issue in wireless sensor networks. Das et al. recently proposed a dynamic password-based user authentication scheme for hierarchical wireless sensor networks, which provides high security and a simple authentication approach. In this paper we present a flaw in Das et al.'s scheme that makes it infeasible for real-life implementation. Additionally, we demonstrate that Das et al.'s scheme has redundant elements. To overcome these imperfections we propose an enhanced user authentication scheme based on Das et al.'s, which is both efficient and secure.
Cryptologia, 2009
ABSTRACT In 2006, W. G. Shieh and F. M. Wang [Comput. Security 25, 72–77 (2006)] proposed an effi... more ABSTRACT In 2006, W. G. Shieh and F. M. Wang [Comput. Security 25, 72–77 (2006)] proposed an efficient remote mutual authentication and key agreement scheme which uses smart cards and requires only hash function operations. In this paper, we show that Shieh et al.’s scheme is vulnerable to guessing attacks, forgery attacks and key compromise attacks. To eliminate these weaknesses, an improvement of Shieh et al.’s scheme with increased security is proposed. The security and efficiency of the improved scheme raises the attractiveness for implementation.
Choosing complex sets of tools, usually called learning management systems (LMSs), for creating p... more Choosing complex sets of tools, usually called learning management systems (LMSs), for creating perfect blends of traditional classroom activities and the most appropriate e-learning course components has become a common practice. Our institutions have opted for open source LMS Moodle. After years of its application in everyday teaching practice we were inspired to analyse the effectiveness of this platform. In this paper, results of the surveys compiled in order to reflect the student and teacher experiences with Moodle are presented. Main focus is providing insights into opinions, expectations and possible reluctance regarding usability and privacy when using its functionalities Povzetek: V prispevku so predstavljene dolgoletne izkušnje in analize sistema Moodle.
Ad Hoc Networks, 2014
ABSTRACT The idea of the Internet of Things (IOT) notion is that everything within the global net... more ABSTRACT The idea of the Internet of Things (IOT) notion is that everything within the global network is accessible and interconnected. As such Wireless Sensor Networks (WSN) play a vital role in such an environment, since they cover a wide application field. Such interconnection can be seen from the aspect of a remote user who can access a single desired sensor node from the WSN without the necessity of firstly connecting with a gateway node (GWN). This paper focuses on such an environment and proposes a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. The proposed scheme enables a remote user to securely negotiate a session key with a general sensor node, using a lightweight key agreement protocol. The proposed scheme ensures mutual authentication between the user, sensor node, and the gateway node (GWN), although the GWN is never contacted by the user. The proposed scheme has been adapted to the resource-constrained architecture of the WSN, thus it uses only simple hash and XOR computations. Our proposed scheme tackles these risks and the challenges posed by the IOT, by ensuring high security and performance features.
In recent years, social networking sites have spread rapidly, raising new issues in terms of priv... more In recent years, social networking sites have spread rapidly, raising new issues in terms of privacy and self-disclosure online. For a better understanding of how privacy issues determine self-disclosure, a model which includes privacy awareness, privacy social norms, privacy policy, privacy control, privacy value, privacy concerns and self-disclosure was built. A total of 661 respondents participated in an online survey and a structural equation modelling was used to evaluate the model. The findings indicated a significant relationship between privacy value/privacy concerns and self-disclosure, privacy awareness and privacy concerns/self-disclosure, privacy social norms and privacy value/self-disclosure, privacy policy and privacy value/privacy concerns/self-disclosure, privacy control and privacy value/privacy concerns. The model from the study should contribute new knowledge concerning privacy issues and their shaping of self-disclosure on social networking sites. It could also help networking sites service providers understand how to encourage users to disclose more information.
Elektronika ir Elektrotechnika
eLearning has managed to penetrate into most classrooms nowadays and Moodle is one of wider accep... more eLearning has managed to penetrate into most classrooms nowadays and Moodle is one of wider accepted LMS. After years of its application in everyday teaching practice we were inspired to analyse the student communication and feedback habits using Moodle. In this paper, we will present the experiences and results of a questionnaire regarding Moodle and eLearning. Firstly we analyse which communications capabilities of Moodle. Additionally, we present an analysis of students’ feedback habits using Moodle regarding the grading of teachers, teaching assistants and the course in general. Finally, we also investigate student’s general opinion on eLearning and experiences with technical problem when using Moodle. Ill. 5, bibl. 10 (in English; abstracts in English, Russian and Lithuanian).
Zaradi hitre evolucije tehnologije smo vedno bolj obdani z vseprisotno inteligentnimi, med seboj ... more Zaradi hitre evolucije tehnologije smo vedno bolj obdani z vseprisotno inteligentnimi, med seboj povezanimi napravami, ki nam ponujajo nov vidik našega vsakdanjega življenja. Koncept Interneta stvari (angl. Internet of Things) je uporaba standardiziranih komunikacijskih protokolov in omrežne infrastrukture z namenom razširjanja navidezno prostorskih meja interneta na heterogene naprave, ki imajo sposobnost samostojne konfiguracije in medsebojnega sodelovanja. Kot končni uporabniki bomo prav tako del obogatenega internetnega prostora (tj. internet stvari). Zaradi vseobsežne in vsesplošne medsebojne povezanosti različnih naprav ali »stvari« se poraja vprašanje varnosti in zasebnosti. V prispevku bomo obravnavali osnovne principe in se osredotočili na arhitekturo in varnost Interneta stvari.
The Internet of Things (IOT) paradigm is increasingly infiltrating into our lives. Although still... more The Internet of Things (IOT) paradigm is increasingly infiltrating into our lives. Although still not standardised it already expanded into new paradigms, e.g. Web of Things and Social Web/Internet of Things. Despite the fact that numerous IOT applications already exists, there does not exist any comprehensive methodology or tool for developing IOT applications. Furthermore, the development of such applications is highly challenging because of various IOT particularities as the heterogeneity, resource constrained architecture, scalability, etc. In this paper we evaluate the IOT application development challenges and present some recent methodological solutions.
Facebook is the most popular social networking site (SNS) and attracts new users every day. The u... more Facebook is the most popular social networking site (SNS) and attracts new users every day. The users of Facebook are given the option of disclosing their data to everyone on Facebook. This paper focuses on students and their awareness of privacy, and the possibilities for setting up their own privacy settings. Users often disclose information about themselves whilst being unaware of who will see it. Past papers that have already conducted research on user awareness regarding privacy, were investigated and compared with present results of our research conducted among Slovenian students. Based on previous research, the results show that it is possible to raise user awareness regarding privacy on Facebook and based on our research it can be concluded that privacy is important to Slovenian students but they often forget about their control over published information.
In this paper, we present experience with learning management system Moodle when used in our educ... more In this paper, we present experience with learning management system Moodle when used in our educational process. We discuss the use of a feedback form enabling students to asses and comment courses. Additionally, the results of a questionnaire compiled to gain data on student experiences with Moodle with focus on features of the platform and specific privacy concerns are presented. Further, the relation between the experience gained with the course and the questionnaire results is described. Students were asked about Moodle features they use and specific privacy concerns, including visibility of profiles, results and grades. Also students' relation to giving feedback feature of Moodle is analysed.
The most popular social networking site (SNS) Facebook gets new users every day. Users of Faceboo... more The most popular social networking site (SNS) Facebook gets new users every day. Users of Facebook are being given an option to disclose their data to everyone with internet access. Some users are not aware of importance of privacy and possibilities to set up privacy settings. We explored the area of user awareness of data security and user privacy. Users often disclose information by themselves while not being aware of it. We investigate papers on user awareness of privacy. We can conclude that it is possible to raise user awareness of the importance of information disclosure on Facebook. Although users find privacy very important, they often forget about the control over published information.
Today's databases store information with sensitivity levels that range from public to highly ... more Today's databases store information with sensitivity levels that range from public to highly sensitive, hence ensuring confidentiality can be highly important, but also requires costly control. This paper focuses on the inference problem on different database structures. It presents possible treats on privacy with relation to the inference, and control methods for mitigating these treats. The paper shows that using only access control, without any inference control is inadequate, since these models are unable to protect against indirect data access. Furthermore, it covers new inference problems which rise from the dimensions of new technologies like XML, semantics, etc.
Facebook has launched a facial recognition feature and incorporated it by default for all users. ... more Facebook has launched a facial recognition feature and incorporated it by default for all users. This feature is also known as Photo Tag Suggest. It enables the automatic scanning of faces on newly uploaded photos and matches these faces with new photos with Facebook users on existing photos. To the best of our knowledge, Facebook has never published any information about the technologies that this feature uses and, therefore, we have investigated the possible technologies used for a feature seen as this. Facebook’s facial recognition feature associates tags with the accounts of other Facebook users. This is most likely done by comparing different faces within their database and by also taking their social contexts into account. This paper also reviews privacy concerns relating to Facebook’s facial recognition features based on a research conducted amongst students using Facebook and also presents guidelines and suggestions for increasing privacy awareness.
Ad Hoc Networks, 2015
Please cite this article as: M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user a... more Please cite this article as: M.S. Farash, M. Turkanović, S. Kumari, M. Hölbl, An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment, Ad Hoc Networks (2015), doi: http://dx.doi.org/10.1016/j.adhoc.2015.05.014
2009 International Conference on Availability, Reliability and Security, 2009
Recently, Yoon and Yoo proposed a new authentication protocol based on a one-way hash function an... more Recently, Yoon and Yoo proposed a new authentication protocol based on a one-way hash function and Diffie-Hellman key exchange, which is based on the protocol by Wu-Chieu and Lee-Lin-Chang. They claim that their protocol is secure, but we show it is susceptible to password guessing if an adversary gains possession of the smart card. Additionally, we propose an improved protocol
In a supervised learning, the relationship between the available data and the performance (what i... more In a supervised learning, the relationship between the available data and the performance (what is learnt) is not well understood. How much data to use, or when to stop the learning process, are the key questions.
ABSTRACT Recently quantum computation and cryptography principles are exploited in the design of ... more ABSTRACT Recently quantum computation and cryptography principles are exploited in the design of security systems for wireless sensor networks (WSNs), which are consequently named as quantum WSN. Quantum cryptography is presumably secure against any eavesdropper and thus labeled as providing unconditional security. This paper tries to analyze the aspect of the applicative use of quantum principles in WSN. The outcome of the analysis elaborates a summary about the inadequacy of applicative use of quantum cryptography in WSN and presents an overview of all possible applicative challenges and problems while designing quantum-based security systems for WSN. Since WSNs are highly complex frameworks, with many restrictions and constraints, every security system has to be fully compatible and worthwhile. The aim of the paper was to contribute a verdict about this topic, backed up by equitable facts.
Wireless Personal Communications, 2013
ABSTRACT Xue et al. recently proposed an innovative mutual authentication and key agreement schem... more ABSTRACT Xue et al. recently proposed an innovative mutual authentication and key agreement scheme for wireless sensor networks based on temporal credential using smart cards. However, in this paper we demonstrate that their scheme is vulnerable to password guessing attacks, node capture attacks and denial-of-service attacks. Furthermore we show that their scheme has some inconsistencies which make it less secure and more computationally costly than originally presented.
Journal of Medical Internet Research, 2013
In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create s... more In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.
Journal of Medical Internet Research, 2013
Medical data are gold mines for deriving the knowledge that could change the course of a single p... more Medical data are gold mines for deriving the knowledge that could change the course of a single patient's life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confidentiality of medical data legal regulations, especially when the data analyst is not affiliated with the data owner. Our first objective was to analyze the privacy and confidentiality issues and the associated regulations pertaining to medical data, and to identify technologies to properly address these issues. Our second objective was to develop a procedure to protect medical data in such a way that the outsourced analyst would be capable of doing analyses on protected data and the results would be comparable, if not the same, as if they had been done on the original data. Specifically, our hypothesis was there would not be a difference between the outsourced decision trees built on encrypted data and the ones built on original data. Using formal definitions, we developed an algorithm to protect medical data for outsourced analyses. The algorithm was applied to publicly available datasets (N=30) from the medical and life sciences fields. The analyses were performed on the original and the protected datasets and the results of the analyses were compared. Bootstrapped paired t tests for 2 dependent samples were used to test whether the mean differences in size, number of leaves, and the accuracy of the original and the encrypted decision trees were significantly different. The decision trees built on encrypted data were virtually the same as those built on original data. Out of 30 datasets, 100% of the trees had identical accuracy. The size of a tree and the number of leaves was different only once (1/30, 3%, P=.19). The proposed algorithm encrypts a file with plain text medical data into an encrypted file with the data protected in such a way that external data analyses are still possible. The results show that the results of analyses on original and on protected data are identical or comparably similar. The approach addresses the privacy and confidentiality issues that arise with medical data and is adherent to strict legal rules in the United States and Europe regarding the processing of the medical data.
Electronics and Electrical Engineering, 2013
User authentication is an important issue in wireless sensor networks. Das et al. recently propos... more User authentication is an important issue in wireless sensor networks. Das et al. recently proposed a dynamic password-based user authentication scheme for hierarchical wireless sensor networks, which provides high security and a simple authentication approach. In this paper we present a flaw in Das et al.'s scheme that makes it infeasible for real-life implementation. Additionally, we demonstrate that Das et al.'s scheme has redundant elements. To overcome these imperfections we propose an enhanced user authentication scheme based on Das et al.'s, which is both efficient and secure.
Cryptologia, 2009
ABSTRACT In 2006, W. G. Shieh and F. M. Wang [Comput. Security 25, 72–77 (2006)] proposed an effi... more ABSTRACT In 2006, W. G. Shieh and F. M. Wang [Comput. Security 25, 72–77 (2006)] proposed an efficient remote mutual authentication and key agreement scheme which uses smart cards and requires only hash function operations. In this paper, we show that Shieh et al.’s scheme is vulnerable to guessing attacks, forgery attacks and key compromise attacks. To eliminate these weaknesses, an improvement of Shieh et al.’s scheme with increased security is proposed. The security and efficiency of the improved scheme raises the attractiveness for implementation.
Choosing complex sets of tools, usually called learning management systems (LMSs), for creating p... more Choosing complex sets of tools, usually called learning management systems (LMSs), for creating perfect blends of traditional classroom activities and the most appropriate e-learning course components has become a common practice. Our institutions have opted for open source LMS Moodle. After years of its application in everyday teaching practice we were inspired to analyse the effectiveness of this platform. In this paper, results of the surveys compiled in order to reflect the student and teacher experiences with Moodle are presented. Main focus is providing insights into opinions, expectations and possible reluctance regarding usability and privacy when using its functionalities Povzetek: V prispevku so predstavljene dolgoletne izkušnje in analize sistema Moodle.
Ad Hoc Networks, 2014
ABSTRACT The idea of the Internet of Things (IOT) notion is that everything within the global net... more ABSTRACT The idea of the Internet of Things (IOT) notion is that everything within the global network is accessible and interconnected. As such Wireless Sensor Networks (WSN) play a vital role in such an environment, since they cover a wide application field. Such interconnection can be seen from the aspect of a remote user who can access a single desired sensor node from the WSN without the necessity of firstly connecting with a gateway node (GWN). This paper focuses on such an environment and proposes a novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. The proposed scheme enables a remote user to securely negotiate a session key with a general sensor node, using a lightweight key agreement protocol. The proposed scheme ensures mutual authentication between the user, sensor node, and the gateway node (GWN), although the GWN is never contacted by the user. The proposed scheme has been adapted to the resource-constrained architecture of the WSN, thus it uses only simple hash and XOR computations. Our proposed scheme tackles these risks and the challenges posed by the IOT, by ensuring high security and performance features.
In recent years, social networking sites have spread rapidly, raising new issues in terms of priv... more In recent years, social networking sites have spread rapidly, raising new issues in terms of privacy and self-disclosure online. For a better understanding of how privacy issues determine self-disclosure, a model which includes privacy awareness, privacy social norms, privacy policy, privacy control, privacy value, privacy concerns and self-disclosure was built. A total of 661 respondents participated in an online survey and a structural equation modelling was used to evaluate the model. The findings indicated a significant relationship between privacy value/privacy concerns and self-disclosure, privacy awareness and privacy concerns/self-disclosure, privacy social norms and privacy value/self-disclosure, privacy policy and privacy value/privacy concerns/self-disclosure, privacy control and privacy value/privacy concerns. The model from the study should contribute new knowledge concerning privacy issues and their shaping of self-disclosure on social networking sites. It could also help networking sites service providers understand how to encourage users to disclose more information.