Information Assurance and Security Research Papers (original) (raw)

The destruction due to computer security incidents warns organizations to adopt security measures. In addition to technological measures, individual’s information security awareness is also necessary. Different psychological theories have... more

The destruction due to computer security incidents warns organizations to adopt security measures. In addition to technological measures, individual’s information security awareness is also necessary. Different psychological theories have been proposed to make an effective information security awareness campaign. These information security awareness campaigns are limited in their ability in raising awareness of the participants of the campaign. Although much research has been done in the area of information security awareness, however, this paper considers the applications of healthcare awareness and environmental awareness strategies to make an effective information security awareness campaign. In this paper, we study some of the useful research work conducted in the healthcare and environmental safety awareness domains. These researches have been carried out by well-known researchers in the field of psychology. Finally, we apply these healthcare and environmental awareness best practices to propose an effective information security awareness campaign.

The purpose of this paper is to identify the threats that exist in Healthcare Information Systems (HIS). The study has been carried out in three different departments namely, Information Technology Department (ITD), Medical Record... more

The purpose of this paper is to identify the threats that exist in Healthcare Information Systems (HIS). The study has been carried out in three different departments namely, Information Technology Department (ITD), Medical Record Department (MRD) and X-Ray Department in one of the leading government supported hospital in Malaysia. The hospital was equipped with Total Hospital Information System (THIS) environment. The data were collected using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The result shows the most critical threat for the THIS is the power failure. In addition, acts of human error or failure threat also show high frequency of occurrence. The contribution of the paper will be categorization of threats in HIS and can be used to design and implement effective security systems and policies in healthcare setting.

Information Security and Assurance materials

Nowadays, an Electronic Examination Online (e-Exam) has become one of alternative for examination platform in education and teaching domain. However, security is still lacking in the implementation of e-Exam such as the reliability of the... more

Nowadays, an Electronic Examination Online (e-Exam) has become one of alternative for examination platform in education and teaching domain. However, security is still lacking in the implementation of e-Exam such as the reliability of the examination questions or modules, free e-Exam fraud, unauthorized question answers making the e-Exam system fail. In the e-Exam platform in some university in Nigeria, this research found that the platform is using a combination of fingerprint biometric authentication and dynamic encryption techniques. Even though, the technologies used are found quite advanced, but to ensure that the candidates who answer the e-Exam are the right person is difficult and challenging. In this research, the new approach of using facial recognition is introduced as an enhanced verification for e-Exam's candidates. Early warning will be produced to inform any suspicious movement through the system. It generates web Application Programming Interface (API) authentication, image, and video with feature extraction matching action. The proposed technique has been presented to experts in addition to 29 students as respondent and to study the effect and the benefit of such system in e-Exam environment.

12 th International Conference on Computer Science, Engineering and Applications (ICCSEA 2022) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of computer science,... more

12 th International Conference on Computer Science, Engineering and Applications (ICCSEA 2022) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of computer science, engineering and applications. The conference looks for significant contributions to all major fields of the computer science and information technology in theoretical and practical aspects. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field. Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the following areas, but are not limited to.

A new feature of services in Nagios has been added to the existing system which has no such services. The bandwidth monitoring and notification system are configured for alerting the network administrators when the bandwidth of the... more

A new feature of services in Nagios has been added to the existing system which has no such services. The bandwidth monitoring and notification system are configured for alerting the network administrators when the bandwidth of the network in an organization hits a certain threshold settings. The system sent an email alert and sms notification to the network administrator for taking further action in order to maintain the Quality of Service (QoS) in the network. All the logs file of the Nagios actions is saved in the Nagios File Logs. The analysis was conducted from the case study and problem statements. Network Development Life Cycle (NDLC) was chosen as a methodology for implementing this system in the network. Nagios is installed inside Ubuntu 10 Operating System along with Multi-Router Traffic Grapher (MRTG) and Mail Postfix. MRTG and Mail Postfix were configured to be integrated with the Nagios System. On the client side, NSClient++ has been installed, for monitoring the bandwidth and performance of windows based on operating system. The Nagios services have been improved with the implementation of sms and emails notifications since the existing services have no such utilities. With the implementation of these services to Nagios, the performance could be even better for the future.

This research paper aims at comparing two multi-core processors machines, the Intel core i7-4960X processor (Ivy Bridge E) and the AMD Phenom II X6. It starts by introducing a single-core processor machine to motivate the need for... more

This research paper aims at comparing two multi-core processors machines, the Intel core i7-4960X processor (Ivy Bridge E) and the AMD Phenom II X6. It starts by introducing a single-core processor machine to motivate the need for multi-core processors. Then, it explains the multi-core processor machine and the issues that rises in implementing them. It also provides a real life example machines such as TILEPro64 and Epiphany-IV 64-core 28nm Microprocessor (E64G401). The methodology that was used in comparing the Intel core i7 and AMD phenom II processors starts by explaining how processors' performance are measured, then by listing the most important and relevant technical specification to the comparison. After that, running the comparison by using different metrics such as power, the use of Hyper-Threading technology, the operating frequency, the use of AES encryption and decryption, and the different characteristics of cache memory such as the size, classification, and its memory controller. Finally, reaching to a roughly decision about which one of them has a better over all performance.

Cyber defense competitions (CDCs) simulate a real-world environment, where the competitors must protect the information assets of a fictional organization. These competitions are becoming popular at the high school and college levels, as... more

Cyber defense competitions (CDCs) simulate a real-world environment, where the competitors must protect the information assets of a fictional organization. These competitions are becoming popular at the high school and college levels, as well as in industry and governmental settings. However, there is little research to date on the learning outcomes associated with CDCs or the long-term benefits to the participants as they pursue future educational, employment or military goals. For this exploratory research project, we surveyed 11 judges and mentors participating in a well-established high school CDC held in the southeastern United States. Then we developed a set of recommended learning outcomes for CDCs, based on importance of the topic and participant preparedness for future information-security related endeavors. While most previous research has focused on technology issues, we analyzed technological, human, and social topics, to develop a comprehensive set of recommendations for future CDCs.

e-Exam is an electronic resource platform for students to take examinations through online. Since, the process of taking the exams are executed through internet, therefore security consideration become vital in e-Exam. Due to lack of... more

e-Exam is an electronic resource platform for students to take examinations through online. Since, the process of taking the exams are executed through internet, therefore security consideration become vital in e-Exam. Due to lack of trust, unsecured platform and cheating trial which are commonly happen in e-Exam assessments; hence it makes many e-Exam turns unsuccessful. By taking Nigeria universities as our case study, this research found that a numbers of e-Exam schemes in the country use a combination of fingerprint biometric authentication and cryptography dynamic approaches. These can guarantee that the e-Exam's candidate is the right person in a duration taking the exam without a need of any proctor. However, we believe that in taking e-Exam process, the psychological distress of student should also be taking into consideration in the assessment. By integrating those factors, we believe the e-Exam can be more successful and reliable. As the case study of this research, a total of 18 lecturers in Nigeria universities have been used as samples of our motivation.

This paper presents the design and analysis of an area efficient Blue Midnight Wish compression function with digest size of 256 bits (BMW-256) on FPGA platforms. The proposed architecture achieves significant improvements in system... more

This paper presents the design and analysis of an area efficient Blue Midnight Wish compression function with digest size of 256 bits (BMW-256) on FPGA platforms. The proposed architecture achieves significant improvements in system throughput with reduced area. We demonstrate the performance of the proposed BMW hash function core using VIRTEX 5 FPGA implementation. The new BMW hash function design allows for 16X speed up in performance while consuming significantly lower area than previously reported (i.e. just 445 slices).

Wireless Sensor Networks (WSN) security issues are getting more attention by researchers due to deployment circumstances. They are usually deployed in unattended and harsh environments that make them susceptible for many kinds of attacks.... more

Wireless Sensor Networks (WSN) security issues are getting more attention by researchers due to deployment circumstances. They are usually deployed in unattended and harsh environments that make them susceptible for many kinds of attacks. Different security mechanisms have been proposed for WSN. Detection-based mechanisms are considered to be the second defense line against attacks when the traditional prevention based mechanisms failed to detect them. Different intrusion detection schemes have been introduced (e.g. rule based, statistical based...etc). Rule-based intrusion detection schemes are considered to be the fast and simple schemes that are suitable for the demand of WSN. However, these schemes are more specific to some kinds of attacks and cannot be generalized. In addition, these schemes cannot detect the unknown attacks that are not included in their rule base. In this paper, we highlight the limitations of the state-of-the-art rule based intrusion detection schemes and then introduce a novel framework based on rule based scheme that is able to overcome these limitations.

The aim of this paper is to present a theoretical approach of the stray flux analysis in a three-phase squirrel-cage induction machine for stator and rotor electrical faults detection. Initially, the stray flux is analyzed in a point... more

The aim of this paper is to present a theoretical approach of the stray flux analysis in a three-phase squirrel-cage induction machine for stator and rotor electrical faults detection. Initially, the stray flux is analyzed in a point outside the machine using the Biot-Savart law, taking into account the effect of the end-windings for the stator and the end-ring segments

International Conference on Computing and Information Technology (COIT 2021) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Computer Science and Information... more

International Conference on Computing and Information Technology (COIT 2021) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Computer Science and Information Technology. The Conference looks for significant contributions to all major fields of the Computer Science and Information Technology in theoretical and practical aspects. The aim of the conference is to provide a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.

Abstract: This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher... more

Abstract: This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well. Keywords: data hiding, substitution techniques, audio ...