(0 Item)

Information Technology Security (ITS 2010)

Academic Conferences - Information Technology Security (ITS 2010)
Academic Conferences

By : Global Science & Technology Forum

Date : 2010

Location : Thailand / Phuket

PDF 48p
Description :

This conference focused on IT security. Why companies despite the budget cuts don't compromise it? How do you to keep the stability and security of the company software?

Keywords :

risk management, IT security governance, information security, Network security education, ,multimodal biometric authentication, Identification, RFID, Malware, Privacy, Authentication,Untraceability, Cloning, Rogue reader, Reader Protocol, Wireless Security IT security analysis, IT security proceedings, It security market trends

Keywords inside documents :

security ,signature ,system ,trust ,channel ,software ,wireless ,network ,authentication ,digital ,requirements ,reader ,students ,governance ,perception ,secrecy ,subject ,ecdsa ,networks ,secure

Product/ documentation details
Do you see or hear first: The case for perception simultaneity as a quality measure for...

Company Description : This paper discusses the phenomenon of perception simultaneity, and how it can be employed as aquality measure for multimodal biometric fusion. Traditional experiments for measuring perception simultaneity are extended for use in a multimodal biometric authentication setting, in order to elicit quality measures to enhance fusion decisions.

Product Type : Academic Conferences

Author : Various

PDF 5p

Languages : English

Despite budget cuts made across the board, many companies did not compromise on IT security.

 

This is because much of our daily life is dependent on computers. We check our emails and log onto social networking sites several times a day. For many industries, emailing is a common mode of communication and we often take for granted the stability and security of our software.

 

 

The proceedings includes the papers and presentations given at the conference.

 

1. IT Security Governance (ITSG) in Australian Context

Tanveer A Zia, School of Computing and Mathematics, Charles Sturt University, NSW, Australia

Zeeshan Ahmad, School of Computing and Mathematics, Charles Sturt University, NSW, Australia
 

Information Technology Security Governance (ITSG) provides organizations a roadmap to Information and Communication Technology (ICT) infrastructure protection with goals and objectives to design the security governance processes in align with national and international governance frameworks. Organizations in Australia are still at infancy stages of adopting IT governance processes. Organizations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This paper investigates IT securitygovernance specifically in Australian organizations. Theobjective is to bring the Australian organizations in alignmentwith international standards and frameworks in terms of integration of information security, IT audits, risks and controlmeasures. A survey of selected organizations is conducted and results are presented in this paper identifying the maturity level of IT security governance in Australian organizations against the well known Capability Maturity Model® (CMM).

 

2. Network Security: Contents, delivery and assessemnts of an undergraduate subject

Tanveer A Zia, School of Computing and Mathematics, Charles Sturt University, NSW, Australia

 

Network Security is one of the core subjects in Bachelor of Information Technology course offered at the Charles Sturt University. The subject covers aspects of information security relating to the wired and wireless networks. The weekly topics provide students detailed knowledge of cryptography, system threats and countermeasures, secure communication, network vulnerabilities and attacks, network defenses, virtual private networks, wireless and sensor networks security, access control and authentication, Internet Protocol (IP) security, vulnerability assessment and security audit, security policy and training. This paper provides the process of subject development, delivery, assessments, teaching critique, and provides results from online subject evaluation survey. The reflection on subject delivery is particularly important to determine if the subject has met its objectives. Results from the subject critique and student evaluation survey are presented and a reflection on how to improve the subject is provided.

 

3. Do you see or hear first: The case for perception simultaneity as a quality measure for multimodal biometric fusion

Chiung Ching Ho , Faculty of Information Technology , Multimedia University
Cyberjaya, Malaysia

C.Eswaran , Faculty of Information Technology , Multimedia University
Cyberjaya, Malaysia

 

This paper discusses the phenomenon of perception simultaneity, and how it can be employed as aquality measure for multimodal biometric fusion. Traditional experiments for measuring perception simultaneity are extended for use in a multimodal biometric authentication setting, in order to elicit quality measures to enhance fusion decisions.


4. A Proposed Implementation of Elliptic Curve Digital Signature Algorithm (ECDSA) in Global Smart Cards

T. Abdurahmonov, Faculty of Information Technology, Multimedia University, Jalan Multimedia, 63100 Cyberjaya, Selangor, Malaysia

Eng-Thiam Yeoh, Faculty of Information Technology, Multimedia University, Jalan Multimedia, 63100 Cyberjaya, Selangor, Malaysia

Helmi Mohamed Hussain, Faculty of Information Technology, Multimedia University, Jalan Multimedia, 63100 Cyberjaya, Selangor, Malaysia
 

This paper describes the ECDSA digital signaturewhich is based on ECC. Digital signature algorithms aredescribed based on RSA, DSA and ECDSA. Comparisons ofRSA and ECC digital signature generation and verificationare discussed to show the possible improvements using ECCmethods. Finally a system is proposed to implement digitalsignatures based on ECC with SHA2.

 

5. Mutual Authentication with Malware Protection for a RFID System

Biplob Ray, Graduate School of IT and Mathematical, Sciences, University of Ballarat, Ballarat, Victoria, Australia
Morshed U. Chowdhury, School of Information Technology, Deakin University, Melbourne, Victoria, Australia
Thao Pham, School of Information Technology, Deakin University, Melbourne Victoria,Australia

 

Radio  Frequency  Identification  (RFID)  system  is  a remote  identification  technology  which  is  taking  the  place  of barcodes  to  become  electronic  tags  of  an  object.  However,  its radio transmission nature  is  making  it  vulnerable  in  terms  of security.  Recently,  research  proposed  that  an  RFID  tag  can contain malicious  code which might  spread  viruses, worms  and other exploits to middleware and back-end systems. This paper is proposing  a  framework  which  will  provide  protection  from malware  and  ensure  the  data  privacy  of  a  tag. The  framework will use a sanitization technique with a mutual authentication  in the reader  level. This will ensure  that any malicious code  in  the tag  is  identified.  If  the  tag  is  infected  by malicious  code  it will stop  execution  of  the  code  in  the  RFID system.  Here  shared unique parameters are used for authentication. It will be capable of  protecting  an  RFID  system  from  denial  of  service  (DOS) attack,  forward  security  and  rogue  reader  better than  existing protocols.  The  framework  is  introducing  a  layer  concept  on  a smart  reader  to  reduce  coupling between  different  tasks. Using this framework, the RFID system will be protected from malware and also the privacy of the tag will be ensured.

 

6. Wireless Physical Layer Security: Challenges and Solutions

Yue Wu, School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China

Ping Yi, School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China

Jianhua Li, School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
 

The properties of broadcast nature, high densities of deployment and severe resource limitations of sensor and mobile networks make wireless networks more vulnerable to various attacks including modification of message, eavesdropping,network intrusion and malicious forwarding etc. Conventional cryptography based security may consume significant overhead for low power devices, so current research moves to wireless physical layer for security enhancement. This paper is mainly focused on challenges and solutions in wireless physical layer security. It first describes the RSSI and channel based wireless authentication respectively, then presents the overview of various secrecy capacity analysis of fading channel, MIMO channel andcooperative transmission; and then examines different misbehavior detection methods, finally it makes conclusions and gives our future works.

 

7. SECRET: Potential Vulnerability Discovery using Loophole Analysis

Curtis Busby-Earle, Department of Computing, The University of the West Indies, Mona, Jamaica

Ezra K. Mugisa, Department of Computing, the University of the West Indies
Mona, Jamaica


Within recent years software development processes have all but required the inclusion of expertise in methods that attempt to ensure the security of a system. In contemporary software development there are a number of such methods. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge thatis usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only are quirements specification document, can lead to potential security flaws in a proposed system.The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis.We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery ofpotential vulnerabilitites that exist in proposed systems andthat the SECREt can be successfully incorporated into the requirements engineering process.

 

8. Secure Mobile Ad-Hoc Network (MANET) Using Trust Feature In Friendship Mechanism

M.T Hatim, College of Arts and Sciences, Universiti Utara Malaysia,06010 UUM Sintok, Kedah, MALAYSIA

M.D Zulkhairi, College of Arts and Sciences, Universiti Utara Malaysia,06010 UUM Sintok, Kedah, MALAYSIA

P. Nurnasran, College of Arts and Sciences, Universiti Utara Malaysia,06010 UUM Sintok, Kedah, MALAYSIA

H.M.Zabidi, College of Arts and Sciences, Universiti Utara Malaysia,06010 UUM Sintok, Kedah, MALAYSIA

O. Azliza,College of Arts and Sciences, Universiti Utara Malaysia,06010 UUM
Sintok, Kedah, MALAYSIA

Abas Md Said, Computer & Information Sciences Department, Universiti Teknologi PETRONAS

 

Mobile ad hoc network comprises autonomous and anonymous node roaming freely without centralize controller to determine the communication path. Each nodes can function as arouter by itself. They rely on each other in forwarding packets. Communication among nodes exist without the need of a supporting fixed router or access point. Specific feature of MANET such as transmission range,shared resources of wireless devices, resource consumptions, false alarms, the mobility of nodes, and the resistance of IDS may cause security and efficiency issues. MANET are not immune with false accusation and false alarms cause by blackmail attacker and other potential attackers that can target the operational of a routing protocol in an ad hoc network. In this paper, we propose a security enhancement for the friendship mechanism used to speed up the malicious no dedetection by implementing trust features base on relationship among the nodes which make them to cooperate in an ad hoc environment. We calculate the trust values to determine the relationship status of nodes through simulation experiment using NS-2 tool.

 

9. In secure SDLC we trust

Mohamed Saifulamri Omar, School Of Information and Communication Technology, Republic Polytechnic, Singapore

 

Software applications are in abundance. Everydomain of the human society is dependent onsoftware applications and systems. Therefore, security vulnerability in software can be costly to both individuals and companies alike. It can cause significant damages in the form of financial and reputational loss. Gartner reports that 95% of all reported vulnerabilities are in software. Therefore, it is imperative that software development process incorporates security right from the beginning and not as an after thought. Hence, secure softwaredevelopment lifecycle (SDLC) is touted, in many literatures, as the way to go. However, more often than not, literatures on secure SDLC focus only oncode and system security. This paper contends thatsecure SDLC should envisage a holistic view on security with the intent to develop a trusted application rather than a secured application.

IT Security Governance (ITSG) in Australian Context

Company Description : Information Technology Security Governance (ITSG) provides organizations a roadmap to Information and Communication Technology (ICT) infrastructure protection with goals and objectives to design the security governance processes in align with national and international governance frameworks. Organizations in Australia are still at infancy stages of adopting IT governance processes. Organizations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This paper investigates IT securitygovernance specifically in Australian organizations. Theobjective is to bring the Australian organizations in alignmentwith international standards and frameworks in terms of integration of information security, IT audits, risks and controlmeasures. A survey of selected organizations is conducted and results are presented in this paper identifying the maturity level of IT security governance in Australian organizations against the well known Capability Maturity Model® (CMM).

Product Type : Academic Conferences

Author : Various

PDF 5p

Languages : English

Network Security: Contents, delivery and assessemnts of an undergraduate subject

Company Description : Network Security is one of the core subjects in Bachelor of Information Technology course offered at the Charles Sturt University. The subject covers aspects of information security relating to the wired and wireless networks. The weekly topics provide students detailed knowledge of cryptography, system threats and countermeasures, secure communication, network vulnerabilities and attacks, network defenses, virtual private networks, wireless and sensor networks security, access control and authentication, Internet Protocol (IP) security, vulnerability assessment and security audit, security policy and training. This paper provides the process of subject development, delivery, assessments, teaching critique, and provides results from online subject evaluation survey. The reflection on subject delivery is particularly important to determine if the subject has met its objectives. Results from the subject critique and student evaluation survey are presented and a reflection on how to improve the subject is provided.

Product Type : Academic Conferences

Author : Tanveer A Zia

PDF 4p

Languages : English

Do you see or hear first: The case for perception simultaneity as a quality measure for...

Company Description : This paper discusses the phenomenon of perception simultaneity, and how it can be employed as aquality measure for multimodal biometric fusion. Traditional experiments for measuring perception simultaneity are extended for use in a multimodal biometric authentication setting, in order to elicit quality measures to enhance fusion decisions.

Product Type : Academic Conferences

Author : Various

PDF 5p

Languages : English

A Proposed Implementation of Elliptic Curve Digital Signature Algorithm (ECDSA) in Global Smart

Company Description : This paper describes the ECDSA digital signaturewhich is based on ECC. Digital signature algorithms aredescribed based on RSA, DSA and ECDSA. Comparisons ofRSA and ECC digital signature generation and verificationare discussed to show the possible improvements using ECCmethods. Finally a system is proposed to implement digitalsignatures based on ECC with SHA2.

Product Type : Academic Conferences

Author : Various

PDF 4p

Languages : English

Mutual Authentication with Malware Protection for a RFID System

Company Description : Radio Frequency Identification (RFID) system is a remote identification technology which is taking the place of barcodes to become electronic tags of an object. However, its radio transmission nature is making it vulnerable in terms of security. Recently, research proposed that an RFID tag can contain malicious code which might spread viruses, worms and other exploits to middleware and back-end systems. This paper is proposing a framework which will provide protection from malware and ensure the data privacy of a tag. The framework will use a sanitization technique with a mutual authentication in the reader level. This will ensure that any malicious code in the tag is identified. If the tag is infected by malicious code it will stop execution of the code in the RFID system. Here shared unique parameters are used for authentication. It will be capable of protecting an RFID system from denial of service (DOS) attack, forward security and rogue reader better than existing protocols. The framework is introducing a layer concept on a smart reader to reduce coupling between different tasks. Using this framework, the RFID system will be protected from malware and also the privacy of the tag will be ensured.

Product Type : Academic Conferences

Author : Various

PDF 6p

Languages : English

Wireless Physical Layer Security: Challenges and Solutions

Company Description : The properties of broadcast nature, high densities of deployment and severe resource limitations of sensor and mobile networks make wireless networks more vulnerable to various attacks including modification of message, eavesdropping,network intrusion and malicious forwarding etc. Conventional cryptography based security may consume significant overhead for low power devices, so current research moves to wireless physical layer for security enhancement. This paper is mainly focused on challenges and solutions in wireless physical layer security. It first describes the RSSI and channel based wireless authentication respectively, then presents the overview of various secrecy capacity analysis of fading channel, MIMO channel andcooperative transmission; and then examines different misbehavior detection methods, finally it makes conclusions and gives our future works.

Product Type : Academic Conferences

Author : Various

PDF 6p

Languages : English

SECRET: Potential Vulnerability Discovery using Loophole Analysis

Company Description : Within recent years software development processes have all but required the inclusion of expertise in methods that attempt to ensure the security of a system. In contemporary software development there are a number of such methods. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge thatis usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only are quirements specification document, can lead to potential security flaws in a proposed system.The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis.We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery ofpotential vulnerabilitites that exist in proposed systems andthat the SECREt can be successfully incorporated into the requirements engineering process.

Product Type : Academic Conferences

Author : Various

PDF 8p

Languages : English

Secure Mobile Ad-Hoc Network (MANET) Using Trust Feature In Friendship Mechanism

Company Description : Mobile ad hoc network comprises autonomous and anonymous node roaming freely without centralize controller to determine the communication path. Each nodes can function as arouter by itself. They rely on each other in forwarding packets. Communication among nodes exist without the need of a supporting fixed router or access point. Specific feature of MANET such as transmission range,shared resources of wireless devices, resource consumptions, false alarms, the mobility of nodes, and the resistance of IDS may cause security and efficiency issues. MANET are not immune with false accusation and false alarms cause by blackmail attacker and other potential attackers that can target the operational of a routing protocol in an ad hoc network. In this paper, we propose a security enhancement for the friendship mechanism used to speed up the malicious no dedetection by implementing trust features base on relationship among the nodes which make them to cooperate in an ad hoc environment. We calculate the trust values to determine the relationship status of nodes through simulation experiment using NS-2 tool.

Product Type : Academic Conferences

Author : Various

PDF 5p

Languages : English

In secure SDLC we trust

Company Description : Software applications are in abundance. Everydomain of the human society is dependent onsoftware applications and systems. Therefore, security vulnerability in software can be costly to both individuals and companies alike. It can cause significant damages in the form of financial and reputational loss. Gartner reports that 95% of all reported vulnerabilities are in software. Therefore, it is imperative that software development process incorporates security right from the beginning and not as an after thought. Hence, secure softwaredevelopment lifecycle (SDLC) is touted, in many literatures, as the way to go. However, more often than not, literatures on secure SDLC focus only oncode and system security. This paper contends thatsecure SDLC should envisage a holistic view on security with the intent to develop a trusted application rather than a secured application.

Product Type : Academic Conferences

Author : Various

PDF 5p

Languages : English

Organizer : Global Science & Technology Forum

GSTF provides a global intellectual platform for top notch academics and industry professionals to actively interact and share their groundbreaking research achievements. GSTF is dedicated to promoting research and development and offers an inter-disciplinary intellectual platform for leading scientists, researchers, academics and industry professionals across Asia Pacific to actively consult, network and collaborate with their counterparts across the globe.