Cyber attacks against supply chain management systems: A short note

Supply chain management (SCM) is increasingly dependent on electronic systems. At the same time, the vulnerability of these systems to attack from malicious individuals or groups is growing. This paper examines some of the forms such attacks can take, and their relevance to the supply function. Provides examples of attacks. Concludes that companies should consider the security aspects of electronic commerce before developing their systems. © MCB University Press.

Cryptographic public key length prediction

In the late 1900s, suitable key lengths were determined by cryptographers who considered four main features based on implementation, expected lifespan and associated security. By 2010, recommendations are aimed at governmental and commercial institutions, which take into consideration practical implementations that provide data security. By aggregating the key length predictive data since 1985, we notice that while the figures proposed between 1990 and 2010 increase linearly, those proposed for 2010 to 2050 do not. This motivates us to re-think the factors used as a basis for key length predictions and we initiate this re-evaluation in this paper. Focusing first on implementation, we clarify the meaning of Moore’s Law by going back to his original papers and commentary. We then focus on the period 2010-2015, when non-linearity appears, and test Moore’s Law based on three different hardware platforms. Our conclusion is that current assumptions about Moore’s law are still reasonable and that non-linearity is likely to be caused by other factors which we will investigate in future work.

Active engagement with stigmatised communities through digital ethnography

Conducting research in the rapidly evolving fields constituting the digital social sciences raises challenging ethical and technical issues, especially when the subject matter includes activities of stigmatised populations. Our study of a dark-web drug-use community provides a case example of ‘how to’ conduct studies in digital environments where sensitive and illicit activities are discussed. In this paper we present the workflow from our digital ethnography and consider the consequences of particular choices of action upon knowledge production. Key considerations that our workflow responded to include adapting to volatile field-sites, researcher safety in digital environments, data security and encryption, and ethical-legal challenges. We anticipate that this workflow may assist other researchers to emulate, test and adapt our approach to the diverse range of illicit studies online. In this paper we argue that active engagement with stigmatised communities through multi-sited digital ethnography can complement and augment the findings of digital trace analyses.

Conducting event studies with Asia-Pacific security market data

We investigate the effectiveness of several well-known parametric and non-parametric event study test statistics with security price data from the major Asia-Pacific security markets. Extensive Monte Carlo simulation experiments with actual daily security returns data reveal that the parametric test statistics are prone to misspecification with Asia-Pacific returns data. Two non-parametric tests, a rank test [Corrado and Zivney (Corrado, C.J., Zivney, T.L., 1992, The specification and power of the sign test in event study hypothesis tests using daily stock returns, Journal of Financial and Quantitative Analysis 27(3), 465-478)] and a sign test [Cowan (Cowan, A.R., 1992, Non-parametric event study tests, Review of Quantitative Finance and Accounting 1(4), 343–358)] were the best performers overall with market model excess returns computed using an equal weight index.

Management framework for corporate telecommunication and data centre information security

Network security, particularly Internet security, is at the forefront of business and government networks. This research has discovered weaknesses in current professional practice, particularly in mitigation strategies to reduce the impacts of security violations in corporate telecommunications and data centres. The importance of integrating security policies, processes and operational practice is demonstrated. Leadership models and innovation mechanisms best suited to improved security design are also identified.

Large iterative multitier ensemble classifiers for security of big data

This paper introduces and investigates large iterative multitier ensemble (LIME) classifiers specifically tailored for big data. These classifiers are very large, but are quite easy to generate and use. They can be so large that it makes sense to use them only for big data. They are generated automatically as a result of several iterations in applying ensemble meta classifiers. They incorporate diverse ensemble meta classifiers into several tiers simultaneously and combine them into one automatically generated iterative system so that many ensemble meta classifiers function as integral parts of other ensemble meta classifiers at higher tiers. In this paper, we carry out a comprehensive investigation of the performance of LIME classifiers for a problem concerning security of big data. Our experiments compare LIME classifiers with various base classifiers and standard ordinary ensemble meta classifiers. The results obtained demonstrate that LIME classifiers can significantly increase the accuracy of classifications. LIME classifiers performed better than the base classifiers and standard ensemble meta classifiers.

Cost-effective authentic and anonymous data sharing with forward security

Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to re-authenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.

Big data storage security

The demand for data storage and processing is increasing at a rapid speed in the big data era. The management of such tremendous volume of data is a critical challenge to the data storage systems. Firstly, since 60% of the stored data is claimed to be redundant, data deduplication technology becomes an attractive solution to save storage space and traffic in a big data environment. Secondly, the security issues, such as confidentiality, integrity and privacy of the big data should also be considered for big data storage. To address these problems, convergent encryption is widely used to secure data deduplication for big data storage. Nonetheless, there still exist some other security issues, such as proof of ownership, key management and so on. In this chapter, we first introduce some major cyber attacks for big data storage. Then, we describe the existing fundamental security techniques, whose integration is essential for preventing data from existing and future security attacks. By discussing some interesting open problems, we finally expect to trigger more research efforts in this new research field.

Security authentication for on-line internet banking

The advent of Internet Banking has shown the importance of effective method of authenticating a users in a remote environment. There are many different countenances to contemplate when examining Internet based security. One of the most tried and trusted techniques of protecting the safety of systems and data is to control people's access. The foundation for such measures is authentication. Specifically for Internet banking there is a real need for a way to uniquely identify and authenticate users without the possibility of their authenticity being cloned. This paper proposes a framework concerning how to identify security requirements for Internet Banking.

Data protection and privacy: the Australian legislation and its implications for IT professionals

The notion of privacy takes on a completely different meaning when viewed from the perspective of an IT professional, an organisation using technology to support strategic directions or a member of the public. This paper looks past the technical issues involved in data protection and examines some of the business, social and regulatory aspects that have become important to those involved in the management, storage and dissemination of electronic information. The paper documents some of the legislative developments in privacy and data protection and examines what these developments mean for IT professionals for whom the link between data captured, stored and processed into information and the resulting effect on privacy is important. The Commonwealth Privacy Act 1988 based on work done by the Council of Europe, the OECD and the European Union provides some general guidelines but only for the public sector. However, new legislation imminent. Thus, IT professionals need to be aware of the changing situation and examine their organisation’s current practices to ensure compliance with future laws.