Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption

Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.

A strong provably secure IBE scheme without bilinear map

Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an encryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. According to the Menezes-Okamoto-Vanstone (MOV) reduction theory, the IBE scheme based on bilinear map loses the high efficiency of elliptic curve because of the requirement of large security parameters. Therefore, it is important to build a provably secure IBE scheme without bilinear map. To this end, this paper proposes an improved IBE scheme that is different from the previous schemes because this new scheme does not use symmetric encryption algorithm. Furthermore, it can be proven to be secure against adaptively chosen identity and chosen plaintext attacks in the standard model. Elaborated security and performance analysis demonstrate that this new scheme outperforms the previous ones in terms of the time complexity for encryption and decryption.

Development of organizational internet security policy: a holistic approach

This chapter describes a general framework for developing organizational internet security policy. A model of internet security risks for an internet user organization is proposed. The framework utilizes this model, as well as a holistic approach, to develop the organization's internet security policy. A hierarchy of sub-policies for the internet security policy is also suggested. This chapter presents findings from part of a wider investigation into internet security policy.

Security authentication for on-line internet banking

The advent of Internet Banking has shown the importance of effective method of authenticating a users in a remote environment. There are many different countenances to contemplate when examining Internet based security. One of the most tried and trusted techniques of protecting the safety of systems and data is to control people's access. The foundation for such measures is authentication. Specifically for Internet banking there is a real need for a way to uniquely identify and authenticate users without the possibility of their authenticity being cloned. This paper proposes a framework concerning how to identify security requirements for Internet Banking.

A risk analysis model to reduce computer security risks among healthcare organizations

The paper describes the on-going development of a new computer-based security risk analysis methodology that may be used to determine the computer security requirements of medical computer systems. The methodology has been developed for use within healthcare, with particular emphasis placed upon protecting medical information systems. The paper goes on to describe some of the problems with existing automated risk analysis systems, and how the ODESSA system may overcome the majority of these problems. Examples of security scenarios are also presented.

A security evaluation criteria

Computer security is now recognised as an important consideration in modern business, with a variety of guidelines and standards currently available to enable different business environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. New baseline security methods such as Australian and New Zealand Standard (AS/NZS) 4444 and British Standard (BS) 7799 represent minimal standards which organisations can use to improve their security. The aim of the paper is to look at the effectiveness of baseline security standards through the use of an evaluation criteria, which assesses their effectiveness.

Security practice: survey evidence from three countries

Computer security is becoming a global problem. Recent surveys show that there increased concern about security risks such as hackers. There is also an increase in the growth of Internet access around the world. This growth of the Internet has resulted in the development of new businesses such as e-commerce and with the new businesses come new associated security risks such as on-line fraud and hacking. Is it fair to assume the security practices are the same all over the world? The paper tries to look at security practices from a number of different countries perspective and tries to show that security practices are not generic and vary from country to country.

Counter-terrorism and (in)security : Fallout from the Bali bombing

In the wake of the Bali bombing the Australian government has proposed a number of national security measures that pose a real danger to human security in Australia and the region. These measures include renewed and increased military and intelligence exchanges with Indonesia, and laws that allow the Australian Security Intelligence Organization (ASIO) to detain people without charge or even suspicion in order to gather intelligence. In less emotional times these initiatives would be rejected as contrary to human rights concerns and Australia’s democratic traditions, which include the rule of law and due process protections. In the current climate, however, human rights and civil liberties are apt to be portrayed as unaffordable luxuries.