The Mutuality of Challenges Facing Human Rights and Human Security: A New Framework of Analysis

Read  full  paper  at:http://www.scirp.org/journal/PaperInformation.aspx?PaperID=53809#.VNR3jSzQrzE

The interrelationship between Human Rights and “related fields” such as Human Security, Development, Democracy and Good Governance was emphasised at the United Nations Millennium Summit, which resulted in a declaration that affirmed global commitments to the protection of the vulnerable, the alleviation of poverty, and the rectification of corrupt structures and processes— particularly in those countries in which there is a lack of “rule of law” and good governance. The world’s leaders resolved to spare no effort to promote democracy and strengthen the rule of law, as well as respect for all internationally recognized human rights and fundamental freedoms, including the right to Human Security. This paper intends to analytically discuss Human Rights and Human Security with a focus on the interrelationship between human rights and concepts such as the right to development, conflict prevention, peace-making and peace-building, poverty reduction and good govcernance.

Cite this paper

Ome, E. and Casimir, A. (2015) The Mutuality of Challenges Facing Human Rights and Human Security: A New Framework of Analysis. Open Journal of Political Science, 5, 68-75. doi: 10.4236/ojps.2015.52007.

References

[1] Alston, P. (1999). Promoting Human Rights through Bills of Rights. Oxford: Oxford University Press, 62.
[2] Alston, P., & Crawford, J. (2002). The Future of UN Human Rights Treaty Monitoring. Cambridge: Cambridge University Press, 43.
[3] Brems, E. (2009). Human Rights: Minimum and Maximum Perspectives. Human Rights Law Review.
[4] Buchanan, A. (2010). Human Rights, Legitimacy, and the Use of Force. Oxford: Oxford University Press.
[5] Cranston, M. (1973). What Are Human Rights? London: Bodley Head.
[6] Durham, H. (2004). We the People: The Position of NGOs in Gathering Evidence and Giving Witness in International Criminal Trials. In R. Thakur, & P. Malcontent (Eds.), From Sovereign Impunity to International Accountability. New York: United Nations University Press.
[7] Gewirth, A. (1982). Human Rights. Chicago: University of Chicago Press.
[8] Hayden, P. (2002). The Philosophy of Human Rights. St. Paul, MN: Paragon Press.
[9] Henkin, N. et al. (2001). Human Rights. New York: Foundation Press.
[10] Katayanagi (2002). Human Rights Functions of United Nations Peacekeeping Operations. The Hague: Kluwer.
[11] Pogge (2002). World Poverty and Human Rights: Cosmopolitan Responsibilities and Reforms. Cambridge: Polity Press.
[12] Sen, A. (2000). Development as Freedom. Anchor.
[13] United Nations (2000). Report of the Panel on United Nations Peace Operations. United Nations Document A/55/305.
[14] United Nations (2002). Strengthening of the United Nations: An Agenda for Further Change. United Nations Document A/57/387.                                   eww150206lx

Conventional and Improved Digital Signature Scheme: A Comparative Study

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=53456#.VMW11CzQrzE

ABSTRACT

Due to the rapid growth of online transactions on the Internet, authentication, non-repudiation and integrity are very essential security requirements for a secure transaction. To achieve these security goals, digital signature is the most efficient cryptographic primitive. Many authors have proposed this scheme and prove their security and evaluate the efficiency. In our paper, we present comprehensive study of conventional digital signature schemes based on RSA, DSA and ECDSA (Elliptic Curve Digital Signature Algorithm) and the improved version of these scheme.

Cite this paper

Alrehily, A. , Alotaibi, A. , Almutairy, S. , Alqhtani, M. and Kar, J. (2015) Conventional and Improved Digital Signature Scheme: A Comparative Study. Journal of Information Security, 6, 59-67. doi: 10.4236/jis.2015.61007.

References

[1] Roy, A. and Karforma, S. (2012) A Survey on Digital Signatures and Its Applications. Journal of Computer and Information Technology, 3, 45-69.
[2] Pallipamu, V., Reddy T.K. and Varma, S.P. (2014) A Survey on Digital Signatures. International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), 3, 7243-7246.
[3] Lin, I.C. and Chang, C.C. (2007) Security Enhancement for Digital Signature Schemes with Fault Tolerance in RSA. Information Sciences, 177, 4031-4039. http://dx.doi.org/10.1016/j.ins.2007.03.035
[4] Kar, J. (2012) Provably Secure Identity-Based Aggregate Signature Scheme. IEEE International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC 2012), Cyber Security and Privacy, Sanya, 10-12 October 2012, 137-142.
[5] Lin, I.C. and Wang, H.L. (2010) An Improved Digital Signature Scheme with Fault Tolerance in RSA. 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Darmstadt, 15-17 October 2010, 9-12.
[6] Xue, H. (2010) Improving the Fault-Tolerant Scheme Based on the RSA System. International Symposium on Computational Intelligence and Design, Hangzhou, 29-31 October 2010, 31-33.
[7] Hairong, Z., Rong, L., Lingl, L. and Ying, D. (2013) Improved Speed Digital Signature Algorithm Based on Modular Inverse. International Conference on Measurement, Information and Control, Harbin, 16-18 August 2013, 706-710.
[8] Han, G., Ma, C. and Cheng, Q. (2010) A Generalization of DSA Based on the Conjugacy Search Problem. International Workshop on Education Technology and Computer Science, 3, 348-351.
[9] Kar, J. (2014) Provably Secure Online/Off-line Identity-Based Signature Scheme for Wireless Sensor Network. International Journal of Network Security, 16, 26-36.
[10] Junru, H. (2011) The Improved Elliptic Curve Digital Signature Algorithm. International Conference on Electronic & Mechanical Engineering and Information Technology, Harbin, 12-14 August 2011, 257-259.
[11] Li, H., Zhang, R., Yi, J. and Lv, H. (2013) A Novel Algorithm for Scalar Multiplication in ECDSA. 5th International Conference on Computational and Information Sciences, Shiyang, 21-23 June 2013, 943-946.
[12] Lamba, S. and Sharma, M. (2013) An Efficient Elliptic Curve Digital Signature Algorithm (ECDSA). International Conference on Machine Intelligence Research and Advancement, Katra, 21-23 December 2013, 179-183. http://dx.doi.org/10.1109/ICMIRA.2013.41
[13] Kar, J. (2014) Authenticated Multiple-Key Establishment Protocol for Wireless Sensor Networks. In: Case Studies in Secure Computing Achievements and Trends, CRC Press, Taylor and Francis, New York, Chapter-04, 67-88.
[14] Kar, J. (2014) A Novel Construction of Certificateless Signcryption Scheme for Smart Card. In: Case Studies in Secure Computing Achievements and Trends, CRC Press, Taylor and Francis, New York, Chapter-22, 437-456.
[15] Si, H., Cai, Y. and Cheng, Z. (2010) An improved RSA signature algorithm based on complex numeric operation function. International Conference on Challenges in Environmental Science and Computer Engineering, Wuhan, 6-7 March 2010, 397-400.                                                                                       eww150126lx

Symmetric-Key Based Homomorphic Primitives for End-to-End Secure Data Aggregation in Wireless Sensor Networks

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52983#.VK8z8snQrzE

ABSTRACT

In wireless sensor networks, secure data aggregation protocols target the two major objectives, namely, security and en route aggregation. Although en route aggregation of reverse multi-cast traffic improves energy efficiency, it becomes a hindrance to end-to-end security. Concealed data aggregation protocols aim to preserve the end-to-end privacy of sensor readings while performing en route aggregation. However, the use of inherently malleable privacy homomorphism makes these protocols vulnerable to active attackers. In this paper, we propose an integrity and privacy preserving end-to-end secure data aggregation protocol. We use symmetric key-based homomorphic primitives to provide end-to-end privacy and end-to-end integrity of reverse multicast traffic. As sensor network has a non-replenishable energy supply, the use of symmetric key based homomorphic primitives improves the energy efficiency and increase the sensor network’s lifetime. We comparatively evaluate the performance of the proposed protocol to show its efficacy and efficiency in resource-constrained environments.

Cite this paper

Parmar, K. and Jinwala, D. (2015) Symmetric-Key Based Homomorphic Primitives for End-to-End Secure Data Aggregation in Wireless Sensor Networks. Journal of Information Security, 6, 38-50. doi: 10.4236/jis.2015.61005.

References

[1] MEMSIC (2014) MICAz Mote Platform.
http://www.memsic.com/userfiles/files/Datasheets/WSN/6020-0060-04-B_MICAz.pdf
[2] MEMSIC (2014) TelosB Mote Platform.
http://www.memsic.com/userfiles/files/Datasheets/WSN/6020-0094-02_B_TELOSB.pdf
[3] Akyildiz, I.F., Su, W., Sankarasubramaniam, Y. and Cayirci, E. (2002) Wireless Sensor Networks: A Survey. Computer Networks: The International Journal of Computer and Telecommunications Net- working, 38, 393-422. http://dx.doi.org/10.1016/S1389-1286(01)00302-4
[4] Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. and Pister, K. (2000) System Architecture Directions for Networked Sensors. ACM SIGPLAN Notices, 35, 93-104.
http://dx.doi.org/10.1145/356989.356998
[5] Fasolo, E., Rossi, M., Widmer, J. and Zorzi, M. (2007) In-Network Aggregation Techniques for Wireless Sensor Networks: A Survey. IEEE Wireless Communications, 14, 70-87.
http://dx.doi.org/10.1109/MWC.2007.358967
[6] Chan, H. and Perrig, A. (2003) Security and Privacy in Sensor Networks. Computer, 36, 103-105.
http://dx.doi.org/10.1109/MC.2003.1236475
[7] Perrig, A., Stankovic, J. and Wagner, D. (2004) Security in Wireless Sensor Networks. Communi- cations of the ACM, 47, 53-57.http://dx.doi.org/10.1145/990680.990707
[8] Wang, Y., Attebury, G. and Ramamurthy, B. (2006) A Survey of Security Issues in Wireless Sensor Networks. IEEE Communications Surveys & Tutorials, 8, 2-23.
http://dx.doi.org/10.1109/COMST.2006.315852
[9] Ozdemir, S. and Xiao, Y. (2009) Secure Data Aggregation in Wireless Sensor Networks: A Comprehensive Overview. Computer Networks: The International Journal of Computer and Tele- communications Networking, 53, 2022-2037. http://dx.doi.org/10.1016/j.comnet.2009.02.023
[10] Girao, J., Schneider, M. and Westhoff, D. (2004) CDA: Concealed Data Aggregation in Wireless Sensor Networks. Proceedings ACM Workshop on Wireless Security, WiSe’04, Poster Presentation, Philadelphia.
[11] Girao, J., Westho, D. and Schneider, M. (2005) CDA: Concealed Data Aggregation for Reverse Multicast Traffic in Wireless Sensor Networks. Proceedings of the 40th International Conference on Communications, Seoul, 16-20 May 2005, 3044-3049.
[12] Rivest, R.L., Adleman, L. and Dertouzos, M.L. (1978) On Data Banks and Privacy Homomorphisms. Foundations of Secure Computation, 4, 169-180.
[13] Levis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Hill, J., Welsh, M., Brewer, E. and Culler, D. (2005) TinyOS: An Operating System for Sensor Networks. In: Weber, W., Rabaey, J.M. and Aarts, E., Eds., Ambient Intelligence, Springer Berlin Heidelberg, Berlin, 115-148. http://dx.doi.org/10.1007/3-540-27139-2_7
[14] Hu, L. and Evans, D. (2003) Secure Aggregation for Wireless Networks. Proceedings of the Symposium on Applications and the Internet Workshops, Washington DC, 27-31 January 2003, 384-391.
[15] Przydatek, B., Song, D. and Perrig, A. (2003) SIA: Secure Information Aggregation in Sensor Networks. Proceedings of the 1st International Conference on Embedded Networked Sensor Systems, Los Angeles, 5-7 November 2003, 255-265.
[16] Sang, Y., Shen, H., Inoguchi, Y., Tan, Y. and Xiong, N. (2006) Secure Data Aggregation in Wireless Sensor Networks: A Survey. Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies, Taipei, 4-7 December 2006, 315-320.
[17] Domingo-Ferrer, J. (2002) A Provably Secure Additive and Multiplicative Privacy Homomorphism. Proceedings of the 5th International Conference on Information Security, Berlin, 30 September-2 October 2002, 471-483.
[18] Castelluccia, C., Mykletun, E. and Tsudik, G. (2005) Efficient Aggregation of Encrypted Data in Wireless Sensor Networks. Proceedings of the 2nd Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, Washington DC, 17-21 July 2005, 109-117.
[19] Castelluccia, C., Chan, A.C.F., Mykletun, E. and Tsudik, G. (2009) Efficient and Provably Secure Aggregation of Encrypted Data in Wireless Sensor Networks. ACM Transactions on Sensor Networks (TOSN), 5, 1-36. http://dx.doi.org/10.1145/1525856.1525858
[20] Peter, S., Piotrowski, K. and Langendoerfer, P. (2007) On Concealed Data Aggregation for Wireless Sensor Networks. Proceedings of the 4th IEEE Consumer Communications Networking Conference, Las Vegas, 11-13 January 2007, 192-196.
[21] Mykletun, E., Girao, J. and Westho, D. (2006) Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks. Proceedings of the IEEE International Conference on Communications, Istanbul, 11-15 June 2006, 2288-2295.
[22] Ugus, O. (2007) Asymmetric Homomorphic Encryption Transformation for Securing Distributed Data Storage in Wireless Sensor Networks. Technische Universität Darmstadt, Darmstadt.
[23] Koblitz, N. (1987) Elliptic Curve Cryptosystems. Mathematics of Computation, 48, 203-209.
http://dx.doi.org/10.1090/S0025-5718-1987-0866109-5
[24] Fontaine, C. and Galand, F. (2007) A Survey of Homomorphic Encryption for Nonspecialists. EURASIP Journal on Information Security, 2007, 1-10. http://dx.doi.org/10.1155/2007/13801
[25] Dolev, D., Dwork, C. and Naor, M. (1991) Non-Malleable Cryptography. Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, New York, 5-8 May 1991, 542-552.
[26] Racko, C. and Simon, D. (1992) Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J., Ed., Advances in Cryptology—CRYPTO ’91, Springer Berlin Heidelberg, Berlin, 433-444.
[27] Chan, A.C.F. and Castelluccia, C. (2008) On the (Im)possibility of Aggregate Message Authentication Codes. Proceedings of the IEEE International Symposium on Information Theory, Toronto, 6-11 July 2008, 235-239.
[28] Agrawal, S. and Boneh, D. (2009) Homomorphic MACs: MAC-Based Integrity for Network Coding. Proceedings of the 7th International Conference on Applied Cryptography and Network Security, Paris-Rocquencourt, 2-5 June 2009, 292-305.
[29] Johnson, R., Molnar, D., Song, D.X. and Wagner, D. (2002) Homomorphic Signature Schemes. Proceedings of the Cryptographers’ Track at the RSA Conference, San Jose, 18-22 February 2002, 244-262.
[30] Boneh, D., Freeman, D., Katz, J. and Waters, B. (2009) Signing a Linear Subspace: Signature Schemes for Network Coding. Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, 18-20 March 2009, 68-87.
[31] Westho, D., Girao, J. and Acharya, M. (2006) Concealed Data Aggregation for Reverse Multicast Traffic in Sensor Networks: Encryption, Key Distribution, and Routing Adaptation. IEEE Transactions on Mobile Computing, 5, 1417-1431. http://dx.doi.org/10.1109/TMC.2006.144
[32] Okamoto, T. and Uchiyama, S. (1998) A New Public-Key Cryptosystem as Secure as Factoring. Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, Espoo, 31 May-4 June 1998, 303-318.
[33] Paillier, P. (2000) Trapdooring Discrete Logarithms on Elliptic Curves over Rings. Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, 3-7 December 2000, 573-584.
[34] Liu, A. and Ning, P. (2008) TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks. Proceedings of the 7th International Conference on Information Processing in Sensor Networks, St. Louis, 22-24 April 2008, 245-256.
[35] Karlof, C., Sastry, N. and Wagner, D. (2004) TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, Baltimore, 3-5 November 2004, 162-175. http://dx.doi.org/10.1145/1031495.1031515
[36] Karlof, C. and Wagner, D. (2003) Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures. Ad Hoc Networks, 1, 293-315. http://dx.doi.org/10.1016/S1570-8705(03)00008-8
[37] Newsome, J., Shi, E., Song, D. and Perrig, A. (2004) The Sybil Attack in Sensor Networks: Analysis & Defenses. Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks, Berkeley, 26-27 April 2004, 259-268.
[38] Li, Z. and Gong, G. (2010) Data Aggregation Integrity Based on Homomorphic Primitives in Sensor Networks. Proceedings of the 9th International Conference on Ad-Hoc, Mobile and Wireless Net- works, Edmonton, 20-22 August 2010, 149-162.                                                                                               eww150109lx

Control Framework for Secure Cloud Computing

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52951#.VK3k-8nQrzE

ABSTRACT

Cloud computing is touted as the next big thing in the Information Technology (IT) industry, which is going to impact the businesses of any size and yet the security issue continues to pose a big threat on it. The security and privacy issues persisting in cloud computing have proved to be an obstacle for its widespread adoption. In this paper, we look at these issues from a business perspective and how they are damaging the reputation of big companies. There is a literature review on the existing issues in cloud computing and how they are being tackled by the Cloud Service Providers (CSP). We propose a governing body framework which aims at solving these issues by establishing relationship amongst the CSPs in which the data about possible threats can be generated based on the previous attacks on other CSPs. The Governing Body will be responsible for Data Center control, Policy control, legal control, user awareness, performance evaluation, solution architecture and providing motivation for the entities involved.

Cite this paper

Srivastava, H. and Kumar, S. (2015) Control Framework for Secure Cloud Computing. Journal of Information Security, 6, 12-23. doi: 10.4236/jis.2015.61002.

References

[1] Mell, P. and Grance, T. (2011) The NIST Definition of Cloud Computing. NIST Special Publication 800-145, National Institute of Standards and Technology, Gaithersburg.
[2] Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. and Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing. Technical Report No. UCB/ EECS-2009-28, University of California, Berkeley.
[3] Morgan, T.P. (2014) Amazon Cloud Knocked out by Violent Storms in Virginia.
http://www.theregister.co.uk/2012/06/30/amazon_cloud_storm_outage/
[4] Mah, P. (2014) The Big Gmail Crash and the Lesson for Email Administrators.
http://www.theemailadmin.com/2011/03/the-big-gmail-crash-and-the-lesson-for-email-admini- strators
[5] Cloud Security Alliance Guide (2013). https://www.cloudsecurityalliance.org/csaguide.pdf
[6] Symantec (2014). http://www.symantec.com/connect/blogs/data-breach-trends
[7] Open Security Foundation Dataloss DB [Data File] (2014).
http://www.symantec.com/connect/blogs/data-loss-db-breach-data-breaches-classified-source
[8] Glisson, W.B., McDonald, A. and Welland, R. (2006) Web Engineering Security: A Practitioner’s Perspective. Proceedings of the 6th International Conference on Web Engineering, ACM, Palo Alto.
[9] Ponemon Institute LLC (2011) The 2011 Cost of Data Breach Study: Global. Symantec.
[10] Clemons, E.K. and Chen, Y.Y. (2011) Making the Decision to Contract for Cloud Services: Managing the Risk of an Extreme Form of IT Outsourcing. 44th Hawaii International Conference on System Sciences (HICSS), Kauai, 4-7 January 2011, 1-10, http://dx.doi.org/10.1109/HICSS.2011.292
[11] Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R. and Molina, J. (2009) Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago, 13 November 2009, 85-90.
[12] Subashini, S. and Kavitha, V.A. (2011) Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications, 34, 1-11.
http://dx.doi.org/10.1016/j.jnca.2010.07.006
[13] Cohen, M. (2012) Forecasting the First Steps of Cloud Adoption. eWEEK, 14, 1-3.
[14] Ernst & Young Advisory Services (2011) Into the Cloud, out of The Fog—The 2011 Global Information Security Survey. Ernst & Young, Zimbabwe.
[15] Willcocks, L., Venters, W., Whitley, E. and Hindle, J. (2012) Cloud on the Landscape: Problems and Challenges. The New IT Outsourcing Landscape: From Innovation to Cloud Services. Palgrave Macmillan, Basingstoke.
[16] Jansen, W. and Grance, T. (2011) Guidelines on Security and Privacy in Public Cloud Computing. NIST Technical Report-SP-800-144.
[17] Vascellaro, J.E. (2013) Wall Street Journal Article. http://blogs.wsj.com/digits/2009/03/08/1214/
[18] Bennett, R.G. (2010) Silver Clouds, Dark Linings: A Concise Guide to Cloud Computing. Prentice Hall, Upper Saddle River.
[19] Guo, Z., Song, M. and Song, J. (2010) A Governance Model for Cloud Computing. IEEE Proceedings of the International Conference on Management and Service Science, Wuhan, 24-26 August 2010, 3759-3764.
[20] Chaput, S.R. and Ringwood, K. (2010) Cloud Compliance: A Framework for Using Cloud Computing in a Regulated World. In: Antonopoulos, N. and Gillam, L., Eds., Cloud Computing Principles Systems and Applications, Springer, Heidelberg, 241-255.
[21] Matthews, J., Garfinkel, T., Hoff, C. and Wheeler, J. (2009) Virtual Machine Contracts for Datacenter and Cloud Computing Environments. ACDC’09 Proceedings of the 1st Workshop on Automated Control for Datacenters and Clouds, Barcelona, 19 June 2009, 25-30.
http://dx.doi.org/10.1145/1555271.1555278
[22] Kamara, S. and Lauter, K. (2010) Cryptographic Cloud Storage. Proceedings of the 1st Workshop on Real Life Cryptographic Protocols and Standardization, Canary Islands, 28 January 2010, 1-14.
[23] Brandic, I., Dustdar, S., Anstett, T., Schumm, D., Leymann, F. and Konrad, R. (2010) Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds. IEEE Proceedings of the 3rd International Conference on Cloud Computing, Miami, 5-10 July 2010, 244-251.
[24] Ristenpart, T., Tromer, E., Shacham, H. and Savage, S. (2009) Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 199-212.
[25] PCI Security Standards Council (2011) Information Supplement: PCI DSS Virtualization Guidelines.
[26] Wei, J., Zhang, X., Ammons, G., Bala, V. and Ning, P. (2009) Managing Security of Virtual Machine Images in a Cloud Environment. In: Oprea, A., Ed., ACM Workshop on Cloud Computing Security, ACM, New York.
[27] Trevino, L.K. (1992) The Social Effects of Punishment in Organizations: A Justice Perspective. Academy of Management Review, 17, 647-676.
[28] Merhi, M.I. and Ahluwalia, P. (2013) Information Security Policies Compliance: The Role of Organizational Punishment. Proceedings of the 19th Americas Conference on Information Systems, Chicago, 15-17 August 2013, 1-7.
[29] Alampalayam, S.P. and Kumar, A. (2003) Security Model for Routing Attacks in Mobile Ad Hoc Networks. Proceedings of IEEE VTC, Louisville, 6-9 October 2003, 2122-2126.
[30] Alampalayam, S.P. and Kumar, A. (2007) Statistical Based Intrusion Detection Framework Using Six Sigma Technique. International Journal of Computer Science and Network Security, 7, 333-342.
[31] Alampalayam, S.P. and Kumar, A. (2004) Predictive Security Model Using Data Mining. Proceedings of IEEE Globecom, Louisville, 29 November-3 December 2004, 2208-2212.
[32] Alampalayam, S.P. and Srinivasan, S. (2009) Intrusion Recovery Framework for Tactical Mobile Ad Hoc Networks. The International Journal of Computer Science and Network Security, 9, 1-10.                  eww150108lx

Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52580#.VJuJpcCAM4

ABSTRACT

Recent advances have witnessed the success and popularity of cloud computing, which represents a new business model and computing paradigm. The feature of on-demand provisioning of computational, storage, and bandwidth resources has driven modern businesses into cloud services. The cloud is considered cutting edge technology and it is solely relied on by many large technology, business, and media companies such as Netflix or Salesforce.com. However, in addition to the benefit at hand, security issues have been a long-term concern for cloud computing and are the main barriers of the widespread use of cloud computing. In this paper, we briefly describe some basic security concerns that are of particular interest to cloud technology. We investigate some of the basic cloud concepts and discuss cloud security issues. Amazon Web Services is used as a case study for discussing common cloud terminology. Data security, as well as some cloud specific attacks is introduced. The current state and the future progression of cloud computing is discussed.

Cite this paper

Mosca, P. , Zhang, Y. , Xiao, Z. and Wang, Y. (2014) Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services. Int’l J. of Communications, Network and System Sciences, 7, 529-535. doi: 10.4236/ijcns.2014.712053.

References

[1] Xiao, Z. and Xiao, Y. (2013) Security and Privacy in Cloud Computing. IEEE Communications Surveys & Tutorials, 15, 843-859.
[2] Cloud Security Alliance (2010) Top Threat to Cloud Computing.
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
[3] Amazon: Amazon Glacier. http://aws.amazon.com/glacier/
[4] Quarks Lab (2013) iMessage Privacy. http://blog.quarkslab.com/imessage-privacy.html
[5] Mutch, J. (2010) How to Steal Data from the Cloud.
http://www.cloudbook.net/resources/stories/how-to-steal-data-from-the-cloud
[6] Yorozu, Y., Hirano, M., Oka, K. and Tagawa, Y. (1982) Electron Spectroscopy Studies on Magneto-Optical Media and Plastic Substrate Interface. IEEE Translation Journal on Magnetics in Japan, 2, 740-741.
[7] Amazon: Service Level Agreement. http://aws.amazon.com/ec2-sla/
[8] Kirchgaessner, S. (2013) Cloud Storage Carries Potent Security Risk.
http://www.ft.com/cms/s/0/4729ed7c-3722-11e3-9603-00144feab7de.html
[9] Lemos, R. (2012) Insecure API Implementations Threaten Cloud.
http://www.darkreading.com/cloud/insecure-api-implementations-threaten-cl/232900809
[10] Lemos, R. (2013) Vulnerable APIs Continue to Pose Threat to Cloud.
http://www.darkreading.com/services/vulnerable-apis-continue-to-pose-threat/240146453
[11] Porticor Cloud Security (2013) Did Snowden Compromise the Future of Cloud Security?
http://www.porticor.com/2013/07/cloud-security-snowden/
[12] Amazon: Amazon Web Services. http://aws.amazon.com
[13] SilverSky (2013) The Future of Cloud Computing and the Latest Security Threats.
https://www.silversky.com/blog/the-future-of-cloud-computing-and-the-latest-security-threats
[14] Columbia University (2012) Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud.
http://www.cs.columbia.edu/~angelos/Papers/2012/Fog_Computing_Position_Paper_WRIT_2012.pdf
[15] Amazon: Amazon Machine Image (AMI).
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
[16] Amazon: Amazon EBS. http://aws.amazon.com/ebs/
[17] Amazon: Amazon EBS Product Details. http://aws.amazon.com/ebs/details/#snapshots
[18] Amazon: Amazon EC2 Instance Store.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html
[19] MailChimp (2014) About API Keys. http://kb.mailchimp.com/accounts/management/about-api-keys
[20] Janssen, C. Full-Disk Encryption (FDE).
http://www.techopedia.com/definition/13623/full-disk-encryption-fde
[21] Cover, R. (2010) Security Assertion Markup Language (SAML). http://xml.coverpages.org/saml.html
[22] United Sates Department of Veterans Affairs (2014) Keyed-Hash Message Authentication Code (HMAC). http://www.va.gov/trm/StandardPage.asp?tid=5296
[23] Goodin, D. (2009) Zeus Bot Found Using Amazon’s EC2 as C&C Server.
http://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/
[24] Nahorney, B. and Nicolas, F. (2010) Trojan.Zbot.
http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
[25] Acunetix: Cross Site Scripting Attack. https://www.acunetix.com/websitesecurity/cross-site-scripting/
[26] Amazon: Multi-Factor Authentication. http://aws.amazon.com/iam/details/mfa/
[27] The Guardian: The NSA Files. http://www.theguardian.com/world/the-nsa-files
[28] SilverSky (2013) About Us. https://www.silversky.com/about-us                                                    eww141225lx

Implications of SSO Solutions on Cloud Applications

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=48965#.VJjkEcCAM4

ABSTRACT

The trend in businesses is moving towards a single browser tool on portable devices to access cloud applications which would increase portability but at the same time would introduce security vulnerabilities. This resulted in the need for several layers of password authentications for cloud applications access. Single Sign-On (SSO) is a tool of access control of multiple software systems. This research explores the effects and implications of SSO solutions on cloud applications. We utilize a new framework of different attributes developed by acquiring IT experts’ opinions through extensive interviews to expand significant strategic parameters at the workplace. The framework was further tested using data collected from a sample of 400+ users in the UAE.

Cite this paper

Watfa, M. , Khan, S. and Radmehr, A. (2014) Implications of SSO Solutions on Cloud Applications. Communications and Network, 6, 186-190. doi: 10.4236/cn.2014.63020.

References

[1] OpenID. http://www.openid.net
[2] Anchan, D. and Pegah, M. (2003) Regaining Single Sign-On Taming the Beast. Proceedings of the 31st Annual ACM SIGUCCS Conference on User Services, 166-171.
http://dx.doi.org/10.1145/947469.947514
[3] Kakizaki, Y., Maeda, K. and Iwamura, K. (2011) Identity Continuance in Single Sign-On with Authentication Server Failure. Proceedings of the 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2011), Seoul, 30 June-2 July 2011, 597-602.
[4] Kontaxis, G., Polychronakis, M. and Markatos, P. (2012) Minimizing Information Disclosure to Third Parties in Social Login Platforms. International Journal of Information Security, 11, 321-332. http://dx.doi.org/10.1007/s10207-012-0173-6
[5] Josang, A., Fabre, J., et al. (2005) Trust Requirements in Identity Management. Australasian Information Security Workshop, Newcastle, 99-108.
[6] Meniya, A. and Jethva, H. (2012) Single-Sign-On (SSO) across Open Cloud Computing Federation. International Journal of Engineering Research and Applications, 2, 891-895.
[7] Zhu, F. and Diao, H. (2010) Single Sign-On Assistant: An Authentication Broker for Web Applications. 3rd International Conference on Knowledge Discovery and Data Mining, 2010, 146-149.           eww141223lx

A Proposed Layered Architecture to Maintain Privacy Issues in Electronic Medical Records

Read  full  paper  at:

http://www.scirp.org/journal/PaperInformation.aspx?PaperID=51258#.VGAU6WfHRK0

ABSTRACT

Securing large amounts of electronic medical records stored in different forms and in many locations, while making availability to authorized users is considered as a great challenge. Maintaining protection and privacy of personal information is a strong motivation in the development of security policies. It is critical for health care organizations to access, analyze, and ensure security policies to meet the challenge and to develop the necessary policies to ensure the security of medical information. The problem, then, is how we can maintain the availability of the electronic medical records and at the same time maintain the privacy of patients’ information. This paper will propose a novel architecture model for the Electronic Medical Record (EMR), in which useful statistical medical records will be available to the interested parties while maintaining the privacy of patients’ information.

Cite this paper

Bensefia, A. and Zarrad, A. (2014) A Proposed Layered Architecture to Maintain Privacy Issues in Electronic Medical Records. E-Health Telecommunication Systems and Networks, 3, 43-49. doi: 10.4236/etsn.2014.34006.

References

[1] Meingast, M., Rossta, T. and Sastry, S. (2006) Security and Privacy Issues with Health Care Information Technology. 28th IEEE EMBS Annual International Conference, 1, 5453-5458.
[2] Middleton, B., Bloomrosen, M., Dente, M.A., Hashmat, B. et al. (2012) Enhancing Patient Safety and Quality of Care by Improving the Usability of Electronic Health Record Systems: Recommendations from AMIA. Journal of the American Medical Informatics Association, 1, 1-7.
[3] Mukherjee, A. and McGinnis, J. (2007) E-Healthcare: An Analysis of Key Themes in Research. International Journal of Pharmaceutical and Healthcare Marketing, 1, 349-363.
[4] Murtaza, M.B. (2012) Risk Management for Health Information Security and Privacy. American Journal of Health Sciences, 3, 125-134.
[5] National Institutes of Health (NIH) (2006) Electronic Health Records Overview, National Center for Research Resources. National Institutes of Health, Bethesda.
[6] Clarke, I., Flaherty, T., Hollis, S. and Tomallo, M. (2009) Consumer Privacy Issues Associated with the Use of Electronic Health Records. Academy of Health Care Management Journal, 5, 364-378.
[7] Ralston, J.D., Revere, D., Robins, L.S. and Goldberg, H.I. (2004) Patients’ Experience with a Diabetes Support Programme Based on an Interactive Electronic Medical Record: Qualitative Study. British Medical Journal, 328, 1159-1163.
http://dx.doi.org/10.1136/bmj.328.7449.1159
[8] Pyper, C., Amery, J., Watson, M. and Crook, C. (2004) Patients’ Experiences When Accessing Their On-Line Electronic Patient Records in Primary Care. British Journal of Genetic Practice, 54, 38-43.
[9] Adams, T., Budden, M., Hoare, C. and Sanderson, H. (2004) Lessons from the Central Hampshire Electronic Health Record Pilot Project: Issues of Data Protection and Consent. British Medical Journal, 328, 871-874.
http://dx.doi.org/10.1136/bmj.328.7444.871
[10] Bolton Research Group (2000) Patients’ Knowledge and Expectations of Confidentiality in Primary Health Care: A Quantitative Study. British Journal of General Practice, 50, 901-902.
[11] Ray, P. and Wimalasiri, J. (2006) The Need for Technical Solutions for Maintaining the Privacy of HER. 28th IEEE Engineering in Medicine and Biology Society, 1, 4686-4689.
[12] Hadzic, M., Dillon, T. and Chang, E. (2006) Use of Ontology Technology for Standardization of Medical Records and Dealing with Associated Privacy Issues. IEEE 2006, Mumbai, 15-17 December 2006, 2839-2845.
[13] Slamanig, D. and Stingel, C. (2008) Privacy Aspects of eHealth. 3rd International Conference on Availability, Reliability and Security, 1226-1233.
[14] Khadka, S. (2012) Privacy, Security and Storage Issues in Medical Data Management. 3rd Asian Himalays International Conference on Internet, 1-5.
[15] Le, Z., Chang, E., Huang, K. and Lai, F. (2011) A Secure Electronic Medical Record Sharing Mechanism in the Cloud Computing Platform. IEEE 15th International Symposium on Consumer Electronics, Singapore, 14-17 June 2011, 98-103.
[16] Pear, R. (2009) Clinton to Unveil Rules to Protect Medical Privacy. The New York Times, New York.
[17] Van Deursen, N., Buchanan, W. and Duff, A. (2013) Monitoring Information Security within Health Care. Computers and Security, 37, 31-45.
http://dx.doi.org/10.1016/j.cose.2013.04.005
[18] Gallo, R., Hawakami, H. and Dahab, R. (2013) FORTUNA—A Framework for the Design and Development of Hardware-Based Secure Systems. Journal of Systems and Software, 86, 2063-2076.
http://dx.doi.org/10.1016/j.jss.2013.03.059
[19] Ray, P. and Wimalasiri, J. (2006) The Need of Technical Solutions for Maintaining the Privacy of HER. 28th IEEE EMBS Annual International Conference, 1, 4686-4689.                                                                                     eww141110lx