Piotr Ksiazak, Letterkenny Institute of Technology, Ireland. William Farrelly, Letterkenny Institute of Technology, Ireland. Kevin Curran, Ulster University, UK.
Detailed Table of Contents
Preface.................................................................................................................................................. xvi Acknowledgment................................................................................................................................. xxi Section 1 Security and Privacy Protocols and Cryptographic Algorithms Chapter 1 A Lightweight Authentication and Encryption Protocol for Secure Communications Between Resource-Limited Devices Without Hardware Modification: Resource-Limited Device Authentication.......................................................................................................................................... 1 Piotr Ksiazak, Letterkenny Institute of Technology, Ireland William Farrelly, Letterkenny Institute of Technology, Ireland Kevin Curran, Ulster University, UK In this chapter, the authors examine the theoretical context for the security of wireless communication between ubiquitous computing devices and present an implementation that addresses this need. The number of resource-limited wireless devices utilized in many areas of the IT industry is growing rapidly. Some of the applications of these devices pose real security threats that can be addressed using authentication and cryptography. Many of the available authentication and encryption software solutions are predicated on the availability of ample processing power and memory. These demands cannot be met by most ubiquitous computing devices; thus, there is a need to apply lightweight cryptography primitives and lightweight authentication protocols that meet these demands in any application of security to devices with limited resources. The analysis of the lightweight solutions is divided into lightweight authentication protocols and lightweight encryption algorithms. The authors present a prototype running on the nRF9E5 microcontroller that provides necessary authentication and encryption on resource-limited devices. Chapter 2 Trust-Based Analytical Models for Secure Wireless Sensor Networks................................................. 47 Aminu Bello Usman, Auckland University of Technology, New Zealand Jairo Gutierrez, Auckland University of Technology, New Zealand In this chapter, the authors hypothesize that in the design of a trust-based routing protocol, the exploration of the peers’ routing attributes could significantly improve trust evaluation accuracy. In this regard, they study the properties of complex networks and their impact on trust and reputation propagation and evaluation. They start by illustrating the structural transitivity in the network and its approximation.
They then proceed to present the theoretical and analytical relationship between trust and reputation model accuracy, average structural transitivity between peers, average shortest path between peers, and energy consumed by peers for trust and reputation propagation and evaluations. The experimental studies using simulation have further supported the results of the analytical study. In this chapter, the authors are paving a new angle of research on exploring the complex network properties impact on trust and reputation evaluation between wireless peers. Chapter 3 Semantically Secure Classifiers for Privacy Preserving Data Mining................................................... 66 Sumana M., M. S. Ramaiah Institute of Technology, India Hareesha K. S., Manipal Institute of Technology, India Sampath Kumar, Manipal Institute of Technology, India Essential predictions are to be made by the parties distributed at multiple locations. However, in the process of building a model, perceptive data is not to be revealed. Maintaining the privacy of such data is a foremost concern. Earlier approaches developed for classification and prediction are proven not to be secure enough and the performance is affected. This chapter focuses on the secure construction of commonly used classifiers. The computations performed during model building are proved to be semantically secure. The homomorphism and probabilistic property of Paillier is used to perform secure product, mean, and variance calculations. The secure computations are performed without any intermediate data or the sensitive data at multiple sites being revealed. It is observed that the accuracy of the classifiers modeled is almost equivalent to the non-privacy preserving classifiers. Secure protocols require reduced computation time and communication cost. It is also proved that proposed privacy preserving classifiers perform significantly better than the base classifiers. Chapter 4 Building a Maturity Framework for Information Security Governance Through an Empirical Study in Organizations........................................................................................................................... 96 Yassine Maleh, University Hassan I, Morocco Mounia Zaydi, University Hassan I, Morocco Abdelkbir Sahid, National School of Commerce and Management (ENCG), Morocco Abdellah Ezzati, Faculty of Science and Technology (FST), Morocco There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance via a statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries. Based on the results of the survey regarding practices of information security management and governance, a practical maturity framework for the information security governance and management in organizations is presented.
Section 2 Security and Privacy Management and Methods Chapter 5 IT Security Risk Management Model for Handling IT-Related Security Incidents: The Need for a New Escalation Approach.................................................................................................................... 129 Gunnar Wahlgren, Stockholm University, Sweden Stewart James Kowalski, Norwegian University of Science and Technology, Norway Managing IT-related security incidents is an important issue facing many organizations in Sweden and around the world. To deal with this growing problem, the authors have used a design science approach to develop an artifact to measure different organizations’ capabilities and maturity to handle IT-related security incidents. In this chapter, an escalation maturity model (artifact) is presented, which has been tested on several different Swedish organizations. The participating organizations come from both the private and public sectors, and all organizations handle critical infrastructure, which can be damaged if an IT-related security incident occurs. Organizations had the opportunity to evaluate the actual model itself and also to test the model by calculating the organization’s escalation capability using a query package for self-assessment. Chapter 6 Security Visualization Extended Review Issues, Classifications, Validation Methods, Trends, Extensions............................................................................................................................................ 152 Ferda Özdemir Sönmez, Middle East Technical University, Turkey Banu Günel, Middle East Technical University, Turkey Security visualization has been an issue, and it continues to grow in many directions. In order to give sufficient security visualization designs, information both in many different aspects of visualization techniques and the security problems is required. More beneficial designs depend on decisions that include use cases covering security artifacts and business requirements of the organizations, correct and optimal use of data sources, and selection of proper display types. To be able to see the big picture, the designers should be aware of available data types, possible use cases and different styles of displays. In this chapter, these properties of a large set of earlier security visualization work have been depicted and classified using both textual and graphical ways. This work also contains information related to trending topics of the domain, ways of user interaction, evaluation, and validation techniques that are commonly used for the security visualization designs. Section 3 E-Health Security Management and Methodologies Chapter 7 Compliance of Electronic Health Record Applications With HIPAA Security and Privacy Requirements....................................................................................................................................... 199 Maryam Farhadi, Kennesaw State University, USA Hisham Haddad, Kennesaw State University, USA Hossain Shahriar, Kennesaw State University, USA
Electronic health record (EHR) applications are digital versions of paper-based patients health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process by doctors. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of protected health identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in disclosure of patient’s protected health information. The goal of this chapter is to (1) provide an overview of HIPAA security and privacy requirements; (2) summarize recent literature works related to complying with HIPAA security and privacy requirements; (3) map some of the existing vulnerabilities with HIPAA security rules. Chapter 8 Standards and Guides for Implementing Security and Privacy for Health Information Technology........................................................................................................................................... 214 Francis E. Akowuah, Syracuse University, USA Jonathan Land, The University of Tennessee at Chattanooga, USA Xiaohong Yuan, North Carolina A&T State University, USA Li Yang, The University of Tennessee at Chattanooga, USA Jinsheng Xu, North Carolina A&T State University, USA Hong Wang, North Carolina A&T State University, USA In this chapter, the authors survey security standards and guides applicable to healthcare industry including control objective for information and related technologies (COBIT), ISO/IEC 27001:2005 (which has been revised by ISO/IEC 27001:2013), ISO/IEC 27002:2005 (which has been revised by ISO/IEC 27002:2013), ISO 27799:2008 (which has been revised by ISO 27799:2016), ISO 17090:2008 (which has been revised by ISO 17090:2015), ISO/TS 25237:2008, HITRUST common security framework (CSF), NIST Special Publication 800-53, NIST SP 1800, NIST SP 1800-8, and building code for medical device software security. This survey informs the audience of currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations. Chapter 9 A Semiotic Examination of the Security Policy Lifecycle.................................................................. 237 Michael Lapke, University of Mary Washington, USA Major security breaches continue to plague organizations decades after best practices, standards, and technical safeguards have become commonplace. This worrying trend clearly demonstrates that information systems security remains a significant issue within organizations. As policy forms the basis for practice, a major contributor to this ongoing security problem is a faulty security policy lifecycle. This can lead to an insufficient or worse, a failed policy. This chapter is aimed at understanding the lifecycle by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS security policy lifecycle at the organization revealed that a disconnect is evident in the security policy lifecycle.
Section 4 Intrusion Detection Systems Chapter 10 Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness................... 255 Aymen Akremi, Umm Al-Qura University, Saudi Arabia Hassen Sallay, Umm Al-Qura University, Saudi Arabia Mohsen Rouached, Sultan Qaboos University, Oman Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. Chapter 11 Visualization Technique for Intrusion Detection................................................................................. 276 Mohamed Cheikh, Constantine 2 University, Algeria Salima Hacini, Constantine 2 University, Algeria Zizette Boufaida, Constantine 2 University, Algeria Intrusion detection system (IDS) plays a vital and crucial role in a computer security. However, they suffer from a number of problems such as low detection of DoS (denial-of-service)/DDoS (distributed denialof-service) attacks with a high rate of false alarms. In this chapter, a new technique for detecting DoS attacks is proposed; it detects DOS attacks using a set of classifiers and visualizes them in real time. This technique is based on the collection of network parameter values (data packets), which are automatically represented by simple geometric graphs in order to highlight relevant elements. Two implementations for this technique are performed. The first is based on the Euclidian distance while the second is based on KNN algorithm. The effectiveness of the proposed technique has been proven through a simulation of network traffic drawn from the 10% KDD and a comparison with other classification techniques for intrusion detection. Chapter 12 False Alarm Reduction: A Profiling Mechanism and New Research Directions................................ 291 Salima Hacini, Constantine 2 University, Algeria Zahia Guessoum, Pierre et Marie Curie University, France Mohamed Cheikh, Constantine 2 University, Algeria Intrusion detection systems (IDSs) are commonly used to detect attacks on computer networks. These tools analyze incoming and outgoing traffic for suspicious anomalies or activities. Unfortunately, these generate a significant amount of noise complexifying greatly the analysis of the data. This chapter addresses the problem of false alarms in IDSs. Its first purpose is to improve their accuracy by detecting real attacks
and by reducing the number of unnecessary alerts. To do so, this intrusion detection mechanism enhances the accuracy of anomaly intrusion detection systems using a set of agents to ensure the detection and the adaptation of normal profile to support the legitimate changes that occur over time and are the cause of many false alarms. Besides this, as a perspective of this work, this chapter opens up new research directions by listing the different requirements of an IDS and proposing solutions to achieve them. Section 5 Cyber Security and Malware Chapter 13 Internet Crime and Anti-Fraud Activism: A Hands-On Approach...................................................... 322 Andreas Zingerle, Woosong University, South Korea Linda Kronman, Woosong University, South Korea Scambaiting is a form of vigilantism that targets internet scammers who try to trick people into advance fee payments. In the past, victims were mainly contacted by bulk emails; now the widespread use of social networking services has made it easier for scammers to contact potential victims – those who seek various online opportunities in the form of sales and rentals, dating, booking holidays, or seeking for jobs. Scambaiters are online information communities specializing in identifying, documenting, and reporting activities of scammers. By following scambaiting forums, it was possible to categorize different scambaiting subgroups with various strategies and tools. These were tested in hands-on sessions during creative workshops in order to gain a wider understanding of the scope of existing internet scams as well as exploring counter strategies to prevent internet crime. The aim of the workshops was to recognize and develop diverse forms of anti-scam activism. Chapter 14 Metamorphic Malware Detection Using Minimal Opcode Statistical Patterns................................... 337 Mahmood Fazlali, Shahid Beheshti University, Iran Peyman Khodamoradi, Aryanpour Schoul of Culture and Education, Iran High-speed and accurate malware detection for metamorphic malware are two goals in antiviruses. To reach beyond this issue, this chapter presents a new malware detection method that can be summarized as follows: (1) Input file is disassembled and classified to obtain the minimal opcode pattern as feature vectors; (2) a forward feature selection method (i.e., maximum relevancy and minimum redundancy) is applied to remove the redundant as well as irrelevant features; and (3) the process ends by classification through using decision tree. The results indicate the proposed method can effectively detect metamorphic malware in terms of speed, efficiency, and accuracy. Chapter 15 Classification of Web-Service-Based Attacks and Mitigation Techniques.......................................... 360 Hossain Shahriar, Kennesaw State University, USA Victor Clincy, Kennesaw State University, USA William Bond, Kennesaw State University, USA Web services are being widely used for business integration. Understanding what these web services are and how they work is important. Attacks on these web services are a major concern and can expose an organizations’ valuable resources. This chapter performs a survey describing web service attacks.
The authors provide a taxonomy of web service vulnerabilities and explain how they can be exploited. This chapter discusses some of the approaches that make up best practices and some that are in the development phase. They also discuss some common approaches to address the vulnerabilities. This chapter discusses some of the approaches to be using in planning and securing web services. Securing web services is a very important part of a cybersecurity plan. Compilation of References................................................................................................................ 379 About the Contributors..................................................................................................................... 416 Index.................................................................................................................................................... 424
