Displaying publications 1 - 20 of 88 in total

Abstract:
Sort:
  1. Ranak MSAN, Azad S, Nor NNHBM, Zamli KZ
    PLoS One, 2017;12(10):e0186940.
    PMID: 29084262 DOI: 10.1371/journal.pone.0186940
    Due to recent advancements and appealing applications, the purchase rate of smart devices is increasing at a higher rate. Parallely, the security related threats and attacks are also increasing at a greater ratio on these devices. As a result, a considerable number of attacks have been noted in the recent past. To resist these attacks, many password-based authentication schemes are proposed. However, most of these schemes are not screen size independent; whereas, smart devices come in different sizes. Specifically, they are not suitable for miniature smart devices due to the small screen size and/or lack of full sized keyboards. In this paper, we propose a new screen size independent password-based authentication scheme, which also offers an affordable defense against shoulder surfing, brute force, and smudge attacks. In the proposed scheme, the Press Touch (PT)-a.k.a., Force Touch in Apple's MacBook, Apple Watch, ZTE's Axon 7 phone; 3D Touch in iPhone 6 and 7; and so on-is transformed into a new type of code, named Press Touch Code (PTC). We design and implement three variants of it, namely mono-PTC, multi-PTC, and multi-PTC with Grid, on the Android Operating System. An in-lab experiment and a comprehensive survey have been conducted on 105 participants to demonstrate the effectiveness of the proposed scheme.
    Matched MeSH terms: Computer Security/utilization*
  2. Usama M, Zakaria N
    PLoS One, 2017;12(1):e0168207.
    PMID: 28072850 DOI: 10.1371/journal.pone.0168207
    Data compression and encryption are key components of commonly deployed platforms such as Hadoop. Numerous data compression and encryption tools are presently available on such platforms and the tools are characteristically applied in sequence, i.e., compression followed by encryption or encryption followed by compression. This paper focuses on the open-source Hadoop framework and proposes a data storage method that efficiently couples data compression with encryption. A simultaneous compression and encryption scheme is introduced that addresses an important implementation issue of source coding based on Tent Map and Piece-wise Linear Chaotic Map (PWLM), which is the infinite precision of real numbers that result from their long products. The approach proposed here solves the implementation issue by removing fractional components that are generated by the long products of real numbers. Moreover, it incorporates a stealth key that performs a cyclic shift in PWLM without compromising compression capabilities. In addition, the proposed approach implements a masking pseudorandom keystream that enhances encryption quality. The proposed algorithm demonstrated a congruent fit within the Hadoop framework, providing robust encryption security and compression.
    Matched MeSH terms: Computer Security*
  3. Abd Majid M, Zainol Ariffin KA
    PLoS One, 2021;16(11):e0260157.
    PMID: 34797896 DOI: 10.1371/journal.pone.0260157
    Cyberattacks have changed dramatically and have become highly advanced. This latest phenomenon has a massive negative impact on organizations, such as financial losses and shutting-down of operations. Therefore, developing and implementing the Cyber Security Operations Centre (SOC) is imperative and timely. Based on previous research, there are no international guidelines and standards used by organizations that can contribute to the successful implementation and development of SOC. In this regard, this study focuses on highlighting the significant factors that will impact and contribute to the success of SOC. Simultaneously, it will further design a model for the successful development and implementation of SOC for the organization. The study was conducted quantitatively and involved 63 respondents from 25 ministries and agencies in Malaysia. The results of this study will enable the retrieval of ten success factors for SOC, and it specifically focuses on humans, processes, and technology. The descriptive analysis shows that the top management support factor is the most influential factor in the success of the development and implementation of SOC. The study also contributes to the empirical finding that technology and process factors are more significant in the success of SOCs. Based on the regression test, the technology factor has major impact on determining the success of SOC, followed by the process and human factors. Relevant organizations or agencies can use the proposed model to develop and implement SOCs, formulate policies and guidelines, strengthen human models, and enhance cyber security.
    Matched MeSH terms: Computer Security/legislation & jurisprudence*
  4. Liew SC, Liew SW, Zain JM
    J Digit Imaging, 2013 Apr;26(2):316-25.
    PMID: 22555905 DOI: 10.1007/s10278-012-9484-4
    Tamper localization and recovery watermarking scheme can be used to detect manipulation and recover tampered images. In this paper, a tamper localization and lossless recovery scheme that used region of interest (ROI) segmentation and multilevel authentication was proposed. The watermarked images had a high average peak signal-to-noise ratio of 48.7 dB and the results showed that tampering was successfully localized and tampered area was exactly recovered. The usage of ROI segmentation and multilevel authentication had significantly reduced the time taken by approximately 50 % for the tamper localization and recovery processing.
    Matched MeSH terms: Computer Security
  5. Khor HL, Liew SC, Zain JM
    J Digit Imaging, 2017 Jun;30(3):328-349.
    PMID: 28050716 DOI: 10.1007/s10278-016-9930-9
    Tampering on medical image will lead to wrong diagnosis and treatment, which is life-threatening; therefore, digital watermarking on medical image was introduced to protect medical image from tampering. Medical images are divided into region of interest (ROI) and region of non-interest (RONI). ROI is an area that has a significant impact on diagnosis, whereas RONI has less or no significance in diagnosis. This paper has proposed ROI-based tamper detection and recovery watermarking scheme (ROI-DR) that embeds ROI bit information into RONI least significant bits, which will be extracted later for authentication and recovery process. The experiment result has shown that the ROI-DR has achieved a good result in imperceptibility with peak signal-to-noise ratio (PSNR) values approximately 48 dB, it is robust against various kinds of tampering, and the tampered ROI was able to recover to its original form. Lastly, a comparative table with the previous research (TALLOR and TALLOR-RS watermarking schemes) has been derived, where these three watermarking schemes were tested under the same testing conditions and environment. The experiment result has shown that ROI-DR has achieved speed-up factors of 22.55 and 26.65 in relative to TALLOR and TALLOR-RS watermarking schemes, respectively.
    Matched MeSH terms: Computer Security*
  6. Hussien HM, Yasin SM, Udzir SNI, Zaidan AA, Zaidan BB
    J Med Syst, 2019 Sep 14;43(10):320.
    PMID: 31522262 DOI: 10.1007/s10916-019-1445-8
    Blockchain in healthcare applications requires robust security and privacy mechanism for high-level authentication, interoperability and medical records sharing to comply with the strict legal requirements of the Health Insurance Portability and Accountability Act of 1996. Blockchain technology in the healthcare industry has received considerable research attention in recent years. This study conducts a review to substantially analyse and map the research landscape of current technologies, mainly the use of blockchain in healthcare applications, into a coherent taxonomy. The present study systematically searches all relevant research articles on blockchain in healthcare applications in three accessible databases, namely, ScienceDirect, IEEE and Web of Science, by using the defined keywords 'blockchain', 'healthcare' and 'electronic health records' and their variations. The final set of collected articles related to the use of blockchain in healthcare application is divided into three categories. The first category includes articles (i.e. 43/58 scientific articles) that attempted to develop and design healthcare applications integrating blockchain, particularly those on new architecture, system designs, framework, scheme, model, platform, approach, protocol and algorithm. The second category includes studies (i.e., 6/58 scientific articles) that attempted to evaluate and analyse the adoption of blockchain in the healthcare system. Finally, the third category comprises review and survey articles (i.e., 6/58 scientific articles) related to the integration of blockchain into healthcare applications. The final articles for review are discussed on the basis of five aspects: (1) year of publication, (2) nationality of authors, (3) publishing house or journal, (4) purpose of using blockchain in health applications and the corresponding contributions and (5) problem types and proposed solutions. Additionally, this study provides identified motivations, open challenges and recommendations on the use of blockchain in healthcare applications. The current research contributes to the literature by providing a detailed review of feasible alternatives and identifying the research gaps. Accordingly, researchers and developers are provided with appealing opportunities to further develop decentralised healthcare applications through a comprehensive discussion of about the importance of blockchain and its integration into various healthcare applications.
    Matched MeSH terms: Computer Security/standards*
  7. Kiah ML, Nabi MS, Zaidan BB, Zaidan AA
    J Med Syst, 2013 Oct;37(5):9971.
    PMID: 24037086 DOI: 10.1007/s10916-013-9971-2
    This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.
    Matched MeSH terms: Computer Security
  8. Chia J, Chin JJ, Yip SC
    F1000Res, 2021;10:931.
    PMID: 36798451 DOI: 10.12688/f1000research.72910.1
    Digital signature schemes (DSS) are ubiquitously used for public authentication in the infrastructure of the internet, in addition to their use as a cryptographic tool to construct even more sophisticated schemes such as those that are identity-based. The security of DSS is analyzed through the existential unforgeability under chosen message attack (EUF-CMA) experiment which promises unforgeability of signatures on new messages even when the attacker has access to an arbitrary set of messages and their corresponding signatures. However, the EUF-CMA model does not account for attacks such as an attacker forging a different signature on an existing message, even though the attack could be devastating in the real world and constitutes a severe breach of the security system. Nonetheless, most of the DSS are not analyzed in this security model, which possibly makes them vulnerable to such an attack. In contrast, a better security notion known as strong EUF-CMA (sEUF-CMA) is designed to be resistant to such attacks. This review aims to identify DSS in the literature that are secure in the sEUF-CMA model. In addition, the article discusses the challenges and future directions of DSS. In our review, we consider the security of existing DSS that fit our criterion in the sEUF-CMA model; our criterion is simple as we only require the DSS to be at least secure against the minimum of existential forgery. Our findings are categorized into two classes: the direct and indirect classes of sEUF-CMA. The former is inherently sEUF-CMA without any modification while the latter requires some transformation. Our comprehensive  review contributes to the security and cryptographic research community by discussing the efficiency and security of DSS that are sEUF-CMA, which aids in selecting robust DSS in future design considerations.
    Matched MeSH terms: Computer Security*
  9. Sookhak M, Akhundzada A, Sookhak A, Eslaminejad M, Gani A, Khurram Khan M, et al.
    PLoS One, 2015;10(1):e0115324.
    PMID: 25602616 DOI: 10.1371/journal.pone.0115324
    Wireless sensor networks (WSNs) are ubiquitous and pervasive, and therefore; highly susceptible to a number of security attacks. Denial of Service (DoS) attack is considered the most dominant and a major threat to WSNs. Moreover, the wormhole attack represents one of the potential forms of the Denial of Service (DoS) attack. Besides, crafting the wormhole attack is comparatively simple; though, its detection is nontrivial. On the contrary, the extant wormhole defense methods need both specialized hardware and strong assumptions to defend against static and dynamic wormhole attack. The ensuing paper introduces a novel scheme to detect wormhole attacks in a geographic routing protocol (DWGRP). The main contribution of this paper is to detect malicious nodes and select the best and the most reliable neighbors based on pairwise key pre-distribution technique and the beacon packet. Moreover, this novel technique is not subject to any specific assumption, requirement, or specialized hardware, such as a precise synchronized clock. The proposed detection method is validated by comparisons with several related techniques in the literature, such as Received Signal Strength (RSS), Authentication of Nodes Scheme (ANS), Wormhole Detection uses Hound Packet (WHOP), and Wormhole Detection with Neighborhood Information (WDI) using the NS-2 simulator. The analysis of the simulations shows promising results with low False Detection Rate (FDR) in the geographic routing protocols.
    Matched MeSH terms: Computer Security*
  10. Hilyatihanina Zazali, Wan Ainun Mior Othman
    Sains Malaysiana, 2012;41:907-910.
    In this paper, we presented a new key exchange method based on decomposition problem for elliptic curve cryptography. We showed that our key exchange method was not only an alternative method for designing keys in cryptography, but it also has improved security condition from the previous key exchange based on decomposition problem over noncommutative groups. We proposed elliptic an curve cryptography to be the new platform for our key exchange protocol and showed how it was implemented. The security of our protocol was based on discrete logarithm problem, which was not infeasible and strictly difficult to retrieve in elliptic curve cryptography without any prior knowledge.
    Matched MeSH terms: Computer Security
  11. Tan CH, Teh YW
    J Med Syst, 2013 Aug;37(4):9950.
    PMID: 23709190 DOI: 10.1007/s10916-013-9950-7
    The main obstacles in mass adoption of cloud computing for database operations in healthcare organization are the data security and privacy issues. In this paper, it is shown that IT services particularly in hardware performance evaluation in virtual machine can be accomplished effectively without IT personnel gaining access to actual data for diagnostic and remediation purposes. The proposed mechanisms utilized the hypothetical data from TPC-H benchmark, to achieve 2 objectives. First, the underlying hardware performance and consistency is monitored via a control system, which is constructed using TPC-H queries. Second, the mechanism to construct stress-testing scenario is envisaged in the host, using a single or combination of TPC-H queries, so that the resource threshold point can be verified, if the virtual machine is still capable of serving critical transactions at this constraining juncture. This threshold point uses server run queue size as input parameter, and it serves 2 purposes: It provides the boundary threshold to the control system, so that periodic learning of the synthetic data sets for performance evaluation does not reach the host's constraint level. Secondly, when the host undergoes hardware change, stress-testing scenarios are simulated in the host by loading up to this resource threshold level, for subsequent response time verification from real and critical transactions.
    Matched MeSH terms: Computer Security*
  12. Soleymani A, Nordin MJ, Sundararajan E
    ScientificWorldJournal, 2014;2014:536930.
    PMID: 25258724 DOI: 10.1155/2014/536930
    The rapid evolution of imaging and communication technologies has transformed images into a widespread data type. Different types of data, such as personal medical information, official correspondence, or governmental and military documents, are saved and transmitted in the form of images over public networks. Hence, a fast and secure cryptosystem is needed for high-resolution images. In this paper, a novel encryption scheme is presented for securing images based on Arnold cat and Henon chaotic maps. The scheme uses Arnold cat map for bit- and pixel-level permutations on plain and secret images, while Henon map creates secret images and specific parameters for the permutations. Both the encryption and decryption processes are explained, formulated, and graphically presented. The results of security analysis of five different images demonstrate the strength of the proposed cryptosystem against statistical, brute force and differential attacks. The evaluated running time for both encryption and decryption processes guarantee that the cryptosystem can work effectively in real-time applications.
    Matched MeSH terms: Computer Security*
  13. Sudha R, Thiagarajan AS, Seetharaman A
    Pak J Biol Sci, 2007 Jan 01;10(1):102-6.
    PMID: 19069993
    The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.
    Matched MeSH terms: Computer Security*
  14. Firdaus A, Anuar NB, Razak MFA, Hashem IAT, Bachok S, Sangaiah AK
    J Med Syst, 2018 May 04;42(6):112.
    PMID: 29728780 DOI: 10.1007/s10916-018-0966-x
    The increasing demand for Android mobile devices and blockchain has motivated malware creators to develop mobile malware to compromise the blockchain. Although the blockchain is secure, attackers have managed to gain access into the blockchain as legal users, thereby comprising important and crucial information. Examples of mobile malware include root exploit, botnets, and Trojans and root exploit is one of the most dangerous malware. It compromises the operating system kernel in order to gain root privileges which are then used by attackers to bypass the security mechanisms, to gain complete control of the operating system, to install other possible types of malware to the devices, and finally, to steal victims' private keys linked to the blockchain. For the purpose of maximizing the security of the blockchain-based medical data management (BMDM), it is crucial to investigate the novel features and approaches contained in root exploit malware. This study proposes to use the bio-inspired method of practical swarm optimization (PSO) which automatically select the exclusive features that contain the novel android debug bridge (ADB). This study also adopts boosting (adaboost, realadaboost, logitboost, and multiboost) to enhance the machine learning prediction that detects unknown root exploit, and scrutinized three categories of features including (1) system command, (2) directory path and (3) code-based. The evaluation gathered from this study suggests a marked accuracy value of 93% with Logitboost in the simulation. Logitboost also helped to predicted all the root exploit samples in our developed system, the root exploit detection system (RODS).
    Matched MeSH terms: Computer Security*
  15. Tan SF, Samsudin A
    Sensors (Basel), 2021 Oct 06;21(19).
    PMID: 34640967 DOI: 10.3390/s21196647
    The inherent complexities of Industrial Internet of Things (IIoT) architecture make its security and privacy issues becoming critically challenging. Numerous surveys have been published to review IoT security issues and challenges. The studies gave a general overview of IIoT security threats or a detailed analysis that explicitly focuses on specific technologies. However, recent studies fail to analyze the gap between security requirements of these technologies and their deployed countermeasure in the industry recently. Whether recent industry countermeasure is still adequate to address the security challenges of IIoT environment are questionable. This article presents a comprehensive survey of IIoT security and provides insight into today's industry countermeasure, current research proposals and ongoing challenges. We classify IIoT technologies into the four-layer security architecture, examine the deployed countermeasure based on CIA+ security requirements, report the deficiencies of today's countermeasure, and highlight the remaining open issues and challenges. As no single solution can fix the entire IIoT ecosystem, IIoT security architecture with a higher abstraction level using the bottom-up approach is needed. Moving towards a data-centric approach that assures data protection whenever and wherever it goes could potentially solve the challenges of industry deployment.
    Matched MeSH terms: Computer Security
  16. Albahri OS, Albahri AS, Mohammed KI, Zaidan AA, Zaidan BB, Hashim M, et al.
    J Med Syst, 2018 Mar 22;42(5):80.
    PMID: 29564649 DOI: 10.1007/s10916-018-0943-4
    The new and ground-breaking real-time remote monitoring in triage and priority-based sensor technology used in telemedicine have significantly bounded and dispersed communication components. To examine these technologies and provide researchers with a clear vision of this area, we must first be aware of the utilised approaches and existing limitations in this line of research. To this end, an extensive search was conducted to find articles dealing with (a) telemedicine, (b) triage, (c) priority and (d) sensor; (e) comprehensively review related applications and establish the coherent taxonomy of these articles. ScienceDirect, IEEE Xplore and Web of Science databases were checked for articles on triage and priority-based sensor technology in telemedicine. The retrieved articles were filtered according to the type of telemedicine technology explored. A total of 150 articles were selected and classified into two categories. The first category includes reviews and surveys of triage and priority-based sensor technology in telemedicine. The second category includes articles on the three-tiered architecture of telemedicine. Tier 1 represents the users. Sensors acquire the vital signs of the users and send them to Tier 2, which is the personal gateway that uses local area network protocols or wireless body area network. Medical data are sent from Tier 2 to Tier 3, which is the healthcare provider in medical institutes. Then, the motivation for using triage and priority-based sensor technology in telemedicine, the issues related to the obstruction of its application and the development and utilisation of telemedicine are examined on the basis of the findings presented in the literature.
    Matched MeSH terms: Computer Security
  17. Khan WZ, Aalsalem MY, Saad NM
    PLoS One, 2015;10(5):e0123069.
    PMID: 25992913 DOI: 10.1371/journal.pone.0123069
    Wireless Sensor Networks (WSNs) are vulnerable to clone attacks or node replication attacks as they are deployed in hostile and unattended environments where they are deprived of physical protection, lacking physical tamper-resistance of sensor nodes. As a result, an adversary can easily capture and compromise sensor nodes and after replicating them, he inserts arbitrary number of clones/replicas into the network. If these clones are not efficiently detected, an adversary can be further capable to mount a wide variety of internal attacks which can emasculate the various protocols and sensor applications. Several solutions have been proposed in the literature to address the crucial problem of clone detection, which are not satisfactory as they suffer from some serious drawbacks. In this paper we propose a novel distributed solution called Random Walk with Network Division (RWND) for the detection of node replication attack in static WSNs which is based on claimer-reporter-witness framework and combines a simple random walk with network division. RWND detects clone(s) by following a claimer-reporter-witness framework and a random walk is employed within each area for the selection of witness nodes. Splitting the network into levels and areas makes clone detection more efficient and the high security of witness nodes is ensured with moderate communication and memory overheads. Our simulation results show that RWND outperforms the existing witness node based strategies with moderate communication and memory overheads.
    Matched MeSH terms: Computer Security/instrumentation*
  18. Mohan J, Razali Raja Yaacob R
    Int J Med Inform, 2004 Mar 31;73(3):217-27.
    PMID: 15066550
    Telehealth refers to the integration of information, telecommunication, human-machine interface technologies and health technologies to deliver health care, to promote the heath status of the people and to create health. The Malaysian Telehealth Application will, on completion, provide every resident of the country an electronic Lifetime Health Record (LHR) and Lifetime Health Plan (LHP). He or she will also hold a smart card that will contain a subset of the data in the Lifetime Health Record. These will be the means by which Malaysians will receive "seamless continuous quality care" across a range of health facilities and health care providers, and by which Malaysia's health goal of a nation of "healthy individuals, families and communities" is achieved. The challenges to security and privacy in providing access to an electronic Lifetime Health Record at private and government health facilities and to the electronic Lifetime Health Plan at homes of consumers require not only technical mechanisms but also national policies and practices addressing threats while facilitating access to health data during health encounters in different care settings. Organisational policies establish the goals that technical mechanisms serve. They should outline appropriate uses and access to information, create mechanisms for preventing and detecting violations, and set sanctions for violations. Some interesting innovations have been used to address these issues against the background of the launching of the multimedia supercorridor (MSC) in Malaysia.
    Matched MeSH terms: Computer Security*
  19. Jabeen T, Jabeen I, Ashraf H, Ullah A, Jhanjhi NZ, Ghoniem RM, et al.
    Sensors (Basel), 2023 Jul 02;23(13).
    PMID: 37447952 DOI: 10.3390/s23136104
    Programmable Object Interfaces are increasingly intriguing researchers because of their broader applications, especially in the medical field. In a Wireless Body Area Network (WBAN), for example, patients' health can be monitored using clinical nano sensors. Exchanging such sensitive data requires a high level of security and protection against attacks. To that end, the literature is rich with security schemes that include the advanced encryption standard, secure hashing algorithm, and digital signatures that aim to secure the data exchange. However, such schemes elevate the time complexity, rendering the data transmission slower. Cognitive radio technology with a medical body area network system involves communication links between WBAN gateways, server and nano sensors, which renders the entire system vulnerable to security attacks. In this paper, a novel DNA-based encryption technique is proposed to secure medical data sharing between sensing devices and central repositories. It has less computational time throughout authentication, encryption, and decryption. Our analysis of experimental attack scenarios shows that our technique is better than its counterparts.
    Matched MeSH terms: Computer Security*
  20. Ratnam KA, Dominic PD, Ramayah T
    J Med Syst, 2014 Aug;38(8):82.
    PMID: 24957398 DOI: 10.1007/s10916-014-0082-5
    The investments and costs of infrastructure, communication, medical-related equipments, and software within the global healthcare ecosystem portray a rather significant increase. The emergence of this proliferation is then expected to grow. As a result, information and cross-system communication became challenging due to the detached independent systems and subsystems which are not connected. The overall model fit expending over a sample size of 320 were tested with structural equation modelling (SEM) using AMOS 20.0 as the modelling tool. SPSS 20.0 is used to analyse the descriptive statistics and dimension reliability. Results of the study show that system utilisation and system impact dimension influences the overall level of services of the healthcare providers. In addition to that, the findings also suggest that systems integration and security plays a pivotal role for IT resources in healthcare organisations. Through this study, a basis for investigation on the need to improvise the Malaysian healthcare ecosystem and the introduction of a cloud computing platform to host the national healthcare information exchange has been successfully established.
    Matched MeSH terms: Computer Security
Filters
Contact Us

Please provide feedback to Administrator (afdal@afpm.org.my)

External Links