Displaying publications 21 - 40 of 88 in total

Abstract:
Sort:
  1. Fulltext Multi-Layer Blockchain-Based Security Architecture for Internet of Things
    Honar Pajooh H, Rashid M, Alam F, Demidenko S
    Sensors (Basel), 2021 Jan 24;21(3).
    PMID: 33498860 DOI: 10.3390/s21030772
    The proliferation of smart devices in the Internet of Things (IoT) networks creates significant security challenges for the communications between such devices. Blockchain is a decentralized and distributed technology that can potentially tackle the security problems within the 5G-enabled IoT networks. This paper proposes a Multi layer Blockchain Security model to protect IoT networks while simplifying the implementation. The concept of clustering is utilized in order to facilitate the multi-layer architecture. The K-unknown clusters are defined within the IoT network by applying techniques that utillize a hybrid Evolutionary Computation Algorithm while using Simulated Annealing and Genetic Algorithms. The chosen cluster heads are responsible for local authentication and authorization. Local private blockchain implementation facilitates communications between the cluster heads and relevant base stations. Such a blockchain enhances credibility assurance and security while also providing a network authentication mechanism. The open-source Hyperledger Fabric Blockchain platform is deployed for the proposed model development. Base stations adopt a global blockchain approach to communicate with each other securely. The simulation results demonstrate that the proposed clustering algorithm performs well when compared to the earlier reported approaches. The proposed lightweight blockchain model is also shown to be better suited to balance network latency and throughput as compared to a traditional global blockchain.
    Matched MeSH terms: Computer Security
  2. Fulltext Hyperledger Fabric Blockchain for Securing the Edge Internet of Things
    Honar Pajooh H, Rashid M, Alam F, Demidenko S
    Sensors (Basel), 2021 Jan 07;21(2).
    PMID: 33430274 DOI: 10.3390/s21020359
    Providing security and privacy to the Internet of Things (IoT) networks while achieving it with minimum performance requirements is an open research challenge. Blockchain technology, as a distributed and decentralized ledger, is a potential solution to tackle the limitations of the current peer-to-peer IoT networks. This paper presents the development of an integrated IoT system implementing the permissioned blockchain Hyperledger Fabric (HLF) to secure the edge computing devices by employing a local authentication process. In addition, the proposed model provides traceability for the data generated by the IoT devices. The presented solution also addresses the IoT systems' scalability challenges, the processing power and storage issues of the IoT edge devices in the blockchain network. A set of built-in queries is leveraged by smart-contracts technology to define the rules and conditions. The paper validates the performance of the proposed model with practical implementation by measuring performance metrics such as transaction throughput and latency, resource consumption, and network use. The results show that the proposed platform with the HLF implementation is promising for the security of resource-constrained IoT devices and is scalable for deployment in various IoT scenarios.
    Matched MeSH terms: Computer Security
  3. Fulltext Model for successful development and implementation of Cyber Security Operations Centre (SOC)
    Abd Majid M, Zainol Ariffin KA
    PLoS One, 2021;16(11):e0260157.
    PMID: 34797896 DOI: 10.1371/journal.pone.0260157
    Cyberattacks have changed dramatically and have become highly advanced. This latest phenomenon has a massive negative impact on organizations, such as financial losses and shutting-down of operations. Therefore, developing and implementing the Cyber Security Operations Centre (SOC) is imperative and timely. Based on previous research, there are no international guidelines and standards used by organizations that can contribute to the successful implementation and development of SOC. In this regard, this study focuses on highlighting the significant factors that will impact and contribute to the success of SOC. Simultaneously, it will further design a model for the successful development and implementation of SOC for the organization. The study was conducted quantitatively and involved 63 respondents from 25 ministries and agencies in Malaysia. The results of this study will enable the retrieval of ten success factors for SOC, and it specifically focuses on humans, processes, and technology. The descriptive analysis shows that the top management support factor is the most influential factor in the success of the development and implementation of SOC. The study also contributes to the empirical finding that technology and process factors are more significant in the success of SOCs. Based on the regression test, the technology factor has major impact on determining the success of SOC, followed by the process and human factors. Relevant organizations or agencies can use the proposed model to develop and implement SOCs, formulate policies and guidelines, strengthen human models, and enhance cyber security.
    Matched MeSH terms: Computer Security/legislation & jurisprudence*
  4. Fulltext A static analysis approach for Android permission-based malware detection systems
    Mohamad Arif J, Ab Razak MF, Awang S, Tuan Mat SR, Ismail NSN, Firdaus A
    PLoS One, 2021;16(9):e0257968.
    PMID: 34591930 DOI: 10.1371/journal.pone.0257968
    The evolution of malware is causing mobile devices to crash with increasing frequency. Therefore, adequate security evaluations that detect Android malware are crucial. Two techniques can be used in this regard: Static analysis, which meticulously examines the full codes of applications, and dynamic analysis, which monitors malware behaviour. While both perform security evaluations successfully, there is still room for improvement. The goal of this research is to examine the effectiveness of static analysis to detect Android malware by using permission-based features. This study proposes machine learning with different sets of classifiers was used to evaluate Android malware detection. The feature selection method in this study was applied to determine which features were most capable of distinguishing malware. A total of 5,000 Drebin malware samples and 5,000 Androzoo benign samples were utilised. The performances of the different sets of classifiers were then compared. The results indicated that with a TPR value of 91.6%, the Random Forest algorithm achieved the highest level of accuracy in malware detection.
    Matched MeSH terms: Computer Security*
  5. Fulltext Digital signature schemes with strong existential unforgeability
    Chia J, Chin JJ, Yip SC
    F1000Res, 2021;10:931.
    PMID: 36798451 DOI: 10.12688/f1000research.72910.1
    Digital signature schemes (DSS) are ubiquitously used for public authentication in the infrastructure of the internet, in addition to their use as a cryptographic tool to construct even more sophisticated schemes such as those that are identity-based. The security of DSS is analyzed through the existential unforgeability under chosen message attack (EUF-CMA) experiment which promises unforgeability of signatures on new messages even when the attacker has access to an arbitrary set of messages and their corresponding signatures. However, the EUF-CMA model does not account for attacks such as an attacker forging a different signature on an existing message, even though the attack could be devastating in the real world and constitutes a severe breach of the security system. Nonetheless, most of the DSS are not analyzed in this security model, which possibly makes them vulnerable to such an attack. In contrast, a better security notion known as strong EUF-CMA (sEUF-CMA) is designed to be resistant to such attacks. This review aims to identify DSS in the literature that are secure in the sEUF-CMA model. In addition, the article discusses the challenges and future directions of DSS. In our review, we consider the security of existing DSS that fit our criterion in the sEUF-CMA model; our criterion is simple as we only require the DSS to be at least secure against the minimum of existential forgery. Our findings are categorized into two classes: the direct and indirect classes of sEUF-CMA. The former is inherently sEUF-CMA without any modification while the latter requires some transformation. Our comprehensive  review contributes to the security and cryptographic research community by discussing the efficiency and security of DSS that are sEUF-CMA, which aids in selecting robust DSS in future design considerations.
    Matched MeSH terms: Computer Security*
  6. Fulltext Cloud Security Pre-assessment Model For Cloud Service Provider Based On ISO/IEC 27017:2015 Additional Control
    Nur Ahada Kamaruddin, Ibrahim Mohamed, Ahmad Dahari Jarno, Maslina Daud
    International Journal of Innovation and Industrial Revolution, 2020;2(5):1-17.
    MyJurnal
    Cloud computing technology has succeeded in attracting the interest of both academics and industries because of its ability to provide flexible, cost-effective, and adaptable services in IT solution deployment. The services offered to Cloud Service Subscriber (CSS) are based on the concept of on-demand self-service, scalability, and rapid elasticity, which allows fast deployment of IT solutions, whilst leads to possible misconfiguration, un-patched system, etc. which, allows security threats to compromise the cloud services operations. From the viewpoint of Cloud Service Provider (CSP), incidents such as data loss and information breach, will tarnish their reputations, whilst allow them to conserve the issues internally, in which there is no transparency between CSP and CSS. In the aspects of information security, CSP is encouraged to practice cybersecurity in their cloud services by adopting ISO/IEC27017:2015 inclusive of all additional security controls as mandatory requirements. This study was conducted to identify factors that are influencing the CSP readiness level in the cybersecurity implementation of their cloud services by leveraging the developed pre-assessment model to determine the level of cloud security readiness. Approached the study is based on the combination of qualitative and quantitative assessment method in validating the proposed model through interview and prototype testing. The findings of this study had shown that factors that influence the CSP level of cloud security readiness are based on these domains; technology, organisation, policy, stakeholders, culture, knowledge, and environment. The contribution of the study as a Pre-Assessment Model for CSP which is suitable to be used as a guideline to provide a safer cloud computing environment.
    Matched MeSH terms: Computer Security
  7. Fulltext Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks
    Al-Ani A, Anbar M, Laghari SA, Al-Ani AK
    PLoS One, 2020;15(5):e0232574.
    PMID: 32392261 DOI: 10.1371/journal.pone.0232574
    OpenFlow makes a network highly flexible and fast-evolving by separating control and data planes. The control plane thus becomes responsive to changes in topology and load balancing requirements. OpenFlow also offers a new approach to handle security threats accurately and responsively. Therefore, it is used as an innovative firewall that acts as a first-hop security to protect networks against malicious users. However, the firewall provided by OpenFlow suffers from Internet protocol version 6 (IPv6) fragmentation, which can be used to bypass the OpenFlow firewall. The OpenFlow firewall cannot identify the message payload unless the switch implements IPv6 fragment reassembly. This study tests the IPv6 fragmented packets that can evade the OpenFlow firewall, and proposes a new mechanism to guard against attacks carried out by malicious users to exploit IPv6 fragmentation loophole in OpenFlow networks. The proposed mechanism is evaluated in a simulated environment by using six scenarios, and results exhibit that the proposed mechanism effectively fixes the loophole and successfully prevents the abuse of IPv6 fragmentation in OpenFlow networks.
    Matched MeSH terms: Computer Security*
  8. Fulltext Privacy and data protection in mobile cloud computing: A systematic mapping study
    Alnajrani HM, Norman AA, Ahmed BH
    PLoS One, 2020;15(6):e0234312.
    PMID: 32525944 DOI: 10.1371/journal.pone.0234312
    As a result of a shift in the world of technology, the combination of ubiquitous mobile networks and cloud computing produced the mobile cloud computing (MCC) domain. As a consequence of a major concern of cloud users, privacy and data protection are getting substantial attention in the field. Currently, a considerable number of papers have been published on MCC with a growing interest in privacy and data protection. Along with this advance in MCC, however, no specific investigation highlights the results of the existing studies in privacy and data protection. In addition, there are no particular exploration highlights trends and open issues in the domain. Accordingly, the objective of this paper is to highlight the results of existing primary studies published in privacy and data protection in MCC to identify current trends and open issues. In this investigation, a systematic mapping study was conducted with a set of six research questions. A total of 1711 studies published from 2009 to 2019 were obtained. Following a filtering process, a collection of 74 primary studies were selected. As a result, the present data privacy threats, attacks, and solutions were identified. Also, the ongoing trends of data privacy exercise were observed. Moreover, the most utilized measures, research type, and contribution type facets were emphasized. Additionally, the current open research issues in privacy and data protection in MCC were highlighted. Furthermore, the results demonstrate the current state-of-the-art of privacy and data protection in MCC, and the conclusion will help to identify research trends and open issues in MCC for researchers and offer useful information in MCC for practitioners.
    Matched MeSH terms: Computer Security*
  9. Fulltext Using telemedicine to support care for people with type 2 diabetes mellitus: a qualitative analysis of patients' perspectives
    Lee JY, Chan CKY, Chua SS, Paraidathathu T, Lee KK, Tan CSS, et al.
    BMJ Open, 2019 Oct 22;9(10):e026575.
    PMID: 31640990 DOI: 10.1136/bmjopen-2018-026575
    OBJECTIVE: Telemedicine has been promoted as an economical and effective way to enhance patient care, but its acceptance among patients in low-income and middle-income countries is poorly understood. This study is aimed to explore the experiences and perspectives of people with type 2 diabetes mellitus that used telemedicine to manage their condition.

    DESIGN: In-depth and focus group interviews were conducted with participants who have engaged in telemedicine. Questions included were participants' perception on the programme being used, satisfaction as well as engagement with the telemedicine programme. All interviews and focus groups were audio-recorded and transcribed verbatim. Data were analysed using a thematic approach.

    PARTICIPANTS AND SETTING: People with type 2 diabetes (n=48) who participated in a randomised controlled study which examined the use of telemedicine for diabetes management were recruited from 11 primary care clinics located within the Klang Valley.

    RESULTS: Twelve focus groups and two in-depth interviews were conducted. Four themes emerged from the analysis: (1) generational difference; (2) independence and convenience, (3) sharing of health data and privacy and (4) concerns and challenges. The main obstacles found in patients using the telemedicine systems were related to internet connectivity and difficulties experienced with system interface. Cost was also another significant concern raised by participants. Participants in this study were primarily positive about the benefits of telemedicine, including its ability to provide real-time data and disease monitoring and the reduction in clinic visits.

    CONCLUSION: Despite the potential benefits of telemedicine in the long-term care of diabetes, there are several perceived barriers that may limit the effectiveness of this technology. As such, collaboration between educators, healthcare providers, telecommunication service providers and patients are required to stimulate the adoption and the use of telemedicine.NCT0246680.

    Matched MeSH terms: Computer Security
  10. A Systematic Review for Enabling of Develop a Blockchain Technology in Healthcare Application: Taxonomy, Substantially Analysis, Motivations, Challenges, Recommendations and Future Direction
    Hussien HM, Yasin SM, Udzir SNI, Zaidan AA, Zaidan BB
    J Med Syst, 2019 Sep 14;43(10):320.
    PMID: 31522262 DOI: 10.1007/s10916-019-1445-8
    Blockchain in healthcare applications requires robust security and privacy mechanism for high-level authentication, interoperability and medical records sharing to comply with the strict legal requirements of the Health Insurance Portability and Accountability Act of 1996. Blockchain technology in the healthcare industry has received considerable research attention in recent years. This study conducts a review to substantially analyse and map the research landscape of current technologies, mainly the use of blockchain in healthcare applications, into a coherent taxonomy. The present study systematically searches all relevant research articles on blockchain in healthcare applications in three accessible databases, namely, ScienceDirect, IEEE and Web of Science, by using the defined keywords 'blockchain', 'healthcare' and 'electronic health records' and their variations. The final set of collected articles related to the use of blockchain in healthcare application is divided into three categories. The first category includes articles (i.e. 43/58 scientific articles) that attempted to develop and design healthcare applications integrating blockchain, particularly those on new architecture, system designs, framework, scheme, model, platform, approach, protocol and algorithm. The second category includes studies (i.e., 6/58 scientific articles) that attempted to evaluate and analyse the adoption of blockchain in the healthcare system. Finally, the third category comprises review and survey articles (i.e., 6/58 scientific articles) related to the integration of blockchain into healthcare applications. The final articles for review are discussed on the basis of five aspects: (1) year of publication, (2) nationality of authors, (3) publishing house or journal, (4) purpose of using blockchain in health applications and the corresponding contributions and (5) problem types and proposed solutions. Additionally, this study provides identified motivations, open challenges and recommendations on the use of blockchain in healthcare applications. The current research contributes to the literature by providing a detailed review of feasible alternatives and identifying the research gaps. Accordingly, researchers and developers are provided with appealing opportunities to further develop decentralised healthcare applications through a comprehensive discussion of about the importance of blockchain and its integration into various healthcare applications.
    Matched MeSH terms: Computer Security/standards*
  11. Fulltext Can dynamic consent facilitate the protection of biomedical big data in biobanking in Malaysia?
    Abdul Aziz MF, Mohd Yusof AN
    Asian Bioeth Rev, 2019 Jun;11(2):209-222.
    PMID: 33717312 DOI: 10.1007/s41649-019-00086-2
    As with many other countries, Malaysia is also developing and promoting biomedical research to increase the understanding of human diseases and possible interventions. To facilitate this development, there is a significant growth of biobanks in the country to ensure continuous collection of biological samples for future research, which contain extremely important personal information and health data of the participants involved. Given the vast amount of samples and data accumulated by biobanks, they can be considered as reservoirs of precious biomedical big data. It is therefore imperative for biobanks to have in place regulatory measures to ensure ethical use of the biomedical big data. Malaysia has yet to introduce specific legislation for the field of biobanking. However, it can be argued that its existing Personal Data Protection Act 2010 (PDPA) has laid down legal principles that can be enforced to protect biomedical big data generated by the biobanks. Consent is a mechanism to enable data subjects to exercise their autonomy by determining how their data can be used and ensure compliance with legal principles. However, there are two main concerns surrounding the current practice of consent in biomedical big data in Malaysia. First, it is uncertain that the current practice would be able to respect the underlying notion of autonomy, and second, it is not in accordance with the legal principles of the PDPA. Scholars have deliberated on different strategies of informed consent, and a more interactive approach has recently been introduced: dynamic consent. It is argued that a dynamic consent approach would be able to address these concerns.
    Matched MeSH terms: Computer Security
  12. Smart Home-based IoT for Real-time and Secure Remote Health Monitoring of Triage and Priority System using Body Sensors: Multi-driven Systematic Review
    Talal M, Zaidan AA, Zaidan BB, Albahri AS, Alamoodi AH, Albahri OS, et al.
    J Med Syst, 2019 Jan 15;43(3):42.
    PMID: 30648217 DOI: 10.1007/s10916-019-1158-z
    The Internet of Things (IoT) has been identified in various applications across different domains, such as in the healthcare sector. IoT has also been recognised for its revolution in reshaping modern healthcare with aspiring wide range prospects, including economical, technological and social. This study aims to establish IoT-based smart home security solutions for real-time health monitoring technologies in telemedicine architecture. A multilayer taxonomy is driven and conducted in this study. In the first layer, a comprehensive analysis on telemedicine, which focuses on the client and server sides, shows that other studies associated with IoT-based smart home applications have several limitations that remain unaddressed. Particularly, remote patient monitoring in healthcare applications presents various facilities and benefits by adopting IoT-based smart home technologies without compromising the security requirements and potentially large number of risks. An extensive search is conducted to identify articles that handle these issues, related applications are comprehensively reviewed and a coherent taxonomy for these articles is established. A total number of (n = 3064) are gathered between 2007 and 2017 for most reliable databases, such as ScienceDirect, Web of Science and Institute of Electrical and Electronic Engineer Xplore databases. Then, the articles based on IoT studies that are associated with telemedicine applications are filtered. Nine articles are selected and classified into two categories. The first category, which accounts for 22.22% (n = 2/9), includes surveys on telemedicine articles and their applications. The second category, which accounts for 77.78% (n = 7/9), includes articles on the client and server sides of telemedicine architecture. The collected studies reveal the essential requirement in constructing another taxonomy layer and review IoT-based smart home security studies. Therefore, IoT-based smart home security features are introduced and analysed in the second layer. The security of smart home design based on IoT applications is an aspect that represents a crucial matter for general occupants of smart homes, in which studies are required to provide a better solution with patient security, privacy protection and security of users' entities from being stolen or compromised. Innovative technologies have dispersed limitations related to this matter. The existing gaps and trends in this area should be investigated to provide valuable visions for technical environments and researchers. Thus, 67 articles are obtained in the second layer of our taxonomy and are classified into six categories. In the first category, 25.37% (n = 17/67) of the articles focus on architecture design. In the second category, 17.91% (n = 12/67) includes security analysis articles that investigate the research status in the security area of IoT-based smart home applications. In the third category, 10.44% (n = 7/67) includes articles about security schemes. In the fourth category, 17.91% (n = 12/67) comprises security examination. In the fifth category, 13.43% (n = 9/67) analyses security protocols. In the final category, 14.92% (n = 10/67) analyses the security framework. Then, the identified basic characteristics of this emerging field are presented and provided in the following aspects. Open challenges experienced on the development of IoT-based smart home security are addressed to be adopted fully in telemedicine applications. Then, the requirements are provided to increase researcher's interest in this study area. On this basis, a number of recommendations for different parties are described to provide insights on the next steps that should be considered to enhance the security of smart homes based on IoT. A map matching for both taxonomies is developed in this study to determine the novel risks and benefits of IoT-based smart home security for real-time remote health monitoring within client and server sides in telemedicine applications.
    Matched MeSH terms: Computer Security/standards*
  13. Sensor-Based mHealth Authentication for Real-Time Remote Healthcare Monitoring System: A Multilayer Systematic Review
    Shuwandy ML, Zaidan BB, Zaidan AA, Albahri AS
    J Med Syst, 2019 Jan 06;43(2):33.
    PMID: 30612191 DOI: 10.1007/s10916-018-1149-5
    The new and groundbreaking real-time remote healthcare monitoring system on sensor-based mobile health (mHealth) authentication in telemedicine has considerably bounded and dispersed communication components. mHealth, an attractive part in telemedicine architecture, plays an imperative role in patient security and privacy and adapts different sensing technologies through many built-in sensors. This study aims to improve sensor-based defence and attack mechanisms to ensure patient privacy in client side when using mHealth. Thus, a multilayer taxonomy was conducted to attain the goal of this study. Within the first layer, real-time remote monitoring studies based on sensor technology for telemedicine application were reviewed and analysed to examine these technologies and provide researchers with a clear vision of security- and privacy-based sensors in the telemedicine area. An extensive search was conducted to find articles about security and privacy issues, review related applications comprehensively and establish the coherent taxonomy of these articles. ScienceDirect, IEEE Xplore and Web of Science databases were investigated for articles on mHealth in telemedicine-based sensor. A total of 3064 papers were collected from 2007 to 2017. The retrieved articles were filtered according to the security and privacy of sensor-based telemedicine applications. A total of 19 articles were selected and classified into two categories. The first category, 57.89% (n = 11/19), included survey on telemedicine articles and their applications. The second category, 42.1% (n = 8/19), included articles contributed to the three-tiered architecture of telemedicine. The collected studies improved the essential need to add another taxonomy layer and review the sensor-based smartphone authentication studies. This map matching for both taxonomies was developed for this study to investigate sensor field comprehensively and gain access to novel risks and benefits of the mHealth security in telemedicine application. The literature on sensor-based smartphones in the second layer of our taxonomy was analysed and reviewed. A total of 599 papers were collected from 2007 to 2017. In this layer, we obtained a final set of 81 articles classified into three categories. The first category of the articles [86.41% (n = 70/81)], where sensor-based smartphones were examined by utilising orientation sensors for user authentication, was used. The second category [7.40% (n = 6/81)] included attack articles, which were not intensively included in our literature analysis. The third category [8.64% (n = 7/81)] included 'other' articles. Factors were considered to understand fully the various contextual aspects of the field in published studies. The characteristics included the motivation and challenges related to sensor-based authentication of smartphones encountered by researchers and the recommendations to strengthen this critical area of research. Finally, many studies on the sensor-based smartphone in the second layer have focused on enhancing accurate authentication because sensor-based smartphones require sensors that could authentically secure mHealth.
    Matched MeSH terms: Computer Security/standards*
  14. Fulltext Understanding employees' perception towards personal data protection through their work processes in privacy enhancing technologies (pets) adoption
    May, Fen Gan, Hui, Na Chua, Siew, Fan Wong, Irene, Ai Lian Tan
    Malaysian Journal of Qualitative Research, 2019;5(2):6-21.
    MyJurnal
    With the increase of consumers’ privacy concerns and the government-enforced regulations on data protection, it is necessary for organizations to implement Privacy Enhancing Technologies (PETs) to protect consumers’ personal data. PETs refer to any protection in the form of technology. Since employees are the main stakeholders who are directly involved in the PETs implementation and execution process, it is important to understand employees’ perceptions especially those daily tasks involving the process of collecting and processing consumers’ data. Prior literature showed limited research on the effects of PETs implementation through employees’ work process and their perception on the implementation in protection personal data. Hence, the purpose of this research is to explore how PETs adoption affects employees’ work process and their perception. A qualitative single case study was adopted in a telecommunications company in Malaysia. Data were collected through in-depth interviews from nine respondents who were involved in data collecting, data processing and data controlling in their daily tasks. The results showed that employees experience difference levels of change depending on their work nature. The affected areas of change in implementing PETs are workload, communication level and data access. Employees also raised their concerns on vendors’ accountability. This research provides an insight into employees’ perception towards personal data protection based on their experience in implementing PETs. Continuous awareness, updates, monitoring and evaluating of system are perceived as the key to successful PETs implementation in protecting personal data.
    Matched MeSH terms: Computer Security
  15. Fulltext DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network
    Al-Ani AK, Anbar M, Manickam S, Al-Ani A
    PLoS One, 2019;14(4):e0214518.
    PMID: 30939154 DOI: 10.1371/journal.pone.0214518
    An efficiently unlimited address space is provided by Internet Protocol version 6 (IPv6). It aims to accommodate thousands of hundreds of unique devices on a similar link. This can be achieved through the Duplicate Address Detection (DAD) process. It is considered one of the core IPv6 network's functions. It is implemented to make sure that IP addresses do not conflict with each other on the same link. However, IPv6 design's functions are exposed to security threats like the DAD process, which is vulnerable to Denial of Service (DoS) attack. Such a threat prevents the host from configuring its IP address by responding to each Neighbor Solicitation (NS) through fake Neighbor Advertisement (NA). Various mechanisms have been proposed to secure the IPv6 DAD procedure. The proposed mechanisms, however, suffer from complexity, high processing time, and the consumption of more resources. The experiments-based findings revealed that all the existing mechanisms had failed to secure the IPv6 DAD process. Therefore, DAD-match security technique is proposed in this study to efficiently secure the DAD process consuming less processing time. DAD-match is built based on SHA-3 to hide the exchange tentative IP among hosts throughout the process of DAD in an IPv6 link-local network. The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks. The findings concluded that the DAD-match technique effectively prevents the DoS attack during the DAD process. The DAD-match technique is implemented on a small area IPv6 network; hence, the author future work is to implement and test the DAD-match technique on a large area IPv6 network.
    Matched MeSH terms: Computer Security*
  16. Fulltext Determinants of the willingness to participate in biobanking among Malaysian stakeholders in the Klang Valley
    Amin L, Hashim H, Mahadi Z, Ismail K
    BMC Med Res Methodol, 2018 12 05;18(1):163.
    PMID: 30518344 DOI: 10.1186/s12874-018-0619-2
    BACKGROUND: The demand in biobanking for the collection and maintenance of biological specimens and personal data from civilians to improve the prevention, diagnosis and treatment of diseases has increased notably. Despite the advancement, certain issues, specifically those related to privacy and data protection, have been critically discussed. The purposes of this study are to assess the willingness of stakeholders to participate in biobanking and to determine its predictors.

    METHODS: A survey of 469 respondents from various stakeholder groups in the Klang Valley region of Malaysia was carried out. Based on previous research, a multi-dimensional instrument measuring willingness to participate in biobanking, and its predictors, was constructed and validated. A single step Structural Equation Modelling was performed to analyse the measurements and structural model using the International Business Machines Corporation Software Package for Social Sciences, Analysis of Moment Structures (IBM SPSS Amos) version 20 with a maximum likelihood function.

    RESULTS: Malaysian stakeholders in the Klang Valley were found to be cautious of biobanks. Although they perceived the biobanks as moderately beneficial (mean score of 4.65) and were moderately willing to participate in biobanking (mean score of 4.10), they professed moderate concern about data and specimen protection issues (mean score of 4.33). Willingness to participate in biobanking was predominantly determined by four direct predictors: specific application-linked perceptions of their benefits (β = 0.35, p 
    Matched MeSH terms: Computer Security
  17. Real-Time Medical Systems Based on Human Biometric Steganography: a Systematic Review
    Mohsin AH, Zaidan AA, Zaidan BB, Ariffin SAB, Albahri OS, Albahri AS, et al.
    J Med Syst, 2018 Oct 29;42(12):245.
    PMID: 30374820 DOI: 10.1007/s10916-018-1103-6
    In real-time medical systems, the role of biometric technology is significant in authentication systems because it is used in verifying the identity of people through their biometric features. The biometric technology provides crucial properties for biometric features that can support the process of personal identification. The storage of biometric template within a central database makes it vulnerable to attack which can also occur during data transmission. Therefore, an alternative mechanism of protection becomes important to develop. On this basis, this study focuses on providing a detailed analysis of the extant literature (2013-2018) to identify the taxonomy and research distribution. Furthermore, this study also seeks to ascertain the challenges and motivations associated with biometric steganography in real-time medical systems to provide recommendations that can enhance the efficient use of real-time medical systems in biometric steganography and its applications. A review of articles on human biometric steganography in real-time medical systems obtained from three main databases (IEEE Xplore, ScienceDirect and Web of Science) is conducted according to an appropriate review protocol. Then, 41 related articles are selected by using exclusion and inclusion criteria. Majority of the studies reviewed had been conducted in the field of data-hiding (particularly steganography) technologies. In this review, various steganographic methods that have been applied in different human biometrics are investigated. Thereafter, these methods are categorised according to taxonomy, and the results are presented on the basis of human steganography biometric real-time medical systems, testing and evaluation methods, significance of use and applications and techniques. Finally, recommendations on how the challenges associated with data hiding can be addressed are provided to enhance the efficiency of using biometric information processed in any authentication real-time medical system. These recommendations are expected to be immensely helpful to developers, company users and researchers.
    Matched MeSH terms: Computer Security*
  18. Real-Time Remote Health Monitoring Systems Using Body Sensor Information and Finger Vein Biometric Verification: A Multi-Layer Systematic Review
    Mohsin AH, Zaidan AA, Zaidan BB, Albahri AS, Albahri OS, Alsalem MA, et al.
    J Med Syst, 2018 Oct 16;42(12):238.
    PMID: 30327939 DOI: 10.1007/s10916-018-1104-5
    The development of wireless body area sensor networks is imperative for modern telemedicine. However, attackers and cybercriminals are gradually becoming aware in attacking telemedicine systems, and the black market value of protected health information has the highest price nowadays. Security remains a formidable challenge to be resolved. Intelligent home environments make up one of the major application areas of pervasive computing. Security and privacy are the two most important issues in the remote monitoring and control of intelligent home environments for clients and servers in telemedicine architecture. The personal authentication approach that uses the finger vein pattern is a newly investigated biometric technique. This type of biometric has many advantages over other types (explained in detail later on) and is suitable for different human categories and ages. This study aims to establish a secure verification method for real-time monitoring systems to be used for the authentication of patients and other members who are working in telemedicine systems. The process begins with the sensor based on Tiers 1 and 2 (client side) in the telemedicine architecture and ends with patient verification in Tier 3 (server side) via finger vein biometric technology to ensure patient security on both sides. Multilayer taxonomy is conducted in this research to attain the study's goal. In the first layer, real-time remote monitoring studies based on the sensor technology used in telemedicine applications are reviewed and analysed to provide researchers a clear vision of security and privacy based on sensors in telemedicine. An extensive search is conducted to identify articles that deal with security and privacy issues, related applications are reviewed comprehensively and a coherent taxonomy of these articles is established. ScienceDirect, IEEE Xplore and Web of Science databases are checked for articles on mHealth in telemedicine based on sensors. A total of 3064 papers are collected from 2007 to 2017. The retrieved articles are filtered according to the security and privacy of telemedicine applications based on sensors. Nineteen articles are selected and classified into two categories. The first category, which accounts for 57.89% (n = 11/19), includes surveys on telemedicine articles and their applications. The second category, accounting for 42.1% (n = 8/19), includes articles on the three-tiered architecture of telemedicine. The collected studies reveal the essential need to construct another taxonomy layer and review studies on finger vein biometric verification systems. This map-matching for both taxonomies is developed for this study to go deeply into the sensor field and determine novel risks and benefits for patient security and privacy on client and server sides in telemedicine applications. In the second layer of our taxonomy, the literature on finger vein biometric verification systems is analysed and reviewed. In this layer, we obtain a final set of 65 articles classified into four categories. In the first category, 80% (n = 52/65) of the articles focus on development and design. In the second category, 12.30% (n = 8/65) includes evaluation and comparative articles. These articles are not intensively included in our literature analysis. In the third category, 4.61% (n = 3/65) includes articles about analytical studies. In the fourth category, 3.07% (n = 2/65) comprises reviews and surveys. This study aims to provide researchers with an up-to-date overview of studies that have been conducted on (user/patient) authentication to enhance the security level in telemedicine or any information system. In the current study, taxonomy is presented by explaining previous studies. Moreover, this review highlights the motivations, challenges and recommendations related to finger vein biometric verification systems and determines the gaps in this research direction (protection of finger vein templates in real time), which represent a new research direction in this area.
    Matched MeSH terms: Computer Security*
  19. Maintaining Security and Privacy in Health Care System Using Learning Based Deep-Q-Networks
    Mohamed Shakeel P, Baskar S, Sarma Dhulipala VR, Mishra S, Jaber MM
    J Med Syst, 2018 Aug 31;42(10):186.
    PMID: 30171378 DOI: 10.1007/s10916-018-1045-z
    In the recent past, Internet of Things (IoT) plays a significant role in different applications such as health care, industrial sector, defense and research etc.… It provides effective framework in maintaining the security, privacy and reliability of the information in internet environment. Among various applications as mentioned health care place a major role, because security, privacy and reliability of the medical information is maintained in an effective way. Even though, IoT provides the effective protocols for maintaining the information, several intermediate attacks and intruders trying to access the health information which in turn reduce the privacy, security and reliability of the entire health care system in internet environment. As a result and to solve the issues, in this research Learning based Deep-Q-Networks has been introduced for reducing the malware attacks while managing the health information. This method examines the medical information in different layers according to the Q-learning concept which helps to minimize the intermediate attacks with less complexity. The efficiency of the system has been evaluated with the help of experimental results and discussions.
    Matched MeSH terms: Computer Security*
  20. Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management
    Firdaus A, Anuar NB, Razak MFA, Hashem IAT, Bachok S, Sangaiah AK
    J Med Syst, 2018 May 04;42(6):112.
    PMID: 29728780 DOI: 10.1007/s10916-018-0966-x
    The increasing demand for Android mobile devices and blockchain has motivated malware creators to develop mobile malware to compromise the blockchain. Although the blockchain is secure, attackers have managed to gain access into the blockchain as legal users, thereby comprising important and crucial information. Examples of mobile malware include root exploit, botnets, and Trojans and root exploit is one of the most dangerous malware. It compromises the operating system kernel in order to gain root privileges which are then used by attackers to bypass the security mechanisms, to gain complete control of the operating system, to install other possible types of malware to the devices, and finally, to steal victims' private keys linked to the blockchain. For the purpose of maximizing the security of the blockchain-based medical data management (BMDM), it is crucial to investigate the novel features and approaches contained in root exploit malware. This study proposes to use the bio-inspired method of practical swarm optimization (PSO) which automatically select the exclusive features that contain the novel android debug bridge (ADB). This study also adopts boosting (adaboost, realadaboost, logitboost, and multiboost) to enhance the machine learning prediction that detects unknown root exploit, and scrutinized three categories of features including (1) system command, (2) directory path and (3) code-based. The evaluation gathered from this study suggests a marked accuracy value of 93% with Logitboost in the simulation. Logitboost also helped to predicted all the root exploit samples in our developed system, the root exploit detection system (RODS).
    Matched MeSH terms: Computer Security*
Related Terms
Filters
Contact Us

Please provide feedback to Administrator (afdal@afpm.org.my)

External Links