A framework for data privacy and security accountability in data breach communications
- Authors: Thomas, Louise , Gondal, Iqbal , Oseni, Taiwo , Firmin, Sally
- Date: 2022
- Type: Text , Journal article
- Relation: Computers and Security Vol. 116, no. (2022), p.
- Full Text: false
- Reviewed:
- Description: Organisations need to take steps to protect the privacy and security of the personal information they hold. However, when data is breached, how do individuals know whether the organisation took reasonable steps to protect their data? When breached organisations notify affected individuals, this communication is likely to be one of the few windows into the incident from the outside and can become an important artefact for research. This desktop study aimed to consider the extent to which publicly available Australian data breach communications reflect data privacy and security best practices. This paper presents a brief review of literature and government guidance on data security and privacy best practices, along with the results of a qualitative content analysis of 33 publicly available Australian data breach communications. This analysis illustrated that there was little reflection of data privacy and security practices. Literature, government guidance and the content analysis were used to inform and develop a new voluntary framework for organisations. This consists of a series of evaluation questions divided into two broad categories: responsible data management and responsible portrayal of the breach. The framework has the potential to help organisations plan the inclusion of data privacy and security management aspects in their data breach communications. This could assist organisations to address their legal and ethical responsibility to account for their actions in managing privacy and security of the personal data they hold. © 2022
An IIoT-Based Networked Industrial Control System Architecture to Secure Industrial Applications
- Authors: Sen, Sachin , Song, Lei
- Date: 2021
- Type: Text , Conference paper
- Relation: 2nd IEEE Industrial Electronics and Applications Conference, IEACon 2021, Virtual, Online,22-23 November 2021, IEACon 2021 - 2021 IEEE Industrial Electronics and Applications Conference p. 280-285
- Full Text: false
- Reviewed:
- Description: Behind the great success of the current internet, Open Systems Interconnect (OSI) and Transport Control Protocol/Internet Protocol (TCP/IP) standards play the most important role. Whereas, due to a lack of standard architectures, industrial internet is lagging behind. This makes industrial internet applications experience increased security risks due to their integration with the information technology and exposure to the public internet. In this research, we propose a layered architecture for industrial internet of things (IIoT) based networked industrial control systems (n-ICS). Layer-wise functionality of this architecture could be useful in identifying necessary security protocols for each layer. Subsequently, this might assist in allocating resources towards the secure operation of industrial applications. To validate the proposed architecture, we modelled a water flow control system, where we demonstrated a data deception attack on its operation at the physical layer. This demonstration validates that from within the close proximity of networked control systems, threat actors can launch possible attacks to deceive physical industrial applications. Our proposed system includes a network communication architecture and a corresponding security architecture aligning with the network architecture. This will facilitate the design of security suites and/or the allocation of security resources on the basis of layered network functionalities. © 2021 IEEE.
Coding observer nodes for sybil attacks detection in mobile wireless sensor networks
- Authors: Sassani Sarrafpour, Bahman , Alomirah, Alomirah , Pang, Shaning , Sarrafpour, Soshian
- Date: 2021
- Type: Text , Conference paper
- Relation: 19th IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2021, Shenyang, China. 20-22 October 2021, Proceedings - 2021 IEEE 19th International Conference on Embedded and Ubiquitous Computing, EUC 2021 p. 87-94
- Full Text: false
- Reviewed:
- Description: Sybil attack is one of the most common and serious attacks in wireless sensor networks, in which a malicious node illegitimately forges several (fake) identities. These fake copies confuse and collapse the network. Sybil attack causes too many threats to the routing algorithm, data aggregation, fair resource allocation, voting system, and misbehavior detection. In this paper, we propose a new lightweight algorithm for detecting the Sybil attack in mobile wireless sensor networks using observer nodes. Observer nodes are normal, trustful nodes which have been initially programmed to observe the network and report malicious behaviors. An observer node counts the number of times a node has appeared as a common neighbor between itself and its neighbors. After collecting some information about its neighbors, each observer node considers the nodes whose counters are above a threshold as critical, and nodes having all critical nodes in their neighborhood are considered suspicious nodes. The results show that the true detection rate of the proposed algorithm is 98.1%, and its false detection rate is 0.5%, while similar algorithms could not achieve better than 95.4% and 1.2% for these metrics, respectively. In addition, the proposed algorithm outperforms other algorithms in terms of overhead. © 2021 IEEE.
Ear in the sky : terrestrial mobile jamming to prevent aerial eavesdropping
- Authors: Wang, Qubeijian , Liu, Yalin , Dai, Hong-Ning , Imran, Muhammad , Nasser, Nidal
- Date: 2021
- Type: Text , Conference paper
- Relation: 2021 IEEE Global Communications Conference, GLOBECOM 2021, Madrid, 7-11 December 2021, 2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings
- Full Text: false
- Reviewed:
- Description: The emerging unmanned aerial vehicles (UAVs) pose a potential security threat for terrestrial communications when UAVs can be maliciously employed as UAV-eavesdroppers to wiretap confidential communications. To address such an aerial security threat, we present a friendly jamming scheme named terrestrial mobile jamming (TMJ) to protect terrestrial confidential communications from UAV eavesdropping. In our TMJ scheme, a jammer moving along the protection area can emit jamming signals toward the UAV-eavesdropper so as to reduce the eavesdropping risk. We evaluate the performance of our scheme by analyzing a secrecy-capacity maximization problem subject to the legitimate connectivity and eavesdropping probability. In addition, we investigate the optimized position for the jammer as well as its jamming power. Simulation results verify the effectiveness of the proposed scheme. © 2021 IEEE.
Is blockchain for internet of medical things a panacea for COVID-19 pandemic?
- Authors: Li, Xuran , Tao, Bishenghui , Dai, Hong-Ning , Imran, Muhammad , Wan, Dehuan , Li, Dengwang
- Date: 2021
- Type: Text , Journal article
- Relation: Pervasive and Mobile Computing Vol. 75, no. (2021), p.
- Full Text: false
- Reviewed:
- Description: The outbreak of the COVID-19 pandemic has deeply influenced the lifestyle of the general public and the healthcare system of the society. As a promising approach to address the emerging challenges caused by the epidemic of infectious diseases like COVID-19, Internet of Medical Things (IoMT) deployed in hospitals, clinics, and healthcare centers can save the diagnosis time and improve the efficiency of medical resources though privacy and security concerns of IoMT stall the wide adoption. In order to tackle the privacy, security, and interoperability issues of IoMT, we propose a framework of blockchain-enabled IoMT by introducing blockchain to incumbent IoMT systems. In this paper, we review the benefits of this architecture and illustrate the opportunities brought by blockchain-enabled IoMT. We also provide use cases of blockchain-enabled IoMT on fighting against the COVID-19 pandemic, including the prevention of infectious diseases, location sharing and contact tracing, and the supply chain of injectable medicines. We also outline future work in this area. © 2021 Elsevier B.V.
Towards secure fog computing: A survey on trust management, privacy, authentication, threats and access control
- Authors: Patwary, Abdullah Al-Noman , Naha, Ranesh Kumar , Garg, Saurabh , Battula, Sudheer Kumar , Patwary, Md Anwarul Kaium , Aghasian, Erfan , Amin, Muhammad Bilal , Mahanti, Aniket , Gong, Mingwei
- Date: 2021
- Type: Text , Journal article
- Relation: Electronics Vol. 10, no. 10 (2021), p. 1171
- Full Text: false
- Reviewed:
- Description: Fog computing is an emerging computing paradigm that has come into consideration for the deployment of Internet of Things (IoT) applications amongst researchers and technology industries over the last few years. Fog is highly distributed and consists of a wide number of autonomous end devices, which contribute to the processing. However, the variety of devices offered across different users are not audited. Hence, the security of Fog devices is a major concern that should come into consideration. Therefore, to provide the necessary security for Fog devices, there is a need to understand what the security concerns are with regards to Fog. All aspects of Fog security, which have not been covered by other literature works, need to be identified and aggregated. On the other hand, privacy preservation for user’s data in Fog devices and application data processed in Fog devices is another concern. To provide the appropriate level of trust and privacy, there is a need to focus on authentication, threats and access control mechanisms as well as privacy protection techniques in Fog computing. In this paper, a survey along with a taxonomy is proposed, which presents an overview of existing security concerns in the context of the Fog computing paradigm. Moreover, the Blockchain-based solutions towards a secure Fog computing environment is presented and various research challenges and directions for future research are discussed.
A blockchain-based privacy-preserving mechanism with aggregator as common communication point
- Authors: Yahaya, Adamu , Javaid, Nadeem , Khalid, Rabiya , Imran, Muhammad , Guizani, Mohsen
- Date: 2020
- Type: Text , Conference paper
- Relation: 2020 IEEE International Conference on Communications, ICC 2020, Dublin, Ireland, 7 to 11 June, IEEE International Conference on Communications Vol. 2020-June
- Full Text: false
- Reviewed:
- Description: The high penetration of renewable energy resources into the distributed system and their intermittent behavior of the non-dispatchable generation causes issues of demand supply mismatch and serious security and privacy concerned in the system. It is believed that incorporating blockchain will reduce costs, enhance data security, and improve the system efficiency. However, privacy issues are not completely eliminated and can hinder the wide applications of blockchain. In the study, we present a Reputation Based Starvation Free Energy Allocation Policy (Reputation-SFEAP) in a decentralized and distributed blockchain-based energy trading; while keeping Aggregator as Common Communication Point. In addition, Identity-Based encryption (ID-Based encryption) technique is added that improves transactional information privacy. According to the research analysis, it is observed that the proposed system model has optimal and fair energy allocation algorithms, which prevent all the energy users from energy starvation and share the available energy accordingly. Moreover, the incorporated encryption system has greater security-privacy level, which protects passive attacker and disguises attacker from penetration. © 2020 IEEE.
A distributed and anonymous data collection framework based on multilevel edge computing architecture
- Authors: Usman, Muhammad , Jan, Mian , Jolfaei, Alireza , Xu, Min , He, Xiangjian , Chen, Jinjun
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Transactions on Industrial Informatics Vol. 16, no. 9 (2020), p. 6114-6123
- Full Text: false
- Reviewed:
- Description: Industrial Internet of Things applications demand trustworthiness in terms of quality of service (QoS), security, and privacy, to support the smooth transmission of data. To address these challenges, in this article, we propose a distributed and anonymous data collection (DaaC) framework based on a multilevel edge computing architecture. This framework distributes captured data among multiple level-one edge devices (LOEDs) to improve the QoS and minimize packet drop and end-to-end delay. Mobile sinks are used to collect data from LOEDs and upload to cloud servers. Before data collection, the mobile sinks are registered with a level-two edge-device to protect the underlying network. The privacy of mobile sinks is preserved through group-based signed data collection requests. Experimental results show that our proposed framework improves QoS through distributed data transmission. It also helps in protecting the underlying network through a registration scheme and preserves the privacy of mobile sinks through group-based data collection requests. © 2005-2012 IEEE.
Artificial noise aided scheme to secure UAV-assisted internet of things with wireless power transfer
- Authors: Wang, Qubeijian , Dai, Hong-Ning , Li, Xuran , Shukla, Mahendra , Imran, Muhammad
- Date: 2020
- Type: Text , Journal article
- Relation: Computer Communications Vol. 164, no. (2020), p. 1-12
- Full Text: false
- Reviewed:
- Description: The proliferation of massive Internet of Things (IoT) devices poses research challenges especially in unmanned aerial vehicles(UAV)-assisted IoT. In particular, the limited battery capacity not only restricts the life time of UAV-assisted IoT but also brings security vulnerabilities since computation-complex cryptographic algorithms cannot be adopted in UAV-assisted IoT systems. In this paper, artificial noise and wireless power transfer technologies are integrated to secure communications in UAV-assisted IoT (particularly in secret key distribution). We present the artificial noise aided scheme to secure UAV-assisted IoT communications by letting UAV gateway transfer energy to a number of helpers who will generate artificial noise to interfere with the eavesdroppers while the legitimate nodes can decode the information by canceling additive artificial noise. We introduce the eavesdropping probability and the security rate to validate the effectiveness of our proposed scheme. We further formulate an eavesdropping probability constrained security rate maximization problem to investigate the optimal power allocation. Moreover, analytical and numerical results are provided to obtain some useful insights, and to demonstrate the effect of crucial parameters (e.g., the transmit power, the main channel gain) on the eavesdropping probability, the security rate, and the optimal power allocation. © 2020 Elsevier B.V.
Countering stasistical attacks in cloud-based searchable encryption
- Authors: Ahsan, M. , Ali, Ihsan , Bin Idris, Mohd , Imran, Muhammad , Shoaib, Muhammad
- Date: 2020
- Type: Text , Journal article
- Relation: International Journal of Parallel Programming Vol. 48, no. 3 (2020), p. 470-495
- Full Text: false
- Reviewed:
- Description: Searchable encryption (SE) is appearing as a prominent solution in the intersection of privacy protection and efficient retrieval of data outsourced to cloud computing storage. While it preserves privacy by encrypting data, yet supports search operation without data leakage. Due to its applicability, many research communities have proposed different SE schemes under various security definitions with numerous customary features (i.e. multi keyword search, ranked search). However, by reason of multi-keyword ranked search, SE discloses encrypted document list corresponding to multiple (secure) query keywords (or trapdoor). Such disclosure of statistical information helps an attacker to analyze and deduce the content of the data. To counter statistical information leakage in SE, we propose a scheme referred to as Countering Statistical Attack in Cloud based Searchable Encryption (CSA-CSE) that resorts to randomness in all components of an SE. CSA-CSE adopts inverted index that is built with a hash digest of a pair of keywords. Unlike existing schemes, ranking factors (i.e. relevance scores) rank the documents and then they no longer exist in the secure index (neither in order preserving encrypted form). Query keywords are also garbled with randomness in order to hide actual query/result statistics. Our security analysis and experiment on request for comments database ensure the security and efficiency of CSA-CSE. © 2018, Springer Science+Business Media, LLC, part of Springer Nature. Correction to: Countering Statistical Attacks in Cloud-Based Searchable Encryption (International Journal of Parallel Programming, (2020), 48, 3, (470-495), 10.1007/s10766-018-0584-8)The original article has been published with an incorrect grant number in the acknowledgements which should be RG # 1439-036. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
Security challenges and solutions for 5G HetNet
- Authors: Sharma, Aakanksha , Balasubramanian, Venki , Jolfaei, Alireza
- Date: 2020
- Type: Text , Conference paper
- Relation: 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) p. 1318-1323
- Full Text: false
- Reviewed:
- Description: The exponential growth of smartphones and other smart communicating devices has led to the proliferation of the Internet of Things (IoT) applications. Literature shows, one person will have more than six intelligent connected devices in future. The existing network infrastructure and bandwidth will be unable to accommodate the growing number of smart connected devices, therefore, achieving the expected Quality of Service (QoS) and Quality of Experience (QoE) remains a challenge. The advent and deployment of 5G network bring a massive number of innovative network services and exceptional user experience by providing superior data rates. Despite numerous benefits that 5G offers, the security and privacy in 5G is a challenge due to the existing large number of heterogeneous networks (HetNet). To harvest the numerous benefits of 5G, it is imperative to provide adequate protection mechanisms to maintain the user and data privacy in growing HetNet. This article comprehensively addresses the existing security issues in 5G HetNet and solutions for the identified problems in the HetNet edge. © 2020 IEEE.
Vulnerability modelling for hybrid industrial control system networks
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzaman, Joarder , Jolfaei, Alireza
- Date: 2020
- Type: Text , Journal article
- Relation: Journal of Grid Computing Vol. 18, no. 4 (2020), p. 863-878
- Full Text: false
- Reviewed:
- Description: With the emergence of internet-based devices, the traditional industrial control system (ICS) networks have evolved to co-exist with the conventional IT and internet enabled IoT networks, hence facing various security challenges. The IT industry around the world has widely adopted the common vulnerability scoring system (CVSS) as an industry standard to numerically evaluate the vulnerabilities in software systems. This mathematical score of vulnerabilities is combined with environmental knowledge to determine the vulnerable nodes and attack paths. IoT and ICS systems have unique dynamics and specific functionality as compared to traditional computer networks, and therefore, the legacy cyber security models would not fit these advanced networks. In this paper, we studied the CVSS v3.1 framework’s application to ICS embedded networks and an improved vulnerability framework, named CVSSIoT-ICS, is proposed. CVSSIoT-ICS and CVSS v3.1 are applied to a realistic supply chain hybrid network which consists of IT, IoT, and ICS nodes. This hybrid network is assigned with actual vulnerabilities listed in the national vulnerability database (NVD). The comparison results confirm the effectiveness of CVSSIoT-ICS framework as it is equally applicable to all nodes of a hybrid network and evaluates the vulnerabilities based on the distinct features of each node type. © 2020, Springer Nature B.V.
Novel notions of zero injection property of buses in optimal PMU location with efficient observability enhancement focusing on security concepts
- Authors: Ghamsari-Yazdel, Mohammad , Najafi, Hamid reza , Amjady, Nima
- Date: 2019
- Type: Text , Journal article
- Relation: Electric power systems research Vol. 169, no. (2019), p. 24-34
- Full Text: false
- Reviewed:
- Description: •Novel concepts in zero-injection buses (ZIBs) are introduced.•The reliability of fragile areas monitoring from overvoltage viewpoint is enhanced.•PMUs/redundant measurements are optimally located based on overvoltage risk sensitivity of buses.•New security concepts are introduced to model channel failure, PMU loss, and branch outage.•In the case of branch outage, selective security criteria are considered so as to enhance security of network observability against cascading failures. In this paper, a new method is proposed for security-oriented, optimal placement of phasor measurement units (PMUs) incorporating efficient observability redundancy. In this way, novel concepts in zero-injection buses (ZIBs) are introduced. The proposed concepts regard aspects of the ZIBs effect that have not yet been studied thus, by applying this concept, maximum possible capacity of the ZIBs will be available for use. Therefore, the proposed method is capable of producing optimum possible results with tangibly higher ZIBs capacity usage and measurement redundancy levels than those reached in preceding works. In addition, the reliability of fragile areas monitoring from overvoltage viewpoint is enhanced. Considering the fact that complete synchronized network observability is undeniably significant for making control decision in critical conditions to avoid brownouts or blackouts, a novel practical framework is proposed based on backup observability concept in order to model branch outage in addition to PMU loss and channel failure. All proposed security models can be tested by practical, large-scale test systems such as Polish 2383- and 3375-bus. Also, in the case of branch outage, selective security criteria are considered so as to enhance security of network observability against cascading failures in electric power systems.
P2DCA: A Privacy-preserving-based data collection and analysis framework for IoMT applications
- Authors: Usman, Muhammad , Jan, Mian Ahmad , He, Xiangjian , Chen, Jinjun
- Date: 2019
- Type: Text , Journal article
- Relation: IEEE journal on selected areas in communications Vol. 37, no. 6 (2019), p. 1222-1230
- Full Text: false
- Reviewed:
- Description: The concept of Internet of Multimedia Things (IoMT) is becoming popular nowadays and can be used in various smart city applications, e.g., traffic management, healthcare, and surveillance. In the IoMT, the devices, e.g., Multimedia Sensor Nodes (MSNs), are capable of generating both multimedia and non-multimedia data. The generated data are forwarded to a cloud server via a Base Station (BS). However, it is possible that the Internet connection between the BS and the cloud server may be temporarily down. The limited computational resources restrict the MSNs from holding the captured data for a longer time. In this situation, mobile sinks can be utilized to collect data from MSNs and upload to the cloud server. However, this data collection may create privacy issues, such as revealing identities and location information of MSNs. Therefore, there is a need to preserve the privacy of MSNs during mobile data collection. In this paper, we propose an efficient privacy-preserving-based data collection and analysis (P2DCA) framework for IoMT applications. The proposed framework partitions an underlying wireless multimedia sensor network into multiple clusters. Each cluster is represented by a Cluster Head (CH). The CHs are responsible to protect the privacy of member MSNs through data and location coordinates aggregation. Later, the aggregated multimedia data are analyzed on the cloud server using a counter-propagation artificial neural network to extract meaningful information through segmentation. Experimental results show that the proposed framework outperforms the existing privacy-preserving schemes, and can be used to collect multimedia data in various IoMT applications.
Perception layer security in internet of things
- Authors: Khattak, Hasan , Shah, Munam , Khan, Sangeen , Ali, Ihsan , Imran, Muhammad
- Date: 2019
- Type: Text , Journal article
- Relation: Future Generation Computer Systems Vol. 100, no. (2019), p. 144-164
- Full Text: false
- Reviewed:
- Description: Internet of Things (IoT) is one of the rising innovations of the current era that has largely attracted both the industry and the academia. Life without the IoT is entirely indispensable. To dispel the doubts, if any, about the widespread adoption, the IoT certainly necessitates both technically and logically correct solutions to ensure the underlying security and privacy. This paper explicitly investigates the security issues in the perception layer of IoT, the countermeasures and the research challenges faced for large scale deployment of IoT. Perception layer being one of the important layers in IoT is responsible for data collection from things and its successful transmission for further processing. The contribution of this paper is twofold. Firstly, we describe the crucial components of the IoT (i.e., architectures, standards, and protocols) in the context of security at perception layer followed by IoT security requirements. Secondly, after describing the generic IoT-layered security, we focus on two key enabling technologies (i.e., RFID and sensor network) at the perception layer. We categorize and classify various attacks at different layers of both of these technologies through taxonomic classification and discuss possible solutions. Finally, open research issues and challenges relevant to the perception layer are identified and analyzed. © 2019 Elsevier B.V.
Vulnerability modelling for hybrid IT systems
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzuman, Joarder , Jolfaei, Alireza , IEEE
- Date: 2019
- Type: Text , Book chapter
- Relation: 2019 IEEE International Conference on Industrial Technology p. 1186-1191
- Full Text: false
- Reviewed:
- Description: Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.
Alignment-free fingerprint template protection technique based on minutiae neighbourhood information
- Authors: Nazmul, Rumana , Islam, Rafiqul , Chowdhury, Ahsan
- Date: 2018
- Type: Text , Conference proceedings
- Relation: International Conference on Applications and Techniques in Cyber Security and Intelligence, ATCSI 2017; Ningbo, China; 16th-18th June 2017; published in International Conference on Applications and Techniques in Cyber Security and Intelligence : Applications and Techniques in Cyber Security and Intelligence (Advances in Intelligent Systems and Computing series) Vol. 580, p. 256-265
- Full Text: false
- Reviewed:
- Description: With the emergence and extensive deployment of biometric-based user authentication system, ensuring the security of biometric template is becoming a growing concern in the research community. One approach to securing template is to transform the original biometric features into a non-invertible form and to use it for a person’s authentication. Registration-based template protection schemes require an accurate alignment of the enrolled and the query images, which is very difficult to achieve. To overcome the alignment issue, registration-free template protection approaches have been proposed that rely on local features such as minutiae details in a fingerprint image. In this paper, we develop an alignment-free fingerprint template protection technique which extracts the rotation and translation invariant features from the neighbouring region of each minutia and then exploits the neighbourhood information to achieve the non-invertible property. Evaluation of the proposed scheme on FVC2002 DB1-B shows that the new method exhibits satisfactory performance in terms of recognition accuracy, computational complexity, and security. © 2018, Springer International Publishing AG.
New subjectivities of work? : technologies and capitalism into the future
- Authors: Smith, Naomi , Holtum, P.
- Date: 2018
- Type: Text , Journal article
- Relation: Arena journal Vol. , no. 51/52 (2018), p. 153-176
- Full Text: false
- Reviewed:
- Description: Insecurity is no longer a condition that is specific to a set class of workers it has become a global issue. It can affect workers of any age, gender or ethnicity, across industrial or service sectors, and even our universities are no longer safe from casualisation, underemployment and outsourcing. To be sure, employment has always had elements of precariousness associated with it, particularly in the primary sectors. However, the steady intensification of capitalism around the world, and its intrusion into almost every facet of human endeavour, has meant that precarious work, as Arne Kalleberg writes, 'has become much more pervasive and generalized: [even] professional and managerial jobs are also precarious these days'. The telltale signs of precarity, such as insecurity, uncertainty and atomisation/individualisation, are frequently associated with the neoliberalisation of global societies. The twin mantras of flexibility and mobility across the economic market are further evidence of neoliberal principles, as an increasingly casualised work force allows employers the flexibility to shed and acquire labourers in accordance with the demands of capital rather than any humanitarian concern.
The rise of ransomware and emerging security challenges in the internet of things
- Authors: Yaqoob, Ibrar , Ahmed, Ejaz , Rehman, Muhammad , Ahmed, Abdelmuttlib , Imran, Muhammad
- Date: 2017
- Type: Text , Journal article
- Relation: Computer Networks Vol. 129, no. (2017), p. 444-458
- Full Text: false
- Reviewed:
- Description: With the increasing miniaturization of smartphones, computers, and sensors in the Internet of Things (IoT) paradigm, strengthening the security and preventing ransomware attacks have become key concerns. Traditional security mechanisms are no longer applicable because of the involvement of resource-constrained devices, which require more computation power and resources. This paper presents the ransomware attacks and security concerns in IoT. We initially discuss the rise of ransomware attacks and outline the associated challenges. Then, we investigate, report, and highlight the state-of-the-art research efforts directed at IoT from a security perspective. A taxonomy is devised by classifying and categorizing the literature based on important parameters (e.g., threats, requirements, IEEE standards, deployment level, and technologies). Furthermore, a few credible case studies are outlined to alert people regarding how seriously IoT devices are vulnerable to threats. We enumerate the requirements that need to be met for securing IoT. Several indispensable open research challenges (e.g., data integrity, lightweight security mechanisms, lack of security software's upgradability and patchability features, physical protection of trillions of devices, privacy, and trust) are identified and discussed. Several prominent future research directions are provided. © 2017 Elsevier B.V. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Muhammad Imran” is provided in this record**
Security in software-defined networking : threats and countermeasures
- Authors: Shu, Zhaogang , Wan, Jiafu , Li, Di , Lin, Jiaxiang , Vasilakos, Athanasios , Imran, Muhammad
- Date: 2016
- Type: Text , Journal article
- Relation: Mobile Networks and Applications Vol. 21, no. 5 (2016), p. 764-776
- Full Text: false
- Reviewed:
- Description: In recent years, Software-Defined Networking (SDN) has been a focus of research. As a promising network architecture, SDN will possibly replace traditional networking, as it brings promising opportunities for network management in terms of simplicity, programmability, and elasticity. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be also paid to security at this early design stage. This paper focuses on the security aspects of SDN. We begin by discussing characteristics and standards of SDN. On the basis of these, we discuss the security features as a whole and then analyze the security threats and countermeasures in detail from three aspects, based on which part of the SDN paradigm they target, i.e., the data forwarding layer, the control layer and the application layer. Countermeasure techniques that could be used to prevent, mitigate, or recover from some of such attacks are also described, while the threats encountered when developing these defensive mechanisms are highlighted. © 2016, Springer Science+Business Media New York.