-------- Original Message -------- Subject: [AISWorld] ToC: IJITSA 4(2) issue Date: Tue, 9 Aug 2011 14:17:12 -0500 (CDT) From: Manuel Mora T. mmora@securenym.net Reply-To: mmora@securenym.net To: aisworld@lists.aisnet.org CC: frank.stowell@port.ac.uk, ijitsa@gmail.com
*********************************************************************** The contents of the latest issue of: International Journal of Information Technologies and Systems Approach (IJITSA) Official Publication of the Information Resources Management Association Volume 4, Issue 2, July-December 2011 Published: Semi-Annually in Print and Electronically ISSN: 1935-570X EISSN: 1935-5718 Published by IGI Publishing, Hershey-New York, USA www.igi-global.com/ijitsa
Editors-in-Chief: Frank Stowell, University of Portsmouth, UK; and Manuel Mora, Universidad Autónoma de Aguascalientes, México
Special Theme Issue on Security and Privacy
EDITORIAL PREFACE
Frank Stowell, University of Portsmouth, UK, Vasilios Katos, Democritus University of Thrace, Greece
To read the preface, click on the link below, and then click "View PDF" under "Preface." http://www.igi-global.com/bookstore/titledetails.aspx?titleid=47961&deta...
PAPER ONE
Preventative Actions for Enhancing Online Protection and Privacy
Steven Furnell, University of Plymouth, UK Rossouw von Solms, Nelson Mandela Metropolitan University, South Africa Andy Phippen, University of Plymouth, UK
Many citizens rely upon online services, and it is certain that this reliance will increase in the future. However, they frequently lack a solid appreciation of the related safety and security issues, and can be missing out on an essential aspect of awareness in everyday life. Indeed, users are often concerned about online threats, but it would be stretching the point to claim that they are fully aware of the problems. Thus, rather than actually protecting themselves, many will simply accept that they are taking a risk. This paper examines the problem of establishing end-user eSafety awareness, and proposes means by which related issues can be investigated and addressed. Recognising that long-term attitudes and practices will be shaped by early experiences with the technology, it is particularly important to address the issue early and improve awareness amongst young people. However, the problem is unlikely to be addressed via the approaches that would traditionally be applied with adult users. As such, the paper examines information gathering and awareness-raising strategies drawing from qualitative methodologies in the social sciences, whose pluralistic approach can be effectively applied within school contexts.
To obtain a copy of the entire article, click on the link below. http://www.igi-global.com/bookstore/article.aspx?titleid=55800
To read a PDF sample of this article, click on the link below. http://www.igi-global.com/viewtitlesample.aspx?id=55800
PAPER TWO
Minimising Collateral Damage: Privacy-Preserving Investigative Data Acquisition Platform
Zbigniew Kwecka, Edinburgh Napier University, UK William J. Buchanan, Edinburgh Napier University, UK
Investigators often define invasion of privacy as collateral damage. Inquiries that require gathering data from third parties, such as banks, Internet Service Providers (ISPs) or employers are likely to impact the relationship between the data subject and the data controller. In this research a novel privacy-preserving approach to mitigate collateral damage during the acquisition process is presented. This approach is based on existing Private Information Retrieval (PIR) protocols, which cannot be employed in an investigative context. This paper provides analysis of the investigative data acquisition process and proposes three modifications that can enable existing PIR protocols to perform investigative enquiries on large databases, including communication traffic databases maintained by ISPs. IDAP is an efficient Symmetric PIR (SPIR) protocol optimised for the purpose of facilitating public authorities? enquiries for evidence. It introduces a semi-trusted proxy into the PIR process in order to gain the acceptance of the general public. In addition, the dilution factor is defined as the level of anonymity required in a given investigation. This factor allows investigators to restrict the number of records processed, and therefore, minimise the processing time, while maintaining an appropriate level of privacy.
To obtain a copy of the entire article, click on the link below. http://www.igi-global.com/bookstore/article.aspx?titleid=55801
To read a PDF sample of this article, click on the link below. http://www.igi-global.com/viewtitlesample.aspx?id=55801
PAPER THREE
A Cross Layer Spoofing Detection Mechanism for Multimedia Communication Services
Nikos Vrakas, University of Piraeus, Greece Costas Lambrinoudakis, University of Piraeus, Greece
The convergence of different network types under the same architecture offers the opportunity for low cost multimedia services. The main objective has been the high quality of the provided services. However, considering that older equipment with limited processing capabilities may be present in such environments, a tradeoff between security and service quality is inevitable. Specifically, low resource enabled devices cannot utilize state of the art security mechanisms, such as IPSec tunnels, integrity mechanisms, etc., and they simply employ HTTP Digest authentication. The lack of integrity mechanisms in particular raises many security concerns for the IMS infrastructures. Attacks such as Man in the Middle (MitM), spoofing, masquerading, and replay that can be launched in IMS environments, have been pinpointed in bibliography by various researchers. Moreover, an internal attacker may utilize his legitimate security tunnels in order to launch spoofing and identity theft attacks. This paper presents a cross-layer spoofing detection mechanism that protects SIP-based infrastructures from the majority of the aforementioned attacks without requiring an additional cryptographic scheme which would inevitably introduce considerable overheads.
To obtain a copy of the entire article, click on the link below. http://www.igi-global.com/bookstore/article.aspx?titleid=55802
To read a PDF sample of this article, click on the link below. http://www.igi-global.com/viewtitlesample.aspx?id=55802
PAPER FOUR
Cryptographic Approaches for Privacy Preservation in Location-Based Services: A Survey
Emmanouil Magkos, Ionian University, Greece
Current research in location-based services (LBSs) highlights the importance of cryptographic primitives in privacy preservation for LBSs, and presents solutions that attempt to support the (apparently) mutually exclusive requirements for access control and context privacy (i.e., identity and/or location), while at the same time adopting more conservative assumptions in order to reduce or completely remove the need for trust on system entities (e.g., the LBS provider, the network operator, or other peer nodes). This paper surveys the current state of knowledge concerning the use of cryptographic primitives for privacy-preservation in LBS applications.
To obtain a copy of the entire article, click on the link below. http://www.igi-global.com/bookstore/article.aspx?titleid=55803
To read a PDF sample of this article, click on the link below. http://www.igi-global.com/viewtitlesample.aspx?id=55803
PAPER FIVE
Deploying Privacy Improved RBAC in Web Information Systems
Ioannis Mavridis, University of Macedonia, Greece
Access control technology holds a central role in achieving trustworthy management of personally identifiable information in modern information systems. In this article, a privacy-sensitive model that extends Role-Based Access Control (RBAC) to provide privacy protection through fine-grained and just-in-time access control in Web information systems is proposed. Moreover, easy and effective mapping of corresponding components is recognized as an important factor for succeeding in matching security and privacy objectives. Such a process is proposed to be accomplished by capturing and modeling privacy requirements in the early stages of information system development. Therefore, a methodology for deploying the mechanisms of an access control system conforming to the proposed Privacy Improved Role-Based Access Control (PIRBAC) model is presented. To illustrate the application of the proposed methodology, an application example in the healthcare domain is described.
To obtain a copy of the entire article, click on the link below. http://www.igi-global.com/bookstore/article.aspx?titleid=55804
To read a PDF sample of this article, click on the link below. http://www.igi-global.com/viewtitlesample.aspx?id=55804
INTERVIEW
Interview with Gene Tsudik
Interviewed by Vasilios Katos, Democritus University of Thrace, Greece
To read the interview, click on the link below, and then click "View PDF" under "Interview." http://www.igi-global.com/bookstore/titledetails.aspx?titleid=47961&deta...
For full copies of the above articles, check for this issue of the International Journal of Information Technologies and Systems Approach (IJITSA) in your institution's library. This journal is also included in the IGI Global aggregated "InfoSci-Journals" database: http://www.igi-global.com/EResources/InfoSciJournals.aspx. ***********************************************************************
_______________________________________________ AISWorld mailing list AISWorld@lists.aisnet.org
-
Gustaf Neumann