Charles A. Shoniregun

Critical Review of Unsecured WEP

The wireless LANs (WLANs) have become more prevalent and are widely deployed in many places such as corporate office conference rooms, industrial warehouses, campus, residences, cafe etc. The IEEE 802.11-based WLAN presents new challenges for network administrators and information security administrators alike. The security of a WLAN is very important, especially for applications hosting valuable information. Unlike the relative simplicity of wired Ethernet deployments, 802.11-based WLANs broadcast radio-frequency (RF) data for the client stations to receive. This presents new and complex security issues that involve augmenting the 802.11 standard. This paper critically reviews main security flaws of WEP, including short IV, key reuse, poor key management, and inappropriate RC4 and CRC-32 algorithms. It also describes a useful VPN security measure to enhance the level of security for the WLAN employing WEP.

Addressing the vulnerability of the 4-way handshake of 802.11i

This paper will introduce IEEE 802.11i, the new generation of security standard for wireless local area network (WLAN), analyze 802.1x authentication and key management mechanisms, elaborate on the 4-way handshake protocol, point out the vulnerability of the protocol and the possible attack it may incur taking into consideration the actual conditions, describe a solution proposed by IEEE 802.11i, its limitations and still existing attacks and finally propose a solution to authentication of the initial message.

SOA without Web services: a pragmatic implementation of SOA for financial transactions systems

The service oriented architecture (SOA) provides a methodology for designing software systems by integrating loosely coupled services. Compared to traditional distributed object-oriented architectures, SOA is more suitable to integrate heterogeneous systems, and more adaptable in a changing environment. This paper presents the design and implementation of a SOA framework for financial transaction applications. The framework provides an easy and uniform way for service composition in a controlled environment, and leverages Web service standards with efficient communication mechanisms and durable and/or transactional message queues. Specifically, the work addresses the following issues: 1) the incorporation of existing systems and protocols that are not Web-service compatible. This paper focuses on business processes of equities transactions using the FIX protocol; 2) the configuration and deployment of services and service endpoints in a flexible and dynamic manner; 3) the capability of specifying business processes as Web service compositions and a distributed runtime environment that supports it; 4) the scalability, resiliency and transactional aspects as required in critical business applications. The experience of applying the framework in building a high performance equities transaction system is presented.

A NetFlow based internet-worm detecting system in large network

The Internet worm infects the computer system, network packet, communication performance, and the traditional method of managing network using SNMP to monitor abnormal network traffic. To monitor suspicious Internet activity and to recognise the Internet worm categories, we proposed FloWorM system that can reduce the misjudgment and detection rate based on NetFlow which analyse the source data from the router. Our experiment and data testing are based on two companies.

Securing e-Healthcare Information

Securing personal e-Healthcare information aims mainly at protecting the privacy and confidentiality of the individual who receives healthcare services that are delivered through e-Health. Advances in security technologies have so far not eliminated the challenge posed by the need to secure e-Healthcare information. The rate of privacy and confidentiality breaches continue to increase unabated. These breaches pose challenges to all domains that converge on the task of securing information and building trust in e-Healthcare information management. Only a holistic approach that positions itself at the point of convergence of the domains of law, organisational policy, professional ethics and IT security could offer the promise to mitigate, if not eliminate, the major challenges to securing e-Healthcare information.

A framework for culture influence Virtual Learning Environments trust

Trust problems in virtual learning environments are the main problems why virtual learning environments providers do not have enough number of students to participate in these environments. This study proposed a framework to explain the factors that constitute students trust in virtual learning environments across different cultures. The variables that constitute students trust factors are found to vary across cultures with regards to their respective parametric values.

Secure e-Healthcare Information Systems

The e-Healthcare information systems (e-HIS) are, by nature, network-based and internet-enabled. In the developed countries, e-HIS typically operate in regional networks and international health management organisations and trusts. Therefore, e-HIS must meet the requirements of new emerging paradigms and international organisational phenomenon. These requirements include the support for distribution, cooperation and communication. However, the success and acceptance of e- HIS may not be guaranteed in the absence of security and privacy service components, incorporation of standards-based interoperability that takes into account the legal, ethical and organisational policy provision. The typical e-HIS are e- Healthcare record systems (EHR systems) and electronic-personal healthcare record systems (EPHR systems). The EHR systems are created, maintained by clinicians and healthcare organisations, while EPHR systems are created, maintained and controlled, at least in theory, by the individual subject of the health information. The concept of the EHRs is fairly older than the concept of EPHR, which is emerging coupled with the patient-centred paradigm. Consequently, the EHR systems are fairly established as compared to EPHR systems which are starting to be introduced.

Introduction to e-Healthcare Information Security

The e-Healthcare information offers unique security, privacy and confidentiality challenges that require a fresh examination of the mainstream concepts and approaches to information security. The significance of security and privacy in e- Healthcare information raised the issues of individual consent, confidentiality and privacy, which are the main determinants in adopting and successful utilising the e-Healthcare information. Current trends in the domain of e-Healthcare information management point to the need for comprehensive incorporation of security, privacy and confidentiality safeguards within the review of e-Healthcare information management frameworks and approaches. This raises major challenges that demands holistic approaches spanning a wide variety of legal, ethical, psychological, information and security engineering. This introductory chapter explores information security and challenges facing e-Healthcare information management.

Is cybermediation really the future or risk

As organisations look to electronic commerce (e-commerce) as a substantial source of their profits, the current internet cybermediaries are being evaluated as role models for the future. As these advances extend beyond the sphere of organisations to include consumers, industrial dynamics provide unprecedented opportunities for producers and services to bypass the traditional market intermediaries and interact direct with the final consumers. This will lead to the gradual elimination of intermediaries from the value system. The research methodologies adopted are questionnaires and structured interviews. The survey questionnaires and interview were conducted to validate some of the work that has been done by previous researchers, but as e-commerce eliminates traditional mediaries, it has led to the emergence of new informediaries in their place. This paper investigates the outsourcing of an organisation non-core functions towards cybermediaries development and the enabled technologies.

Towards a Comprehensive Framework for Secure e-Healthcare Information

The world is witnessing escalation in security and privacy breaches in e-Healthcare, despite advances in information security and privacy enhancing technologies. The international drive to introduce healthcare information privacy protection laws has not led to the abatement of security and privacy breaches. The emergence of a wide variety of standards has not brought e-Healthcare close to the securing of e- Healthcare information and protecting patient privacy. Escalating increase in pervasive computing devices in an increasingly wireless networked environment has created a conducive breeding infrastructure for security and privacy breach attacks in e-Healthcare. It would, therefore, seem to be necessary and worthwhile to seek for a comprehensive framework that allows for a more holistic provision of security and privacy protection. It would seem to be logical that such a framework would have based on a convergence of the key drivers to e-Healthcare information privacy and security. Such key drivers are crucial and determining factors in the protection of privacy and security of e-Healthcare information. Privacy protection laws, organisational policy, human factors, paradigmatic developments in the healthcare domain, governance and leadership, and advances in the IT security and computing technology are some of the key drivers to the provision of security and the protection of privacy.