Hamid Jahankhani

A Survey of User Authentication Based on Mouse Dynamics

This work surveys biometric based authentication systems that deploy mouse movements. Typically, timing and movement direction, along with clicking actions are used to build a profile of a user, which is then used for authentication purposes. Most system relies on a continuous monitoring process, or require the user to interact with a program (such as a game) in order to derive sufficient statistical information regarding their mouse dynamics. In this work, a novel graphical authentication system dubbed Mouse-lock is presented. This system deploys the analogy of a safe, and the password is entered via the mouse in a graphical equivalent of combination lock. The question is whether this approach elicits sufficient discriminatory information from a relatively minimalist degree of interaction from the user. The preliminary results from a study with six subjects indicates, based on FAR/FRR values, that this is a viable approach.

Management versus security specialists: an empirical study on security related perceptions

Purpose – The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach.Design/methodology/approach – The research method took the form of a mixed‐method assessment of the perceptions of persons of authority in the management and the network security areas of an organization that has implemented network security protocols. Two stages of the research process were completed in order to gather the necessary data for the study. The first stage of the study was the administration of a Likert‐type questionnaire in which respondents answered 30 unique items on network security. In the second phase of the study, a number of responders were contacted to further expand upon the themes presented in the Likert‐type questionnaire.Findings – Empirical evidence gathered justifies theoretical claims that personnel from general management have different perspectives towards network security than personnel from the ne...

A Systems Framework for Sustainability

The current concerns over climate change and global warming has created a new vocabulary and brought about a whole new emphasis on a broad set of issues collectively referred to as sustainability. This rather novel concept is now well established within the scientific community principally advocating a global and ecological perspective focused on the survivability of Gaia and its ability to sustain life as a going concern. In this paper, we explore the rationale and a structured framework for a broader perspective on sustainability as applicable to products, processes, systems and undertakings including the global and natural systems. In this new paradigm, sustainability is an emergent behavioural and structural attribute with many facets including a social dimension. This brings a value judgement on the softer aspects of the framework that by necessity embodies a suite of hard and soft factors. The sustainability framework thus developed is intended as a systems paradigm for elaboration, representation, communication, validation, evaluation, assessment and overall assurance of this fundamental facet of our modern endeavours that is proving an indispensable aspect of human survival on earth.The proposed systemic sustainability framework comprises social, economic, technological, resource as well as environmental dimensions. Each element of this framework is in turn developed into more detailed set of influencing factors which are conducive to attainment of that particular aspect ultimately intended to enable characterisation, evaluation, benchmarking and assessment of each facet of sustainability in a product, process, system, system of systems or undertaking/project. In this spirit, we develop and propose the framework as a unifying strategic paradigm that embodies many engineering, commercial, societal and environmental performance requirements from reliability, safety and security to bio diversity and social inclusion. It is through evaluation, assessment and qualification/benchmarking of the key facets to sustainability that products, systems and undertakings can be objectively compared and contrasted for their specific and overall sustainability qualities. This would pave the way for risk/reward based informed decision making, better customer choices and more effective regulation.

Sufficiency of Windows Event log as Evidence in Digital Forensics

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

Cultivating trust – an electronic-government development model for addressing the needs of developing countries

Evaluating existing initiatives for developing electronic government (e-government) in addition to identifying main challenges can provide valuable learning points in contributing towards efficient and effective implementation of e-government projects. The digital divide, issues of cyber security, privacy and primarily trust have been identified as the main challenges for implementing e-government in developing countries. This paper presents a proposed multi-stage model for implementing e-government in developing countries and identifies different dimensions of the challenges which surface in early stages. The issue of building trust while defying the obstacle of the digital divide through the proposed staged implementation is addressed in detail.

Analyzing Human Factors for an Effective Information Security Management System

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs. Reza Alavi University of East London, UK Shareeful Islam University of East London, UK Hamid Jahankhani University of East London, UK Ameer Al-Nemrat University of East London, UK

The Current Legislation Covering E-learning Provisions for the Visually Impaired in the EU

In the education environment many colleges, universities and training establishments are keen to exploit the e-learning environment. In the current population there are significant numbers that are visually impaired. These people tend to be excluded from the socially popular vehicle for education. This paper is to review and evaluate the e-learning provisions of educational establishment in relationship to the government guide lines and in particular look at how the university of East London tackles such an interesting and challenging opportunity.

Cybercrime Victimisations/Criminalisation and Punishment

With the increased of use of the internet as a means of sharing information, the need to protect and preserve the confidentiality and integrity of data is ever more evident. The digital age provides not only established criminals with new ways of committing, but also has empowered previously non deviant individuals, into new cyber criminal behaviour. Many individuals are unaware of online threats and many fail to take advantage of precautionary measures to protect themselves from risks when they are online. Therefore, individuals consistently underestimate their risk of becoming victims or underestimate the punishment that may face if they are engaged on online deviant behaviour. This ongoing research has found that there is a relationship between individual’s perception of cybercrime law and cybercrime victimisation and/or criminalisation.

Global E-Security

Today our commonwealth is protected by firewalls rather than firepower. This is an issue of global importance as new technology has provided a world of opportunity for criminals. As a consequence law enforcement agencies all over the world are struggling to cope. Therefore, today’s top priority is to use computer technology to fight computer crime.

Information Systems Security: Cases of Network Administrator Threats

In today’s business environment it is difficult to obtain senior management approval for the expenditure of valuable resources to “guarantee†that a potentially disastrous event will not occur that could affect the ultimate survivability of the organization. The total information network flexibility achieved depends to a great extent on how network security is implemented. However, this implementation depends on the network designers at the initial stage and the network administrators in the long term. Administrator may pave the way to attacks that could take place either at once where an obvious vulnerability may exist or in several phases where it requires information gathering or scanning in order to enter into the target system. Two studies on real cases given in this paper highlights the influence of such network administrators. To preserve the confidentiality, the names of personnel or organizations are not revealed.