Peter W. Sanders

A security framework for online distance learning and training

Considers the requirement for information security within the domain of online distance learning. A generic module structure is presented which represents a high level abstraction of the different stages of the educational process. Discusses the main security issues that must be considered at each stage. These various requirements are being addressed in practice by the security framework being developed by the SDLearn research project, a collaborative initiative between higher academic establishments in the UK and Germany.

Applications of keystroke analysis for improved login security and continuous user authentication

This paper examines the use of keystroke analysis as a means of improving authentication in modem information systems, based upon the biometric measurement of user typing characteristics. The discussion identifies that the concept may be implemented in two ways, providing the basis for both an enhanced authentication front-end as well as for continuous, transparent supervision throughout the session.

Assessing staff attitudes towards information security in a European healthcare establishment

Information security is now recognized as an important consideration in modern healthcare establishments (HCEs), with a variety of guidelines and standards currently available to enable the environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. This paper establishes that the staff culture of the organization is of particular importance in determining the level and types of security that will be accepted. This culture will be based upon staff awareness of and attitudes towards security and it is, therefore, important to have a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the attitudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropriately defined. These results indicated that, although the establishment had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.

Strategies for Content Migration on the World Wide Web.

The World Wide Web has experienced explosive growth as a content delivery mechanism, delivering hypertext files and static media content in a standardised way. However, this content has been unable to interact with other content, making the Web a distribution system rather than a distributed system. This is changing, however, as distributed component architectures are being adapted to work with the Web’s architecture. This paper tracks the development of the Web as a distributed platform, and highlights the potential to employ an often neglected feature of distributed computing: migration. Argues that all content on the Web, be it static images or distributed components, should be free to migrate according to either the policy of the server, or the content itself. The requirements of such a content migration mechanism are described, and an overview of a new migration mechanism, currently being developed by the authors, is presented.

Dissecting the “Hacker Manifesto”

Twelve years ago, a text was written within the hacking community which is widely referred to as the “Hacker Manifesto”. This text, and the opinions that it offers, have since been widely embraced by the hacker community and the document is referenced from numerous sites on the Internet. This paper sets out to examine the content of the Manifesto and considers the validity of many of the messages that it imparts. The Manifesto is considered to present an undoubtedly pro‐hacker message, without acknowledging other perspectives or the wider implications of the activities that it is advocating. The paper explores some of these issues, examining both the consequences of the Manifesto’s dissemination and ways in which security professionals and society at large should respond. It is concluded that whilst the Manifesto obviously cannot bear the sole responsibility for promoting and encouraging hacker activity, it at best sends out an incomplete message that should be balanced with appropriate counter‐argument.

THE QUADRATIC RESIDUE CIPHER AND SOME NOTES ON IMPLEMENTATION

Although of similar age, the Quadratic Residue Cipher (QRC) has been neglected compared with the publicity received by other public key cryptosystems, notably the RSA cipher. This paper attempts to redress the balance somewhat, explaining in expository form the principle of the QRC, the advantages it offers over RSA and some experiences gained as a result of using the cipher.

Practical approach to the optimization of large-scale switching networks

Abstract There are a number of techniques that enable networks to be optimized. Neither search techniques nor heuristic methods are entirely satisfactory in solving practical problems. The authors describe an approach to network optimization that utilizes an algorithm that reduces the number of nodes and consequently the time taken to find a solution. The approach is based on two basic stages: a preparation stage and an optimization stage.

Practical secure electronic mail system with public key distribution

The design of a hybrid encryption system to allow secure data transfer between computers in a communications network is described. The system uses a symmetric algorithm for data security with a public key distribution method. The security of the hybrid system is analysed, and a protocol sequence to establish a secure connection between the users in the network and to authenticate each others identity is outlined.

Approaches to security in healthcare multimedia systems

This paper examines the need for security in modem healthcare applications and, in particular, the considerations that arise from the use of multimedia. Whilst multimedia is particularly advantageous for information delivery within Healthcare Establishments (HCEs), its adoption introduces some new requirements for information security. The paper presents the outline of a security strategy for future healthcare multimedia systems and networks and also highlights some new opportunities that may be offered by the technologies involved. The discussion is supported by an examination of the approach taken in the POSEIDON system, a prototype multimedia patient records system that is being developed within our research group in conjunction with a local HCE. This describes aspects of both the underlying analysis strategy and the system implementation, with particular reference to how security is being realised.

A comprehensive authentication and supervision architecture for networked multimedia systems

The paper identifies the need for improved user authentication and supervision techniques within local security domains. Whilst there are now appropriate standards for the security of inter-domain operations, authentication of the users within them is often still reliant upon measures that are open to compromise and which provide no safeguard against system misuse.