Rossilawati Sulaiman

Enhancing security in E-health services using agent

Electronic health (or e-health) and any other e-services use the Internet to enhance healthcare service deliveries. However, while the Internet greatly facilitates and enhances these services, significant threats also come in parallel. Network attacks, information privacy breaches, and malicious software are common types of threats to Internet communication, which can cause damage to computer systems and the information. It is imperative that online communication is secure. Many security mechanisms exist to secure e-services, such as authentication, data integrity, non repudiation, and SSL to provide data confidentiality. However, while these mechanisms have greatly provide security protection, they do not cater for the requirements, which are to provide an automated and a flexible way for the security system to handle (1) end users with lack of security knowledge, and (2) for two communication users in different environments, such as PC to PDA communications. This paper aims to present the advantages of multi-agent system (MAS) to provide better techniques to handle and enhance security processes in the traditional non-agent based systems, to secure services particularly in e-health. The agents are skilled with knowledge to handle the security processes. Mobile agents are used as supporting tools to carry sensitive data from the Senders side to the Recipients side. Cryptographic protocols are used to secure the data as well as the mobile agent code. We compare the architectures of both traditional non-agent based approach with our agent-based approach (called MAgSeM) and analyze the results in terms of how the agent can support the automation of the process, how agents help to reduce the burden on the recipient side, and the reusable characteristic of the agents code. We conclude that MAgSeM has advantages compare to the non-agent based approach.

Following the Wi-Fi breadcrumbs: Network based mobile application privacy threats

Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a users identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.

JPEG image classification in digital forensic via DCT coefficient analysis

From the digital forensics point of view, image forgery is considered as evidence that could provide a major breakthrough in the investigation process. Additionally, the development of storage device technologies has increased storage space significantly. Thus a digital investigator can be overwhelmed by the amount of data on storage devices that needs to be analysed. In this paper, we propose a model for classifying bulk JPEG images produced by the data carving process or other means into three different classes to solve the problem of identifying forgery quickly and effectively. The first class is JPEG images that contain errors or corrupted data, the second class is JPEG images that contain forged regions, and the third is JPEG images that have no signs of corruption or forgery. To test the proposed model, some experiments were conducted on our own dataset in addition to CASIA V2 image forgery dataset. The experiments covered different types of forgery technique. The results yielded around 88% accuracy rate in the classification process using five different machine learning methods on CASIA V2 dataset. It can be concluded that the proposed model can help investigators to automatically classify JPEG images, which reduce the time needed in the overall digital investigation process.

Enhancement of Text Steganography Technique Using Lempel-Ziv-Welch Algorithm and Two-Letter Word Technique

Text steganography is regarded as the most challenging type to hide secret data to a text file because it is not enough unnecessary information compared with other carrier files. This study aimed to deal with the capacity (how much data can be hidden in the cover carrier) and security (the inability of disclosing the data by an unauthorized party) issues of text steganography. Generally, the data hiding capacity of text steganography is limited, and imperceptibility is very poor. Therefore, a new scheme was suggested to improve the two-letter word technique by using the Lempel-Ziv-Welch algorithm. This scheme can hide 4 bits in each position of a two-letter word in the cover text by inserting a nonprinting Unicode symbol. Each two-letter word can have four different locations in the text. Some experiments were conducted on the proposed method (enhancement) and our previous method (two-letter word) to compare their performance applying twelve secret message samples in terms of capacity and Jaro-Winkler. On the other hand, the performance of our proposed method was compared with other related studies in terms of capacity. The results show that the proposed method not only had a high embedding capacity but also reduced the growing size ratio between the original cover and stego cover. In addition, the security of the proposed approach was improved through improving imperceptibility and by using stego-key.