Tan Soo Fun

A lightweight and private mobile payment protocol by using mobile network operator

Mobile commerce is undoubtedly become an omnipresent and active area in electronic payments. It allows mobile user to purchase things, pay bills or make a bet via mobile phone when on the move, anywhere and at any time. Unfortunately, several challenges in accountability and privacy properties have emerged with the widespread of m-commerce in recent years. Consequently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are not suitable for mobile network. In this paper, we propose a secure mobile payment protocol which involves mobile network operators (MNO) by employing symmetric key operations. The symmetric cryptographic technique applied to our proposed protocol not only minimizes the computational operations and communication passes between the involved parties, but also has achieves a completely privacy protection for the payer and satisfies all the criteria of end-to-end security property and partypsilas requirement including non-repudiation. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.

A Survey of Intrusion Alert Correlation and Its Design Considerations

ABSTRACT In recent years, network intrusion attempts have been on the rise. Malicious attempts, including hacking, botnets, and worms are used to intrude and compromise the organizations networks affecting their confidentiality, integrity and availability of resources. In order to detect these malicious activities, intrusion detection systems (IDSs) have been widely deployed in corporate networks. IDS sends alerts to security personnel in case of anomalous activities in the network. Unfortunately, one of the IDSs’ drawbacks is they produce a large number of false positives and non-relevant positives alerts that could overwhelm the security personnel. Existing efforts to address this are done via identification of the similarities and causality relationships between alerts, grouping them into different clusters and prioritizing them after conducting the assessment on them. In this paper, we present commonly used alert correlation approaches and highlight the advantages and disadvantages from various perspectives. Existing alert correlation models are critically reviewed and compared in this paper. Subsequently, we emphasize four main considerations in alert correlation design which are: attack scenario either single packet or multi-stage attack, its architecture either centralized or distributed, performance assessment on accuracy of alert detection, and its processing time and the data to be used for testing.

Security Issues on Identity Card in Malaysia

A national identity card is an easy carry document, typically a plasticized card that citizen is required to carry as a means of confirming themselves. In Malaysia, MyKad is been introduced with using 12 digits characters system producing identification number as our personality number. MyKad is government-issued all-in-one smartcard which performs a wide range of functions such as data processing, storage and file management which’s an ambitious project as Malaysia is a pioneer in deploying smart ID technology. However, implementation of MyKad have raised concerns about the privacy risks and criticized the lack of public consultation about the MyKad. Thus, security issues and the countermeasure of MyKad and MyID are the subject matter of this paper.

Concepts Labeling of Document Clusters Using a Hierarchical Agglomerative Clustering (HAC) Technique

The most common way to organize and label documents is to group similar documents into clusters. Normally, the assumed number of clusters may be unreliable since the nature of the grouping structures among the data is unknown before processing and thus the partitioning methods would not predict the structures of the data very well. Hierarchical clustering has been chosen to solve this problem by which they provide data-views at different levels of abstraction, making them ideal for people to visualize the concepts generated and interactively explore large document collections. The appropriate method of combining two different clusters to form a single cluster needs affects the quality of clusters produced. In order to perform this task, various distance methods will be studied in order to cluster documents by using the hierarchical agglomerative clustering. Clusters very often include sub-clusters, and the hierarchical structure is indeed a natural constraint on the underlying application domain. In order to manage and organize documents effectively, similar documents will be merged to form clusters. Each document is represented by one or more concepts. In this paper, concepts that characterize English documents will be generated by using the hierarchical agglomerative clustering. One of the advantages of using hierarchical clustering is that the overlapping clusters can be formed and concepts can be generated based on the contents of each cluster. The quality of clusters produced is also investigated by using different distance measures.

A Survey of Homomorphic Encryption for Outsourced Big Data Computation

With traditional data storage solutions becoming too expensive and cumbersome to support Big Data processing, enterprises are now starting to outsource their data requirements to third parties, such as cloud service providers. However, this outsourced initiative introduces a number of security and privacy concerns. In this paper, homomorphic encryption is suggested as a mechanism to protect the confidentiality and privacy of outsourced data, while at the same time allowing third parties to perform computation on encrypted data. This paper also discusses the challenges of Big Data processing protection and highlights its differences from traditional data protection. Existing works on homomorphic encryption are technically reviewed and compared in terms of their encryption scheme, homomorphism classification, algorithm design, noise management, and security assumption. Finally, this paper discusses the current implementation, challenges, and future direction towards a practical homomorphic encryption scheme for securing outsourced Big Data computation.

A Rule-Based Named-Entity Recognition for Malay Articles

A Named-Entity Recognition (NER) is part of the process in Text Mining used for information extraction. This NER tool can be used to assist user in identifying and detecting entities such as person, location or organization. Different languages may have different morphologies and thus require different NER processes. For instance, an English NER process cannot be applied in processing Malay articles due to the different morphology used in different languages. This paper proposes a Rule-Based Named-Entity Recognition algorithm for Malay articles. The proposed Malay NER is designed based on a Malay part-of-speech (POS) tagging features and contextual features that had been implemented to handle Malay articles. Based on the POS results, proper names will be identified or detected as the possible candidates for annotation. Besides that, there are some symbols and conjunctions that will also be considered in the process of identifying named-entity for Malay articles. Several manually constructed dictionaries will be used to handle three named-entities; Person, Location and Organizations. The experimental results show a reasonable output of 89.47% for the F-Measure value. The proposed Malay NER algorithm can be further improved by having more complete dictionaries and refined rules to be used in order to identify the correct Malay entities system.

Online information sharing issues in website personalization

Website Personalization is one of strategic technique in delivering services in online applications. A part of process for building personalization applications is to collect particular information from the user which involves information sharing. However, the awareness about privacy concerns and security threats have caused to non-sharing behavior among the Internet Users. This situation have caused website personalization cannot be built to serve its purposes. This paper aims to investigate the peoples behavior and to study the propensity of information sharing attitude in two different environments and cultures. The two environments are between real-life and online while the two cultures are between Malaysian and non-Malaysian. Since this is an exploratory study, interview with five (5) persons have been conducted. The qualitative technique that chooses was recommended for any exploratory study. The findings of this study explained the understanding of behaviors and the factors of Information Sharing. The factors are the cultural factors, the platform of sharing and the behavior of information sharing in web personalization. The sharing behavior in two environments and cultures were also compared. The data collected from the interviews have generalizing the speculations and issues in information sharing which have been discussed at the end section of this paper.

An Efficient ElGamal Encryption Scheme Based on Polynomial Modular Arithmetic in \( \text{F}_{2}^{\text{n}} \)

The ElGamal cryptosystem was originally proposed by Taher ElGamal in 1985, in which its security level is based on the Discrete Logarithm Problem (DLP). ElGamal cryptosystem is relatively an expensive algorithm. For security guarantees, ElGamal cryptosystem requires modulo operation of large prime integer whose size range approximately from 1,024 to 4,096 bits. As a consequence of such requirement, the application of ElGamal cryptosystem is limited for securing only small messages such as secret keys. This paper aims to propose an efficient variant of ElGamal cryptosystem. The proposed scheme is designed based on quotient ring of polynomial, \( Z_{2} [x]/{ } \), where \( f\left( x \right) \) is an irreducible polynomial. The decryption algorithm was further optimized with the use of the multiplicative inverse of the generator g(x), which only generated once during the key generation algorithm, thus leading to a simpler and faster decryption process. The proposed scheme is as secure as the original ElGamal scheme, since both schemes are based on the DLP. The preliminary result shows that the proposed scheme minimizes complex arithmetic operations and achieves very practical performance compared to the classic ElGamal algorithm and its variants. The proposed \( F_{2}^{n} \) based ElGamal scheme outperforms the \( F_{p} \) based scheme by significantly reducing 69.74% of the numbers of required logic gates in the case study of VLSI implementation.

Unsupervised learning of mutagenesis molecules structure based on an evolutionary-based features selection in DARA

The importance of selecting relevant features for data modeling has been recognized already in machine learning. This paper discusses the application of an evolutionary-based feature selection method in order to generate input data for unsupervised learning in DARA (Dynamic Aggregation of Relational Attributes). The feature selection process which is based on the evolutionary algorithm is applied in order to improve the descriptive accuracy of the DARA (Dynamic Aggregation of Relational Attributes) algorithm. The DARA algorithm is designed to summarize data stored in the non-target tables by clustering them into groups, where multiple records stored in non-target tables correspond to a single record stored in a target table. This paper addresses the issue of optimizing the feature selection process to select relevant set of features for the DARA algorithm by using an evolutionary algorithm, which includes the evaluation of several scoring measures used as fitness functions to find the best set of relevant features. The results show the unsupervised learning in DARA can be improved by selecting a set of relevant features based on the specified fitness function which includes the measures of the dispersion and purity of the clusters produced.