Social Media Security Analysis of Threats and Security Measures

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Download Full-text

LD Based Framework to Mitigate Threats in Mobile Based Payment System

International Journal of Innovation in the Digital Economy ◽

10.4018/ijide.2019100101 ◽

2019 ◽

Vol 10 (4) ◽

pp. 1-17

Author(s):

Jitendra Singh

Keyword(s):

Social Media ◽

Personal Information ◽

Payment System ◽

Mobile Users ◽

Security Measures ◽

Electronic Payments ◽

Mobile Payments ◽

Media Collaboration

Smartphones have deeply penetrated in modern lifestyle. Accordingly, usage has grown manifold in the area of social media, collaboration, and mobile-based payment. The security of smartphones is increasingly critical at the user end as well as at service provider's end due to the involvement of monetary payments and personal information. Despite using a smartphone for mobile payments, strong security measures have not been put into place by a majority of users, particularly those involved with electronic payments. This article is an attempt to identify threats applicable to smartphones and classify them based on a broader category of threats. Existing vulnerabilities have been explored. In the light of the digital India campaign, security preparedness among Indian users has been assessed by carrying out a survey that reveals a poor level of preparedness among mobile users. Finally, the authors have proposed a lotus diagram (LD)-based framework to mitigate threats that can negatively impact mobile-based payment. The proposed method will greatly help in strengthening security and mitigating the threats for the user.

Download Full-text

Social Media Network Attacks and their Preventive Mechanisms: A Review

10.5121/csit.2021.112405 ◽

2021 ◽

Author(s):

Emmanuel Etuh ◽

Francis S. Bakpo ◽

Eneh A.H

Keyword(s):

Social Media ◽

Cyber Attacks ◽

Common Interest ◽

Security Measures ◽

Detection Mechanism ◽

Social Media Networks ◽

The Social ◽

Social Media Platforms ◽

Use Of Social Media ◽

Social Media Network

We live in a virtual world where actual lifestyles are replicated. The growing reliance on the use of social media networks worldwide has resulted in great concern for information security. One of the factors popularizing the social media platforms is how they connect people worldwide to interact, share content, and engage in mutual interactions of common interest that cut across geographical boundaries. Behind all these incredible gains are digital crime equivalence that threatens the physical socialization. Criminal minded elements and hackers are exploiting social media platforms (SMP) for many nefarious activities to harm others. As detection tools are developed to control these crimes so also hackers’ tactics and techniques are constantly evolving. Hackers are constantly developing new attacking tools and hacking strategies to gain malicious access to systems and attack social media network thereby making it difficult for security administrators and organizations to develop and implement the proper policies and procedures necessary to prevent the hackers’ attacks. The increase in cyber-attacks on the social media platforms calls for urgent and more intelligent security measures to enhance the effectiveness of social media platforms. This paper explores the mode and tactics of hackers’ mode of attacks on social media and ways of preventing their activities against users to ensure secure social cyberspace and enhance virtual socialization. Social media platforms are briefly categorized, the various types of attacks are also highlighted with current state-of-the-art preventive mechanisms to overcome the attacks as proposed in research works, finally, social media intrusion detection mechanism is suggested as a second line of defense to combat cybercrime on social media networks.

Download Full-text

An Exploratory Study of the Effects of Knowledge Sharing Methods on Cyber Security Practice

Australasian Journal of Information Systems ◽

10.3127/ajis.v25i0.2177 ◽

2021 ◽

Vol 25 ◽

Author(s):

Hiep Cong Pham ◽

Irfan Ulhaq ◽

Minh Nguyen ◽

Mathews Nkhoma

Keyword(s):

Social Media ◽

Knowledge Sharing ◽

Cyber Security ◽

Self Efficacy ◽

Global Economy ◽

Security Measures ◽

Security Practices ◽

Security Infrastructure ◽

Group Interviews ◽

Security Advice

In a networked global economy, cyber security threats have accelerated at an enormous rate. The security infrastructure at organisational and national levels are often ineffective against these threats. As a result, academics have focused their research on information security risks and technical perspectives to enhance human-related security measures. To further extend this trend of research, this study examines the effects of three knowledge sharing methods on user security practices: security training, social media communication, and local security experts (non-IT staff). The study adopts a phenomenological method employing in-depth focus group interviews with 30 participants from eight organisations located in Ho Chi Minh city, Vietnam. The study expands on understanding factors contributing to self-efficacy and security practice through various knowledge sharing channels. Current methods of periodical training and broadcast emails were found to be less effective in encouraging participants to develop security self-efficacy and were often ignored. Security knowledge sharing through social media and local experts were identified as supplementary methods in maintaining employees’ security awareness. In particular, social media is suggested as a preferred channel for disseminating urgent security alerts and seeking peer advice. Local security experts are praised for providing timely and contextualised security advice where member trust is needed. This study suggests that provisions of contemporary channels for security information and knowledge sharing between organisations and employees can gain regular attention from employees, hence leading to more effective security practices.

Download Full-text

Communication and Cyber Security Analysis of Advanced Metering Infrastructure of Smart Grid

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.325-326.637 ◽

2013 ◽

Vol 325-326 ◽

pp. 637-642

Author(s):

Zhong Wei Li ◽

Li Cheng ◽

Hong Li Zhang ◽

Wei Ming Tong

Keyword(s):

Communication Network ◽

Smart Grid ◽

Cyber Security ◽

Network Architecture ◽

Security Analysis ◽

Advanced Metering Infrastructure ◽

Security Measures ◽

Data Types ◽

Advanced Metering ◽

Security Standards

AMI (Advanced Metering Infrastructure) is the first step of the implementation of the smart grid. The communication network is the important part of AMI. The reasonable communication network architecture and effective cyber security measures are the keys of the realization of AMIs functions. The components, functions and communication network architecture are studied. Communication technologies that can be used in AMI are analyzed. Based on ZigBee, fieldbus/industrial EtherNet and GPRS, a typical AMI are constructed. The cyber security threats, communication data types and cyber security requirement of AMI are analyzed. The cyber security strategy and implementing scheme are offered. The communication standards and cyber security standards that can be referred while constructing AMI are analyzed. The necessity that publishes AMIs communication standard and cyber security is put forward.

Download Full-text

The application of game theory in mobile social media security analysis for companies

2015 International Conference on Logistics, Informatics and Service Sciences (LISS) ◽

10.1109/liss.2015.7369815 ◽

2015 ◽

Author(s):

Bo Gao ◽

Jianming Zhu

Keyword(s):

Game Theory ◽

Social Media ◽

Security Analysis

Download Full-text

APPLICATION OF STRIDE METHODOLOGY FOR DETERMINING CURRENT SECURITY THREATS FOR PROGRAM-DEFINED NETWORKS

Automation and modeling in design and management of ◽

10.30987/article_5d8d113d968333.98732766 ◽

2019 ◽

Vol 2019 (3) ◽

pp. 19-24

Author(s):

Михаил Рытов ◽

Mikhail Rytov ◽

Руслан Калашников ◽

Ruslan Kalashnikov

Keyword(s):

Security Analysis ◽

Security Measures ◽

Dos Attacks ◽

Management Communication ◽

Threat Analysis ◽

Management Protocol ◽

Wide Range ◽

Flow Table ◽

Band Management ◽

The Impact

Software-defines networkstransfer the control of the entire network to a single autonomous software system. One outcome is the ability to flexibly configure and manage the network, but at the same time it opens up several new attack vectors. As the impact of compromised devices increases significantly, the development of SDN devices must be subject to ongoing threat analysis. A STRIDE-based security analysis of the SDN, presented in this paper, reveals a wide range of SDN-specific threats, which have not yet been counteracted adequately. Some of them are inherently tied to SDN design principles, such as controllers becoming potential central attack targets; others are inherited from the underlying infrastructure, e. g., the susceptibility to Spoofing.Based on the results of this analysis, this article identifies the main threats and proposes solutions that allow the development of a secure SDN architecture. It also emphasizes the role of authenticity and integrity controls for the involved components and the management protocol messages exchanged between them. A key element of the proposed model is to ensure that security measures not only prevent, but also detect attempts and successful attacks on SDN components. It is also worth noting that securing the management communication still has to rely on well-established traditional concepts, such as out-of-band management or at least separate management VLANs. Furthermore, solutions to prevent flow table flooding, e. g., as a result of DoS attacks, will need to be designed and deployed.

Download Full-text

PAX: Using Pseudonymization and Anonymization to Protect Patients' Identities and Data in the Healthcare System

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph16091490 ◽

2019 ◽

Vol 16 (9) ◽

pp. 1490 ◽

Cited By ~ 5

Author(s):

Mishall Al-Zubaidie ◽

Zhongwei Zhang ◽

Ji Zhang

Keyword(s):

Healthcare Providers ◽

Security Analysis ◽

Health Sector ◽

Security And Privacy ◽

Modular System ◽

Electronic Systems ◽

Security Measures ◽

Security Issues ◽

Privacy Issues ◽

Emergency Doctors

Electronic health record (EHR) systems are extremely useful for managing patients' data and are widely disseminated in the health sector. The main problem with these systems is how to maintain the privacy of sensitive patient information. Due to not fully protecting the records from unauthorised users, EHR systems fail to provide privacy for protected health information. Weak security measures also allow authorised users to exceed their specific privileges to access medical records. Thus, some of the systems are not a trustworthy source and are undesirable for patients and healthcare providers. Therefore, an authorisation system that provides privacy when accessing patients' data is required to address these security issues. Specifically, security and privacy precautions should be raised for specific categories of users, doctor advisors, physician researchers, emergency doctors, and patients' relatives. Presently, these users can break into the electronic systems and even violate patients' privacy because of the privileges granted to them or the inadequate security and privacy mechanisms of these systems. To address the security and privacy problems associated with specific users, we develop the Pseudonymization and Anonymization with the XACML (PAX) modular system, which depends on client and server applications. It provides a security solution to the privacy issues and the problem of safe-access decisions for patients' data in the EHR. The~results of theoretical and experimental security analysis prove that PAX provides security features in preserving the privacy of healthcare users and is safe against known attacks.

Download Full-text

Designing an Efficient and Secure Message Exchange Protocol for Internet of Vehicles

Security and Communication Networks ◽

10.1155/2021/5554318 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Shehzad Ashraf Chaudhry

Keyword(s):

Information Exchange ◽

Security Analysis ◽

Communication Technologies ◽

Security Measures ◽

Internet Of Vehicles ◽

Related Information ◽

Performance Requirements ◽

Message Exchange ◽

Authentication Schemes ◽

And Performance

In the advancements in computation and communication technologies and increasing number of vehicles, the concept of Internet of Vehicles (IoV) has emerged as an integral part of daily life, and it can be used to acquire vehicle related information including road congestion, road description, vehicle location, and speed. Such information is very vital and can benefit in a variety of ways, including route selection. However, without proper security measures, the information transmission among entities of IoV can be exposed and used for wicked intentions. Recently, many authentication schemes were proposed, but most of those authentication schemes are prone to insecurities or suffer from heavy communication and computation costs. Therefore, a secure message authentication protocol is proposed in this study for information exchange among entities of IoV (SMEP-IoV). Based on secure symmetric lightweight hash functions and encryption operations, the proposed SMEP-IoV meets IoV security and performance requirements. For formal security analysis of the proposed SMEP-IoV, BAN logic is used. The performance comparisons show that the SMEP-IoV is lightweight and completes the authentication process in just 0.198 ms .

Download Full-text