Examining cyber security implementation through TLS/SSL on academic institutional repository in Indonesia

Indonesia is one of the countries that implement Institutional Repositories (IR) in their academic world. According to the National Library of Indonesia, there are more than 7890 academic IR in Indonesia. However, there is no research investigating the institutional repository's security aspect in the Indonesian academic institutional repository. This paper will explore Indonesian academic IR's security by examining how to secure a connection between the network with encrypted communication to ensure that an intruder does not compromise the relationship between the server and the browser. This research's methodology is conducting experimental on the best institutional repository in Indonesia involving a private and public university. Some serious finding is that most Indonesian Academic Institutional Repositories have vulnerable security issues in their SSL and TLS and can cause a severe problem for their information asset's security in the future. The conclusion is that Indonesian academic institutions' security is not secure, and they need to consider this issue seriously. Create better security intervention for IR with the latest high-quality technology and policy to protect the information asset such as user, administrator, and visitor personal data and valuable digital objects in Indonesian academic IR.

Download Full-text

A Worldwide Analysis of Cyber Security and Cyber Crime using Twitter

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f1333.0986s319 ◽

2019 ◽

Vol 8 (6S3) ◽

pp. 1051-1056

Keyword(s):

Cyber Security ◽

Personal Data ◽

Developed Countries ◽

The United States ◽

Cyber Attacks ◽

Security Threats ◽

Sudden Increase ◽

Security Issues ◽

The United Kingdom ◽

Novel Approach

In the era of social media and the Internet, there has been an exponential increase in threats related to the privacy of user accounts and data. The confidentiality of personal data is compromised for various motives. This sudden increase in security threats has led to widespread problems. Our research is focused on analyzing the extent of cyber-attacks in various countries across the globe. We have proposed a novel approach for analyzing the tweets related to cyber-attacks and its surrounding fields. The analysis proves that Asian countries face more cyber security issues as compared to European countries. Further, it is also analyzed that developing countries like India are more prone to these issues as compare to developed countries like the United States or the United Kingdom.

Download Full-text

Threats and Security Issues in Smart City Devices

Secure Cyber-Physical Systems for Smart Cities - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-7189-6.ch009 ◽

2019 ◽

pp. 220-250 ◽

Cited By ~ 5

Author(s):

Jayapandian N.

Keyword(s):

Cyber Security ◽

Smart City ◽

Smart Cities ◽

Theoretical Background ◽

Internet Security ◽

Security And Privacy ◽

Smart Devices ◽

Security Issues ◽

Private And Public ◽

Working Principle

The main objective of this chapter is to discuss various security and privacy issues in smart cities. The development of smart cities involves both the private and public sectors. The theoretical background is also discussed in future growth of smart city devices. Thus, the literature survey part discusses different smart devices and their working principle is elaborated. Cyber security and internet security play a major role in smart cities. The primary solution of smart city security issues is to find some encryption methods. The symmetric and asymmetric encryption algorithm is analyzed and given some comparative statement. The final section discusses some possible ways to solve smart city security issues. This chapter showcases the security issues and solutions for smart city devices.

Download Full-text

Threats and Security Issues in Smart City Devices

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch055 ◽

2021 ◽

pp. 1230-1251

Author(s):

Jayapandian N.

Keyword(s):

Cyber Security ◽

Smart City ◽

Smart Cities ◽

Theoretical Background ◽

Internet Security ◽

Security And Privacy ◽

Smart Devices ◽

Security Issues ◽

Private And Public ◽

Working Principle

Download Full-text

Cyber Security Issues in Nigeria and Challenges

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse/v6i12/01204 ◽

2017 ◽

Vol 7 (4) ◽

pp. 315-321

Author(s):

Yakubu Ajiji Makeri ◽

Keyword(s):

Cyber Security ◽

Security Issues

Download Full-text

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

10.2196/preprints.17896 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira

Keyword(s):

Information Systems ◽

Identity Management ◽

Personal Data ◽

Public Hospitals ◽

Hospital Environment ◽

Security Measures ◽

Eu Member States ◽

Security Issues ◽

Management Processes ◽

Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Download Full-text

Building Information Modelling (BIM): Addressing the cyber security issues

Engineering & Technology Reference ◽

10.1049/etr.2014.9001 ◽

2014 ◽

Keyword(s):

Cyber Security ◽

Building Information Modelling ◽

Information Modelling ◽

Security Issues ◽

Building Information

Download Full-text

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

Journal of Computer Security ◽

10.3233/jcs-200070 ◽

2020 ◽

pp. 1-26

Author(s):

Qinwen Hu ◽

Muhammad Rizwan Asghar ◽

Nevil Brownlee

Keyword(s):

Secure Communication ◽

Large Scale ◽

Transport Layer ◽

Security Level ◽

Secure Socket Layer ◽

Security Issues ◽

Large Scale Analysis ◽

Government Websites ◽

Encrypted Communication ◽

Specific Implementation

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

Download Full-text

Resource-sharing through an inter-institutional repository

The Electronic Library ◽

10.1108/el-02-2014-0040 ◽

2015 ◽

Vol 33 (4) ◽

pp. 730-748 ◽

Cited By ~ 12

Author(s):

A Abrizah ◽

Mohd Hilmi ◽

Norliya Ahmad Kassim

Keyword(s):

Resource Sharing ◽

Information Science ◽

Research Output ◽

Academic Community ◽

Open Access Publishing ◽

Institutional Repository ◽

Teaching Resources ◽

Content Type ◽

Institutional Repositories ◽

Digital Repositories

Purpose – The purpose of this paper is to be concerned with the motivations and resistance among an institutional repository (IR) stakeholder – the Library and Information Science (LIS) academicians – with respect to Green Road open access publishing in an inter-institutional repository. Design/methodology/approach – The answers were identified from 47 LIS faculty from three library schools in Malaysia who reported awareness of what an IR is and having had experience in contributing resources to digital repositories. Data were collected using survey and interviews. Findings – The results highlighted the LIS faculty on their motivation to share their intellectual profile, research and teaching resources in an inter-institutional repositories and why the reluctance in contributing. The study reveals that the major motivation to share resources for those practicing self-archiving is related to performance expectancy, social influence, visible and authoritative advantage, career benefit and quality work. The major resistance to share scholarly research output through self-archiving in institutional repositories for those practicing self-archiving is concern on plagiarism, time and effort, technical infrastructure, lack of self-efficacy and insularity. Practical implications – Knowing what conditions predict motivation and resistance to contribute to IRs would allow IR administrators to ensure greater and more effective participation in resource-sharing among LIS academic community. If this resistance is addressed aptly, IRs can be of real benefit to their teaching, scholarship, collaborations, and publishing and to the community that they serve. Originality/value – The first study that has explored the ways LIS academics respond to a situation where knowledge sharing in academe has now been made mandatory through an IR and what makes them resist to do so.

Download Full-text