Review of Physically Unclonable Functions (PUFs): Structures, Models, and Algorithms

Physically unclonable functions (PUFs) are now an essential component for strengthening the security of Internet of Things (IoT) edge devices. These devices are an important component in many infrastructure systems such as telehealth, commerce, industry, etc. Traditionally these devices are the weakest link in the security of the system since they have limited storage, processing, and energy resources. Furthermore they are located in unsecured environments and could easily be the target of tampering and various types of attacks. We review in this work the structure of most salient types of PUF systems such as static RAM static random access memory (SRAM), ring oscillator (RO), arbiter PUFs, coating PUFs and dynamic RAM dynamic random access memory (DRAM). We discuss statistical models for the five most common types of PUFs and identify the main parameters defining their performance. We review some of the most recent algorithms that can be used to provide stable authentication and secret key generation without having to use helper data or secure sketch algorithms. Finally we provide results showing the performance of these devices and how they depend on the authentication algorithm used and the main system parameters.

Towards a Student Security Compliance Model (SSCM)

Users are considered the weakest link in ensuring information security (InfoSec). As a result, users' security behaviour remains crucial in many organizations. In response, InfoSec research has produced many behavioural theories targeted at explaining information security policy (ISP) compliance. Meanwhile, these theories mostly draw samples from employees often in developing countries. Such theories are not applicable to students in educational institutions since their psychological orientation with regards to InfoSec is different when compared with employees. Based on this premise, the chapter presents arguments founded on synthesis from existing literature. It proposes a students' security compliance model (SSCM) that attempts to explain predictive factors of students' ISP compliance intentions. The study encourages further research to confirm the proposed relationships using qualitative and quantitative techniques.

Factors Influencing Information Security Policy Compliance Behavior

One of the major concerns of organizations in today's networked world is to unravel how employees comply with information security policies (ISPs) since the internal employee has been identified as the weakest link in security policy breaches. A number of studies have examined ISP compliance from the perspective of deterrence; however, there have been mixed results. The study seeks to examine information security compliance from the perspective of the general deterrence theory (GDT) and information security climate (ISC). Data was collected from 329 employees drawn from the five top-performing banks in Ghana and analyzed with PLS-SEM. Results from the study show that security education training and awareness, top-management's commitment for information security, and peer non-compliance behavior affect the information security climate in an organization. Information security climate, punishment severity, and certainty of deterrent were also found to influence employees' intention to comply with ISP. The implications, limitations, and directions for future research are discussed.

The Role of Phishing Victims’ Neuroticism: Reasons Behind the Lack of Consensus

The growing use of electronic devices along with the anxiety resulting from the COVID19 pandemic set the ground for cybercriminals to take advantage of a larger number of victims and undertake their massive phishing campaigns. Technical measures are widely developed, and the human factor is still the weakest link in the chain. Whilst existing literature suggests that the effect of neuroticism, as one of the Big-Five personality traits, might play an important role in human behaviour in the phishing context, results do not provide uniform outcomes with regards to the influence of this trait in phishing victimisation. With the aim to analyse those results, this article provides a synthesis of the studies aimed at improving the understanding of this trait, and collects evidence that the small samples size used in most of the studies along with their lack of uniformity are behind the contradictory conclusions found on the role of neuroticism and human susceptibility to phishing attacks.

A numerical investigation of the statistical size effect in non-crimp fabric laminates under homogeneous compressive loads

The compressive strength of fiber reinforced composites is typically limited by a shear localization phenomenon known as microbuckling and is very sensitive to local imperfections of fiber alignment. Local misalignments act as randomly distributed flaws and introduce a dependence of the compressive strength on the size of material volume element under consideration. For homogeneously loaded material elements, weakest-link theory in combination with a Weibull power law is a frequently employed statistical model for microbuckling strength. This implies a dependence of strength on the size of volume under consideration. The present contribution investigates the strength–size relation for a non-crimp fabric via a numerical approach. Characteristics of the misalignment flaws used in simulations are derived from a comprehensive data set collected via large-scale measurements of roving dislocations on dry fiber material. Predictions resulting from the weakest-link Weibull theory are compared against strength–size statistics gathered by numerical analysis. In this manner, the size effects in single plies and laminates are quantified. The main findings are that weakest-link Weibull theory is well suited to predict size related strength loss in individual plies. However, it is also found that when plies are bonded to form laminates, misalignments in individual plies are mitigated in a way that is inconsistent with the weakest-link assumption. In all situations considered here, the strength loss expected from weakest-link Weibull theory was outweighed by a strength increase due to the mitigation effect when the volume was increased by adding extra layers to a laminate.

Insights into Organizational Security Readiness: Lessons Learned from Cyber-Attack Case Studies

This paper focuses on understanding the characteristics of multiple types of cyber-attacks through a comprehensive evaluation of case studies of real-world cyber-attacks. For each type of attack, we identify and link the attack type to the characteristics of that attack and the factors leading up to the attack, as observed from the review of case studies for that type of attack. We explored both the quantitative and qualitative characteristics for the types of attacks, including the type of industry, the financial intensity of the attack, non-financial intensity impacts, the number of impacted customers, and the impact on users’ trust and loyalty. In addition, we investigated the key factors leading up to an attack, including the human behavioral aspects; the organizational–cultural factors at play; the security policies adapted; the technology adoption and investment by the business; the training and awareness of all stakeholders, including users, customers and employees; and the investments in cybersecurity. In our study, we also analyzed how these factors are related to each other by evaluating the co-occurrence and linkage of factors to form graphs of connected frequent rules seen across the case studies. This study aims to help organizations take a proactive approach to the study of relevant cyber threats and aims to educate organizations to become more knowledgeable through lessons learned from other organizations experiencing cyber-attacks. Our findings indicate that the human behavioral aspects leading up to attacks are the weakest link in the successful prevention of cyber threats. We focus on human factors and discuss mitigation strategies.

Lowering Distribution Costs: The Key to Sustainable Health Development?

Recently selected as a winner of the government of Canada’s COVID-19: Digital clearinghouse challenge, our background work has uncovered that the cost of distribution can often be significantly higher than the cost of manufacture for high consumable medical supplies, like personal protective equipment (PPE). What’s worse, all of these costs are often not realized in suppliers’ pricing schedules, as further ‘hidden costs’ are incurred when governments procure centrally but use locally, demanding after the fact ‘sub distribution’. As the public and private sector alike look to rebuild stockpiles, how can we rethink the supply chain to maintain domestic production without simple subsidization? Conventionally, domestic suppliers have been unable to compete with overseas counterparts on price point. If distribution costs can be lowered, domestic supplies could become cheaper overall, more ethical and more sustainable. The key is in circumventing the architecture of a supply chain altogether — which is only as strong as its weakest link — and enabling an adaptive net that can match suppliers and distributors to orderers, enabling centralized procurement and direct, shortest path distribution at the same time. This strategy can improve the reliability, efficiency and resiliency of supply chains with impact on health costs.

The Efficiency of University Technology Transfer in China

There has been no significant improvement in China's comprehensive innovation capability over the past decade despite the country's tremendously large investment in research and development. This study uses a three-stage procedure (i.e., research innovation, experimental development, and value creation) to understand this disappointing outcome by estimating the efficiency of the technology transfer operating through major Chinese universities. We find a substantial decrease in the average level of efficiency across the three stages, with the value creation stage identified as the weakest link. An analysis of the determinants suggests that universities with better faculty quality, experienced technology transfer offices, more affiliated investment funds, and a comprehensive rather than specialized focus perform better in all three stages.