Security and Trust of Public Key Cryptography for HIP and HIP Multicast

Host Identity Protocol (HIP) gives cryptographically verifiable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this system is quite secure, there is some vulnerability concerning the authenticity of public keys. The authors examine some possibilities to derive trust in public parameters. These are DNSSEC and public key certificates (PKI). Especially, the authors examine how to implement certificate handling and what is the time complexity of using and verifying certificates in the HIP Base Exchange. It turned out that certificates delayed the HIP Base Exchange only some milliseconds compared to the case where certificates are not used. In the latter part of our article the authors analyze four proposed HIP multicast models and how they could use certificates. There are differences in the models how many times the Base Exchange is performed and to what extent existing HIP specification standards must be modified.

Cloud Computing in Case-Based Pedagogy

Case-based pedagogy has evolved as an important tool for enhancing students’ analytical thinking and problem solving skills, as well as fostering the ability to make decisions under conditions of uncertainty. Due to the rapid development of technologies that allow collaboration and interaction despite geographic and temporal distances, educators are investigating the viability of emerging technologies such as cloud computing as platforms for case-based pedagogical techniques. This paper utilizes information systems (IS) success theory as the foundation of a study to examine case-based pedagogy in a cloud-computing environment. A three-week field experiment followed by a post-test survey is conducted in order to validate hypothesized relationships among cloud computing information quality, cloud computing system quality, cloud computing use, performance expectation in case-based pedagogy, and cloud computing critical mass. Results suggest that information quality has significant influence on not only use of cloud computing for case-based pedagogy, but also increases performance expectation and leads to critical mass. The findings of this study suggest that cloud computing is a viable platform for case-based pedagogy.

Analyzing the Ethical Dilemma between Protecting Consumer Privacy and Marketing Customer Data

Rapid transformation in marketing information technologies has enabled corporations to build ample consumer databases and analyze those using sophisticated data-mining techniques to obtain extensive knowledge about those consumers’ personal life styles and private matters. Considering that the United States Federal Trade Commission (FTC) has relied on fair information principles to guide privacy regulation and left it relatively unregulated, the burden of practicing consumer privacy lies mostly on the marketers who have to follow ethical behavior and maintain consumer privacy. In this paper the authors analyze the ethical nature of corporate decision making on matters of selling consumer data using the normative theories of business ethics and suggests approaches that balance the corporate goals of raising financial gains with the obligations they have to their stakeholders – mainly their customers. The authors also discuss the challenges faced in carrying out the analysis.

Evaluation of Information Security Controls in Organizations by Grey Relational Analysis

In an era where dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by is becoming critical. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation and prioritization of information security controls in organizations. Research efforts have resulted in various methodologies developed to deal with the ISC assessment problem. A closer look at these traditional methodologies highlights various weaknesses that can prevent effective assessments of information security controls in organizations. This research proposes a novel approach using Grey Relational Analysis to quantify the importance of each information security control taking into account organizations’ goals and objectives. Through a case study, the approach is proven successful in providing a way for measuring the quality of information security controls based on multiple application-specific criteria.

First Experiment on Modeling Safety LifeCycle Process in Railway Systems

The conception and design of Resource Constrained Embedded Systems (RCES) is an inherently complex endeavor. Non-functional requirements from security and dependability are exacerbate this complexity. Model-Driven Engineering (MDE) is a promising approach for the design of trusted systems, as it bridges the gap between design issues and implementation concerns. The purpose of process models is to document and communicate processes, as well as reuse them. Thus, processes can be better taught and executed. However, most useful metamodels are activity-oriented, and the required concepts of safety lifecycle, such as validation, cannot be easily modeled. In this paper, the authors propose a safety-oriented process metamodel that extends exiting framework to support all safety control requirements. A new safety lifecycle development processes technique has been built to ease its use in a building process of system/ software applications with safety support. As a proof of concept, the feasibility of the approach has been evaluated with an example. The example is an engineering process for building industry control systems with safety requirements for software and hardware resources. A prototype implementation of the approach is provided and applied to the example of industry control systems in the railway domain.

Selecting Secure Web Applications Using Trustworthiness Benchmarking

The multiplicity of existing software and component alternatives for web applications, especially in open source communities, has boosted interest in suitable benchmarks, able to assist in the selection of candidate solutions, concerning several quality attributes. However, the huge success of performance and dependability benchmarking contrasts the small advances in security benchmarking. Traditional vulnerability/attack detection techniques can hardly be used alone to benchmark security, as security depends on hidden vulnerabilities and subtle properties of the system and its environment. A comprehensive security benchmarking process should consist of a two-step process: elimination of flawed alternatives followed by trustworthiness benchmarking. In this paper, the authors propose a trustworthiness benchmark based on the systematic collection of evidences that can be used to select one among several web applications, from a security point-of-view. They evaluate this benchmark approach by comparing its results with an evaluation conducted by a group of security experts and programmers. Results show that the proposed benchmark provides security rankings similar to those provided by human experts. In fact, although experts may take days to gather the information and rank the alternative web applications, the benchmark consistently provides similar results in a matter of few minutes.

Network Security and Firewall Technology

With the explosion of the public Internet, corporate networks connected to the Internet, if not adequately secured, are vulnerable to damaging attacks. Hackers, viruses, worms, Trojan horses, and spyware try to invade privacy. This research examines how these threats affect the corporate network and ways to reduce them. MikroTik routerOS was configured as the router to examine these threats. Network Address Translation and packet filtering where the key features configured to make the network hidden for unauthorized users and filter unwanted traffics that might reflect malicious acts. The configuration and test were carried out at Iya Abubakar Computer Center, Ahamdu Bello University, Zaria, Nigeria. At the onset, the targeted network was full of virus, worms, Trojan horses, spyware, and vulnerable to unauthorized users. The signal strength of the network was usually very poor due to the effect from the threats affecting the bandwidth. The firewall was configured to filter out inherently dangerous services, exposing the network to fewer risks. After the research, the performance and efficiency of the network was improved tremendously.

A Structured Content Analytic Assessment of Business Services Advertisements in the Cloud-Based Web Services Marketplace

The Internet and emerging technologies are facilitating the creation of new marketplaces designed to address a diverse range of business and societal needs. As companies are utilizing technology to manage their business processes, such a marketplace has emerged that is designed to provide third-party availability of business services delivered via Web services technology, particularly in the context of Cloud Computing. The Web Services Marketplace creates a common trading ground wherein buyers and sellers of business services can come together within a centralized marketplace. However, sellers of business services must provide a mechanism by which knowledge and awareness of the service is created for the buyer and a means by which sellers can effectively compete in the marketplace. The most widely accepted method for accomplishing these tasks is advertising. This study investigates the nascent phenomenon of the advertising of business services within the Web services marketplace, develops a theoretically grounded definition and characteristics of business services offered in the Web Services Marketplace, and develops a model for the effective advertisement of business services offered in the Web Services Marketplace.

Semantic Matchmaking and Decision Support System for Dependable Supplier Selection in the Extended Enterprise Supply Chain

Increasingly firms are competing through the formation of extended enterprises. An extended enterprise consists of a set of firms within a value chain that collaborate to produce a finished product. The case of dependable supplier selection, in the context of the extended enterprise, is complex where the focal firm has to select the supplier(s) for a specific class of customers depending on the value of those customers to the focal firm and the extended enterprise. This process requires careful consideration of a set of selection criteria to be used in selecting the suppliers. In this article, a semantic intelligent agent-based architecture and decision support system are presented for selecting dependable suppliers in the context of extended enterprise.

An Interpretive Study of Critical Issues in Electronic Health Information Exchange

In this paper, the author examines the critical issues that have emerged in the area of electronic healthcare information exchange (HIE) in the United States. An interpretive, longitudinal study was conducted over a total of four years through a study of seven field cases. This paper aggregates findings from these seven efforts into one research study for a more comprehensive view of HIE issues. The findings provide a framework for understanding the issues of HIE for researchers and practitioners. Research, teaching, and practitioner implications are discussed.