A Content-Based Watermarking Scheme for Image Authentication Using Discrete Wavelet Transform Inter-Coefficient Relations

This chapter discusses a content-based authentication technique based on inter-coefficient relationship of Discrete Wavelet Transform (DWT). Watermark is generated from the first level DWT. An image digest (which is a binary string) is generated from the second level DWT. The watermark is embedded in the mid-frequency coefficients of first level DWT as directed by the image digest. Image authentication is done by computing the Completeness of Signature. The proposed scheme is capable of withstanding incidental image processing operations such as compression and identifies any malicious tampering done on the host image.

Privacy-Preserving Transactions Protocol Using Mobile Agents with Mutual Authentication

This chapter introduces a new transaction protocol using mobile agents in electronic commerce. The authors first propose a new model for transactions in electronic commerce – mutual authenticated transactions using mobile agents. They then design a new protocol by this model. Furthermore, the authors analyse the new protocol in terms of authentication, construction and privacy. The aim of the protocol is to guarantee that the customer is committed to the server, and the server is committed to the customer. At the same time, the privacy of the customer is protected.

Rootkits and What We Know

Respondents from eight Korean and United States higher education institutions were surveyed as to their knowledge and experience with various forms of computer malware. The surveys provide insight into knowledge of rootkits that have become coffee lounge discussion following the once secretive Sony rootkit news break in late 2005 and then the rash of accusations and acknowledgements of other rootkits that followed. The surveys provide an empirical assessment of perceptions between students in the two countries with regard to various forms of malware. The two groups are similar in many respects but they exhibit significant differences in self-reported perceptions of rootkit familiarity. U.S. respondents report higher levels of familiarity for all assessed malware types, including the fictional “Trilobyte” virus. A timeline-based comparison between virus and rootkit knowledge reveals that relatively little is known about rootkits today. This highlights dangers related to existing knowledge levels but presents hope for solutions and an accelerated rootkit awareness curve to improve worldwide malware protection.

A Simulation Model of IS Security

The value of IS security evaluated by simulating interactions between an information system, its users and a population of attackers. Initial results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. This implies that IT security policy makers should be aware of the relative sensitivity of attackers and users to security before setting IT security policy.

The Impact of Privacy Risk Harm (RH) and Risk Likelihood (RL) on IT Acceptance

In today’s networked world, privacy risk is becoming a major concern for individuals using information technology. Every time someone visits a website or provides information online they have exposed themselves to possible harm. The information collected can be sold to third parties or kept by the site owners themselves for use in creating a profile of users’ preferences and tastes. To gain insight into the role risk plays in the adoption process of technology, the authors studied the use of information systems in relation to a student registration and schedule management system at a major United States university. Further, they extended the Technology Acceptance Model (TAM) to include perceptual measures of privacy risk harm (RH) and privacy risk likelihood (RL) which apply to the extended model and predict students’ intentions to use technology. Their finding indicated the growing importance of privacy risk in the use of information technology.

On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text

The design of an authentication system based on keystroke dynamics is made difficult by the fact that the typing behaviour of a person is subject to strong fluctuations. An asymmetrical method able to handle this difficulty by using a long text on enrolment and a short one at login is analysed in this paper. The results of an empirical study based on an extensive field test are presented. The study demonstrates that the advantages of the analysed method remain even if a predefined input text is used. The results also show that the method’s quality highly depends on the amount of text typed on enrolment as well as on login, which makes the system scalable to different security levels. They also confirm the importance of using stable characteristics that are due, that is, to the user’s right- or left-handedness. The method’s learning velocity is shown to be high, which enables enrolment to be kept short. Moreover, the study demonstrates that admitting multiple login attempts significantly ameliorates the recognition performance without sacrificing security.

Information Systems Security

In today’s business environment it is difficult to obtain senior management approval for the expenditure of valuable resources to “guarantee” that a potentially disastrous event will not occur that could affect the ultimate survivability of the organization. The total information network flexibility achieved depends to a great extent on how network security is implemented. However, this implementation depends on the network designers at the initial stage and the network administrators in the long term. Initial security level designed can be later changed, improved or compromised by the network administrators who look after day-to-day network and system functions. Their competencies and the motivation contribute in achieving the desired security objectives that are aligned with the business goals. Incompetent network administrator may pave the way to attacks that could take place either at once where an obvious vulnerability may exist or in several phases where it requires information gathering or scanning in order to enter into the target system. De-motivated network administrator may ignore the possible threats or find strategies to make his/ her presence vital for the existence of the network services. The latter may be an example of a competent network administrator who is not rewarded due to the lapses of the senior management, in which case backdoors or logic bombs may be deployed so that the administrator may take vengeance in case the career is terminated or someone else is given undue recognition. Two studies on real cases given in this paper highlights the influence of such network administrators. To preserve the confidentiality, the names of personnel or organizations are not revealed.

A Dimensionality Reduction-Based Transformation to Support Business Collaboration

While the sharing of data is known to be beneficial in data mining applications and widely acknowledged as advantageous in business, this information sharing can become controversial and thwarted by privacy regulations and other privacy concerns. Data clustering for instance could be more accurate if more information is available, hence the data sharing. Any solution needs to balance the clustering requirements and the privacy issues. Rather than simply hindering data owners from sharing information for data analysis, a solution could be designed to meet privacy requirements and guarantee valid data clustering results. To achieve this dual goal, this chapter introduces a method for privacy-preserving clustering, called Dimensionality Reduction-Based Transformation (DRBT). This method relies on the intuition behind random projection to protect the underlying attribute values subjected to cluster analysis. It is shown analytically and empirically that transforming a dataset using DRBT, a data owner can achieve privacy preservation and get accurate clustering with little overhead of communication cost. Such a method presents the following advantages: it is independent of distance-based clustering algorithms; it has a sound mathematical foundation; and it does not require CPU-intensive operations.

Privacy-Preserving Data Mining and the Need for Confluence of Research and Practice

Privacy-Preserving Data Mining (PPDM) refers to data mining techniques developed to protect sensitive data while allowing useful information to be discovered from the data. In this chapter the review PPDM and present a broad survey of related issues, techniques, measures, applications, and regulation guidelines. The authors observe that the rapid pace of change in information technologies available to sustain PPDM has created a gap between theory and practice. They posit that without a clear understanding of the practice, this gap will be widening, which, ultimately will be detrimental to the field. They conclude by proposing a comprehensive research agenda intended to bridge the gap relevant to practice and as a reference basis for the future related legislation activities.

A Rule-Based and Game-Theoretic Approach to On-Line Credit Card Fraud Detection

Traditional security mechanisms are often found to be inadequate for protection against attacks by authorized users or intruders posing as authorized users. This has drawn interest of the research community towards intrusion detection techniques. The authors model the conflicting motives between an intruder and an intrusion detection system as a multi-stage game between two players, each trying to maximize its payoff. They consider the specific application of credit card fraud detection and propose a two-tiered architecture having a rule-based component in the first tier and a Game-theoretic component in the second tier. Classical Game theory is considered useful in many situations because it permits the formulation of strategies that are optimal regardless of what the adversary does, negating the need for prediction of his behavior. However, the authors use it in a predictive application in the sense that we consider intruders as rational adversaries who would try to behave optimally, and the expected optimal behavior can be determined through Game theory.