A secure mobile agent e-commerce protocol

Yu, Min-Chieh

09 December 2015

Indiana University-Purdue University Indianapolis (IUPUI) / There are many advantages of mobile agent such as delegation of tasks, asynchronous processing, adaptable service in interfaces, and code shipping. Mobile agents can be utilized in many areas such as electronic commerce, information retrieval, network management, etc. The main problem with mobile agents is security. The three basic security design goals of a system are confidentiality, integrity, and availability. The goal of this thesis concerns the property of secure purchasing by mobile agents. First present Jalal's anonymous authentication protocol. Next, we construct our single mobile agent protocol based on Jalal's authentication technique. Also, we add some addition cryptography techniques to make the data more secure during its migration. Lastly, we build a multiple mobile agent protocol based on the single mobile agent protocol. Here, the multiple mobile agents are capable to make the decision and purchase the item for user.

Mobile Agent

E-commerce

Electronic commerce -- Purchasing

Mobile commerce -- Cryptography

Computer security -- Research

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards

Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

Improving the adoption of cloud computing by Small & Medium Scale Enterprise (SMEs in Nigeria

Young, Destiny Assian

08 1900

In a traditional business environment, companies set up their organisation’s IT data infrastructure, install their applications and carry out the maintenance and management of their infrastructures. Whereas Cloud computing removes the need for companies to set up own data centers and run enterprise applications. Cloud computing technology provides businesses with the advantage of on-demand access, agility, scalability, flexibility and reduced cost of computing. An appreciable increase is being observed in the acceptance and migration to this new IT model in developing economies. In Nigeria, it has been observed that there is a somewhat unimpressive rate of adoption of Cloud computing by the microfinance operators. This research investigates the reason for the slow adoption of Cloud computing by SMEs in Nigeria with special consideration to the Microfinance subsector and to develop a model for improving the adoption of cloud computing by microfinance organisations. The research was conducted using a qualitative research design method. Interview was the main data collection instrument and data collected was analysed using thematic content analysis method. The analysis of the study revealed that SMEs in Nigeria, with particular reference to microfinance subsector in Akwa Ibom State are yet fully to embrace cloud technology. It was discovered that most of the SMEs studied, has some level of reservation about cloud computing arising from not having appropriate education and enlightenment about the cloud economic offerings and potentials. From the outcome of the research, the researcher identified that most people’s concerns are as a result of lack of knowledge about cloud computing and so the researcher concluded that appropriate enlightenment by industry stakeholders, cloud service providers, cloud enthusiasts and even the government on the risks and overwhelming economic incentives of cloud computing as well as the provision of a monitored free trial services will encourage the adoption of cloud computing by SMEs. / College of Engineering, Science and Technology / M.Tech. (Information Technology)

ATU

BIU

Cloud Adoption

Cloud Computing

Cloud End-user

Cloud Service Providers

Data Security

Microfinance

PU

PEOU

IT

Nigeria

SMEs

Vendors

004.67820338709669

SMEs (Small business)

Microfinance -- Nigeria -- Case studies

Data Security

Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards

Improving the adoption of cloud computing by small & medium scale enterprise (SMEs) in Nigeria

Young, Destiny Assian

08 1900

In a traditional business environment, companies set up their organisation’s IT data infrastructure, install their applications and carry out the maintenance and management of their infrastructures. Whereas Cloud computing removes the need for companies to set up own data centers and run enterprise applications. Cloud computing technology provides businesses with the advantage of on-demand access, agility, scalability, flexibility and reduced cost of computing. An appreciable increase is being observed in the acceptance and migration to this new IT model in developing economies. In Nigeria, it has been observed that there is a somewhat unimpressive rate of adoption of Cloud computing by the microfinance operators. This research investigates the reason for the slow adoption of Cloud computing by SMEs in Nigeria with special consideration to the Microfinance subsector and to develop a model for improving the adoption of cloud computing by microfinance organisations. The research was conducted using a qualitative research design method. Interview was the main data collection instrument and data collected was analysed using thematic content analysis method. The analysis of the study revealed that SMEs in Nigeria, with particular reference to microfinance subsector in Akwa Ibom State are yet fully to embrace cloud technology. It was discovered that most of the SMEs studied, has some level of reservation about cloud computing arising from not having appropriate education and enlightenment about the cloud economic offerings and potentials. From the outcome of the research, the researcher identified that most people’s concerns are as a result of lack of knowledge about cloud computing and so the researcher concluded that appropriate enlightenment by industry stakeholders, cloud service providers, cloud enthusiasts and even the government on the risks and overwhelming economic incentives of cloud computing as well as the provision of a monitored free trial services will encourage the adoption of cloud computing by SMEs. / College of Engineering, Science and Technology / M.Tech. (Information Technology)

ATU

BIU

Cloud adoption

Cloud computing

Cloud end-user

Cloud service providers

Data security

Microfinance

PU

PEOU

IT

Nigeria

SMEs

Vendors

004.67820338709669

Digital communication -- Nigeria

Small business -- Nigeria

Microfinance -- Nigeria

E-crimes and e-authentication - a legal perspective

Njotini, Mzukisi Niven

27 October 2016

E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud. The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations. The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda. / Jurisprudence / LL. D.

Biometric characters

Computer hacking

E-authentication

Furtum,

ICT regulation

ID fraud

ID theft

Information or computer systems

Larceny

Man-in-the-middle attacks

Phishing

ICTs

PAEAN

345.268

Computer crimes -- Law and legislation

Computer networks -- Security measures

Authentication

Phishing

Intellectual property

Proposta de implementação de uma arquitetura para a Internet de nova geração / An implementation proposal of a next generation internet architecture

Wong, Walter

07 November 2007

Orientadores: Mauricio Ferreira Magalhães, Fabio Luciano Verdi / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e Computação / Made available in DSpace on 2018-08-09T14:41:11Z (GMT). No. of bitstreams: 1 Wong_Walter_M.pdf: 1265045 bytes, checksum: 15a2435e5676b973ffe726e4757323e4 (MD5) Previous issue date: 2007 / Resumo: A concepção original da arquitetura da Internet foi baseada em uma rede fixa e confiável. Hoje em dia, a Internet se tornou dinâmica e vulnerável aos ataques de segurança. Também não era prevista a necessidade de integração de tecnologias heterogêneas nem de ambientes sem fio. A arquitetura atual apresenta uma série de barreiras técnicas para prover estes serviços, sendo uma das maiores a sobrecarga semântica do Internet Protocol (IP). O endereço IP atua como localizador na camada de rede e como identificador na camada de transporte, impossibilitando novas funcionalidades como a mobilidade e abrindo brechas de segurança. Este trabalho apresenta uma proposta de implementação de uma arquitetura para Internet de nova geração para o provisionamento de novos serviços de forma natural e integrada para a Internet atual. A proposta de arquitetura de implementação oferece suporte à mobilidade, ao multihoming, à segurança, à integração de redes heterogêneas e às aplicações legadas através da introdução de uma nova camada de identificação na arquitetura atual. Esta nova camada tem por objetivo separar a identidade da localização e se tornar uma opção de comunicação para as redes heterogêneas. Mecanismos adicionais foram propostos para prover o suporte às funcionalidades da arquitetura, tais como a resolução de nomes em identificadores, o roteamento baseado no identificador, a gerência de localização e um plano de controle para a troca de mensagens de sinalização fim-a-fim entre os componentes da arquitetura. Para a validação da arquitetura proposta, um protótipo foi implementado e vários testes de desempenho foram realizados para avaliação do overhead da implementação, do modelo de segurança, da robustez e do suporte à mobilidade e às aplicações legadas / Abstract: The original concept of the Internet architecture was based on static and reliable networks. Nowadays, the Internet became more dynamic and vulnerable to security attacks. The integration of heterogeneous technologies and wireless environment were not predicted. The current architecture presents some technical barriers to provide these services. One of these problems is the semantic overload of the Internet Protocol (IP). The IP address acts as locator in the network layer and identifier in the transport layer, preventing new features such as mobility and allowing security flaws. This work presents an implementation proposal of a next generation Internet architecture to provide new services naturally integrated to the Internet. The implementation proposal supports mobility, multihoming, security, heterogeneous networks integration and legacy applications by the introduction of a new identification layer in the current architecture. This new layer will separate the identity from the location and become an option for communication between heterogeneous networks. Additional mechanisms were proposed to support the new functionalities of the architecture, e.g., resolution of names to identifiers, identifier-based routing, location management and a control plane to exchange end-toend signalling control messages between the components of the architecture. In order to evaluate the proposed architecture, a prototype was implemented and some tests were performed considering implementation overhead, security model, robustness and support for mobility and legacy applications / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Arquitetura de redes de computador

Internet sem fio

Sistemas de comunicação sem fio

Criptografia de dados (Computação)

Redes de computadores - Protocolos

Computer network architectures

Computer networks - Security measures

Wireless Internet

Wireless communication systems

Data encryption (Computer science)

Computer network protocols

Next-generation internet architectures

Multihoming

Security

Heterogeneous networks

The threat of cyberterrorism: Contemporary consequences and prescriptions

Stocking, Galen Asher Thomas

01 January 2004

This study researches the varying threats that emanate from terrorists who carry their activity into the online arena. It examines several elements of this threat, including virtual to virtual attacks and threats to critical infrastructure that can be traced to online sources. It then reports on the methods that terrorists employ in using information technology such as the internet for propaganda and other communication purposes. It discusses how the United States government has responded to these problems, and concludes with recommendations for best practices.

Defense and Security Studies

Information Security