Cyber-of-Things: Cyber-Crimes and Cyber-Security Minitrack
Permanent URI for this collection
As technology is incorporated into more aspects of daily life, cyber-crimes and cyber-security evolve and diversify. This results in the need to develop innovative managerial, technological and strategic solutions. Increasing mobile device sales; increasing digital evidence requests in legal environments; increasing generation and storage of digital transactions through the integration of the ‘Internet of Things’; and the development of cyber-physical attacks, all highlight the broad societal impacts of technology that encourage data intensive environments.
A variety of responses are needed to address the resulting concerns. There is a need to research a) technology investigation efficiency, b) technical integration and solution impact, c) the abuse of technology through cyber-physical attacks along with d) the cost effective analysis and evaluation of large data repositories. Hence, identifying and validating technical solutions to access data from new technologies, investigating the impact that these solutions have on industry, and understanding how technologies can be abused from a cyber-physical perspective is crucial to the viability of government, commercial, and legal communities.
The minitrack will solicit submissions in the following areas:
- Research agendas that investigate vulnerabilities and solutions to devices that belong to the ‘Cyber-of-Things’ (e.g. Cyber Physical Systems, and Internet of Things).
- Research agendas that identify cyber-crimes, digital forensics issues, security vulnerabilities, solutions and approaches to solving investigation problems.
- Research agendas that investigate cost effective retrieval, analysis and evaluation of large data repositories.
- Papers that combine research and applied practice.
This minitrack provides a forum for integrating relevant, vital academic security research activity with the broader international community.
William Glisson (Primary Contact)
University of South Alabama
University of South Australia
ItemHow Espoused Culture Influences Misuse Intention: A Micro-Institutional Theory Perspective( 2017-01-04)Following Willson and Warkentin’s  call for understanding the interaction between employees and the organization in the context of computer abuse, this paper investigates the effect of espoused institutional pressure on misuse intention in South Korea. In addition, we hypothesize the effect of culture in the form of self-construal, power distance and Confucian dynamism on users’ perceptions of organizational coercive, normative and mimetic pressures. We collected 232 usable surveys. Since the sample was mostly a convenience sample, the response rate was close to a 100%. Our analysis found that coercive pressure has no effect on misuse intention, while normative pressures has significant deterring effect and mimetic has significant motivating effect on misuse intention. As to culture, self-construal had the strongest effect on institutional pressure and subsequently on misuse intention.
ItemA Threat-Vulnerability Based Risk Analysis Model for Cyber Physical System Security( 2017-01-04)The ability to network machinery and devices that are otherwise isolated is highly attractive to industry. This has led to growth in the use of cyber-physical systems (CPSs) with existing infrastructure. However, coupling physical and cyber processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need for risk analysis as part of CPS security and highlights the future work of modelling and comparing existing security solutions using the proposed model so to identify the sectors where CPS security is still lacking.
ItemA Synchronized Shared Key Generation Method for Maintaining End-to-End Security of Big Data Streams( 2017-01-04)A large number of mission critical applications ranging from disaster management to smart city are built on the Internet of Things (IoT) platform by deploying a number of smart sensors in a heterogeneous environment. The key requirements of such applications are the need of near real-time stream data processing in large scale sensing networks. This trend gives birth of an area called big data stream. One of the key problems in big data stream is to ensure the end-to-end security. To address this challenge, we proposed Dynamic Prime Number Based Security Verification (DPBSV) and Dynamic Key Length Based Security Framework (DLSeF) methods for big data streams based on the shared key derived from synchronized prime numbers in our earlier works. One of the major shortcomings of these methods is that they assume synchronization of the shared key. However, the assumption does not hold when the communication between Data Stream Manager (DSM) and sensing devices is broken. To address this problem, this paper proposes an adaptive technique to synchronize the shared key without communication between sensing devices and DSM, where sensing devices obtain the shared key re-initialization properties from its neighbours. Theoretical analyses and experimental results show that the proposed technique can be integrated with our DPBSV and DLSeF methods without degrading the performance and efficiency. We observed that the proposed synchronization method also strengthens the security of the models.