[AISWorld] ToC: IJITSA 4(2) issue

Tue Aug 9 15:17:12 EDT 2011

***********************************************************************
The contents of the latest issue of:
International Journal of Information Technologies and Systems Approach
(IJITSA)
Official Publication of the Information Resources Management Association
Volume 4, Issue 2, July-December 2011
Published: Semi-Annually in Print and Electronically
ISSN: 1935-570X EISSN: 1935-5718
Published by IGI Publishing, Hershey-New York, USA
www.igi-global.com/ijitsa

Editors-in-Chief: Frank Stowell, University of Portsmouth, UK; and
Manuel Mora, Universidad Autónoma de Aguascalientes, México

Special Theme Issue on Security and Privacy

EDITORIAL PREFACE

Frank Stowell, University of Portsmouth, UK,
Vasilios Katos, Democritus University of Thrace, Greece

To read the preface, click on the link below, and then click "View PDF"
under "Preface."
http://www.igi-global.com/bookstore/titledetails.aspx?titleid=47961&detailstype=contents

PAPER ONE

Preventative Actions for Enhancing Online Protection and Privacy

Steven Furnell, University of Plymouth, UK
Rossouw von Solms, Nelson Mandela Metropolitan University, South Africa
Andy Phippen, University of Plymouth, UK

Many citizens rely upon online services, and it is certain that this
reliance will increase in the future. However, they frequently lack a
solid appreciation of the related safety and security issues, and can be
missing out on an essential aspect of awareness in everyday life. Indeed,
users are often concerned about online threats, but it would be stretching
the point to claim that they are fully aware of the problems. Thus, rather
than actually protecting themselves, many will simply accept that they are
taking a risk. This paper examines the problem of establishing end-user
eSafety awareness, and proposes means by which related issues can be
investigated and addressed. Recognising that long-term attitudes and
practices will be shaped by early experiences with the technology, it is
particularly important to address the issue early and improve awareness
amongst young people. However, the problem is unlikely to be addressed via
the approaches that would traditionally be applied with adult users. As
such, the paper examines information gathering and awareness-raising
strategies drawing from qualitative methodologies in the social sciences,
whose pluralistic approach can be effectively applied within school
contexts.

To obtain a copy of the entire article, click on the link below.
http://www.igi-global.com/bookstore/article.aspx?titleid=55800

To read a PDF sample of this article, click on the link below.
http://www.igi-global.com/viewtitlesample.aspx?id=55800

PAPER TWO

Minimising Collateral Damage: Privacy-Preserving Investigative Data
Acquisition Platform

Zbigniew Kwecka, Edinburgh Napier University, UK
William J. Buchanan, Edinburgh Napier University, UK

Investigators often define invasion of privacy as collateral damage.
Inquiries that require gathering data from third parties, such as banks,
Internet Service Providers (ISPs) or employers are likely to impact the
relationship between the data subject and the data controller. In this
research a novel privacy-preserving approach to mitigate collateral damage
during the acquisition process is presented. This approach is based on
existing Private Information Retrieval (PIR) protocols, which cannot be
employed in an investigative context. This paper provides analysis of the
investigative data acquisition process and proposes three modifications
that can enable existing PIR protocols to perform investigative enquiries
on large databases, including communication traffic databases maintained
by ISPs. IDAP is an efficient Symmetric PIR (SPIR) protocol optimised for
the purpose of facilitating public authorities’ enquiries for evidence. It
introduces a semi-trusted proxy into the PIR process in order to gain the
acceptance of the general public. In addition, the dilution factor is
defined as the level of anonymity required in a given investigation. This
factor allows investigators to restrict the number of records processed,
and therefore, minimise the processing time, while maintaining an
appropriate level of privacy.

To obtain a copy of the entire article, click on the link below.
http://www.igi-global.com/bookstore/article.aspx?titleid=55801

To read a PDF sample of this article, click on the link below.
http://www.igi-global.com/viewtitlesample.aspx?id=55801

PAPER THREE

A Cross Layer Spoofing Detection Mechanism for Multimedia Communication
Services

Nikos Vrakas, University of Piraeus, Greece
Costas Lambrinoudakis, University of Piraeus, Greece

The convergence of different network types under the same architecture
offers the opportunity for low cost multimedia services. The main
objective has been the high quality of the provided services. However,
considering that older equipment with limited processing capabilities may
be present in such environments, a tradeoff between security and service
quality is inevitable. Specifically, low resource enabled devices cannot
utilize state of the art security mechanisms, such as IPSec tunnels,
integrity mechanisms, etc., and they simply employ HTTP Digest
authentication. The lack of integrity mechanisms in particular raises many
security concerns for the IMS infrastructures. Attacks such as Man in the
Middle (MitM), spoofing, masquerading, and replay that can be launched in
IMS environments, have been pinpointed in bibliography by various
researchers. Moreover, an internal attacker may utilize his legitimate
security tunnels in order to launch spoofing and identity theft attacks.
This paper presents a cross-layer spoofing detection mechanism that
protects SIP-based infrastructures from the majority of the aforementioned
attacks without requiring an additional cryptographic scheme which would
inevitably introduce considerable overheads.

To obtain a copy of the entire article, click on the link below.
http://www.igi-global.com/bookstore/article.aspx?titleid=55802

To read a PDF sample of this article, click on the link below.
http://www.igi-global.com/viewtitlesample.aspx?id=55802

PAPER FOUR

Cryptographic Approaches for Privacy Preservation in Location-Based
Services: A Survey

Emmanouil Magkos, Ionian University, Greece

Current research in location-based services (LBSs) highlights the
importance of cryptographic primitives in privacy preservation for LBSs,
and presents solutions that attempt to support the (apparently) mutually
exclusive requirements for access control and context privacy (i.e.,
identity and/or location), while at the same time adopting more
conservative assumptions in order to reduce or completely remove the need
for trust on system entities (e.g., the LBS provider, the network
operator, or other peer nodes). This paper surveys the current state of
knowledge concerning the use of cryptographic primitives for
privacy-preservation in LBS applications.

To obtain a copy of the entire article, click on the link below.
http://www.igi-global.com/bookstore/article.aspx?titleid=55803

To read a PDF sample of this article, click on the link below.
http://www.igi-global.com/viewtitlesample.aspx?id=55803

PAPER FIVE

Deploying Privacy Improved RBAC in Web Information Systems

Ioannis Mavridis, University of Macedonia, Greece

Access control technology holds a central role in achieving trustworthy
management of personally identifiable information in modern information
systems. In this article, a privacy-sensitive model that extends
Role-Based Access Control (RBAC) to provide privacy protection through
fine-grained and just-in-time access control in Web information systems is
proposed. Moreover, easy and effective mapping of corresponding components
is recognized as an important factor for succeeding in matching security
and privacy objectives. Such a process is proposed to be accomplished by
capturing and modeling privacy requirements in the early stages of
information system development. Therefore, a methodology for deploying the
mechanisms of an access control system conforming to the proposed Privacy
Improved Role-Based Access Control (PIRBAC) model is presented. To
illustrate the application of the proposed methodology, an application
example in the healthcare domain is described.

To obtain a copy of the entire article, click on the link below.
http://www.igi-global.com/bookstore/article.aspx?titleid=55804

To read a PDF sample of this article, click on the link below.
http://www.igi-global.com/viewtitlesample.aspx?id=55804

INTERVIEW

Interview with Gene Tsudik

Interviewed by Vasilios Katos, Democritus University of Thrace, Greece

To read the interview, click on the link below, and then click "View PDF"
under "Interview."
http://www.igi-global.com/bookstore/titledetails.aspx?titleid=47961&detailstype=contents

For full copies of the above articles, check for this issue of the
International Journal of Information Technologies and Systems Approach
(IJITSA) in your institution's library. This journal is also included in
the IGI Global aggregated "InfoSci-Journals" database:
http://www.igi-global.com/EResources/InfoSciJournals.aspx.
***********************************************************************