A generic construction for revocable identity-based encryption with subset difference methods.

To deal with dynamically changing user's credentials in identity-based encryption (IBE), providing an efficient key revocation method is a very important issue. Recently, Ma and Lin proposed a generic method of designing a revocable IBE (RIBE) scheme that uses the complete subtree (CS) method by combining IBE and hierarchical IBE (HIBE) schemes. In this paper, we propose a new generic method for designing an RIBE scheme that uses the subset difference (SD) method instead of using the CS method. In order to use the SD method, we generically design an RIBE scheme by combining IBE, identity-based revocation (IBR), and two-level HIBE schemes. If the underlying IBE, IBR, and HIBE schemes are adaptively (or selectively) secure, then our RIBE scheme is also adaptively (or selectively) secure. In addition, we show that the layered SD (LSD) method can be applied to our RIBE scheme and a chosen-ciphertext secure RIBE scheme also can be designed generically.

Identity Theft in the Academic World Leads to Junk Science.

In recent years, identity theft has been growing in the academic world. Cybercriminals create fake profiles for prominent scientists in attempts to manipulate the review and publishing process. Without permission, some fraudulent journals use the names of standout researchers on their editorial boards in the effort to look legitimate. This opinion piece, highlights some of the usual types of identity theft and their role in spreading junk science. Some general guidelines that editors and researchers can use against such attacks are presented.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Cyber threats to health information systems: A systematic review.

BACKGROUND: Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. OBJECTIVE: The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. METHODS: The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. RESULTS: Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. CONCLUSIONS: The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Online handwritten signature verification using neural network classifier based on principal component analysis.

One of the main difficulties in designing online signature verification (OSV) system is to find the most distinctive features with high discriminating capabilities for the verification, particularly, with regard to the high variability which is inherent in genuine handwritten signatures, coupled with the possibility of skilled forgeries having close resemblance to the original counterparts. In this paper, we proposed a systematic approach to online signature verification through the use of multilayer perceptron (MLP) on a subset of principal component analysis (PCA) features. The proposed approach illustrates a feature selection technique on the usually discarded information from PCA computation, which can be significant in attaining reduced error rates. The experiment is performed using 4000 signature samples from SIGMA database, which yielded a false acceptance rate (FAR) of 7.4% and a false rejection rate (FRR) of 6.4%.

Reducing online identity disclosure using warnings.

In an experimental design, we tested whether written warnings can reduce the amount of identity information exposure online. A psychological attack on information privacy that has been shown to be effective in previous research was launched. This attack took advantage of the fact that people respond to certain types of requests in a relatively automatic, or mindless, fashion. The experiment manipulated the word that was used in the alert header: "warning", "caution", or "hazard". All warnings proved to be effective in reducing disclosure, but "hazard" proved to be most effective. Also warnings were more effective in reducing disclosure of driver's license numbers than email addresses. The discussion (a) provides tentative conclusions why these patterns were obtained, (b) suggests how to design warnings in cyber-environments, and (c) addresses future possibilities for research on this topic.