Recently, modern technologies have made a positive contribution to most institutions of the society. However, they have generated serious issues with regard to the data security. For example, in the educational sector, most educational institutions have huge amounts of various types of data, which require rigorous protection ways to ensure their security and integrity. This study aims at reviewing the most recent data security methods, particularly the existing common encryption algorithms as well as designing an electronic system based on efficient and trusted ones to protect academic and nonacademic digital data in educational institutions. The study applies the satisfaction questionnaire as instrument to evaluate the proposed system efficiency. The questionnaire has been presented to the evaluation team whose members are divided into two groups: experts and end users. The results of the evaluation process have indicated that, the satisfaction ratio of the proposed system is encouraging. The overall satisfaction percentage is 96.25%, which demonstrates that the proposed system is an acceptable and suitable choice for various security applications.
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
In this paper, we propose to enhance the security performance of the color image encryption algorithm which depends on multi-chaotic systems. The current cryptosystem utilized a pixel-chaotic-shuffle system to encode images, in which the time of shuffling is autonomous to the plain-image. Thus, it neglects to the picked plaintext and known-plaintext attacks. Also, the statistical features of the cryptosystem are not up to the standard. Along these lines, the security changes are encircled to make the above attacks infeasible and upgrade the statistical features also. It is accomplished by altering the pixel-chaotic-shuffle component and including another pixel-chaotic-diffusion system to it. The keys for diffusion of pixels are extracted from the same chaotic arrangements created in the past stage. The renovation investigations and studies are performed to exhibit that the refreshed version of cryptosystem has better statistical features and invulnerable to the picked plaintext and known plaintext attacks than the current algorithm.
A novel secure e contents system for multi-media interchange workflows in e-l...IJCNCJournal
The goal of e-learning is to benefit from the capabilities offered by new information technology (such as
remote digital communications, multimedia, internet, cell phones, teleconferences, etc.) and to enhance the
security of several government organizations so as to take into considerations almost all the contents of elearning
such as: information content, covering most of citizens or state firms or corporations queries.
Content provides a service to provide most if not all basic and business services; content of communicative
link provides the citizen and the state agencies together all the time and provides content security for all
workers on this network to work in securely environment. Access to information as well is safeguarded. The
main objective of this research is to build a novel multi-media security system (encrypting / decrypting
system) that will enable E-learning to exchange more secured multi-media data/information.
Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
‘Internet of Things (IoT)’emerged as an intelligent collaborative computation and communication between a set of objects capable of providing on-demand services to other objects anytime anywhere. A large-scale deployment of data-driven cloud applications as well as automated physical things such as embed electronics, software, sensors and network connectivity enables a joint ubiquitous and pervasive internet-based computing systems well capable of interacting with each other in an IoT. IoT, a well-known term and a growing trend in IT arena certainly bring a highly connected global network structure providing a lot of beneficial aspects to a user regarding business productivity, lifestyle improvement, government efficiency, etc. It also generates enormous heterogeneous and homogeneous data needed to be analyzed properly to get insight into valuable information. However, adoption of this new reality (i.e., IoT) by integrating it with the internet invites a certain challenges from security and privacy perspective. At present, a much effort has been put towards strengthening the security system in IoT still not yet found optimal solutions towards current security flaws. Therefore, the prime aim of this study is to investigate the qualitative aspects of the conventional security solution approaches in IoT. It also extracts some open research problems that could affect the future research track of IoT arena.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Improved method for image security based on chaotic-shuffle and chaotic-diffu...IJECEIAES
In this paper, we propose to enhance the security performance of the color image encryption algorithm which depends on multi-chaotic systems. The current cryptosystem utilized a pixel-chaotic-shuffle system to encode images, in which the time of shuffling is autonomous to the plain-image. Thus, it neglects to the picked plaintext and known-plaintext attacks. Also, the statistical features of the cryptosystem are not up to the standard. Along these lines, the security changes are encircled to make the above attacks infeasible and upgrade the statistical features also. It is accomplished by altering the pixel-chaotic-shuffle component and including another pixel-chaotic-diffusion system to it. The keys for diffusion of pixels are extracted from the same chaotic arrangements created in the past stage. The renovation investigations and studies are performed to exhibit that the refreshed version of cryptosystem has better statistical features and invulnerable to the picked plaintext and known plaintext attacks than the current algorithm.
A novel secure e contents system for multi-media interchange workflows in e-l...IJCNCJournal
The goal of e-learning is to benefit from the capabilities offered by new information technology (such as
remote digital communications, multimedia, internet, cell phones, teleconferences, etc.) and to enhance the
security of several government organizations so as to take into considerations almost all the contents of elearning
such as: information content, covering most of citizens or state firms or corporations queries.
Content provides a service to provide most if not all basic and business services; content of communicative
link provides the citizen and the state agencies together all the time and provides content security for all
workers on this network to work in securely environment. Access to information as well is safeguarded. The
main objective of this research is to build a novel multi-media security system (encrypting / decrypting
system) that will enable E-learning to exchange more secured multi-media data/information.
Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.
A Comprehensive Survey on Exiting Solution Approaches towards Security and Pr...IJECEIAES
‘Internet of Things (IoT)’emerged as an intelligent collaborative computation and communication between a set of objects capable of providing on-demand services to other objects anytime anywhere. A large-scale deployment of data-driven cloud applications as well as automated physical things such as embed electronics, software, sensors and network connectivity enables a joint ubiquitous and pervasive internet-based computing systems well capable of interacting with each other in an IoT. IoT, a well-known term and a growing trend in IT arena certainly bring a highly connected global network structure providing a lot of beneficial aspects to a user regarding business productivity, lifestyle improvement, government efficiency, etc. It also generates enormous heterogeneous and homogeneous data needed to be analyzed properly to get insight into valuable information. However, adoption of this new reality (i.e., IoT) by integrating it with the internet invites a certain challenges from security and privacy perspective. At present, a much effort has been put towards strengthening the security system in IoT still not yet found optimal solutions towards current security flaws. Therefore, the prime aim of this study is to investigate the qualitative aspects of the conventional security solution approaches in IoT. It also extracts some open research problems that could affect the future research track of IoT arena.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Cloud computing is an advanced computing technology used by different organization or individuals for
transferring, overseeing and storing over the internet. Security is an important issue that needs to be studied deeply and
accurately when designing the digital library. Security shortcomings in libraries, combined with assaults or different sorts
of disappointments, can prompt private data being improperly gotten to, or loss of honesty and integrity of the
information put away. This paper will be introduced the concept and characteristics of cloud computing, the relationship
between cloud computing and digital library will be analysis, the cloud computing security management problems under
the environment of digital libraries will be studied , the availability level will be taken into research consideration while
studying security management problems in digital library cloud computing. The main goal will be trying to present a
possible solution for the preventing security threats and hackers on a digital library management system based on cloud
computing.
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
The mobile device is one of the fasted growing technologies that is widely used in a diversifying sector.
Mobile devices are used for everyday life, such as personal information exchange – chatting, email,
shopping, and mobile banking, contributing to information security threats. Users' behavior can influence
information security threats. More research is needed to understand users' threat avoidance behavior and
motivation. Using Technology threat avoidance theory (TTAT), this study assessed factors that influenced
mobile device users' threat avoidance motivations and behaviors as it relates to phishing attacks.
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGIJNSA Journal
In this paper we present a way of hiding the data in mobile devices from being compromised. We use two level data hiding technique, where in its first level data is encrypted and stored in special records and the second level being a typical password protection scheme. The second level is for secure access of information from the device. In the first level, encryption of the data is done using the location coordinates as key. Location Coordinates are rounded up figures of longitude and latitude information. In the second phase the password entry differs from conventional schemes. Here we have used the patterns of traditional Rangoli for specifying the password and gaining access, thus minimising the chances of data leak in hostile situations. The proposed structure would be a better trade off in comparison with the previous models which use Bio Metric authentication – a relatively costly way of
authentication.
Control Cloud Data Access Using Attribute-Based Encryptionpaperpublications3
Abstract: Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed recently. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Data security is the key concern in the distributed system. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.
Design and Development of Secure Electronic Voting System Using Radio Frequen...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
Applicability of Network Logs for Securing Computer SystemsIDES Editor
Logging the events occurring on the network has
become very essential and thus playing a major role in
monitoring the events in order to keep check over them so
that they doesn’t harm any resources of the system or the
system itself. The analysis of network logs are becoming the
beneficial security research oriented field which will be desired
in the computer era. Organizations are reluctant to expose
their logs due to risk of attackers stealing the sensitive
information from their respective logs. In this paper we are
defining architecture and the security measures that can be
applied for a particular network log.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...CSCJournals
The growing usage of smart speakers raises many privacy and trust concerns compared to other technologies such as smart phones and computers. In this study, a proxy measure of trust is used to gauge users’ opinions on three different technologies based on an empirical study, and to understand which technology most people are most likely to trust. The collected data were analyzed using the Kruskal-Wallis H test to determine the statistical differences between the users’ trust level of the three technologies: smart speaker, computer and smart phone. The findings of the study revealed that despite the wide acceptance, ease of use and reputation of smart speakers, people find it difficult to trust smart speakers with their sensitive information via the Direct Voice Input (DVI) and would prefer to use a keyboard or touchscreen offered by computers and smart phones. Findings from this study can inform future work on users’ trust in technology based on perceived ease of use, reputation, perceived credibility and risk of using technologies via DVI.
Privacy-Preserving Updates to Anonymous and Confidential Databaseijdmtaiir
The current trend in the application space towards
systems of loosely coupled and dynamically bound
components that enables just-in-time integration jeopardizes
the security of information that is shared between the broker,
the requester, and the provider at runtime. In particular, new
advances in data mining and knowledge discovery that allow
for the extraction of hidden knowledge in an enormous amount
of data impose new threats on the seamless integration of
information. We consider the problem of building privacy
preserving algorithms for one category of data mining
techniques, association rule mining.Suppose Alice owns a kanonymous database and needs to determine whether her
database, when inserted with a tuple owned by Bob, is still kanonymous. Also, suppose that access to the database is strictly
controlled, because for example data are used for certain
experiments that need to be maintained confidential. Clearly,
allowing Alice to directly read the contents of the tuple breaks
the privacy of Bob (e.g., a patient’s medical record); on the
other hand, the confidentiality of the database managed by
Alice is violated once Bob has access to the contents of the
database. Thus, the problem is to check whether the database
inserted with the tuple is still k-anonymous, without letting
Alice and Bob know the contents of the tuple and the database,
respectively. In this paper, we propose two protocols solving
this problem on suppression-based and generalization-based kanonymous and confidential databases. The protocols rely on
well-known cryptographic assumptions, and we provide
theoretical analyses to proof their soundness and experimental
results to illustrate their efficiency.We have presented two
secure protocols for privately checking whether a kanonymous database retains its anonymity once a new tuple is
being inserted to it. Since the proposed protocols ensure the
updated database remains K-anonymous, the results returned
from a user’s (or a medical researcher’s) query are also kanonymous. Thus, the patient or the data provider’s privacy
cannot be violated from any query. As long as the database is
updated properly using the proposed protocols, the user queries
under our application domain are always privacy-preserving
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELING IJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat
modeling as a part of requirements engineering in secure software development provides a structured
approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities
in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for
privacy threat modeling in relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to specify characteristics
of a cloud privacy threat modeling methodology, different steps in the proposed methodology and
corresponding products. In addition, a case study has been implemented as a proof of concept to
demonstrate the usability of the proposed methodology. We believe that the extended methodology
facilitates the application of a privacy-preserving cloud software development approach from requirements
engineering to design.
Cloud computing is an advanced computing technology used by different organization or individuals for
transferring, overseeing and storing over the internet. Security is an important issue that needs to be studied deeply and
accurately when designing the digital library. Security shortcomings in libraries, combined with assaults or different sorts
of disappointments, can prompt private data being improperly gotten to, or loss of honesty and integrity of the
information put away. This paper will be introduced the concept and characteristics of cloud computing, the relationship
between cloud computing and digital library will be analysis, the cloud computing security management problems under
the environment of digital libraries will be studied , the availability level will be taken into research consideration while
studying security management problems in digital library cloud computing. The main goal will be trying to present a
possible solution for the preventing security threats and hackers on a digital library management system based on cloud
computing.
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
The mobile device is one of the fasted growing technologies that is widely used in a diversifying sector.
Mobile devices are used for everyday life, such as personal information exchange – chatting, email,
shopping, and mobile banking, contributing to information security threats. Users' behavior can influence
information security threats. More research is needed to understand users' threat avoidance behavior and
motivation. Using Technology threat avoidance theory (TTAT), this study assessed factors that influenced
mobile device users' threat avoidance motivations and behaviors as it relates to phishing attacks.
DATA SECURITY IN MOBILE DEVICES BY GEO LOCKINGIJNSA Journal
In this paper we present a way of hiding the data in mobile devices from being compromised. We use two level data hiding technique, where in its first level data is encrypted and stored in special records and the second level being a typical password protection scheme. The second level is for secure access of information from the device. In the first level, encryption of the data is done using the location coordinates as key. Location Coordinates are rounded up figures of longitude and latitude information. In the second phase the password entry differs from conventional schemes. Here we have used the patterns of traditional Rangoli for specifying the password and gaining access, thus minimising the chances of data leak in hostile situations. The proposed structure would be a better trade off in comparison with the previous models which use Bio Metric authentication – a relatively costly way of
authentication.
Control Cloud Data Access Using Attribute-Based Encryptionpaperpublications3
Abstract: Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed recently. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Data security is the key concern in the distributed system. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.
Design and Development of Secure Electronic Voting System Using Radio Frequen...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Automatic Detection of Social Engineering Attacks Using Dialogiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Ubiquitous devices are rising in popularity and sophistication. Internet of Things (IoT) avails opportunities for devices with powerful sensing, computing and interaction capabilities ranging from smartphones, wearable devices, home appliances, transport sensors and health products to share information through the internet. Due to vast data shared and increased interaction; they have attracted the interest of malware writers. Internet of Things environments poses unique challenges such as device latency, scalability, lack of antimalware tools and heterogeneity of device architectures that makes malware synthesis complex. In this paper we review literature on internet of things malware categories, support technologies, propagation and tools
Applicability of Network Logs for Securing Computer SystemsIDES Editor
Logging the events occurring on the network has
become very essential and thus playing a major role in
monitoring the events in order to keep check over them so
that they doesn’t harm any resources of the system or the
system itself. The analysis of network logs are becoming the
beneficial security research oriented field which will be desired
in the computer era. Organizations are reluctant to expose
their logs due to risk of attackers stealing the sensitive
information from their respective logs. In this paper we are
defining architecture and the security measures that can be
applied for a particular network log.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...CSCJournals
The growing usage of smart speakers raises many privacy and trust concerns compared to other technologies such as smart phones and computers. In this study, a proxy measure of trust is used to gauge users’ opinions on three different technologies based on an empirical study, and to understand which technology most people are most likely to trust. The collected data were analyzed using the Kruskal-Wallis H test to determine the statistical differences between the users’ trust level of the three technologies: smart speaker, computer and smart phone. The findings of the study revealed that despite the wide acceptance, ease of use and reputation of smart speakers, people find it difficult to trust smart speakers with their sensitive information via the Direct Voice Input (DVI) and would prefer to use a keyboard or touchscreen offered by computers and smart phones. Findings from this study can inform future work on users’ trust in technology based on perceived ease of use, reputation, perceived credibility and risk of using technologies via DVI.
Privacy-Preserving Updates to Anonymous and Confidential Databaseijdmtaiir
The current trend in the application space towards
systems of loosely coupled and dynamically bound
components that enables just-in-time integration jeopardizes
the security of information that is shared between the broker,
the requester, and the provider at runtime. In particular, new
advances in data mining and knowledge discovery that allow
for the extraction of hidden knowledge in an enormous amount
of data impose new threats on the seamless integration of
information. We consider the problem of building privacy
preserving algorithms for one category of data mining
techniques, association rule mining.Suppose Alice owns a kanonymous database and needs to determine whether her
database, when inserted with a tuple owned by Bob, is still kanonymous. Also, suppose that access to the database is strictly
controlled, because for example data are used for certain
experiments that need to be maintained confidential. Clearly,
allowing Alice to directly read the contents of the tuple breaks
the privacy of Bob (e.g., a patient’s medical record); on the
other hand, the confidentiality of the database managed by
Alice is violated once Bob has access to the contents of the
database. Thus, the problem is to check whether the database
inserted with the tuple is still k-anonymous, without letting
Alice and Bob know the contents of the tuple and the database,
respectively. In this paper, we propose two protocols solving
this problem on suppression-based and generalization-based kanonymous and confidential databases. The protocols rely on
well-known cryptographic assumptions, and we provide
theoretical analyses to proof their soundness and experimental
results to illustrate their efficiency.We have presented two
secure protocols for privately checking whether a kanonymous database retains its anonymity once a new tuple is
being inserted to it. Since the proposed protocols ensure the
updated database remains K-anonymous, the results returned
from a user’s (or a medical researcher’s) query are also kanonymous. Thus, the patient or the data provider’s privacy
cannot be violated from any query. As long as the database is
updated properly using the proposed protocols, the user queries
under our application domain are always privacy-preserving
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELING IJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat
modeling as a part of requirements engineering in secure software development provides a structured
approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities
in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for
privacy threat modeling in relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to specify characteristics
of a cloud privacy threat modeling methodology, different steps in the proposed methodology and
corresponding products. In addition, a case study has been implemented as a proof of concept to
demonstrate the usability of the proposed methodology. We believe that the extended methodology
facilitates the application of a privacy-preserving cloud software development approach from requirements
engineering to design.
Network security is one of the foremost anxieties of the modern time. Over
the previous years, numerous studies have been accompanied on the
intrusion detection system. However, network security is one of the foremost
apprehensions of the modern era this is due to the speedy development and
substantial usage of altered technologies over the past period. The
vulnerabilities of these technologies security have become a main dispute
intrusion detection system is used to classify unapproved access and unusual
attacks over the secured networks. For the implementation of intrusion
detection system different approaches are used machine learning technique
is one of them. In order to comprehend the present station of application of
machine learning techniques for solving the intrusion discovery anomalies in
internet of thing (IoT) based big data this review paper conducted. Total 55
papers are summarized from 2010 and 2021 which were centering on the
manner of the single, hybrid and collaborative classifier design. This review
paper also includes some of the basic information like IoT, big data, and
machine learning approaches are discussed.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
Inria - Cybersecurity: current challenges and Inria’s research directionsInria
Inria white books look at major current challenges in informatics and mathematics and show actions conducted by our project-teams to these challenges. Their goal is to describe the state-of-the-art of a given topic, showing its complexity, and to present existing, as well as emerging, research directions and their expected societal impact. This white book has been edited by Steve Kremer, Ludovic Mé, Didier Rémy and Vincent Roca. They coordinated the contributions from researchers of Inria teams (the complete list of contributors is given at the end of the book). Many thanks to Janet Bertot for proof-reading this document, as well as to François Pottier, Gabriel Scherrer, and Benjamin Smith who read parts of it.
Publication date: January 2019
Secured and Encrypted Data Transmission over the Web Using Cryptographyijtsrd
Information security has emerged as one of the most pressing issues in data transmission, and it is now an inextricable aspect of the process. To solve this problem, cryptography can be used. This study presents a secure data transmission method and describes how data might be securely transmitted. Cryptography creates a secure and reliable transmission mechanism that can withstand attacks. The Vigenere cipher is employed in this work to encrypt the plain text content of the electronic mail that will be transmitted to the receiver, and a decryption key is required to convert the encrypted data to plain text. Confidentiality, honesty, usability, and efficacy are all important factors in our tests. The outcome of this study will serve as a guide to better methods for safeguarding and delivering data over the internet. The system was created with the Visual Basic Programming Language and the Microsoft Access Database, and it was successfully installed on the Windows Operating System. All electronic mail users, the military, and organizations that demand a high level of security in messages sent to and from their systems would benefit from our effort. Okpalla, C. L. | Madumere, U. | Benson-Emenike M. E. | Onwuama T. U. | Onukwugha, C. G. "Secured and Encrypted Data Transmission over the Web Using Cryptography" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-7 , December 2022, URL: https://www.ijtsrd.com/papers/ijtsrd52545.pdf Paper URL: https://www.ijtsrd.com/computer-science/other/52545/secured-and-encrypted-data-transmission-over-the-web-using-cryptography/okpalla-c-l
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...IJNSA Journal
High-profile security breaches and attacks on many organization’s database have been on the increase and the consequences of this, are the adverse effect on the organizations in terms of financial loss and reputation. Many of the security breaches has been ascribed to the vulnerability of the organization’s networks, security policy and operations. Additionally, the emerging technology solutions like Internet-ofThings (IoT), Artificial Intelligence, and Cloud Computing, has extremely exposed many of the organizations to different forms of cyber-threats and attacks. Researchers and system designers have made attempts to proffer solution to some of these challenges. However, the efficacy of the techniques remains a great concern due to insufficient control mechanisms. For instance, many of the techniques are majorly based on a single mode encryption techniques which are not too robust to withstand the threats and attacks on organization’s database. To proffer solution to these challenges, the current research designed and integrated a hybridized data security model based on Secured Hash Analysis (SHA 512) and Salting Techniques to enhance the adeptness of the existing techniques. The Hash Analysis algorithm was used to map the data considered to a bit string of a fixed length and salt was added to the password strings essentially to hide its real hash value. The idea of adding salt to the end of the password is basically to complicate the password cracking process. The hybridized model was implemented in Windows environment using python 3.7 IDE platform and tested on a dedicated Local Area Network (LAN) that was exposed to threats from both internal and external sources. The results from the test show that the model performed well in terms of efficiency and robustness to attacks. The performance of the new model recorded a high level of improvement over the existing techniques with a recital of 97.6%.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
Information Security Management in University Campus Using Cognitive SecurityCSCJournals
Nowadays, most universities offer free Internet connections, access to scientific databases, and advanced computer networks for the members of their community, which generates dynamic and complex scenarios. In this context, it is necessary to define proactive security strategies, as well as the integration of technology and research. This work presents a general vision of the experience adopted by the universities in the field of information security management using cognitive security.
Security and Privacy of Big Data in Mobile DevicesIOSRjournaljce
Presently, the volume of data generated via mobile devices is at an exponential rate due to the rapid advancement in internet-enabled mobile devices, which makes it complex to ensure the privacy and security of this data. Cloud-based server is currently considered one of the most reliable solutions to address these issues. Nevertheless, the increasing uncertainties of storing useful and sensitive big data in a public cloud have suppressed the exploration of this option. In our paper, we meticulously reviewed the drawbacks in the current adopted solutions for security and privacy of big data within mobile devices. As the utilization of mobile platforms is increasingly generating large data, the current traditional methods of cryptography will not be able to efficiently ensure the security and privacy of this big data. Therefore, this paper will propose the utilization of Federated Identity Management that is Openstack cloud-based as an effective solution that can ensure the privacy and security of big data within mobile device ecosystem.
The amount of data in the world seems increasing and computers make it easy to save the data. Companies offer data storage by providing cloud services and the amount of data being stored in these servers is increasing rapidly. In data mining, the data is stored electronically and the search is automated or at least augmented by computer. As the volume of data increases, inexorably, the proportion of it that people understand decreases alarmingly. This paper presents the data leakage problem arises because the services like Facebook and Google store all your data unencrypted on their servers, making it easy for them, or governments and hackers, to monitor the data.
Similar to Securing Sensitive Digital Data in Educational Institutions using Encryption Technology (20)
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
"Impact of front-end architecture on development cost", Viktor Turskyi
Securing Sensitive Digital Data in Educational Institutions using Encryption Technology
1. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
Securing Sensitive Digital Data in Educational
Institutions using Encryption Technology
W.K.ElSaid
Dept. of Computer Science
Mansoura University
Mansoura, Egypt
prof_wessam@mans.edu.eg
prof_wessam@yahoo.com
Abstract— Recently, modern technologies have made a positive
contribution to most institutions of the society. However, they
have generated serious issues with regard to the data security.
For example, in the educational sector, most educational
institutions have huge amounts of various types of data, which
require rigorous protection ways to ensure their security and
integrity. This study aims at reviewing the most recent data
security methods, particularly the existing common encryption
algorithms as well as designing an electronic system based on
efficient and trusted ones to protect academic and nonacademic
digital data in educational institutions. The study applies the
satisfaction questionnaire as instrument to evaluate the proposed
system efficiency. The questionnaire has been presented to the
evaluation team whose members are divided into two groups:
experts and end users. The results of the evaluation process have
indicated that, the satisfaction ratio of the proposed system is
encouraging. The overall satisfaction percentage is 96.25%,
which demonstrates that the proposed system is an acceptable
and suitable choice for various security applications.
Keywords—Educational Institutions; Data Security; Encryption
Technology; Advanced Encryption Standard
I. INTRODUCTION
Over the past few years, an outbreak in computing,
information technology and communications has taken place,
with all indicators assuring that technological advancement and
the use of information technology is going to develop quickly.
The foreseen advancements are expected to provide remarkable
merits, but are expected to pose major challenges at the same
time [1]. As part of the real world, educational institutions use
the latest technological means such as cellular devices, iPads,
iPods, computers and various internet services at all
educational and administrative levels [2].
It is a matter of fact that the data is one of the most valuable
sources for any organization regardless of its type, size,
products and services [3]. For example, the educational
institutions handle multiple types of personal identification
data, such as social security numbers, credit card numbers,
driver’s license numbers, passport numbers, addresses, phone
numbers, bank account numbers, medical information and
other sensitive data which can be subject to attack and
penetration. On the other hand, they focus on research topics
which give them an authorized access to confidential
government and/or business intelligence data, scientific data, or
military confidential information. Therefore, the potential data
security risks in educational institutions constitute an urgent
issue which requires conducting laborious research [4].
In practice, the list of potential risks shared by the various
educational institutions is so long, with the most important
risks being [5]:
(Theft): It refers to well-planned attacks that aim to
penetrate the security systems of both institutions and
individuals for accessing their sensitive data. Examples include
hacking district human resources records to get the employees’
data by installing malware with encryption that holds data
hostage until getting a ransom.
(Loss): It refers to losing the equipment and tools
accidentally. For examples, misplacing files during storing
them or forgetting laptops anywhere.
(Neglect): It refers to protecting data in an inappropriate
way, making it vulnerable to hacking or theft, such as selling
outdated computers without erasing the data stored on them
thoroughly or saving datasets on digital media with a weak
password.
(Insecure Practices): It refers to using insufficient cautions
when applying various operations on data. For example,
sending a student achievement data over an unprotected email.
Currently, the development of modern technology has
a huge number of positive effects on various aspects of life.
However, it also has some adverse effects such as the
widespread use of eavesdropping tools which give attackers
unauthorized access to data, enabling them to misuse and
control sensitive and confidential data more quickly and
rapidly. This issue prompts individuals and organizations to use
a number of security measures to protect their assets during
storage and transmission especially in computer network-based
systems [6]. One of the most powerful common ways to ensure
data security is the “Encryption Technology” [7].
Encryption (also called cryptography) is the science or art
of secret writing which provides different levels of data
protection. When it was first introduced, it was applied in the
diplomatic and military organizations. However, it was soon
extensively used in other fields such as e-commerce, protection
1 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
of medical records, transmission of military orders and
securing email communications. However, the appearance of
this technology is affected by the way used to send
prepared email messages from one person to another. Emails
are traditionally sent in two ways by sending the target
message without a cover or an envelope or by scrambling the
target message inside an envelope. Since, both ways did not
prove to be effective in providing the desired level of data
protection, which led to developing the encryption schemes for
hiding secret messages effectively by devising and using more
sophisticated techniques [8].
Generally, encryption algorithms are grouped into two main
categories [9]:
(Symmetric key based encryption): In this type, the same
key is used to encrypt and decrypt the target data.
(Asymmetric key based encryption): In this type, two
different keys are used: one in the encryption phase and
another in the decryption phase.
The main goal of the current study is to protect the content
of digital text files used in the educational sector by providing
an electronic system based on encryption technology for
securing the sensitive text data used in the different types of
educational institutions. The study is organized in a number of
sections. Section II discusses the background needed for the
study; section IV defines the study problem; and section V
presents the proposed system details. Section VI reviews in
detail the procedures of system evaluation. Finally, the
conclusion remarks and the future works are presented in the
last section.
II. BACKGROUND
The research background includes:
A. Encryption Terms
The standard concepts in the field of encryption
include[10]:
1) Encryption: This concept refers to the process of applying
a mathematical function that transforms all contents of the
desired file into another an unreadable form. This new
form makes it difficult for anyone to read the file without
decrypting it.
2) Keys: This concept refers to the process of locking the
target file using a public key to generate the locked file;
while the adverse process is done to unlock the locked file
using a private key.
3) Key Pair: This concept refers to two types of keys, namely
public (encryption) and private (decryption) keys.
4) Certificates: This concept refers to an electronic form used
to associate the identity data of a specific individual with a
public key.
5) Key and Certificate Management: This concept refers to
all services and operations provided by the encryption
system to manage the keys and certificates efficiently
without any common administrative constraints.
6) Public Key Infrastructure: This concept refers to an
effective keys and certificates management approach
which depends on many security services, such as
encryption, digital signatures, authentication …etc.
B. Encryption Techniques
The common techniques in encryption area are:
1) Data Encryption Standard
The Data Encryption Standard (DES) is one of the most
popular early methods used in data security. The DES
algorithm refers to the Data Encryption Algorithm (DEA)
which is the output of the improvements made on an older
system called LUCIFER, produced by the International
Business Machines Corporation (IBM). Under the supervision
of “Horst Feistel” in the late 1960s, IBM set up a research
project in the field of computer cryptography. This project
concluded in 1971 with the development of an algorithm
known as “LUCIFER (FEIS73)”, which was sold to Lloyd’s of
London to use it in cash-dispensing services. LUCIFER is one
of the earliest block ciphers which operate at the block level
rather than the bit level. In this approach, each given block is
encrypted using a secret key with a key size of 128 bits into
64 bits. The good results produced by Lucifer’s approach
motivated IMB to cooperate with well-known organizations to
develop the original version of the Lucifer approach for
commercial use. The development plan was performed under
the supervision of “Walter Tuchman and Carl Meyer” and its
major outcome was a developed version of LUCIFER
characterized by two new characteristics: robustness against
cryptanalysis attacks and reduction of the key size to 56 bits
making it more suitable to work on a single chip. Responding
to the request issued by the National Bureau of Standards
(NBS) in 1973, today’s National Institute of Standards and
Technology (NIST) to propose new approaches to protect
digital data at the national level, IBM submitted the refined
version of LUCIFER approach. After evaluating all efforts, the
modified LUCIFER was largely accepted as the best algorithm
among its counterparts at that time. Eventually, it was adopted
as the Data Encryption Standard in 1977[11].
In the DES encryption phase, a 64-bit block of plaintext is
converted into a 64-bit ciphertext using a secret key with 56
bits. To convert the ciphertext into the plaintext, the procedure
for DES decrypting phase is similar to the procedure in the
encryption phase, but it is executed in a reverse order [12].
Like any basic block cipher, DES supports the standard
modes of operation described in the encryption literature:
Electronic Codebook Mode (ECB), Cipher Block Chaining
Mode (CBC), Cipher Feedback Mode (CFB), Output Feedback
Mode (OFB) and Counter Mode (CTR) [13, 14].
The performance of the DES algorithm has been analyzed
and evaluated in many scientific studies. According to [15, 16],
the DES has many advantages and disadvantages. Its main
advantages include representing the standard of official US
Government, representing the standard of ANSI and ISO
making it easy to learn & implement and work very fast in
hardware based applications. On the other hand, like other
algorithms, it is subjected to some aspects of criticism, the most
2 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
important two of which are represented in that the used secret
key can be easily cracked because of its short size and can be
executed relatively slowly in software based applications.
2) Double DES
For improving the performance of the DES algorithm, the
first prominent solution reached is the Double DES (2DES). Its
main idea is to apply DES twice on the plaintext using two
keys to produce the ciphertext. This approach assumes
increasing the size of DES security key to 112 bits increases
the DES security rates. Thus, if the attacker requires 2n
(n=256)
attempts to crack the security key in the DES algorithm, s/he
will require 22n
attempts to crack two different security keys
consisting of n bits. However, this is not usually the case;
because the attack uses an unconventional strategy that enables
it to use lower attempts to crack the security keys in the Double
DES easily. This is the major criticism directed to this
method [17].
3) Triple DES
For improving the DES algorithm performance, the second
prominent solution reached is the Triple DES (3DES). Its main
idea is to repeat the DES algorithm three times on the plaintext
using three different keys to produce the ciphertext [18, 19]. In
the Triple DES encryption phase, the plain text is encrypted
using the first security key (k1) to produce the first ciphertext,
which is decrypted using a second security key (k2) to produce
the second ciphertext, which is further encrypted using a third
security key (k3) to produce the final ciphertext. To convert the
ciphertext into a plaintext, the procedure for Triple DES
decrypting phase is similar to the procedure in the encryption
phase, but it is executed in a reverse order [20].
Like any basic block cipher, the Triple DES supports the
standard modes of operation described in the encryption
literature: Electronic Codebook Mode (ECB), Cipher Block
Chaining Mode (CBC), Cipher Feedback Mode (CFB), Output
Feedback Mode (OFB) and Counter Mode (CTR) [13, 14].
The performance of the Triple DES algorithm has been
analyzed and evaluated in many scientific studies. According
to[21, 22], the Triple DES has several advantages and
disadvantages. Its main advantage is providing more security
levels than the original DES because the 3DES uses the 168
bits key size while the DES uses the 56 bits key size. On the
other hand, like other algorithms, it is subjected to some
aspects of criticism, the most important two of which are
represented in that more time than the original DES is required
and the used 64 bits block size is unacceptable in the
applications that requires more security and efficiency.
4) Advanced Encryption Standard
For improving the performance of the DES algorithm, the
third prominent solution reached is the Advanced Encryption
Standard (AES). When it was necessary to build more
sophisticated system than its predecessors, NIST held two
conferences on August 1998 and March 1999 to propose
a system capable of increasing the security level to make it
capable of working efficiently in different environments. After
evaluating a large number of common security algorithms
based on the encryption technology, Rijndael Algorithm was
selected to test its efficiency rate in the end of 2000. After
passing a large number of intensive tests made over five years,
it was accepted by the US government. In 2001, NIST
published the Rijndael Algorithm under the new name AES
which soon became the approved standard for this type of
encryption class [23].
Its main idea lies in applying a number of rounds and
iterations, with a fixed block size of 128 bits and variable key
size of 128, 192 or 256 bits to produce the ciphertext [24]. In
practice, the number of rounds depends on the length of the key
used in the encryption phase. If the key length is 128 bit, the
number of rounds required is 10, while if the key length is 196
bit, the number of rounds needed is 12 [25]. In the AES
encryption phase, the plain text is encrypted using a number of
rounds; in each round, the plaintext undergoes four types of
important operations: SubBytes, ShiftRows, MixColumns, and
AddRoundKey. The output of each round is the input of the
next one and the output of the final round is the ciphertext. For
converting the ciphertext into the plaintext, the procedure used
for AES decrypting phase is similar to the procedure used in
encryption phase, but it is executed in a reverse order [26].
Like any basic block cipher, AES algorithm supports the
standard modes of operation described in the encryption
literature: Electronic Codebook Mode (ECB), Cipher Block
Chaining Mode (CBC), Cipher Feedback Mode (CFB), Output
Feedback Mode (OFB) and Counter Mode (CTR) [13, 14].
The performance of the AES algorithm has been analyzed
and evaluated in many scientific studies. According to [27], the
AES algorithm has several advantages and disadvantages. Its
main advantages are providing high security levels, supporting
larger key sizes, running in a short time whether in hardware or
software based applications, the ease of implementation and
flexibility. On the other hand, like other algorithms it is subject
of some points of criticism, including the difficulty of
understanding the details of internal operations and the
difficulty of recovering the plaintext in the case of losing the
secret keys required for decryption phase.
IV. PROBLEM DESCRIPTION
Today, the terrible scientific progress has many impacts on
all aspects of life. One of its remarkable impacts is the digital
revolution, which changed the forms of data from analog to
another kind called zero and one representation. Although this
representation provides many advantages associated with data
such as ease of copying, moving, deleting, renaming, printing
…etc., unfortunately it makes them easy prey for different
types of electronic attacks.
The rapid growth of computer and internet technology
creates new challenges related to information security issues.
One major example of computer threats is the so-called "Cyber
Criminals". The main goal of cyber criminals is how to earn
money quickly and easily by stealing the important data of
individuals or organizations and selling it to third parties that
exploit them in illegal ways.
Since all educational institutions of various kinds,
particularly schools and universities have databases containing
various data about the institution, and its staff and students,
3 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
such databases are liable to electronic attacks by cyber
criminals who try to penetrate them in all possible ways.
Accordingly, there is a need for strong defensive strategies
in educational institutions to resist the different types of
potential electronic attacks efficiently. One of the most familiar
and stable methods in data security world is encryption
technology.
The aim of the present study is to employ the encryption
technology in the education sector by designing an electronic
system for securing the content of digital text files in various
educational institutions.
V. PROPOSED SYSTEM
For describing the proposed system in a simple and
accurate manner, it will be discussed in two separate
subsections as follows:
A. System Framework
The system development lifecycle (SDLC) includes a
number of successive phases to develop the target software
product efficiently. One of the most important of these phases
is the "Design Phase". The design phase is concerned with
describing the system details (input, processing , output … etc.)
in visual ways by using common drawing tools such as
flowchart, data flow diagram, decision tree … etc. The
proposed system design can be simply described by the block
diagram given below in Fig. 1.
Figure 1. General block diagram of the proposed system
B. Building The System
Practically speaking, the end user needs to use the services
provided by the software systems without going through the
details of how the internal operations are performed. Therefore,
a graphical tool to convert the theoretical system framework
into a real software product is required. The proposed graphical
user interface (GUI) is created using Microsoft Visual Studio
and the C# language. Some screenshots samples for the first
experimental version of the proposed system are shown in
Figs. 2–5.
Figure 2. Window of entering login data and selecting target process
4 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
5. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
Figure 3. Window of encrypting the original text file
Figure 4. Window of decrypting the cipher text file
5 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
6. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
Figure 5. Window of recovering the original text file
VI. PERFORMANCE EVALUATION
To determine whether the proposed system is valid or not, it
will be subjected to a set of software tests for measuring its
efficiency. This section provides a detailed description of the
evaluation plan of the proposed system.
A. Evaluation Parameters
In the SDLC, software evaluation phase is an important part
performed through several parameters and arguments as
follows:
1) Evaluation Team
For applying the principle of reliability, the evaluation
process has been expanded to include two types of viewpoints
expressed by experts and end users. Viewpoint 1 is expressed
by a group of specialists with expertise in one or more areas of
computer sciences. Viewpoint 2 is expressed by a group of end
users who represent a large number of the system clients in the
real-world workplace environments.
2) Evaluation Scope
In earlier times, the evaluation methodology of software
packages was only limited to a single aspect which was the
"Goal Achievement". Currently, the process of evaluating
software packages has become more comprehensive by
including more aspects. The current study evaluates the
proposed system with respect to three major aspects as follows:
2.1. Basic Attributes
In this aspect, the proposed system is evaluated with respect
to the general terms which must be available on any efficient
software product such as run time, memory size, cost … etc.
2.2. Core Tasks
In this aspect, the proposed system is evaluated with respect
to the core functions that should be performed accurately
including the two major operations: encryption and decryption.
2.3. User Interface
In this aspect, the proposed system is evaluated with respect
to the efficiency of the design of the proposed GUI which
includes several criteria such as quality, size, color, position,
controls alignment, visual effects, fonts … etc.
3) Evaluation Tools
In practice, the process of evaluating computer software
consists of a set of standard successive steps. Each of these
steps includes a number of specific procedures and requires
special tools. The data collection step is considered the core of
evaluation process. The main goal of data collection is to
gather accurate information about the target variables to answer
relevant questions and obtain the research outcomes. In the
literature, there are a large number of methods used to collect
different types of data whether quantitative or qualitative. One
of the most popular data collection methods employed in
survey research is the “Satisfaction Questionnaire”. In this
6 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
7. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
study, the questionnaire includes a number of
questions/statements in multi-choice format about the
evaluation scope. This questionnaire is provided to the
evaluation team for selecting the most appropriate answer from
among a number of choices. The obtained data is categorized
and analyzed by descriptive statistics approaches within SPSS
software.
B. Experimental Results
In order to ascertain the validity of the proposed system for
practical application in real environments, the system has been
tested and evaluated in an objective way. This process is
carried out by the team specified in section VI-A.1 with respect
to the criteria specified in section VI-A.2 using the tool
specified in section VI-A.3. The outcomes are recorded and
converted into meaningful information. A sample of the
detailed results followed by the overall results is shown below
in Table 1.
Table 1. The outcomes of the proposed system application
Evaluator Number
Satisfaction Percentage [%]
Expert End User
1 98.33 100.00
2 95.00 99.43
3 93.39 98.86
… … …
… … …
N 95.00 89.29
Average [%] 94.39 98.10
Overall Average [%] 96.25
The statistical results shown in Table.1 indicate that there is
variation in the estimation of the proposed system efficiency as
shown by the experts' and the end users' feedbacks. The results
show that the average level of experts' satisfaction is 94.39%
while the average level of end users' satisfaction is 98.10%.
This variation supports the opinion that the vision of experts is
more comprehensive than vision of normal user. The obtained
satisfaction percentage confirms that the proposed system has
been accepted by the evaluation committee with overall
percentage of 96.25%. Finally, the results revealed that the
proposed system achieved its objectives with remarkable
success making it an ideal solution in various security
applications in the real world.
VII. CONCLUSION AND FUTURE WORK
With digital revolution, the data in digital format is more
vulnerable to whether intentional and unintentional
infringement. Therefore, data security in digital environments
has become a fundamental and serious issue. Educational
institutions use many protection tools to keep their data safe
from attackers. Encryption technology is considered one of the
most efficient tools in this regard, because its main idea is
based on converting the original data into an incomprehensible
format for others.
The current study presents a symmetric encryption system
to protect sensitive digital data in educational sector. The
proposed system uses the “AES” algorithm to encrypt the
content of text files into an unreadable form that can only be
decrypted by using the right secret key. The system
effectiveness has been reviewed by an expanded evaluation
committee using the satisfaction questionnaire tool. The
participants in evaluation process have reported a high level of
overall satisfaction (96.25 %), which confirms the validity of
the system for real application.
Future work will focus on developing the current system to
support other types of digital files such as images, audio files,
video files … etc.
REFERENCES
[1] K.R.Lee, “Impacts of information technology on society in the new
century”, Route De Chavannes, Switzerland, 2009.
[2] B.Sutton, “The effects of technology in society and education”, Master
Thesis, State University, New York , 2013.
[3] I.Basharat, F.Azam, and A.W.Muzaffar, “Database security and
encryption: a survey study”, International Journal of Computer
Applications, vol.47, no.12, pp.28–34, 2012.
[4] “Data encryption in education: educational institutions at high risk for
costly data breaches”, https://www.apricorn.com/press/encryption-in-
education, (Last Visited Feb.10, 2018).
[5] “Data security for schools: a legal and policy guide for school boards”,
https://www.nsba.org/data-security-schools-legal-and-policy-guide-
school-boards, (Last Visited Feb.10, 2018).
[6] M.R.Joshi, and R.A.Karkade, “Network security with cryptography”,
International Journal of Computer Science and Mobile Computing,
vol.4, no.1, pp.201–204, 2015.
[7] “Encryption and its importance to device networking”,
https://www.lantronix.com/resources/white-papers/encryption-
importance-device-networking/, (Last Visited Feb.10, 2018).
[8] M.V.Nguyen, “Exploring cryptography using the sage computer algebra
system”, Bachelor Degree, Victoria University, 2009.
[9] T.Baccam, “Transparent data encryption: new technologies and best
practices for database encryption”, White Paper: Sans Institute, pp.1–11,
2010.
[10] P.Stamp, “Encryption 101: eight common encryption issues facing
organizations today”, White Paper: Entrust Inc, pp.1–11, 2007.
[11] W.Stallings, “Cryptography and network security: principles and
practices”, 4th Ed, Pearson Prentice Hall, India, 2006.
[12] A.Dhir, “Data encryption using DES/Triple-DES functionality in
spartan-II FPGAs”, White Paper: Spartan-II FPGAs, WP115, vol.1.0,
pp.1–14, 2000.
[13] H.S.Mohan, and A.R.Reddy, “Revised AES and its modes of operation”,
International Journal of Information Technology and Knowledge
Management, vol.5, no.1, pp.31–36, 2012.
[14] H.S.Mohan, A.R. Reddy, and T. N.Manjunath, “Improving the diffusion
power of AES Rijndael with key multiplication”, International Journal of
Computer Applications, vol.30, no.5, pp.39–44, 2011.
[15] P.Kumar, and N.S.Rajaanadan , “Data encryption and decryption
using by Triple DES performance efficiency analysis of
cryptosystem”, International Journal of Innovative Research in
Computer and Communication Engineering, vol.4, no.3, pp.4030–4040,
2016.
[16] S.Karthik, and A.Muruganandam, “Data encryption and decryption by
using Triple DES and performance analysis of crypto system”,
International Journal of Scientific Engineering and Research, vol.2,
no.11, pp.24–31, 2014.
[17] N.Aleisa, “A comparison of the 3DES and AES encryption standards”,
International Journal of Security and Its Applications, vol.9, no.7,
pp.241–246, 2015.
7 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
8. (IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
[18] M.S.Narula, and S.Singh, “Implementation of triple data encryption
standard using verilog”, International Journal of Advanced Research in
Computer Science and Software Engineering, vol.4, no.1, pp.667–672,
2014.
[19] S.Garg, T.Garg, snd B.Mallick, “Secure message transfer using triple
DES”, International Journal of Computer Applications, vol.165, no.8,
pp.1–4, 2017.
[20] A.R.Kumar, S.Mubeena, and V.S.Babu, “Implementation of triple data
encryption standard architecture”, International Journal of Scientific
Research in Computer Science, Engineering and Information
Technology, vol.2, no.6, pp.665–671, 2017.
[21] P.Ghosal, M.Biswas, and M.Biswas, “Hardware implementation of
TDES crypto system with on chip verification in FPGA”, Journal of
Telecommunications, vol.1, no.1, pp.113–117, 2010.
[22] M.F.Mushtaq, S.Jamel, A.H.Disina, Z.A.Pindar, N.S.A.Shakir, and
M.M.Deris, “A survey on the cryptographic encryption algorithms”,
International Journal of Advanced Computer Science and Applications,
vol.8, no.11, pp.333–344, 2017.
[23] S.K.Rao, D.Mahto, and D.A.Khan, “A survey on advanced encryption
standard”, International Journal of Science and Research, vol.6, no.1,
pp.711–724, 2017.
[24] V.Sumathy, and C.Navaneethan, “Enhanced AES algorithm for strong
encryption”, International Journal of Advances in Engineering &
Technology, vol.4, no.2, pp.547–553, 2012.
[25] S.Vanishreeprasad, and K.N.Pushpalatha, “Design and implementation
of hybrid cryptosystem using AES and hash function”, IOSR journal of
Electronics and Communication Engineering, vol.10, no.3, pp.18–24,
2015.
[26] R.Ahmad, and W.Ismail, “Performance comparison of advanced
encryption standard-128 algorithms for wimax application with
improved power-throughput”, Journal of Engineering Science and
Technology, vol.11, no.12, pp.1678–1694, 2016.
[27] M.H.Huong, “Implementation of (AES) advanced encryption standard
algorithm in communication application”, Doctoral Dissertation,
Universiti Malaysia Pahang, 2014.
8 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
![(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
Securing Sensitive Digital Data in Educational
Institutions using Encryption Technology
W.K.ElSaid
Dept. of Computer Science
Mansoura University
Mansoura, Egypt
prof_wessam@mans.edu.eg
prof_wessam@yahoo.com
Abstract— Recently, modern technologies have made a positive
contribution to most institutions of the society. However, they
have generated serious issues with regard to the data security.
For example, in the educational sector, most educational
institutions have huge amounts of various types of data, which
require rigorous protection ways to ensure their security and
integrity. This study aims at reviewing the most recent data
security methods, particularly the existing common encryption
algorithms as well as designing an electronic system based on
efficient and trusted ones to protect academic and nonacademic
digital data in educational institutions. The study applies the
satisfaction questionnaire as instrument to evaluate the proposed
system efficiency. The questionnaire has been presented to the
evaluation team whose members are divided into two groups:
experts and end users. The results of the evaluation process have
indicated that, the satisfaction ratio of the proposed system is
encouraging. The overall satisfaction percentage is 96.25%,
which demonstrates that the proposed system is an acceptable
and suitable choice for various security applications.
Keywords—Educational Institutions; Data Security; Encryption
Technology; Advanced Encryption Standard
I. INTRODUCTION
Over the past few years, an outbreak in computing,
information technology and communications has taken place,
with all indicators assuring that technological advancement and
the use of information technology is going to develop quickly.
The foreseen advancements are expected to provide remarkable
merits, but are expected to pose major challenges at the same
time [1]. As part of the real world, educational institutions use
the latest technological means such as cellular devices, iPads,
iPods, computers and various internet services at all
educational and administrative levels [2].
It is a matter of fact that the data is one of the most valuable
sources for any organization regardless of its type, size,
products and services [3]. For example, the educational
institutions handle multiple types of personal identification
data, such as social security numbers, credit card numbers,
driver’s license numbers, passport numbers, addresses, phone
numbers, bank account numbers, medical information and
other sensitive data which can be subject to attack and
penetration. On the other hand, they focus on research topics
which give them an authorized access to confidential
government and/or business intelligence data, scientific data, or
military confidential information. Therefore, the potential data
security risks in educational institutions constitute an urgent
issue which requires conducting laborious research [4].
In practice, the list of potential risks shared by the various
educational institutions is so long, with the most important
risks being [5]:
(Theft): It refers to well-planned attacks that aim to
penetrate the security systems of both institutions and
individuals for accessing their sensitive data. Examples include
hacking district human resources records to get the employees’
data by installing malware with encryption that holds data
hostage until getting a ransom.
(Loss): It refers to losing the equipment and tools
accidentally. For examples, misplacing files during storing
them or forgetting laptops anywhere.
(Neglect): It refers to protecting data in an inappropriate
way, making it vulnerable to hacking or theft, such as selling
outdated computers without erasing the data stored on them
thoroughly or saving datasets on digital media with a weak
password.
(Insecure Practices): It refers to using insufficient cautions
when applying various operations on data. For example,
sending a student achievement data over an unprotected email.
Currently, the development of modern technology has
a huge number of positive effects on various aspects of life.
However, it also has some adverse effects such as the
widespread use of eavesdropping tools which give attackers
unauthorized access to data, enabling them to misuse and
control sensitive and confidential data more quickly and
rapidly. This issue prompts individuals and organizations to use
a number of security measures to protect their assets during
storage and transmission especially in computer network-based
systems [6]. One of the most powerful common ways to ensure
data security is the “Encryption Technology” [7].
Encryption (also called cryptography) is the science or art
of secret writing which provides different levels of data
protection. When it was first introduced, it was applied in the
diplomatic and military organizations. However, it was soon
extensively used in other fields such as e-commerce, protection
1 https://sites.google.com/site/ijcsis/
ISSN 1947-5500](https://image.slidesharecdn.com/01paper31051803ijcsiscamerareadypp-180710092529/85/Securing-Sensitive-Digital-Data-in-Educational-Institutions-using-Encryption-Technology-1-320.jpg)
![(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 16, No. 6, June 2018
of medical records, transmission of military orders and
securing email communications. However, the appearance of
this technology is affected by the way used to send
prepared email messages from one person to another. Emails
are traditionally sent in two ways by sending the target
message without a cover or an envelope or by scrambling the
target message inside an envelope. Since, both ways did not
prove to be effective in providing the desired level of data
protection, which led to developing the encryption schemes for
hiding secret messages effectively by devising and using more
sophisticated techniques [8].
Generally, encryption algorithms are grouped into two main
categories [9]:
(Symmetric key based encryption): In this type, the same
key is used to encrypt and decrypt the target data.
(Asymmetric key based encryption): In this type, two
different keys are used: one in the encryption phase and
another in the decryption phase.
The main goal of the current study is to protect the content
of digital text files used in the educational sector by providing
an electronic system based on encryption technology for
securing the sensitive text data used in the different types of
educational institutions. The study is organized in a number of
sections. Section II discusses the background needed for the
study; section IV defines the study problem; and section V
presents the proposed system details. Section VI reviews in
detail the procedures of system evaluation. Finally, the
conclusion remarks and the future works are presented in the
last section.
II. BACKGROUND
The research background includes:
A. Encryption Terms
The standard concepts in the field of encryption
include[10]:
1) Encryption: This concept refers to the process of applying
a mathematical function that transforms all contents of the
desired file into another an unreadable form. This new
form makes it difficult for anyone to read the file without
decrypting it.
2) Keys: This concept refers to the process of locking the
target file using a public key to generate the locked file;
while the adverse process is done to unlock the locked file
using a private key.
3) Key Pair: This concept refers to two types of keys, namely
public (encryption) and private (decryption) keys.
4) Certificates: This concept refers to an electronic form used
to associate the identity data of a specific individual with a
public key.
5) Key and Certificate Management: This concept refers to
all services and operations provided by the encryption
system to manage the keys and certificates efficiently
without any common administrative constraints.
6) Public Key Infrastructure: This concept refers to an
effective keys and certificates management approach
which depends on many security services, such as
encryption, digital signatures, authentication …etc.
B. Encryption Techniques
The common techniques in encryption area are:
1) Data Encryption Standard
The Data Encryption Standard (DES) is one of the most
popular early methods used in data security. The DES
algorithm refers to the Data Encryption Algorithm (DEA)
which is the output of the improvements made on an older
system called LUCIFER, produced by the International
Business Machines Corporation (IBM). Under the supervision
of “Horst Feistel” in the late 1960s, IBM set up a research
project in the field of computer cryptography. This project
concluded in 1971 with the development of an algorithm
known as “LUCIFER (FEIS73)”, which was sold to Lloyd’s of
London to use it in cash-dispensing services. LUCIFER is one
of the earliest block ciphers which operate at the block level
rather than the bit level. In this approach, each given block is
encrypted using a secret key with a key size of 128 bits into
64 bits. The good results produced by Lucifer’s approach
motivated IMB to cooperate with well-known organizations to
develop the original version of the Lucifer approach for
commercial use. The development plan was performed under
the supervision of “Walter Tuchman and Carl Meyer” and its
major outcome was a developed version of LUCIFER
characterized by two new characteristics: robustness against
cryptanalysis attacks and reduction of the key size to 56 bits
making it more suitable to work on a single chip. Responding
to the request issued by the National Bureau of Standards
(NBS) in 1973, today’s National Institute of Standards and
Technology (NIST) to propose new approaches to protect
digital data at the national level, IBM submitted the refined
version of LUCIFER approach. After evaluating all efforts, the
modified LUCIFER was largely accepted as the best algorithm
among its counterparts at that time. Eventually, it was adopted
as the Data Encryption Standard in 1977[11].
In the DES encryption phase, a 64-bit block of plaintext is
converted into a 64-bit ciphertext using a secret key with 56
bits. To convert the ciphertext into the plaintext, the procedure
for DES decrypting phase is similar to the procedure in the
encryption phase, but it is executed in a reverse order [12].
Like any basic block cipher, DES supports the standard
modes of operation described in the encryption literature:
Electronic Codebook Mode (ECB), Cipher Block Chaining
Mode (CBC), Cipher Feedback Mode (CFB), Output Feedback
Mode (OFB) and Counter Mode (CTR) [13, 14].
The performance of the DES algorithm has been analyzed
and evaluated in many scientific studies. According to [15, 16],
the DES has many advantages and disadvantages. Its main
advantages include representing the standard of official US
Government, representing the standard of ANSI and ISO
making it easy to learn & implement and work very fast in
hardware based applications. On the other hand, like other
algorithms, it is subjected to some aspects of criticism, the most
2 https://sites.google.com/site/ijcsis/
ISSN 1947-5500](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)