With the simplicity of transmission of data over the web increasing, there has more prominent need for adequate security mechanisms. Trust management is essential to the security framework of any network. In most traditional networks both wired and wireless centralized entities play pivotal roles in trust management. The International Journal of Security, Privacy and Trust Management ( IJSPTM ) is an open access peer reviewed journal that provides a platform for exchanging ideas in new emerging trends that needs more focus and exposure and will attempt to publish proposals that strengthen our goals.

1. January 2024: Top 10 Read
Articles in International
Journal of Security, Privacy
and Trust Management
(IJSPTM)
International Journal of Security, Privacy
and Trust Management ( IJSPTM )
http://airccse.org/journal/ijsptm/index.html
ISSN 2277 - 5498 [Online]; 2319 - 4103 [Print]
Contact Us: ijsptm@aircconline.com

2. A WIRELESS FINGERPRINT ATTENDANCE SYSTEM
Mrs. PratimaPatil1
, Prof. Ajit Khachane2
and Prof. Vijay Purohit3
1
PG-Student, VIT, Mumbai, India
2
Dept. of Information Technology, VIT, Mumbai, India
3
Dept. of EXTC, Mumbai, India
ABSTRACT
In this paper we design a system which takes student attendance and the attendance records are
maintained automatically in an academic institute. Taking the attendance manually and
maintaining its record till end of year (or even beyond) is very difficult job as well as wastage of
time and paper. This necessitates an efficient system that would be fully automatic. Top level
design of the system includes marking attendance with the help of a finger-print sensor module
and saving the records to a computer or server. Fingerprint sensor module and LCD screen are
portable although they can also be fixed to a location for e.g. entry/ exit points. To begin with, a
student needs to be registered in the finger-print sensor module. Thereafter every time the student
attends a lecture he/ she will place his/her finger on the fingerprint sensor module. The finger-
print sensor module will update the attendance record in database. The student can see the
notification on LCD screen.
KEYWORDS
Fingerprint module, Fingerprint scanner, Zigbee, LCD etc.
For More Details: https://aircconline.com/ijsptm/V5N4/5416ijsptm02.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol5.html

3. REFERENCES
[1] LI Jian-po, ZHU Xu-ning, LI Xue, ZHANG Zhi-ming “Wireless Fingerprint Attendance System
Based on ZigBee Technology” 2010 IEEE.
[2] MurizahKassim, HasbullahMazlan, NorlizaZaini, Muhammad KhidhirSalleh “Web-based Student
Attendance System using RFID Technology” 2012 IEEE.
[3] B. Rasagna, Prof. C. Rajendra “SSCM: A Smart System for College Maintenance” International
Journal of Advanced Research in Computer Engineering & Technology, May 2012.
[4] E. Jovanov, D. Raskovic, J. Price, A. Moore, J. Chapman, and A.Krishnamurthy, “Patient Monitoring
Using Personal Area Networks of Wireless Intelligent Sensors,” Biomedical Science Instrumentation,
vol.37, 2001, pp. 373-378.
[5] BarbadekarAshwini, “Performance Analysis of Fingerprint Sensors”, Vishwakarma Institute of
Technology, Pune, 2010.
[6] Miguel A. Ferrer, Aythami Morales, “Combining hand biometric traits for personal identification”,
Spain, 2009.
[7] M.A. Meor Said, M.H. Misran, “Biometric attendance”, UniversitiTeknikal Malaysia Melaka,
Malaysia, 2014.
[8] ShahzadMemon, MojtabaSepasian, WamadevaBalachandran, “Review of Fingerprint Sensing
Technologies”, Brunel University, West London, United Kingdom, 2008.
[9] Tsai-Cheng Li1, Huan-Wen Wu, “Study of Biometrics Technology Applied in Attendance
Management System”, Taiwan, 2012.
[10] Mohamed Basheer K P, Raghu C V, “Fingerprint Attendance System for classroom needs”, NIT
Calicut, Kerala, 2012.

4. SQLAS: TOOL TO DETECT AND PREVENT
ATTACKS IN PHP WEB APPLICATIONS
Vandana Dwivedi1
, Himanshu Yadav2
and Anurag Jain3
1
Department of Computer Science & Engineering , RITS ,Bhopal (India)
2
Department of Computer Science & Engineering , RITS ,Bhopal (India)
3
Department of Computer Science & Engineering , RITS ,Bhopal (India)
ABSTRACT
Web applications become an important part of our daily lives. Many other activities are relay on
the functionality and security of these applications. Web application injection attacks, such as
SQL injection (SQLIA), Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) are
major threats to the security of the Web Applications. Most of the methods are focused on
detection and prevention from these web application vulnerabilities at Run Time, which need
manual monitoring efforts. Main goal of our work is different in the way it aims to create new
systems that are safe against injection attacks to begin with, thus allowing developers the freedom
to write and execute code without having to worry about these attacks. In this paper we present
SQL Attack Scanner (SQLAS) a Tool which can detect & prevent SQL injection Attack in web
applications. We analyzed the performance of our proposed tool SQLAS with various PHP web
applications and its results clearly determines the effectiveness of detection and prevention of our
proposed tool. SQLAS scans web applications offline, it reduces time and manual effort due to
less overhead of runtime monitoring because it only focus on fragments that are vulnerable for
attacks. We use XAMPP for client server environment and developed a TESTBED on JAVA for
evaluation of our proposed tool SQLAS.
KEYWORDS
Web applications vulnerability, SQL injection attack, Cross-side scripting, Cross-site request
forgery PHP, WWW
For More Details: https://airccse.org/journal/ijsptm/papers/4115ijsptm03.pdf
Volume Link: https://airccse.org/journal/ijsptm/vol4.html

5. REFERENCES
[1] OWASP 2010 top ten," 2010. [Online]. Available: http://www.owasp.org
[2] Sergey Gordeychik, et al Web application vulnerability statistics for 2010- 2011 (2012)
PositiveTechnologies. Available at: http://www.ptsecurity.com/download/ statistics.pdf.
[3] Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. Lee, and S.-Y. Kuo. Securing Web Application Codeby
Static Analysis and Runtime Protection. In Proceedings of the 12th International World Wide
WebConference (WWW’04), pages 40–52, May 2004.
[4] N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A Static Analysis Tool for Detecting Web
ApplicationVulnerabilities. In Proceedings of the IEEE Symposium on Security and Privacy, May
2006.
[5] N. Jovanovic, C. Kruegel, and E. Kirda. Precise Alias Analysis for Static Detection of Web
Application Vulnerabilities. In Proceedings of the ACM SIGPLAN Workshop on Programming
Languages and Analysis for Security (PLAS’06), June 2006.
[6] Z. Su and G. Wassermann. The Essence of Command Injection Attacks in Web Applications.
InProceedings of the 33rd Annual Symposium on Principles of Programming Languages
(POPL’06),pages 372–382, 2006.
[7] Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities in Scripting Languages.
InProceedings of the 15th USENIX Security Symposium (USENIX’06), August 2006.
[8] M. Martin and M. Lam. Automatic Generation of XSS and SQL Injection At-tacks with GoalDirected
Model Checking. In Proceeding of the 17th USENIX Security Symposium, pages 31–43, July 2008.
[9] Java pathfinder. http://javapathfinder.sourceforge.net/
[10] R. Paleari, D. Marrone, D. Bruschi, and M. Monga. On race vulnerabilities in web applications. In
Proceedings of the 5th Conference on Detection of Intru-sions and Malware & Vulnerability
Assessmen t, DIMVA, Paris, France, Lecture Notes in Computer Science. Springer, July 2008
[11] W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutraliz-ing SQL-
InjectionAttacks. In Proceedings of the International Conference on Automated Software
Engineering(ASE’05), pages 174–183, November 2005
[12] A. Christensen, A. Møller, and M. Schwartzbach. Precise Analysis of String Ex-pressions. In
Proceedings of the 10th International Static Analysis Symposium (SAS’03), pages 1–18, May 2003
[13] B. Gould, Z. Su, and P. Devanbu. Static Checking of Dynamically Generated Queries in
DatabaseApplications. In Proceedings of the 26th International Con-ference of Software
Engineering(ICSE’04), pages 645–654, September 2004.
[14] R. A. McClure and I. H. Kr¨uger, “Sql dom: compile time checking of dynamic sql statements,”
inProceedings of the 27th international conference on Software engineering, ser. ICSE ’05, 2005,
pp.88–96.
[15] K. Kemalis and T. Tzouramanis, “Sql-ids: a specification based approach for sql-injection
detection,”in Proceedings of the 2008 ACM symposium on Applied computing, ser. SAC ’08. ACM,
2008, pp.2153–2158.
[16] D. Scott and R. Sharp, “Abstracting application-level web security,” in Proceedings of the 11th
international conference on World Wide Web, ser. WWW ’02, 2002, pp. 396–407.
[17] P.Grazie, “Phd sqlprevent thesis,” Ph.D. dissertation, University of British
Columbia(UBC)Vancouver, Canada, 2008.
[18] M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna, “Swaddler: An approach for the anomaly-based
detection of state violations in web applications,” 2007.
[19] S. W. Boyd and A. D. Keromytis, “Sqlrand: Preventing sql injection attacks,” in In Proceedings of
the 2nd Applied Cryptography and Network Security (ACNS) Conference, 2004, pp. 292–302.
[20] W. G. J. Halfond, A. Orso, and P. Manolios, “Using positive tainting and syntax-aware evaluation to
counter sql injection attacks,” in Proceedings of the 14th ACM SIGSOFT international symposium
onFoundations of software engineering, ser. SIGSOFT ’06/FSE-14, 2006, pp. 175–185.
[21] V. Haldar, D. Chandra, and M. Franz, “Dynamic taint propagation for java,” in Proceedings of
the21st Annual Computer Security Applications Conference, ser. ACSAC ’05, 2005, pp. 303–311.
[22] G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, “Using parse tree validation to prevent sql
injectionattacks,” in Proceedings of the 5th international workshop on Software engineering and
middleware,ser. SEM ’05, 2005, pp. 106–113.
[23] Z. Su and G. Wassermann, “The essence of command injection attacks in web applications,”
SIGPLAN Not., vol. 41, no. 1, pp. 372–382, Jan. 2006.

6. A PROVENANCE-POLICY BASED ACCESS
CONTROL MODEL FOR DATA USAGE
VALIDATION IN CLOUD
Muralikrishnan Ramane1
, Balaji Vasudevan2
and Sathappan Allaphan3
123
Department of Information Technology, University College of Engineering Villupuram,
Tamilnadu, India
ABSTRACT
In an organization specifically as virtual as cloud there is need for access control systems to
constrain users direct or backhanded action that could lead to breach of security. In cloud, apart
from owner access to confidential data the third party auditing and accounting is done which
could stir up further data leaks. To control such data leaks and integrity, in past several security
policies based on role, identity and user attributes were proposed and found ineffective since they
depend on static policies which do not monitor data access and its origin. Provenance on the other
hand tracks data usage and its origin which proves the authenticity of data. To employ
provenance in a real time system like cloud, the service provider needs to store metadata on the
subject of data alteration which is universally called as the Provenance Information. This paper
presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data
alteration events.
KEYWORDS
Access Control, Provenance, Security Policy, Data Auditing
For More Details: https://airccse.org/journal/ijsptm/papers/3514ijsptm01.pdf
Volume Link: https://airccse.org/journal/ijsptm/vol3.html

7. REFERENCES
[1] Sundareswaran, Smitha, Anna Cinzia Squicciarini, and Dan Lin. "Ensuring distributed
accountability for data sharing in the cloud." Dependable and Secure Computing, IEEE
Transactions on 9, no. 4, 2012, pp. 556-568.
[2] Pearson, Siani, and Azzedine Benameur. "Privacy, security and trust issues arising from cloud
computing." In Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second
International Conference on, pp. 693-702. IEEE, 2010 Yes Access Request Policy
EvaluationAccess Denied No Permit Full Access
[3] R.K.L. Ko, B.S. Lee and S. Pearson, “Towards Achieving Accountability, Auditability and Trust in
Cloud Computing,” Proc. International workshop on Cloud Computing: Architecture, Algorithms
and Applications (CloudComp2011), Springer, 2011, pp. 5.
[4] Sandhu, R. and Samarati, P, “Access control: Principles and practice,” IEEE Communication
Magazine (Sept.), 1994, pp. 40–48.
[5] P. Samarati and S.D.C. di Vimercati. “Access Control: Policies, Models, and Mechanisms,” In
FOSAD II, LNCS 2946, pp. 137–196.
[6] J. Park, D. Nguyen, and R. Sandhu, “A provenance-based access control model,” In 10th Annual
Conference on Privacy, Security and Trust, PST 2012. IEEE, July 2012.
[7] Park, Jaehong, Dang Nguyen, and Ravi Sandhu. "A provenance-based access control model." In
Privacy, Security and Trust (PST), 2012 Tenth Annual International Conference on, IEEE, 2012,
pp. 137-144.
[8] L. Popa, M. Yu, S. Ko, S. Ratnasamy, and I. Stoica, “CloudPolice: Taking access control out of
thenetwork,” in Proc. of ACM HotNets, 2010.
[9] McDaniel, Patrick, Kevin RB Butler, Stephen E. McLaughlin, Radu Sion, Erez Zadok, and
Marianne Winslett. "Towards a Secure and Efficient System for End-to-End Provenance." In TaPP.
2010.
[10] Sundareswaran, S. “Ensuring Distributed Accountability for Data Sharing in the Cloud,” IEEE
Transactions on Dependable and Secure Computing, Volume:9, Issue: 4, Aug. 2012, pp. 556- 568.
[11] T. Cadenhead, V. Khadilkar, M. Kantarcioglu, and B. Thuraisingham.A language for provenance
access control. In Proceedings of the first ACM conference on Data and application security and
privacy, ACM, 2011, pp. 133–144.
[12] Ni, Q. and Xu, S. and Bertino, E. and Sandhu, R. and Han, W., “An access control language for a
general provenance model,” Secure Data Management, Springer, 2009, pp.68–88.

8. VOICE BIOMETRIC IDENTITY AUTHENTICATION
MODEL FOR IOT DEVICES
SalahaldeenDuraibi1
, Frederick T. Sheldon2
and Wasim Alhamdani3
1
Computer Science Department University of Idaho Moscow, ID, 83844, USA
1
Computer Science Department Jazan University Jazan, 45142, KSA
2
Department of Computer Science University of Idaho, Coeur d'Alene, ID 83814, USA
3
Department of Computer and Information Sciences, University of the Cumberlands,
Williamsburg, KY, 40769, USA
ABSTRACT
Behavioral biometric authentication is considered as a promising approach to securing the
internet of things (IoT) ecosystem. In this paper, we investigated the need and suitability of
employing voice recognition systems in the user authentication of the IoT. Tools and techniques
used in accomplishing voice recognition systems are reviewed, and their appropriateness to the
IoT environment are discussed. In the end, a voice recognition system is proposed for IoT
ecosystem user authentication. The proposed system has two phases. The first being the
enrollment phase consisting of a pre-processing step where the noise is removed from the voice
for the enrollment process, the feature extraction step where feature traits are extracted from
user’s voice, and the model training step where the voice model is trained for the IoT user. And
the second being the phase verifies whether the identity claimer is the owner of the IoT device.
Based on the resources limitedness of the IoT technologies, the suitability of text-dependent
voice recognition systems is promoted. Likewise, the use of MFCC features is considered in the
proposed system.
KEYWORDS
Internet of Things, Authentication, Access control, Biometric, Voice recognition, Security,
Cybersecurity
For More Details: https://aircconline.com/ijsptm/V9N2/9220ijsptm01.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol9.html

9. REFERENCES
[1] Olazabal, O., et al. Multimodal Biometrics for Enhanced IoT Security. in 2019 IEEE 9th Annual
Computing and Communication Workshop and Conference (CCWC). 2019. IEEE.
[2] Ren, Y., et al., Replay attack detection based on distortion by loudspeaker for voice authentication.
Multimedia Tools and Applications, 2019. 78(7): p. 8383-8396.
[3] Nainan, S. and V. Kulkarni. Performance evaluation of text independent automatic speaker
recognition using VQ and GMM.in Proceedings of the Second International Conference on
Information and Communication Technology for Competitive Strategies. 2016. ACM.
[4] McLaren, M., Automatic Speaker Recognition for Authenticating Users in the Internet of Things.
August 26, 2016.
[5] Gupta, S. and S. Chatterjee, Text dependent voice based biometric authentication system using
spectrum analysis and image acquisition, in Advances in Computer Science, Engineering &
Applications. 2012, Springer. p. 61-70.
[6] Kolkata, C., About Voice biometric and Speaker Recognition. 2014.
[7] Thakur, A.S. and N. Sahayam, Speech recognition using euclidean distance. International Journal of
Emerging Technology and Advanced Engineering, 2013. 3(3): p. 587-590.
[8] Petrovska-Delacrétaz, D., A. El Hannani, and G. Chollet, Text-independent speaker verification: state
of the art and challenges, in Progress in nonlinear speech processing. 2007, Springer. p. 135-169.
[9] Rosenberg, A.E., F. Bimbot, and S. Parthasarathy, Overview of speaker recognition, in Springer
Handbook of Speech Processing. 2008, Springer. p. 725-742.
[10] Yassine, A., et al., IoT big data analytics for smart homes with fog and cloud computing. Future
Generation Computer Systems, 2019. 91: p. 563-573.
[11] Ferrag, M.A., L. Maglaras, and A. Derhab, Authentication and Authorization for Mobile IoT Devices
Using Biofeatures: Recent Advances and Future Trends. Security and Communication Networks,
2019. 2019.
[12] Hamidi, H., An approach to develop the smart health using Internet of Things and authentication
based on biometric technology. Future generation computer systems, 2019. 91: p. 434-449.
[13] Reynolds, D.A., T.F. Quatieri, and R.B. Dunn, Speaker verification using adapted Gaussian mixture
models. Digital signal processing, 2000. 10(1-3): p. 19-41.
[14] Su, X., et al., Study to improve security for IoT smart device controller: drawbacks and
countermeasures. Security and Communication Networks, 2018. 2018.
[15] Li, D., J. Wang, and Y. Yang. PVD: A new pathological voice dataset for intra-speaker recognition
research interest. in 2016 10th International Symposium on Chinese Spoken Language Processing
(ISCSLP). 2016. IEEE.
[16] Zhang, X., et al. Single Biometric Recognition Research: A Summary. in Proceedings of the 6th
International Conference on Information Technology: IoT and Smart City. 2018. ACM.
[17] Brunet, K., et al. Speaker recognition for mobile user authentication: An android solution. 2013.
[18] Gofman, M., et al. Multimodal biometrics via discriminant correlation analysis on mobile devices. in
Proceedings of the International Conference on Security and Management (SAM). 2018. The Steering
Committee of The World Congress in Computer Science, Computer.
[19] Gbadamosi, L., Voice Recognition System Using Template Matching. International Journal of
Research in Computer Science, 2013. 3(5): p. 13.
[20] Thullier, F., B. Bouchard, and B.-A. Menelas, A Text-Independent Speaker Authentication System for
Mobile Devices. Cryptography, 2017. 1(3): p. 16.
[21] Anwar, M.U., Design of an enhanced speech authentication system over mobile devices. 2018.
[22] Khitrov, A. and K. Simonchik, System for text-dependent speaker recognition and method thereof.
2019, Google Patents.
[23] Oak, R., A Literature Survey on Authentication Using Behavioural Biometric Techniques, in
Intelligent Computing and Information and Communication. 2018, Springer. p. 173-181.
[24] Khamis, M., et al. Gazetouchpass: Multimodal authentication using gaze and touch on mobile
devices. in Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in

10. Computing Systems. 2016.
[25] Arteaga-Falconi, J.S., H. Al Osman, and A. El Saddik, ECG authentication for mobile devices. IEEE
Transactions on Instrumentation and Measurement, 2015. 65(3): p. 591-600.
[26] Shahzad, M., A.X. Liu, and A. Samuel, Behavior based human authentication on touch screen devices
using gestures and signatures. IEEE Transactions on Mobile Computing, 2016. 16(10): p. 2726-2741.
[27] Ali, Z., et al., Edge-centric multimodal authentication system using encrypted biometric templates.
Future Generation Computer Systems, 2018. 85: p. 76-87.
[28] Frank, M., et al., Touchalytics: On the applicability of touchscreen input as a behavioral biometric for
continuous authentication. IEEE transactions on information forensics and security, 2012. 8(1): p.
136-148.
[29] Tasia, C.J., et al., Two novel biometric features in keystroke dynamics authentication systems for
touch screen devices. Security and Communication Networks, 2014. 7(4): p. 750-758.
[30] Khan, M.K., S. Kumari, and M.K. Gupta, More efficient key-hash based fingerprint remote
authentication scheme using mobile device. Computing, 2014. 96(9): p. 793-816.
[31] Mahbub, U., et al. Partial face detection for continuous authentication. in 2016 IEEE International
Conference on Image Processing (ICIP). 2016. IEEE.
[32] De Marsico, M., et al., Firme: Face and iris recognition for mobile engagement. Image and Vision
Computing, 2014. 32(12): p. 1161-1172.
[33] Shin, D.-G. and M.-S. Jun. Home IoT device certification through speaker recognition.in 2015 17th
International Conference on Advanced Communication Technology (ICACT). 2015. IEEE.
[34] Atwady, Y. and M. Hammoudeh. A survey on authentication techniques for the internet of things.in
Proceedings of the International Conference on Future Networks and Distributed Systems. 2017.
ACM.
[35] Sahoo, T.R. and S. Patra, Silence Removal and Endpoint Detection of Speech Signal for Text
Independent Speaker Identification. International Journal of Image, Graphics & Signal Processing,
2014.6(6).
[36] Zhang, X., et al. Voice Biometric Identity Authentication System Based on Android Smart Phone. in
2018 IEEE 4th International Conference on Computer and Communications (ICCC). 2018. IEEE.
[37] Moussa, A.N., N.B. Ithnin, and O.A. Miaikil. Conceptual forensic readiness framework for
infrastructure as a service consumers. in 2014 IEEE Conference on Systems, Process and Control
(ICSPC 2014). 2014. IEEE.
[38] Dhakal, P., et al., A Near Real-Time Automatic Speaker Recognition Architecture for Voice-Based
User Interface. Machine Learning and Knowledge Extraction, 2019. 1(1): p. 504-520.
[39] Moussa, A.N., et al. A Consumer-Oriented Cloud Forensic Process Model.in 2019 IEEE 10th Control
and System Graduate Research Colloquium (ICSGRC). 2019. IEEE.
[40] Moussa, A.N., N. Ithnin, and A. Zainal, CFaaS: bilaterally agreed evidence collection. Journal of
Cloud Computing, 2018. 7(1): p. 1.

11. MEASURING PRIVACY IN ONLINE SOCIAL
NETWORKS
Swathi Ananthula, Omar Abuzaghleh, Navya Bharathi Alla, Swetha Prabha Chaganti, Pragna
chowdary kaja, Deepthi Mogilineedi
Department Of Computer Science and Engineering, University Of Bridgeport Bridgeport, USA
ABSTRACT
Online Social Networking has gained tremendous popularity amongst the masses. It is usual for
the users of Online Social Networks (OSNs) to share information with friends however they lose
privacy. Privacy has become an important concern in online social networks. Users are unaware
of the privacy risks involved when they share their sensitive information in the network.[1] One
of the fundamental challenging issues is measurement of privacy .It is hard for social networking
sites and users to make and adjust privacy settings to protect privacy without practical and
effective way to quantify , measure and evaluate privacy. In this paper, we discussed Privacy
Index (PIDX) which is used to measure a user’s privacy exposure in a social network. We have
also described and calculated the Privacy Quotient (PQ) i.e. a metric to measure the privacy of
the user’s profile using the naive approach. [2] The users should be aware of their privacy
quotient and should know where they stand in the privacy measuring scale. At last we have
proposed a model that will ensure privacy in the unstructured data. It will utilize the Item
Response Theory model to measure the privacy leaks in the messages and text that is being
posted by the users of the online social networking sites.
KEYWORDS
Online Social Security (OSN), Privacy Measurement, Privacy Index
For More Details: https://airccse.org/journal/ijsptm/papers/4215ijsptm01.pdf
Volume Link: https://airccse.org/journal/ijsptm/vol4.html

12. REFERENCES
[1] R. Gross and A. Acquisti, “Information revelation and privacy in online social networks,”
inProceedings of the 2005 ACM workshop on Privacy in the electronic society. ACM, 2005, pp.
71–80.
[2] L. Backstrom, C. Dwork, and J. Kleinberg, “Wherefore art thou r3579x?: anonymized
socialnetworks, hidden patterns, and structural steganography,” in Proceedings of the 16th
internationalconference on World Wide Web. ACM, 2007, pp. 181–190.
[3] J. DeCew, “Privacy,” in The Stanford Encyclopedia of Philosophy, E. N. Zalta, Ed., 2012. [4]
Y.Altshuler, Y. Elovici, N. Aharony, and A. Pentland, “Security and privacy in social
networks.”Springer, 2013.
[4] M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and S. Goluch, “Exploiting social networking
sitesfor spam,” in Proceedings of the 17th ACM conference on Computer and communications
security.ACM, 2010, pp. 693–695.
[5] P. Gundecha and H. Liu, “Mining social media: A brief introduction.”
[6] B. Fung, K. Wang, R. Chen, and P. S. Yu, “Privacy-preserving data publishing: A survey of
recentdevelopments,” ACM Computing Surveys (CSUR), vol. 42, no. 4, p. 14, 2010.
[7] R. Agrawal and R. Srikant, “Privacy-preserving data mining,” in ACM Sigmod Record, vol. 29,
no. 2.ACM, 2000, pp. 439–450.
[8] K. Liu and E. Terzi, “A framework for computing the privacy scores of users in online
socialnetworks,” in Data Mining, 2009. ICDM’09. Ninth IEEE International Conference on. IEEE,
2009,pp. 288–297.
[9] L. Fang and K. LeFevre, “Privacy wizards for social networking sites,” in Proceedings of the 19th
international conference on World wide web. ACM, 2010, pp. 351–360.
[10] A. Braunstein, L. Granka, and J. Staddon, “Indirect content privacy surveys: measuring
privacywithout asking about it,” in Proceedings of the Seventh Symposium on Usable Privacy and
Security.ACM, 2011, p. 15.
[11] S. Guo and K. Chen, “Mining privacy settings to find optimal privacyutility tradeoffs for
socialnetwork services,” in Privacy, Security, Risk and Trust (PASSAT), 2012 International
Conference onand 2012 International Confernece on Social Computing (SocialCom). IEEE, 2012,
pp. 656–665.
[12] J. L. Becker and H. Chen, “Measuring privacy risk in online social networks,” Ph.D.
dissertation,University of California, Davis, 2009.
[13] J. Anderson, “Privacy engineering for social networks,” 2013.
[14] H. R. Lipford, A. Besmer, and J. Watson, “Understanding privacy settings in facebook with
anaudience view.” UPSEC, vol. 8, pp. 1– 8, 2008.
[15] F. Drasgow and C. L. Hulin, “Item response theory,” Handbook of industrial and
organizationalpsychology, vol. 1, pp. 577–636, 1990.
[16] H. Mao, X. Shuai, and A. Kapadia, “Loose tweets: an analysis of privacy leaks on twitter,”
inProceedings of the 10th annual ACM workshop on Privacy in the electronic society. ACM, 2011,
pp.1–12.
[17] J. Becker, “Measuring Privacy Risk in Online Social Networks,” Design, vol. 2, p. 8, 2009.
[18] E. M. Maximilien, T. Grandison, T. Sun, D. Richardson, S. Guo, and K. Liu, “Privacy-as-a-Service
:Models , algorithms , and results on the facebook platform,” in Web 2.0 Security and
privacyworkshop, 2009.
[19] K. U. N. Liu, “A Framework for Computing the Privacy Scores of Users in Online Social
Networks,”Knowl. Discov. Data, vol. 5, no. 1, pp. 1–30, 2010.
[20] N. Talukder, M. Ouzzani, A. K. Elmagarmid, H. Elmeleegy, and M. Yakout, Privometer:
Privacyprotection in social networks, vol. 1, no. 2. VLDB Endowment, 2010, pp. 141–150.
[21] E. M. Maximilien, T. Grandison, T. Sun, D. Richardson, S. Guo, and K. Liu, “Privacy-as-a-
service:Models, algorithms, and results on the facebook platform,” in Proceedings of Web, 2009,
vol. 2.
[22] C. Akcora, B. Carminati, and E. Ferrari, “Privacy in Social Networks: How Risky is Your
SocialGraph?,” in 2012 IEEE 28th International Conference on Data Engineering, 2012, pp. 9–19.
[23] J. Bonneau and S. Priebusch, “The Privacy Jungle : On the Market for Data Protection in
SocialNetworks,” in The Eighth Workshop on the Economics of Information Security, 2009, pp. 1–
45.

13. [24] R. N. Kumar and Y. Wang, “SONET: A SOcial NETwork Model for Privacy Monitoring
andRanking,” in The 2nd International Workshop on Network Forensics, Security and Privacy,
2013.
[25] Y. Wang and R. N. Kumar, “Privacy Measurement for Social Network Actor Model,” in The
5thASE/IEEE International Conference on Information Privacy, Security, Risk and Trust, 2013.
[26] M. S. Ackerman, L. F. Cranor, and J. Reagle, “Privacy in ecommerce: examining user scenarios
andprivacy preferences,” in Proceedings of the 1st ACM conference on Electronic commerce,
1999, vol.99, no. 1998, pp. 1–8.
[27] A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and B. Bhattacharjee, “Measurement
andanalysis of online social networks,” Proc. 7th ACM SIGCOMM Conf. Internet Meas. IMC 07,
vol. 40, no. 6, p. 29, 2007.
[28] L. Sweeney, “Uniqueness of simple demographics in the U. S. population,” in Data privacy Lab
white paper series LIDAP-WP4, 2000.

14. SECURITY SYSTEM WITH FACE
RECOGNITION, SMS ALERT AND
EMBEDDED NETWORK VIDEO
MONITORING TERMINAL
J. Shankar Kartik1
, K. Ram Kumar2
and V.S. Srimadhavan3
123
Department of Electronics and Communication Engineering, SRM Easwari Engineering
College, Anna University
ABSTRACT
Even though there are various security systems consuming large power are available in
market nowadays, robbery rate is very high. We are proposing a novel system to prevent
robbery in highly secure areas with lesser power consumption. This system has face-
recognition technology which grants access to only authorized people to enter that area. If
others enter the place without access using some other means, then the system alerts the
security personnel and streams the video captured by the security camera. The face
recognition is done using PCA algorithm. The video transmitted is compressed and
transmitted by ENVMT. By using this ENVMT, the video can play with lesser bandwidth
consumption, latency and jitter.
KEYWORDS
ENVMT, MPEG-4, PCA analysis, ISS, ESS
For More Details: http://airccse.org/journal/ijsptm/papers/2513ijsptm02.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol2.html

15. REFERENCES
[1] Wang Kechao, Wang Ziangmin, Wang Zhifei, JiaZongfu, Yu Jingwei “Design and implementation of
Embedded Network Video Monitoring Terminal” IEEE 2011.
[2] Sutor, S., Matusek, F. , Kruse, F. , Kraus, K. and Reda, R. (2008), 'Large- scale video surveillance
system performance parameters and metrics', Internet Monitoring and Protection, ICIMP '08, On
Pagc(s) 23 - 30
[3] Bing Li and Jianping Sun (2009) 'Network Video Monitoring Based on Embedded Linux and VC++',
International Conference on Advanced Computer Theory and Engineerings.
[4] Dapeng Wu, Yiwei Thomas Hou,Wenwu Zhu, Ya-Qin Zhang, and Jon M. Peha “Streaming video
over Internet: Approaches and Directions” IEEE transactions on circuits and systems for video
technology, vol. 11, no. 3, March 2001.
[5] Wang Kechao, RenXiangmin, Wang Zhifei, JiaZongfu and Yu Jingwei, (2011) 'Design and
implementation of embedded network video monitoring terminal', Computer Science and Automation
Engineering (CSAE) ,Volume 3, On Page(s) 211-214.
[6] Yakun Liu and Xiaodong Cheng (2010) 'Design and implementation of embedded Web server based
on ARM and Linux', Industrial Mechatronics and Automation (ICIMA) Volume 2, On Page(s) 316-
319.
[7] Yan Liu, RenFaLi, Cheng Xu and Fei Yu (2008) 'Design and Implementation of Embedded
Multimedia Surveillance System',Knowledge Discovery and Data Mining Page(s) 570 - 573.
[8] Zhang Songwei and cui ziao (2011) 'Design and implementation of network camera based on
TMS320DM365', Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC),
Page(s) 3864 – 3867.
[9] Marijeta Slavković1, Dubravka Jevtić1 ‘Face Recognition Using Eigenface Approach’ Serbian
Journal Of Electrical Engineering Vol. 9, No. 1, February 2012, 121-130.
[10] M. Turk, A. Pentland: Face Recognition using Eigenfaces, Conference on Computer Vision and
Pattern Recognition, 3 – 6 June 1991, Maui, HI , USA, pp. 586 – 591.

16. HASH BASED LEAST SIGNIFICANT
BIT TECHNIQUE FOR VIDEO
STEGANOGRAPHY(HLSB)
KousikDasgupta1
, J.K. Mandal2
and Paramartha Dutta3
1
Department of CSE, Kalyani Govt. Engineering College, Kalyani-741 235, India
2
Department of CSE, Kalyani University, Kalyani-741 235, India
3
Department of CSS, Visva-Bharati University, Santiniketan-731 235, India
ABSTRACT
Video Steganography deals with hiding secret data or information within a video. In this paper, a
hash based least significant bit (LSB) technique has been proposed. A spatial domain technique
where the secret information is embedded in the LSB of the cover frames. Eight bits of the secret
information is divided into 3,3,2 and embedded into the RGB pixel values of the cover frames
respectively. A hash function is used to select the position of insertion in LSB bits. The proposed
method is analyzed in terms of both Peak Signal to Noise Ratio (PSNR) compared to the original
cover video as well as the Mean Square Error (MSE) measured between the original and
steganographic files averaged over all video frames. Image Fidelity (IF) is also measured and the
results show minimal degradation of the steganographic video file. The proposed technique is
compared with existing LSB based steganography and the results are found to be encouraging. An
estimate of the embedding capacity of the technique in the test video file along with an application
of the proposed method has also been presented.
KEYWORDS
Steganography, Video Steganography, cover video, cover frame, secret message, LSB
For More Details:http://airccse.org/journal/ijsptm/papers/1212ijsptm01.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol1.html

17. REFERENCES
[1] E. Cole and R.D. Krutz, Hiding in Plain Sight: Steganography and the Art of Covert Communication,
Wiley Publishing, Inc., ISBN 0-471-44449-9, 2003.
[2] Stefan Katzenbeisser and Fabien A. P. Petitcolas, Information Hiding Techniques for Steganography
and Digital Watermarking, Artech House Books, ISBN 1-58053-035-4, 1999.
[3] D. Stanescu, M. Stratulat, B. Ciubotaru, D Chiciudean, R. Cioarga and M. Micea, Embedding Data in
Video Stream using Steganography, in 4th International Symposium on Applied Computational
Intelligence and Informatics, SACI-2001, pp. 241-244, IEEE, 2007.
[4] Feng Pan, Li Xiang, Xiao-Yuan Yang and Yao Guo, Video Steganography using Motion Vector and
Linear Block Codes, in IEEE 978-1-4244-6055-7/10/, pp. 592-595,2010.
[5] A. Westfield, and A. Pfitzmann, Attacks on Steganographic Systems, in Proceedings of 3rd Info.
Hiding Workshop, Dresden, Germany, Sept. 28−Oct. 1, pp. 61-75, 1999.
[6] J. Fridrich, R. Du, and L, Meng, Steganalysis of LSB Encoding in Color Images, in Proceedings of
ICME 2000, Jul.-Aug. 2000, N.Y., USA.
[7] Fillatre. L, Designing of Robust Image Steganography Technique Based on LSB Insertion and
Encryption, IEEE Transactions on Signal Processing, Volume 60, Issue:2, pp. 556-569, Feb, 2012
[8] Masud K. S.M. Rahman, Hossain, M.L., A new approach for LSB based image steganography using
secret key, in Proceedings of 14th International Conference on Computer and Information Technology
(ICCIT-2011), pp.-286-291, Dec. 2011.
[9] HemaAjetrao, Dr. P.J.Kulkarni and NavanathGaikwad, A Novel Scheme of Data Hiding in Binary
Images, in International Conference on Computational Intelligence and Multimedia Applications,
Vol.4, pp. 70-77, Dec. 2007.
[10] Sachdeva S. and Kumar A, Colour Image Steganography Based on Modified Quantization Table, in
Proceedings of Second International Conference on Advanced Computing & Communication
Technologies (ACCT-2012), pp. 309-313, 2012.
[11] R. Machado, http://www.securityfocus.com/tools/586/scoreit, .EzStego., Nov. 1996. [last accessed on
16-04-2012]
[12] Y. C Tseng and H. K Pan, Data Hiding in 2-color Image in IEEE Transactions on computers, Vol. 51,
No. 7, pp. 873-878, July 2002.
[13] E. Kawaguchi and R. O. Eason, Principle and applications of BPCS-Steganography, in Proceedings of
SPIE Int'l Symp. on Voice, Video, and Data Communications, pp. 464-473, 1998.
[14] Steganographic software, http://www.jjtc.com/Steganography/toolmatrix.html [last acessed on 16-04-
2012]
[15] MrithaRamalingam, Stego Machine Video Steganography using Modified LSB Algorithm, in World
Academy of Science, Engineering and Technology 74 2011, pp. 502-505, 2011.
[16] Juan Jose Roque and Jesus Maria Minguet, SLSB: Improving the Steganographic Algorithm LSB, in
the 7th International Workshop on Security in Information Systems (WOSIS 2009), Milan, Italy, pp.1-
11, 2009.
[17] A.K. Bhaumik, M. Choi, R.J. Robles and M.O. Balitanas, Data Hiding in Video in International Journal
of Database Theory and Application Vol. 2, No. 2, pp. 9-16, June 2009.
[18] J. J. Chae, B. S. Manjunath, Data Hiding in Video, Proceedings of the 6th IEEE International
Conference on Image Processing, pp.311-315, 1999.
[19] MelihPazarci, VadiDipcin, Data Embedding in Scrambled Digital Video, in Proceedings of the 8th
IEEE International Symposium on Computers and Communication, pp. 498-503, 2003.
[20] A. Giannoula, D. Hatzinakos, “Compressive Data Hiding for Video Signals”, in Proceedings of
International Conference on Image Processing, pp. I529- I532, 2003.
[21] Giuseppe Caccia, Rosa Lancini, Data Hiding in MPEG2 Bit Stream Domain, in Proceedings of
International Conference on Trends in Communications, pp.363-364, 2001.
[22] Jun Zhang, Jiegu Li, Ling Zhang, Video Watermark Technique in Motion Vector, in Proceedings of
XIV Brazilian Symposium on Computer Graphics and Image Processing, pp.179-182, 2001.
[23] Feng Pan, Li Xiang, Xiao-Yuan Yang and Yao Guo, Video steganography using motion vector and
linear block codes, in Proceedings of IEEE International Conference on Software Engineering and
Service Sciences (ICSESS- 20100), pp. 592-595, 2010.
[24] N. F. Johnson and S. Jajodia, Steganalysis of Images Created using Current Steganography Software,
in Lecture Notes in Computer Science, vol. 1525, pp. 32 – 47, Springer Verlag, 1998.
[25] S. Dumitrescu, X. Wu and N. Memon, On Steganalysis of Random LSB Embedding in Continuous

18. tone Images, in Proceedings of the International Conference on Image Processing, vol. 3, pp. 641 –
644, June 2002.
[26] J. Fridrich, M. Goljan, D. Hogea and D. Soukal, Quantitative Steganalysis of Digital Images:
Estimating the Secret Message Length,” in ACM Multimedia Systems Journal, Special issue on
Multimedia Security, vol. 9, no. 3, pp. 288 – 302, 2003.
[27] U. Budia, D. Kundur and T. Zourntos, Digital Video Steganalysis Exploiting Statistical Visibility in the
Temporal Domain, in IEEE Transactions on Information Forensics and Security, vol. 1, no. 4, pp. 502
– 516, December 2006.
[28] K. Kancherla and S. Mukkamala, Video Steganalysis using Spatial and Temporal Redundancies, in
Proceedings of International Conference on High Performance Computing and Simulation, pp. 200–
207, June 2009.
[29] Y. Su, C. Zhang, L. Wang and C. Zhang, A New Video Steganalysis based on Mode Detection,
Proceedings of the International Conference on Audio, Language and Image Processing, pp. 1507–
1510, Shanghai, China, July 2008.
Authors
KousikDasgupta did his Bachelors in Engineering in Electronics and Power Engineering
from Nagpur University, Nagpur, India in 1993. Subsequently, he did his Masters in
Computer Science & Engineering in 2007 from West Bengal University of Technology,
Kolkata, India. He is currently Assistant Professor in the Department of Computer
Science and Engineering of Kalyani Government Engineering College, Kalyani, India. He
served industries like ABB and L & T during 1993-1996. He is c o-author of two books
and about 10 research publications. His research interests include soft computing,
computer vision and image processing and steganography. Mr,.Dasgupta is a Life
Member of ISTE, India, Associate Member of The Institute of Engineers, India and Chartered Engineer
[India] of The Institute Engineers, India. He is a Fellow of OSI. India
Jyotsna Kumar Mandal, M. Tech.(Computer Science, University of Calcutta),
Ph.D.(Engg., Jadavpur University) in the field of Data Compression and Error Correction
Techniques, Professor in Computer Science and Engineering, University of Kalyani,
India. Life Member of Computer Societ y of India since 1992 and life member of
Cryptology Research Society of India.Dean Faculty of Engineering, Teachnology&
Management, working in the field of Network Security, Steganography, Remote Sensing
& GIS Application, Image Processing. 25 years of teaching and research experiences.
Eight Scholars awarded Ph.D., one submitted and 8 are pursuing. Total number of publications is more than
two hundred.
ParamarthaDutta did his Bachelors and Masters in Statistics from Indian Statistical
Institute, Kolkata, India in 1988 and 1990, respectively. Subsequently, he did his Masters
in Computer Science in 1993 from Indian Statistical Institute, Kolkata, India. He did his
Ph.D. in 2005 from Bengal Engineering and Science University, Shibpore, India. He is
currently a Professor in the Department of Computer Science and Engineering of Kalyani
Government Engineering College, Kalyani, India. He was an Assistant Professor and
Head of the Department of Computer Science and Engineering of College of Engineering
and Management, Kolaghat, India during 1998–2001. He has served as a Research
Scholar in the Indian Statistical Institute, Kolkata, India and in Bengal Engineering and Science University,
Shibpore, India. He is a co-author of four books and about 120 research publications. His research interests
include evolutionary computing, soft computing, pattern recognition and Network security.

19. MANAGING THE INFORMATION
SECURITY ISSUES OF ELECTRONIC
MEDICAL RECORDS
Nisreen Innab
Faculty of Computer and Information Security, Naif Arab University for Security Sciences, Al-
Riyadh, Saudi Arabia
ABSTRACT
All healthcare providers should have enough knowledge and sufficient information to understand
the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem
program). This study aims to emphasise the importance of sharing sensitive health information
among healthcare providers, create laws and regulations to keep the electronic medical records
secure, and increase the awareness about health information security among healthcare providers.
The study conducted seven interviews with medical staff and an information technology
technician. The study results showed that sharing sensitive information in a secure environment,
creating laws and regulations, and increasing the awareness about health information security
render the electronic medical records of patients more secure and safe.
KEYWORDS
Electronic Medical Records Security, Health Records, Data Breach, Hakeem Program.
For More Details: https://aircconline.com/ijsptm/V7N4/7418ijsptm02.pdf
Volume Link:http://airccse.org/journal/ijsptm/vol7.html

20. REFERENCES
[1] Key, D. &Ferneini, E., (2015) "Focusing on Patient Safety: the Challenge of Securely
SharingElectronic Medical Records in Complex Care Continuums", ConnecticutMedicine, Vol. 79, No.
8, pp 481- 485.
[2] Miller, A & Tucker, (2009) "Privacy protection and technology diffusion: the case of electronic
medical records", Management Science, Vol. 55, No. 7. pp 1077–1093.
[3] Kazley, A. &Ozcan, Y., (2007) "Organizational and environmental determinants of hospital EMR
adoption: A national study", J. Medical Systems, Vol. 31, No. 5, pp 375–384.
[4] Marvin (2017) "Health Information Technology: Integration, Patient Empowerment, and Security",Am
J Health-Syst Pharm, Vol. 74 No. 2, Pp 36-38.
[5] Humaidi, N. &Balakrishnan, V., (2015) "The moderating effect of working experience on health
information system security policies compliance behavior", Malaysian Journal of Computer Science,
Vol.28, No. 2, pp 70-92.
[6] Khan, S. &Hoque, S., (2016) "Digital health data: a comprehensive review of privacy and security risks
and some recommendations", Computer Science Journal of Moldova, Vol. 24, No. 2, pp 273- 292.6
[7] Dua’, A., Marini, O &Hasniza, Y., (2013) "Implementation of an EHR system (Hakeem) in Jordan:
challenges and recommendations for governance", HIM-Interchange, Vol. 3, No. 3, pp 10-12.
[8] Electronic Health Solutions, (2017) "Benefits of Hakeem Program", Retrieved from
http://ehs.com.jo/hakeem-program/benefits-hakeem
[9] Howard, P.,(2014) "Data Breaches in Europe: An Analysis of Reported Breaches of Compromised
Personal Records in Europe", Center for Media, Data and Society Central European University.
Retrieved from:
http://cmds.ceu.edu/sites/cmcs.ceu.hu/files/attachment/article/663/databreachesineurope.pdf
[10] Ponemon Institute, (2015 "Cost of data breach study: Global analysis", Ponemon Institute, Research
Report.
[11] Ponemon Institute, (2015) "Fifth annual benchmark study on privacy & security of healthcare data",
Ponemon Institute, Research Report.
[12] Khan, S. &Hoque, A., (2015) "Development of nationalhealth data warehouse for data
mining",Database Systems Journal, Vol. 6, No. 1, pp 3–13.
[13] Orel, A. &Bernik, I., (2013) "Implementing healthcare information security: standards can
help",Implementing Healthcare Information Security: Standards Can Help, Vol. 186, pp 195-199.
[14] Luethi, M. &Knolmayer, G., (2009) "Security in health information systems: Anexploratory
comparison of U.S. and Swiss hospitals", Hawaii International Conference on System Sciences.
[15] Vest, J. &Kash, B., (2016) "Differing strategies to meet information-sharing needs: Publicly supported
community health information exchanges versus health systems’ enterprise health information
exchanges", The Milbank Quarterly, Vol. 94, No. 1, pp 77-108.
[16] Bansal, G., Zahedi, F., &Gefen, D., (2010) "The impact of personal dispositions on information
sensitivity, privacy concern and trust in disclosing health information online", Decision Support
Systems, Vol 49, No 2, pp 138-150.
[17] Tipton, H. & Krause, M. (2015) Information Security Management Handbook, 6thed. Northwestern:
CRC Press.
[18] Aydın O. &Chouseinoglou, O., (2013). "Fuzzy assessment of health information system users' security
awareness", Journal of Medical Systems, Vol. 37, No. 6, pp 84-99.
AUTHOR
Dr. Nisreen Innab got her Ph.D. in 2008 in Computer Information System, she was
employed as full time lecturer, Assistant Professor and MIS department Chairperson at
University of Business and Technology in Saudi Arabia, Jeddah from 2007 to 2010. Then
she was worked from May 2011 to August 2014 as a honorary researcher and master thesis
examiner in the school of science and technology at University of New England, Armidale,
Australia. Finally, from September / 2016 till now she works in the department of
information security at Naif Arab University for Security Sciences, Riyadh, Saudi Arabia.
She published nine papers in international journals and conferences. Her current research interests are:
information security, data mining, machine learning, modeling and simulation, ontology, modeling
diagrams.

21. DATA STORAGE SECURITY CHALLENGES IN CLOUD
COMPUTING
Sajjad Hashemi1
1
Department of Computer Engineering, Science and Research Branch, Islamic Azad University,
West Azarbayjan, Iran
ABSTRACT
In the digital world using technology and new technologies require safe and reliable environment,
and it also requires consideration to all the challenges that technology faces with them and
address these challenges. Cloud computing is also one of the new technologies in the IT world in
this rule there is no exception. According to studies one of the major challenges of this
technology is the security and safety required for providing services and build trust in consumers
to transfer their data into the cloud. In this paper we attempt to review and highlight security
challenges, particularly the security of data storage in a cloud environment. Also, provides some
offers to enhance the security of data storage in the cloud computing systems that by using these
opinions can be overcome somewhat on the problems.
KEYWORDS
Cloud Computer, Security, Data Security, Trust.
For More Details: http://airccse.org/journal/ijsptm/papers/2413ijsptm01.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol2.html

22. REFERENCES
[1] H.Takabi, J.B.D.Joshi, G.Ahn., “Security and Privacy Challenges in Cloud Computing Environments”,
IEEE Security Privacy Magazine, Vol 8, pp.24-31, 2010.
[2] F. Soleimanian, S. Hashemi, “Security Challenges in Cloud Computing with More Emphasis on Trust
and Privacy”, INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH,
Vol. 1, ISSUE 6, pp. 49-54, 2012.
[3] M.Monsef, N.Gidado, “Trust and privacy concern in the Cloud”, 2011 European Cup, IT Security for
the Next Generation, pp. 1-15, 2011.
[4] D Zissis, D Lekkas, “Addressing cloud computing security issues, Future Generation Computer
Systems”, Elsevier B.V, Vol.28, pp.583-592, 2010.
[5] Tsai W, Jin Z, Bai X.,”Internetware computing: issues and perspective.” Proceedings of the first
AsiaPacific symposium on Internetware.Beijing,China: ACM, pp. 1–10, 2009.
[6] Raj H, Nathuji R, Singh A, England P. “Resource management for isolation enhanced cloud services.”,
Proceedings of the 2009 ACM workshop on cloud computing security, Chicago, Illinois, USA, pp. 77–
84, 2009.
[7] S Subashini, V Kavitha, “A survey on security issues in service delivery models of cloud computing”,
Network and Computer Applications, Elsevier, Vol. 34, pp. 1-11, 2010.
[8] KapilSachdeva, Cloud Computing: Security Risk Analysis and Recommendations, Master Thesis,
University of Texas, Austin, 2011.
[9] Mahbub Ahmed, Yang Xiang, Shawkat Ali, “Above the Trust and Security in Cloud Computing: A
Notion towards Innovation”, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous
Computing, pp.723-730, 2010.
[10] V.KRISHNA REDDY, Dr. L.S.S.REDDY, “Security Architecture of Cloud Computing”, International
Journal of Engineering Science and Technology (IJEST), Vol. 3 No. 9, pp.7149-7155, 2011.
[11] Siani Pearson, “Privacy, Security and Trust in Cloud Computing”, HP Laboratories, appeared as a book
chapter by Springer, UK, 2012.
[12] Fariborzfarahmand, “Risk Perception and Trust in Cloud”, ISACA JOURNAL VOLUME 4, pp.1-8,
2010.
[13] Weiss, A.; “Computing in the Clouds,” netWorker, vol. 11, issue 4, p.16-25, 2007.
[14] Mohamed Al Morsy, John Grundy and Ingo Müller, “An Analysis of The Cloud Computing Security
Problem”, In Proceedings of APSEC 2010 Cloud Workshop, Sydney, Australia, 30 Nov 2010.
[15] M. Firdhous, O. Ghazali, and S. Hassan, Trust and Trust Manage-ment in Cloud Computin– A Survey,
Inter Networks Research Group, University Utara Malaysia, Technical Report
UUM/CAS/InterNetWorks/TR2011-01, 2011.
[16] T. Mather, S. kumaraswamy, S. Latif, Cloud Security and privacy: an Enterprise perspective on Risk
and Compliance, Governance An International Journal Of Policy And Administration, O'Reilly Media,
Inc., p. 312, 2009.
[17] D. Jamil, H. Zaki, Security Issues in Cloud Computing and Countermeasures, International Journal of
Engineering Science and Technology, Vol. 3, No. 4, p. 2672-2676, 2011.
[18] Yashpal Kadam, “Security Issues in Cloud Computing A Transparent View”, International Journal of
Computer Science & Emerging Technologies, Vol-2 No 5 October, 2011.
[19] S. Qaisar, K.F. Khawaja, Cloud Computing: Network/Security Threats and Countermeasures,
Interdisciplinary journal of con-temporary research in business, Vol.3, No 9, p. 1323-1329, 2012.
[20] J.R. Winkler, Securing the Cloud: Cloud Computer Security Techniques and Tactics, Technical Editor
Bill Meine, Elsevier Publishing, 2011.
[21] K, Sachdeva, Cloud Computing: Security Risk Analysis and Recommendations, Master Thesis,
University of Texas, Austin, 2011.
[22] J. Hurwitz, R. Bloor, M. Kaufman, F. Halper, Cloud computing for dummies, Wiley, 2009.
[23] Z. A.Khalifehlou, F. S. Gharehchopogh, “Security Directions in cloud Computing Environments”, 5th
International Conference on Information Security and Cryptology (ISCTURKEY2012), Ankara,
Turkey, pp. 327-330, 17-19, 2012.
[24] B. Shwetha Bindu, B. Yadaiah, “Secure Data Storage In Cloud Computing”, International Journal of
Research in Computer Science, Vol 1 Issue 1, pp. 63-73, 2011.
[25] Abbas Amini, Secure Storage in Cloud Computing, Master Thesis, Technical University of Denmark,
KongensLyngby, Denmark, 2012. [66] Andrei Dinu, Marcian N. Cirstea, and Silvia E. Cirstea, “Direct
Neural-Network Hardware- Implementation Algorithm”, IEEE

23. [26] D. Kanchana, Dr. S. Dhandapani, “A Novel Method for Storage Security in Cloud Computing”,
International Journal of Engineering Science and Innovative Technology (IJESIT), Vo 2, Issue 2, pp.
243-249, 2013.
[27] Nikos Virvilis, Stelios Dritsas, Dimitris Gritzalis, “Secure Cloud Storage: Available Infrastructures
and Architectures Review and Evaluation”, TrustBus'11 Proceedings of the8th international conference
on Trust, privacy and security in digital business, Springer-Verlag Berlin, Heidelberg ©2011, 2011.
[28] Ravi Gharshi, Suresha, “Enhancing Security in Cloud Storage using ECC Algorithm”, International
Journal of Science and Research (IJSR), Vol 2, Issue 7, 2013.
[29] Dan Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the American
Mathematical Society (AMS), Vol. 46, No. 2, pp. 203-213, 1999.
[30] Charles P. Pfleeger, Security in Computing, Fourth Edition, Pfleeger Consulting Group, Shari
Lawrence Pfleeger - RAND Corporation, Prentice Hall, 2006.
[31] NIST.gov - Computer Security Division - Computer Security Resource Center, Block Cipher Modes,
http://csrc.nist.gov/groups/ST/toolkit/BCM/index.html [accessed: July 2013].
[32] IAIK - TU Graz : AES Lounge, http://www.iaik.tugraz.at/content/research/krypto/aes/#security
[accessed: 9 August 2013].
[33] Alex Biryukov and Dmitry Khovratovich, Related-key Cryptanalysis of the Full AES-192 and
AES256, University of Luxembourg, ePrint Archive: Report 2009/317

24. AVAILABILITY, ACCESSIBILITY, PRIVACY AND
SAFETY ISSUES FACING ELECTRONIC MEDICAL
RECORDS
Nisreen Innab
Information Security Department, College of Computer and Information Security, Naif
Arab University for Security Sciences, Al-Riyadh, Saudi Arabia.
ABSTRACT
Patient information recorded in electronic medical records is the most significant set of
information of the healthcare system. It assists healthcare providers to introduce high quality care
for patients. The aim of this study identifies the security threats associated with electronic medical
records and gives recommendations to keep them more secured. The study applied the qualitative
research method through a case study. The study conducted seven interviews with medical staff
and information technology technicians. The study results classified the issues that face electronic
medical records into four main categories which were availability, accessibility, privacy, and
safety of health information.
KEYWORDS
Healthcare information security, electronic medical records security, availability, accessibility,
privacy, and safety.
For More Details: https://aircconline.com/ijsptm/V7N1/7118ijsptm01.pdf
Volume Link: http://airccse.org/journal/ijsptm/vol7.html

25. REFERENCES
[1] Heckenlively, H. (2016). Using Evidence of Industry Standard in Medical Record Breach Cases. Trial
Evidence, 24 (1) 5-9.
[2] Khan, S. &Hoque, A. (2015). Towards development of health data warehouse: Bangladesh perspective,
in Proc. 2nd International Conference on Electrical Engineering and Information Communication
Technology (ICEEICT)1–6.
[3] Khan, S. &Hoque, A. (2015). Development of national health data warehouse for data mining,
Database Systems Journal, 6(1) 3–13.
[4] Boonstra, A. &Broekhuis, M. (2010). Barriers to the acceptance of electronic medical records by
physicians from systematic review to taxonomy and interventions. BMC Health Services Research, 10,
231
[5] Tipton, H. & Krause, M. (2015). Information Security Management Handbook, 6th ed. Northwestern:
CRC Press.
[6] McGee, M. (2015). Why hackers are targeting health data. Retrieved from:
http://www.databreachtoday.asia/hackers-are-targeting-health-data-a-7024
[7] Humer, C. &Finkle, J. (2014). Your medical record is worth more to hackers than your credit card.
Retrieved from: http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-
idUSKCN0HJ21I20140924
[8] Ponemon Institute (2015). Cost of data breach study: Global analysis.Ponemon Institute, Research
Report.
[9] Zhang, Y. &Poon, C. (2008). The development of health care datawarehouses to support data mining.
Clinics in Laboratory Medicine, 28(1) 55–71.
[10] Luethi, M.&Knolmayer, G. (2009).Security in health information systems: Anexploratory comparison
of U.S. and Swiss hospitals. Hawaii International Conference on System Sciences.
[11] Dua’ A. Nassar, Marini Othman and HasnizaYahya (2013). Implementation of an EHR system
(Hakeem) in Jordan: challenges and recommendations for governance. HIM-Interchange, 3 (3) 10-12.
[12] Department of Health and Human Services Office for Civil Rights in United States (2016). Breach
portal: Notice to the secretary of HHS breach of unsecured protected health information. Retrieved
from: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
[13] Modern Healthcare (2016). Hospital pays hackers 17,000 to unlock EHRs frozen in 'Ransomware'
attack. Retrieved from: http://www.modernhealthcare.com/article/20160217/NEWS/
[14] Health IT Security (2016). 91k patients' data compromised in WA healthcare data breach. Retrieved
from: http://healthitsecurity.com/news/91k-patients-data-compromised-in-wa-healthcare-data-breach
[15] Krebs on Security (2015). Premera blue cross breach exposes financial, medical records. Retrieved
from: http://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-
medicalrecords/
[16] Namoglu, N. &Ulgen, Y. (2013). Network security vulnerabilities and personal privacy issues in
healthcare information systems: A case study in a private hospital in Turkey. Informatics, Management
and Technology in Healthcare, 9, 126-128.
[17] Alsalamah, S., Alex, W., Hilton, J., Alsalamah, H. (2013). Information security requirements in
patient-centred healthcare support systems. MEDINFO, 9, 812-816.
[18] Ozair F, Jamshed N, Sharma A. &Aggarwal P. (2015). Ethical issues in electronic health records: A
general overview. Perspective Clinical Research, 6, 73-76.
[19] Alanazi, H., Zaidan, A., Zaidan, B., Mat Kiah, M. & Al-Bakri, S. (2014). Meeting the Security
Requirements of Electronic Medical Records in the ERA of High-Speed Computing.Journal of Medical
Systems, 39,165-177.
[20] Monterrubio, S., Solis, J., Borja, R. (2015). EMRlog Method for Computer Security for Electronic
Medical Records with Logic and Data Mining.BioMedResearchInternational, 15, 12 pages.
[21] Hu, V., Ferraiolo, D., & Kuhn, D. (2006). Assessment of Access Control Systems. National Institute of
Standards and Technology, U.S. Department of Commerce, Interagency Report 7316.
[22] Abel, N., John, P., Kathryn, L. et al. (2015). Design and implementation of a privacy preserving
electronic health record linkage tool in Chicago. Journal of the American Medical Informatics
Association, 22(5), 1–9.
[23] Sher, M., Talley, c., Cheng, T. &Kuo. (2017). How can hospitals better protect the privacy of electronic
medical records? Perspectives from staff members of health information management. Health
Information Management Journal, 46(2), 87-95.

26. AUTHOR
Dr. Nisreen Innab got her Ph.D. in 2008 in Computer Information System, she was
employed as full time lecturer, Assistant Professor and MIS department Chairperson at
University of Business and Technology in Saudi Arabia, Jeddah from 2007 to 2010. Then
she was worked from May 2011 to August 2014 as a honorary researcher and master
thesis examiner in the school of science and technology at University of New England,
Armidale, Australia. Finally, from September / 2016 till now she works in the department
of information security at Naif Arab University for Security Sciences, Riyadh, Saudi
Arabia. She published nine papers in international journals and conferences. Her current research interests
are: information security, data mining, machine learning, modeling and simulation, ontology, modeling
diagrams.