Information privacy refers to the desire of individuals to control or have some influence over data about themselves. Advances in information technology have raised concerns about information privacy and its impacts, and have motivated Information Systems researchers to explore information privacy issues, including technical solutions to address these concerns. In this paper, we inform researchers about the current state of information privacy research in IS through a critical analysis of the IS literature that considers information privacy as a key construct. The review of the literature reveals that information privacy is a multilevel concept, but rarely studied as such. We also find that information privacy research has been heavily reliant on studentbased and USA-centric samples, which results in findings of limited generalizability. Information privacy research focuses on explaining and predicting theoretical contributions, with few studies in journal articles focusing on design and action contributions. We recommend that future research should consider different levels of analysis as well as multilevel effects of information privacy. We illustrate this with a multilevel framework for information privacy concerns. We call for research on information privacy to use a broader diversity of sampling populations, and for more design and action information privacy research to be published in journal articles that can result in IT artifacts for protection or control of information privacy.

http://ftp.misq.org/skin/frontend/default/misq/pdf/appendices/2011/BelangerCrosslerAppendices.pdf

Privacy in the digital age: a review of information privacy research in information systems

The massive increase in actuators, industrial devices, health-care devices, and sensors, have led to the implementation of the Internet of Things (IoT), fast and flexible information technology communication between the devices. As such, responding to the needs in speedily way, and matching the smart services with modified requirements, IoT communications have facilitated the interconnections of things between applications, users, and smart devices. In order to gain extra advantage of the numerous services of the Internet. In this paper, the authors first, provided a comprehensive analysis on the IoT communication strategies and applications for smart devices based on a Systematic Literature Review (SLR). Then, the communication strategies and applications are categorized into four main topics including device to device, device to cloud, device to gateway and device to application scenarios. Furthermore, a technical taxonomy is presented to classify the existing papers according to search-based methodology in the scientific databases. The technical taxonomy presents five categories for IoT communication applications including monitoring-based communications, routing-based communications, health-based communications, Intrusion-based communications, and resource-based communications. The evaluation factors and infrastructure attributes are discussed based on some technical questions. Finally, some new challenges and forthcoming issues of future IoT communications are presented.

A systematic review of IoT communication strategies for an efficient smart environment

The main issue for effective Web information extraction is how to recognize similar patterns in a Web page. Traditionally, it has been shown that pattern matching by using the HTML DOM tree is more efficient than the simple string matching approach. Nonetheless, previous tree-based pattern matching methods have problems by assuming that all HTML tags have the same values, assigning the same weight to each node in HTML trees. This paper proposes an enhanced tree matching algorithm that improves the tree edit distance method by considering the characteristics of HTML features. We assign different values to different HTML tree nodes according to their weights for displaying the corresponding data objects in the browser. Pattern matching of HTML patterns is done by obtaining the maximum mapping values of two HTML trees that are constructed with weighted node values from HTML data objects. Experiments are done over several Web commerce sites to evaluate the effectiveness of the proposed HTML tree matching algorithm.

Web Information Extraction by HTML Tree Edit Distance Matching

SmiDCA: An Anti-Smishing Model with Machine Learning Approach

Organizations share an evolving interest in adopting a cloud computing approach for Internet of Things (IoT) applications. Integrating IoT devices and cloud computing technology is considered as an effective approach to storing and managing the enormous amount of data generated by various devices. However, big data security of these organizations presents a challenge in the IoT-cloud architecture. To overcome security issues, we propose a cloud-enabled IoT environment supported by multifactor authentication and lightweight cryptography encryption schemes to protect big data system. The proposed hybrid cloud environment is aimed at protecting organizations' data in a highly secure manner. The hybrid cloud environment is a combination of private and public cloud. Our IoT devices are divided into sensitive and nonsensitive devices. Sensitive devices generate sensitive data, such as healthcare data; whereas nonsensitive devices generate nonsensitive data, such as home appliance data. IoT devices send their data to the cloud via a gateway device. Herein, sensitive data are split into two parts: one part of the data is encrypted using RC6, and the other part is encrypted using the Fiestel encryption scheme. Nonsensitive data are encrypted using the Advanced Encryption Standard (AES) encryption scheme. Sensitive and nonsensitive data are respectively stored in private and public cloud to ensure high security. The use of multifactor authentication to access the data stored in the cloud is also proposed. During login, data users send their registered credentials to the Trusted Authority (TA). The TA provides three levels of authentication to access the stored data: first-level authentication - read file, second-level authentication - download file, and third-level authentication - download file from the hybrid cloud. We implement the proposed cloud-IoT architecture in the NS3 network simulator. We evaluated the performance of the proposed architecture using metrics such as computational time, security strength, encryption time, and decryption time.

/pdf/scalable-and-secure-big-data-iot-system-based-on-multifactor-28ckezc2jb.pdf

Scalable and Secure Big Data IoT System Based on Multifactor Authentication and Lightweight Cryptography

A super-connected society is emerging in which things and things or people and things communicate with each other through the Internet of Things. Since devices in the existing IoT environment have limitations such as low power, volume, and performance, a new paradigm has been suggested by integrating with cloud computing technology. However, there are still issues to resolve in the new convergence paradigm in order to mitigate vulnerabilities regarding data management and information protection for security. Thus, this study designs a RLWE-based homomorphic encryption communication protocol for user authentication and message management in a cloud computing-based IoT convergence environment. We conducted performance analysis on a communication protocols in the existing IoT environment and the proposed communication protocol to ensure safety and security. The study verified safety and security by conducting performance analysis of current IoT environment communication protocol and proposed communication protocol. The study conducted comparative analysis on time complexity and space complexity in accordance with encryption and decoding of proposed communication protocol to confirm that it provides strong security and equivalent level of efficiency. Also, by designing a communication protocol, the study aimed to provided a safe communication infrastructure from user authentication to data transfer to users.

A Design of Secure Communication Protocol Using RLWE-Based Homomorphic Encryption in IoT Convergence Cloud Environment

Chinese language has enormous number of characters and complicated stroke structures. So it is very difficult to efficiently and accurately identify a Chinese writer from his/her handwritings. This paper proposes a novel writer identification method for Chinese characters commonly used in Japan which can be used in peer-to-peer (P2P) systems. As a preliminary task, we have analyzed the shapes of strokes and the types of block division structures in Chinese characters and selected some characters for writer identification. The method consists of two efficient algorithms, i.e. the Hidden-feature analysis and the Block-type model, which respectively utilize intra-stroke and inter-stroke features of handwritings to enhance the writer identification accuracy. The Hidden-feature analysis makes template classes of reference characters with online features of training samples such as pen-pressure, pen-speed, pen-altitude, and pen-azimuth of each stroke. The Block-type model also creates such classes for writer identification based on offline features, i.e. the positional information about blocks of sample characters. The experimental results show that the Hidden-feature analysis requires eight Chinese characters while the Block-type model requires only four characters and four ones to achieve writer identification accuracy over 98%. Additionally, the results also demonstrate that any eight Chinese characters are enough to achieve an identification accuracy over 99.9% when the combination of the two algorithms is applied.

Writer identification using intra-stroke and inter-stroke information for security enhancements in P2P systems

User authentication has become an essential security element that enables a wide range of applications in P2P systems for higher security and safety requirements. In previous, many researchers worked on user authentication based on certificates, passwords, and feature-based authentication (e.g. face recognition, fingerprint detection, iris recognition, voice recognition). However, authentication using those technologies may fail because this information can be easily shared among users or synthesized. Also, there are several cyber and cryptography attacks. With the progress of the latest sensor technology, wearable as Microsoft Bands, Fitbit, and Garmin has provided for more information collecting opportunities. From those above point of views, this paper presents a novel user identification system based on the bio signal analysis of arm movement (3-axis accelerometer & 3-axis gyroscope) and electromyography (EMG) signal using Myo armband as a wearable user authentication system in P2P system that identifies users based on the bio-signal of movement of a person’s arm. In this study, the gesture and EMG signals are obtained from the sensor and denoised using wavelet denoising algorithm. The denoised signals are analyzed using the envelope and cepstrum analysis for extracting the potential feature vector. Finally, the feature vector is used to train and identify a user using multi-class support vector machine (MC-SVM) with different kernel function for user authentication. For validating the proposed authentication model, signals are obtained from the arm movements, i.e., directions and hand gesture data using acceleration, gyroscope and EMG sensors of several subjects. According to the experimental results, the proposed model shows satisfactory performance. To evaluate the efficiency of the proposed systems, we measure and compare its classification accuracy with state-of-the-art algorithms. And the proposed algorithm outperforms with others.

Arm movement activity based user authentication in P2P systems

Although the advance of ICT serves convenient lives, the adverse effect lies behind. Attacks such as spreading malicious code and luring users to fake websites via SMS or E-mail using social engineering have often occurred. Phishing, pharming, and smishing are getting diversified recently. The authentication of most websites is processed by simply using ID and password is the reason why the attack methods have been changing. Internet users are vulnerable in the process of authentication because they set and use an identical ID and similar password on different websites. This study discusses the length-related password vulnerability and introduces the method with which a hacker lures Internet users and seizes the users’ ID and password as well as password generation pattern. The paper also suggests that an additional and improved process is necessary to prevent various attacks like seizing account by the attacker.

Blackhole attack: user identity and password seize attack using honeypot

User authentication is necessary to provide services on an application system and the Internet. Various authentication methods are used such as ID/PW, biometric, and OTP authentications. One of the popular authentications is ID/PW authentication. As an inputted password is transferred by one-way hash function and then stored in DB, it is difficult for the DB administrator to figure out the password inputted by the user. However, when DB is leaked, and there is the time to decode, the password can be hacked. The time and cost to decode the original message from the hash value corresponding a short password decrease. Therefore, if the password is short, then attacking cost is low, and password crack possibility is high. In the case where an attacker utilizes pre-computing rainbow tables, and the hash value of short passwords is leaked, the password that the user inputted can be cracked. In this research, to block rainbow table attacks, when the user generates a short password, by adding additional messages of identification information of a system or the user and extending the length of the password, we try to resolve the vulnerability of short passwords. By proposing a model to minimize the length of the password and the authority accordingly in mobile devices on which inputting passwords is not easy, we take security into consideration. Our proposal model is strong against rainbow table attack and provides efficient password system to users. It contributes to resolving password vulnerability and upgrades mobile users’ convenience in typing passwords.

Hyung-Jin Mun

Papers

A Design of Secure Communication Protocol Using RLWE-Based Homomorphic Encryption in IoT Convergence Cloud Environment

Writer identification using intra-stroke and inter-stroke information for security enhancements in P2P systems

Arm movement activity based user authentication in P2P systems

Blackhole attack: user identity and password seize attack using honeypot

A novel secure and efficient hash function with extra padding against rainbow table attacks