Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Cyber Security Issues and Challenges in E-Commerce

Abstract: E-commerce (electronic commerce) is the purchasing and selling of merchandise and ventures, or the transmitting of assets or information, over an electronic network, essentially the internet. These business exchanges happen either as b to b (business-to-business), b to c (business-to-consumer), c to c (consumer-to-consumer) or c to b(consumer-to-business) It is the exchanging or in items or services utilizing computer networks like Internet or online informal communities. Here the Business conducted using computers, telephones, fax machines, barcode readers, credit cards, ATM or other electronic appliances without the exchange of paper-based documents or physically moving to a shopping centre. It includes activities, for example, procurement, order entry, exchange processing, online payment, authentication, inventory control, order fulfilment, shipment, and customer bolster. When a buyer pays with a bank card swiped through a magnetic-stripe-reader, he or she is taking an interest in e-commerce. E-commerce Security is a piece of the Information Security framework and is specifically applied to the components that affect e-commerce including of Data security and other wider realms of the Information Security framework. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. E-commerce offers the managing an account industry great chance, yet additionally creates a set of new dangers and vulnerability, for example, security threats, hackings. Therefore, it is an essential management and technical requirement for any efficient and effective Payment exchange activities over the internet. Even the shopping through e-commerce has penetrated all segments of merchandise going from groceries to electronic products and even vehicles. Fast development in mobile figuring and correspondence technologies has facilitated ubiquity of e-commerce. The fundamental impediment in development of e-commerce is cyber misrepresentation and identity theft. Hackers are people who complete the cybercrime. Hence, poor security on e-Commerce web servers and in user’s computers is core issue to be resolved for fast development of e-commerce. This paper provides directions for e-commerce security in order to improve customer confidence in e-commerce shopping.

Privacy and Security Assessment of Biometric Template Protection

Abstract: Biometrics enables convenient authentication based on a person's physical or behavioral characteristics. In comparison with knowledge- or token-based methods, it links an identity directly to its owner. Furthermore, it can not be forgotten or handed over easily. As biometric techniques have become more and more efficient and accurate, they are widely used in numerous areas. Among the most common application areas are physical and logical access controls, border control, authentication in banking applications and biometric identification in forensics. In this growing field of biometric applications, concerns about privacy and security cannot be neglected. The advantages of biometrics can revert to the opposite easily. The potential misuse of biometric information is not limited to the endangerment of user privacy, since biometric data potentially contain sensitive information like gender, race, state of health, etc. Different applications can be linked through unique biometric data. Additionally, identity theft is a severe threat to identity management, if revocation and reissuing of biometric references are practically impossible. Therefore, template protection techniques are developed to overcome these drawbacks and limitations of biometrics. Their advantage is the creation of multiple secure references from biometric data. These secure references are supposed to be unlinkable and non-invertible in order to achieve the desired level of security and to fulfill privacy requirements. The existing algorithms can be categorized into transformation-based approaches and biometric cryptosystems. The transformation-based approaches deploy different transformation or randomization functions, while the biometric cryptosystems construct secrets from biometric data. The integration in biometric systems is commonly accepted in research and their feasibility according to the recognition performance is proved. Despite of the success of biometric template protection techniques, their security and privacy properties are investigated only limitedly. This predominant deficiency is addressed in this thesis and a systematic evaluation framework for biometric template protection techniques is proposed and demonstrated: Firstly, three main protection goals are identified based on the review of the requirements on template protection techniques. The identified goals can be summarized as security, privacy protection ability and unlinkability. Furthermore, the definitions of privacy and security are given, which allow to quantify the computational complexity estimating a pre-image of a secure template and to measure the hardness of retrieving biometric data respectively. Secondly, three threat models are identified as important prerequisites for the assessment. Threat models define the information about biometric data, system parameters and functions that can be accessed during the evaluation or an attack. The first threat model, so called naive model, assumes that an adversary has very limited information about a system. In the second threat model, the advanced model, we apply Kerckhoffs' principle and assume that essential details of algorithms as well as properties of biometric data are known. The last threat model assumes that an adversary owns large amount of biometric data and this allows him to exploit inaccuracy of biometric systems. It is called the collision threat model. Finally, a systematic framework for privacy and security assessment is proposed. Before an evaluation process, protection goals and threat models need to be clarified. Based on these, the metrics measuring different protection goals as well as an evaluation process determining the metrics will be developed. Both theoretical evaluation with metrics such as entropy, mutual information and practical evaluation based on individual attacks can be used. The framework for privacy and security assessment is applied on the biometric cryptosystems: fuzzy commitment for 3D face and iris recognition is assessed. I develop my own 3D face recognition algorithm based on the depth distribution of facial sub-surfaces and integrate it in the fuzzy commitment scheme. The iris recognition is based on an open source algorithm using Gabor filter. It is implemented in the fuzzy commitment scheme with the two layer coding method as proposed by Hao et al. Both features, the 3D face features and the iris features, represent local characteristics of the modalities. Thus, strong dependency within these features is observed. The second order dependency tree is applied to describe the distribution of 3D face features. The Markov model is applied to characterize the statistical properties of iris features. Thus, security and privacy of these algorithms can be measured with theoretical metrics. Due to strong feature dependency, the achieved security is much smaller than the secret size, which is the assumed security in a perfect secure case with uniformly identically distributed features. Moreover, the unlinkability is analyzed. The analysis shows that these protected systems are less vulnerable to leakage amplification. However, the secure templates contain much personal identifiable information. We demonstrate the attacks, which can identify a subject by linking auxiliary data stored in his secure templates. Cross matching is assessed with the performance of these attacks. Additionally, the characteristics of iris features is exploited to perform an attack retrieving features from secure templates. The efficiency of the practical attack confirms the result of the theoretical assessment of privacy with conditional entropy. The coding process plays a very important role for the security and privacy properties in the fuzzy commitment scheme. Designing a coding method should not only focus on the improvement of code rate. As shown in this thesis, security and privacy properties can be enhanced significantly by changing the dependency pattern in iris features and 3D face features. Therefore, the coding process should be adapted to properties of the underlying biometric features to increase the security and privacy performance. The security and privacy assessment within this thesis is completed by a comparison of two fuzzy commitment algorithms with the fuzzy vault algorithm for fingerprint recognition. Here, different threat models as well as the corresponding protection goals are considered. The fuzzy vault system has the best performance regarding security and irreversibility of biometric features. However, all of these systems are vulnerable to cross matching. The comparison results show that the proposed evaluation framework provides the fundamental basis for benchmarking different template protection algorithms. The proposed framework is also validated with the existing security analysis on transformation-based approaches. Unlike the analysis on biometric cryptosystems, the security is dependent on the hardness of transformation functions or randomization processes. Therefore, the presented analysis is based on efficiency of different kinds of attacks, which measure different protection goals in the appropriate threat models. The security of these approaches depends on the transformation parameters. The knowledge of these parameters allows generating a pre-image, while it is still hard to estimate the original biometric features practically. However, privacy leakage amplifications are still possible. This thesis defines a systematic evaluation framework, which adheres to essential criteria and requirements of biometric template protection techniques. Its applicability is demonstrated with the analysis of template protection algorithms for different biometric modalities. The assessment presented in this thesis is fundamental for a thorough analysis. Furthermore, it provides provable evidence on security and privacy performance. Therefore, it is the fundamental tool for technical innovation and improvement and helps system designers in selecting a suitable template protection algorithm for their applications and needs. It creates a basis for certification and benchmarking of biometric template protection.

A big data framework for network security of small and medium enterprises for future computing

Abstract: Recently, there have been some concerns for the network control systems which have been built for the major closed national communication infrastructures in the Republic of Korea. In particular, the control systems used by the small- and medium-sized enterprises (SMEs) often did not consider much on the sophisticated internal or external threats such as hacking or identity theft when they were first developed. For this reason, SMEs have been constantly exposed to internal/external security threats posed by both internal and external attackers, while they are using their own internal business networks constantly stay linked to the external networks operated by their cooperating companies or institutions for the convenience of conducting business. Hence, the security of SMEs’ business networks is still vulnerable, but it is not easy to obtain the information from security officials about what are the actual problems they are facing. In this study, a method of strengthening the SMEs’ security capability is proposed, especially focusing on a framework to be used when applying big data. For the simulations, necessary data was provided by the SMEs who have experienced security threats in the past. An empirical analysis was conducted with such data, and a framework was designed accordingly. The framework was simulated in a test bed for adjustment. The demographic characteristics of the data providers were studied to ensure a more accurate analysis of the data. The frequency and reliability analysis methods were used together with the machine learning technique to measure the reliability of the data, whereas a factor analysis was applied the validity. Partial least squares (PLS) was used for the empirical analysis as well. An application to which these methodologies were applied was implemented with Java Android and will be provided to the security managers of SMEs upon completion. It is expected that the framework proposed in this study will be a useful solution for SMEs for their future computing needs.

Formulating specialised Legislation to address the Growing Spectre of Cybercrime: A Comparative Study

Abstract: There appears to be no precise definition for cybercrime or 'computer crime'. Computer crime has been described as "any violation of criminal law that involves knowledge of computer technology by the perpetrator, investigator or prosecution". Cybercrime (online misdemeanour) has been defined as including any crime carried out primarily by means of a computer on the Internet; for example, hacking into or damaging a computer network, accessing and stealing electronic data without authorisation, and cyberstalking (via e-mail threats of violence or extortion). Thus, on the one hand, a computer may be the 'object' of the crime when there is theft of computer hardware or software, or a computer may be the 'subject' of a crime when it is used as an 'instrument' to commit traditional crimes such as fraud, theft, extortion, or 'new' types of criminal activity such as denial of service attacks and malware, identity theft, child pornography, copyright infringement, mail or wire-fraud.

PrivacyBot: Detecting Privacy Sensitive Information in Unstructured Texts

Abstract: With the swift proliferation of Internet services and always connected smart devices, users continue to (un)intentionally share copious amount of data on daily basis. While the availability of such a big amount of data is useful to extract interesting nuggets in areas such as behavioral or medical research, it also brings about unprecedented user information privacy violation consequences, e.g., identity theft and reputation damage of target users. This is aggravated when users share Privacy Sensitive Information (PSI) on-line, often times, including to unintended audience. In this regard, detecting PSI disclosure becomes an essential step towards tackling the long(short) term privacy consequences of divulging such information. As such, in this paper, we present PrivacyBot, a machine-learning based proof-of-concept that detects PSI in user-generated unstructured texts. A rigorous set of experiments show that our approach can detect PSI with an accuracy of up-to 95%. Furthermore, PrivacyBot provides a fine-grained category of PSI types (with an accuracy of up-to 88%), defined based on existing work and Art. §9 of the European Union (EU) General Data Protection Regulation (GDPR). Results are promising and shed light on the possibility of integrating such tools to support users in making informed privacy related decisions when disclose PSI on-line.