005.8 Data security

Review of e-Health Frameworks. (2015)
Presentation / Conference Contribution
Prajapati, B., Buchanan, W. J., Smales, A., Macfarlane, R., & Spyra, G. (2015, October). Review of e-Health Frameworks. Presented at Health Informatics Conference 2015

In order to improve the quality of health care and widen the accessibility, health care providers are consistently looking to inject information and communication technology to the traditional health care system (Mair, et al., 2012). This process can... Read More about Review of e-Health Frameworks..

When amateurs do the job of a professional, the result is smart grids secured by dumb crypto. (2015)
Newspaper / Magazine
Buchanan, W. J. (2015). When amateurs do the job of a professional, the result is smart grids secured by dumb crypto

Security relies upon good programming and correct adherence to well-designed standards. If the standards are sloppy, then security has been compromised from the outset. Smart grids, which include the smart meters being rolled out to millions of homes... Read More about When amateurs do the job of a professional, the result is smart grids secured by dumb crypto..

US hack shows data is the new frontier in cyber security conflict. (2015)
Newspaper / Magazine
Buchanan, W. J. (2015). US hack shows data is the new frontier in cyber security conflict

More than four million personal records of US government workers are thought to have been hacked and stolen, it has been. With US investigators blaming the Chinese government (although the Chinese deny involvement), this incident shows how data could... Read More about US hack shows data is the new frontier in cyber security conflict..

RESCUE: Resilient Secret Sharing Cloud-based Architecture. (2015)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., Fan, L., Russell, G., & Lo, O. (2015, August). RESCUE: Resilient Secret Sharing Cloud-based Architecture. Presented at TrustCom 2015 The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

This paper presents an architecture (RESCUE) of a system that is capable of implementing: a keyless encryption method; self-destruction of data within a time frame without user’s intervention; and break-glass data recovery, with in-built failover pro... Read More about RESCUE: Resilient Secret Sharing Cloud-based Architecture..

The future internet: a world of secret shares (2015)
Journal Article
Buchanan, W. J., Lanc, D., Ukwandu, E., Fan, L., Russell, G., & Lo, O. (2015). The future internet: a world of secret shares. Future Internet, 7(4), 445-464. https://doi.org/10.3390/fi7040445

The PKI infrastructure is crumbling, especially due to the lack of a strong understanding of how encryption actually works, and in threats around its implementation. This paper outlines an Internet storage using secret sharing methods, and which coul... Read More about The future internet: a world of secret shares.

Evaluation of TFTP DDoS amplification attack (2015)
Journal Article
Sieklik, B., Macfarlane, R., & Buchanan, W. J. (2016). Evaluation of TFTP DDoS amplification attack. Computers and Security, 57, 67-92. https://doi.org/10.1016/j.cose.2015.09.006

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these s... Read More about Evaluation of TFTP DDoS amplification attack.

Towards an augmented authenticator in the Cloud (2015)
Presentation / Conference Contribution
Pitropakis, N., Yfantopoulos, N., Geneiatakis, D., & Lambrinoudakis, C. (2014, December). Towards an augmented authenticator in the Cloud. Presented at 2014 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), Noida, India

Many times in the past, critical infrastructures like e-health and e-government services have become a target of cyber-attacks resulting to manipulation of sensitive information. Meanwhile, there are several approaches applying security and privacy p... Read More about Towards an augmented authenticator in the Cloud.

Sticky-Policy enabled authenticated OOXML for Health Care (2015)
Presentation / Conference Contribution
Spyra, G., Buchanan, W. J., & Ekonomou, E. (2015, October). Sticky-Policy enabled authenticated OOXML for Health Care. Presented at BCS Health Informatics 2015

This paper proposes a secure medical document sharing construction, which addresses confidentiality and authenticity concerns related to cloud-based data protection issues. The paper extends the popular Office Open XML (OOXML) document format with eX... Read More about Sticky-Policy enabled authenticated OOXML for Health Care.

Evaluation of the DFET Cloud. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., Keane, E., Callahan, C., Blazic, B. J., & Popov, O. (2015, September). Evaluation of the DFET Cloud. Paper presented at Cybercrime Forensics Education and Training (CFET) conference

The DFET (Digital Forensics Evaluation and Training) Cloud creates new training methods/techniques to support judicial authorities, law enforcement agencies and associated stakeholders in the fight against cybercrime through the development of a virt... Read More about Evaluation of the DFET Cloud..

Highlighting Relationships of a Smartphone’s Social Ecosystem in Potentially Large Investigations (2015)
Journal Article
Andriotis, P., Oikonomou, G., Tryfonas, T., & Li, S. (2016). Highlighting Relationships of a Smartphone’s Social Ecosystem in Potentially Large Investigations. IEEE Transactions on Cybernetics, 46(9), 1974-1985. https://doi.org/10.1109/tcyb.2015.2454733

Social media networks are becoming increasingly popular because they can satisfy diverse needs of individuals (both personal and professional). Modern mobile devices are empowered with increased capabilities, taking advantage of the technological pro... Read More about Highlighting Relationships of a Smartphone’s Social Ecosystem in Potentially Large Investigations.

Till All Are One: Towards a Unified Cloud IDS (2015)
Presentation / Conference Contribution
Pitropakis, N., Lambrinoudakis, C., & Geneiatakis, D. (2015, September). Till All Are One: Towards a Unified Cloud IDS. Presented at International Conference on Trust and Privacy in Digital Business TrustBus 2015: Trust, Privacy and Security in Digital Busines, Valencia, Spain

Recently there is a trend to use cloud computing on service deployment, enjoying various advantages that it offers with emphasis on the economy which is achieved in the era of the financial crisis. However, along with the transformation of technology... Read More about Till All Are One: Towards a Unified Cloud IDS.

Real-time monitoring of privacy abuses and intrusion detection in android system (2015)
Presentation / Conference Contribution
Li, S., Chen, J., Spyridopoulos, T., Andriotis, P., Ludwiniak, R., & Russell, G. (2015, August). Real-time monitoring of privacy abuses and intrusion detection in android system. Presented at International Conference on Human Aspects of Information Security, Privacy, and Trust, Los Angeles, CA, USA

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from 'normal' apps. We also investigated the injection technolog... Read More about Real-time monitoring of privacy abuses and intrusion detection in android system.

Ashley Madison breach reveals the rise of the moralist hacker (2015)
Newspaper / Magazine
Buchanan, W. J. (2015). Ashley Madison breach reveals the rise of the moralist hacker

There’s value in more than just credit card data, as Avid Life Media (ALM), parent company of the extramarital affair website Ashley Madison, has found out after being raided for millions of their customer’s details. All sorts of information that isn... Read More about Ashley Madison breach reveals the rise of the moralist hacker.

Cyber security challenges for cloud based services. (2015)
Presentation / Conference Contribution
Buchanan, W. J. (2015, June). Cyber security challenges for cloud based services. Paper presented at Scot-Cloud 2015, Dynamic Earth, Edinburgh

Areas covered - IoT security - Data loss detection and prevention - Cryptography in the Cloud

IoT analytics: collect, process, analyze and present massive amounts of operational data - research and innovation challenges. (2015)
Book Chapter
Barnaghi, P., Bauer, M., Biswas, A. R., Botterman, M., Cheng, B., Cirillo, F., Dillinger, M., Graux, H., Hoseinitabatabaie, S. A., Kovacs, E., Longo, S., Nunna, S., Paulin, A., Prasad, R. R. V., Soldatos, J., Thuemmler, C., & Volk, M. (2015). IoT analytics: collect, process, analyze and present massive amounts of operational data - research and innovation challenges. In O. Vermesan, & P. Friess (Eds.), Building the Hyperconnected Society : IoT research and innovation value chains, ecosystems and markets. Volume 43 (1-331). River Publisher

IoT analytics: collect, process, analyze and present massive amounts of operational data - research and innovation challenges.

Teaching penetration and malware analysis in a cloud-based environment. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., & Russell, G. (2015, June). Teaching penetration and malware analysis in a cloud-based environment. Paper presented at UK Workshop on Cybersecurity Training & Education

This paper outlines evaluation of running a private Cloud-based system over two semesters at Edinburgh Napier University for two modules: Security Testing and Advanced Network Forensics (BEng (Hons) level and focused on Penetration testing and Malwar... Read More about Teaching penetration and malware analysis in a cloud-based environment..

Apple and Starbucks could have avoided being hacked if they'd taken this simple step (2015)
Newspaper / Magazine
Buchanan, W. J. (2015). Apple and Starbucks could have avoided being hacked if they'd taken this simple step

Apple and Starbucks are two of the world’s most trusted companies, but their reputations were recently tarnished thanks to some novice cybersecurity mistakes. Both setup systems that could have allowed hackers to break into customers' accounts by rep... Read More about Apple and Starbucks could have avoided being hacked if they'd taken this simple step.

Vulnerability analysis. (2015)
Presentation / Conference Contribution
Buchanan, W. J. (2015, May). Vulnerability analysis. Presented at Advanced Threat Protection

The current generation of threats against enterprise networks are more targeted, more persistent and more sophisticated than ever. Sony, eBay and JP Morgan are among the biggest names to fall victim in the last 12 months. The result is that massive a... Read More about Vulnerability analysis..

Edinburgh leading world in beating online crime (2015)
Newspaper / Magazine
Buchanan, W. J. (2015). Edinburgh leading world in beating online crime

Cyber security surges ahead in the capital, says Bill Buchanan As we become more dependent on the internet by the day, the risks around it also increase, especially from cyber crime, large-scale data loss and the failure of our critical IT infrastruc... Read More about Edinburgh leading world in beating online crime.

Identifying areas of vulnerability. (2015)
Presentation / Conference Contribution
Buchanan, W. J. (2015, April). Identifying areas of vulnerability. Presented at Scot-secure 2015

Using penetration testing to highlight areas of weakness with practical steps for improving the security of your organisation.