System End-User Actions as a Threat to Information System Security

As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.

A Lightweight Three-Factor Authentication Scheme for WHSN Architecture

Wireless Healthcare Sensor Network (WHSN) is a benchmarking technology deployed to levitate the quality of lives for the patients and doctors. WHSN systems must fit IEEE 802.15.6 standard for specific application criteria, unlike some standard criteria that are difficult to meet. Therefore, many security models were suggested to enhance the security of the WHSN and promote system performance. Yu and Park proposed a three-factor authentication scheme based on the smart card, biometric, and password, and their scheme can be easily employed in three-tier WHSN architecture. Furthermore, they claimed that their scheme can withstand guessing attack and provide anonymity, although, after cryptanalysis, we found that their scheme lacks both. Accordingly, we suggested a three-factor authentication scheme with better system confusion due to multiplex parametric features, hash function, and higher key size to increase the security and achieve anonymity for the connected nodes. Moreover, the scheme included initialization, authentication, re-authentication, secure node addition, user revocation, and secure data transmission via blockchain technology. The formal analysis of the scheme was conducted by BAN logic (Burrows Abadi Nadeem) and the simulation was carried out by Tamarin prover to validate that the proposed scheme is resistant to replay, session hijacking, and guessing attacks, plus it provides anonymity, perfect forward secrecy, and authentication along with the key agreement.

Analysis of Http Cookie Hijacking in the Wild

Because cookies act as the sole evidence of user identification, web sessions are especially vulnerable to attacks through session hijacking, where the server operated by a specific user sends users ' identity requests. If n > 1 cookies are used to execute a session, n sub-sessions that actually run on the same website where the individual cookies are used to access part of the session's state details. Our cookie hijacking analysis shows a range of significant defects; attackers may reach Google's home address and work address and websites that are accessed by Bing or Baidu, show the entire browsing history of the user, and Yahoo enables attackers to delete the list of contacts and upload emails from the account of the consumer. For fact, e-commerce providers such as Amazon and Ebay have a limited, complete customer order background, so almost all platforms have a user name so e-mail address on their page. Ad networks like Doubleclick will also expose pages accessed by the customer. In this article, we propose to improve the latest state-of - the-art HTTP(S) session control by utilizing user fingerprint.A vast range of functionalities of the new client tracking makes session identification on the server observable and dramatically increases the threshold for attackers. Furthermore, this paper describes HTML5 and CSS capabilities for client fingerprinting and the recognition or authentication of a device by using the UserAgent list.

A Secure Framework for IoT Smart Home by Resolving Session Hijacking

IoT is a blessing in the field of information and technology. It is developing and deploying day by day. It is working for our betterment in the section of home, environment, retail, security, factory, industry, agriculture, education, energy, healthcare, and so on. In the Smart Home section, there are a numerous inventions. Vast analysis and working can be possible if needed. We have worked with session hijacking and implement it in our Smart Home Prototype. This paper represents the basic concept of IoT in Smart Home with Security like Session Hijacking.