Search results

1 – 10 of 14
Article
Publication date: 26 May 2022

Ioannis Stylios, Andreas Skalkos, Spyros Kokolakis and Maria Karyda

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a…

Abstract

Purpose

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This paper aims to build a system that will continuously authenticate the user of a smartphone.

Design/methodology/approach

Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, BBCA technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), which is based on the user’s keystroke dynamics and touch gestures, using a multi-layer perceptron (MLP). Also, this paper introduces a new BB collection tool and proposes a methodology for the selection of an appropriate set of BB.

Findings

The system achieved the best results for keystroke dynamics which are 97.18% accuracy, 0.02% equal error rate, 97.2% true acceptance rate and 0.02% false acceptance rate.

Originality/value

This paper develops a new BB collection tool, named BioPrivacy, by which behavioral data of users on mobile devices can be collected. This paper proposes a methodology for the selection of an appropriate set of BB. This paper presents the development of a BBCA system based on MLP.

Details

Information & Computer Security, vol. 30 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 7 December 2021

Ioannis Stylios, Spyros Kokolakis, Andreas Skalkos and Sotirios Chatzis

The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames…

Abstract

Purpose

The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities and is available on GitHub. Interested researchers and practitioners may use it to create their datasets for research purposes.

Design/methodology/approach

One major challenge for BB and continuous authentication (CA) research is the lack of actual BB datasets for research purposes. The compilation and refinement of an appropriate set of BB data constitute a challenge and an open problem. The issue is aggravated by the fact that most users are reluctant to participate in long demanding procedures entailed in the collection of research biometric data. As a result, they do not complete the data collection procedure, or they do not complete it correctly. Therefore, the authors propose a new paradigm and introduce a BB collection tool, which they call BioGames, for the extraction of biometric features in a convenient way. The BioGames paradigm proposes a methodology where users play games without participating in an experimental painstaking process. The BioGames App collects keystroke dynamics, touch gestures, and motion modalities.

Findings

The authors proposed a new paradigm for the collection of BB on mobile devices and created the BioGames application. The BioGames App is an Android application that collects BB data on mobile devices and sends them to a database. The database design allows multiple users to store their sensor data at any time. Thus, there is no concern about data separation and synchronization. BioGames App is General Data Protection Regulation (GDPR) compliant as it collects and processes only anonymous data.

Originality/value

The BioGames App is a publicly available tool that combines the keystroke dynamics, touch gestures, and motion modalities. In addition, it uses a methodology where users play games without participating in an experimental painstaking process.

Details

Information & Computer Security, vol. 30 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 1 December 2023

Andreas Skalkos, Aggeliki Tsohou, Maria Karyda and Spyros Kokolakis

Search engines, the most popular online services, are associated with several concerns. Users are concerned about the unauthorized processing of their personal data, as well as…

Abstract

Purpose

Search engines, the most popular online services, are associated with several concerns. Users are concerned about the unauthorized processing of their personal data, as well as about search engines keeping track of their search preferences. Various search engines have been introduced to address these concerns, claiming that they protect users’ privacy. The authors call these search engines privacy-preserving search engines (PPSEs). This paper aims to investigate the factors that motivate search engine users to use PPSEs.

Design/methodology/approach

This study adopted protection motivation theory (PMT) and associated its constructs with subjective norms to build a comprehensive research model. The authors tested the research model using survey data from 830 search engine users worldwide.

Findings

The results confirm the interpretive power of PMT in privacy-related decision-making and show that users are more inclined to take protective measures when they consider that data abuse is a more severe risk and that they are more vulnerable to data abuse. Furthermore, the results highlight the importance of subjective norms in predicting and determining PPSE use. Because subjective norms refer to perceived social influences from important others to engage or refrain from protective behavior, the authors reveal that the recommendation from people that users consider important motivates them to take protective measures and use PPSE.

Research limitations/implications

Despite its interesting results, this research also has some limitations. First, because the survey was conducted online, the study environment was less controlled. Participants may have been disrupted or affected, for example, by the presence of others or background noise during the session. Second, some of the survey items could possibly be misinterpreted by the respondents in the study questionnaire, as they did not have access to clarifications that a researcher could possibly provide. Third, another limitation refers to the use of the Amazon Turk tool. According Paolacci and Chandler (2014) in comparison to the US population, the MTurk workers are more educated, younger and less religiously and politically diverse. Fourth, another limitation of this study could be that Actual Use of PPSE is self-reported by the participants. This could cause bias because it is argued that internet users’ statements may be in contrast with their actions in real life or in an experimental scenario (Berendt et al., 2005, Jensen et al., 2005); Moreover, some limitations of this study emerge from the use of PMT as the background theory of the study. PMT identifies the main factors that affect protection motivation, but other environmental and cognitive factors can also have a significant role in determining the way an individual’s attitude is formed. As Rogers (1975) argued, PMT as proposed does not attempt to specify all of the possible factors in a fear appeal that may affect persuasion, but rather a systematic exposition of a limited set of components and cognitive mediational processes that may account for a significant portion of the variance in acceptance by users. In addition, as Tanner et al. (1991) argue, the ‘PMT’s assumption that the subjects have not already developed a coping mechanism is one of its limitations. Finally, another limitation is that the sample does not include users from China, which is the second most populated country. Unfortunately, DuckDuckGo has been blocked in China, so it has not been feasible to include users from China in this study.

Practical implications

The proposed model and, specifically, the subjective norms construct proved to be successful in predicting PPSE use. This study demonstrates the need for PPSE to exhibit and advertise the technology and measures they use to protect users’ privacy. This will contribute to the effort to persuade internet users to use these tools.

Social implications

This study sought to explore the privacy attitudes of search engine users using PMT and its constructs’ association with subjective norms. It used the PMT to elucidate users’ perceptions that motivate them to privacy adoption behavior, as well as how these perceptions influence the type of search engine they use. This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSE. At the same time, this study contributes to search engine vendors by revealing that users’ need to be persuaded not only about their policy toward privacy but also by considering and implementing new strategies of diffusion that could enhance the use of the PPSE.

Originality/value

This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSEs.

Details

Information & Computer Security, vol. 32 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 23 January 2020

Ioannis Paspatis, Aggeliki Tsohou and Spyros Kokolakis

Privacy policies emerge as the main mechanism to inform users on the way their information is managed by online service providers, and still remain the dominant approach for this…

Abstract

Purpose

Privacy policies emerge as the main mechanism to inform users on the way their information is managed by online service providers, and still remain the dominant approach for this purpose. The literature notes that users find difficulties in understanding privacy policies because they are usually written in technical or legal language even, although most users are unfamiliar with them. These difficulties have led most users to skip reading privacy policies and blindly accept them. This study aims to address this challenge this paper presents AppAware, a multiplatform tool that intends to improve the visualization of privacy policies for mobile applications.

Design/methodology/approach

AppAware formulates a visualized report with the permission set of an application, which is easily understandable by a common user. AppAware aims to bridge the difficulty to read privacy policies and android’s obscure permission set with a new privacy policy visualization model. Thus, we propose AppAware parser, a mobile add-on that acts complementary with AppAware and helps mobile device users to monitor the applications they installed to their smart device.

Findings

To validate AppAware, the authors conducted a survey through questionnaire aiming to evaluate AppAware in terms of installability, usability and viability-purpose. The results demonstrate that AppAware is assessed above average by the users in all categories.

Originality/value

In the best of the authors’ knowledge, there is no such approach as AppAware as an application nor AppAware parser as add-on.

Details

Information & Computer Security, vol. 28 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 15 March 2022

Ioannis Stylios, Spyros Kokolakis, Olga Thanou and Sotirios Chatzis

For the success of future investments in the implementation of continuous authentication systems, we should explore the key factors that influence technology adoption. The authors…

Abstract

Purpose

For the success of future investments in the implementation of continuous authentication systems, we should explore the key factors that influence technology adoption. The authors investigate the effect of various factors of behavioral intention through the new incorporation of a modified technology acceptance model (TAM) and diffusion of innovation theory (DOI). Also, the authors have created a new theoretical framework with constructs such as security and privacy risks (SPR), biometrics privacy concerns (BPC) and perceived risk of using the technology (PROU). In this paper, the authors conducted a structural equation modeling empirical research. This research is designed in such a way to respond to the trade-off between users’ concern for the protection of their biometrics privacy and their protection from risks.

Design/methodology/approach

The authors provide an extensive conceptual framework for both existing models (TAM and DOI) and the new constructs that the authors have added to the model. In addition, this research explores external factors, such as trust in technology (TT) and innovativeness (Innov). In addition, the authors have introduced significant constructs, to overcome the limitations of the TAM and to adapt it to the needs of the present research. The new theoretical framework the authors introduce in the present research concerns the constructs SPR, BPC and PROU.

Findings

The authors found that the main facilitators of behavioral intention to adopt the technology (BI) are TT, followed by compatibility (COMP), perceived usefulness (PU) and Innov. This research also shows that individuals are less interested in the ease of use of the technology and are willing to sacrifice it to achieve greater security. COMP and Innov also play a significant role. Individuals who believe that the usage of the behavioral biometrics continuous authentication (BBCA) technology would fit into their lifestyle and would like to experiment with new technologies have a positive intention to adopt the BBCA technology. The new constructs the authors have added are SPR, BPC and PROU. The authors’ results support the hypotheses that SPR is a facilitator to PU and PU acts as a facilitator to BI. Consequently, the hypothesis that individuals do not feel adequately protected by classical methods will consider the usefulness of the BBCA as a technology for their extra protection against risks is confirmed by the model. Also, with the constructs BPC and PROU, the authors examined if individuals’ concerns regarding their biometrics privacy act as inhibitors in the BI. The authors concluded that individuals consider that the benefits of using BBCA technology are much more important than the risks for their biometrics privacy since the hypothesis that the major inhibitor of BI is PROU is not supported by the model.

Originality/value

To the best of the authors’ knowledge, this research is among the first in the field that examines the factors that influence the individuals’ decision to adopt BBCA technology.

Details

Information & Computer Security, vol. 30 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 23 November 2010

Aggeliki Tsohou, Spyros Kokolakis, Costas Lambrinoudakis and Stefanos Gritzalis

Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that…

2603

Abstract

Purpose

Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awareness of information security practitioners regarding globally known and accepted security standards, and thus, contribute to their adoption.

Design/methodology/approach

The paper adopts a conceptual approach and results in a classification framework for categorizing available information security standards. The classification framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC 27001:2005 information security management system.

Findings

The paper presents a framework for conceptualizing, categorizing and interconnecting available information security standards dynamically.

Research limitations/implications

The completeness of the information provided in the paper relies on the pace of standards' publications; thus the information security standards that have been classified in this paper need to be updated when new standards are published. However, the proposed framework can be utilized for this constant effort.

Practical implications

Information security practitioners can benefit by the proposed framework for available security standards and effectively invoke the relevant standard each time. Guidelines for utilizing the proposed framework are presented through a case study.

Originality/value

Although the practices proposed are not innovative by themselves, the originality of this work lies on the best practices' linkage into a coherent framework that can facilitate the standards diffusion and systematic adoption.

Details

Information Management & Computer Security, vol. 18 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 May 2006

Aggeliki Tsohou, Maria Karyda, Spyros Kokolakis and Evangelos Kiountouzis

The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders' perception of risk and its effect on information…

5691

Abstract

Purpose

The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders' perception of risk and its effect on information system (IS) risk management.

Design/methodology/approach

Risk management involves a number of human activities which are based on the way the various stakeholders perceive risk associated with IS assets. Cultural theory claims that risk perception within social groups and structures is predictable according to group and individual worldviews; therefore this paper examines the implications of cultural theory on IS risk management as a means for security experts to manage stakeholders perceptions.

Findings

A basic theoretical element of cultural theory is the grid/group typology, where four cultural groups with differentiating worldviews are identified. This paper presents how these worldviews affect the process of IS risk management and suggests key issues to be considered in developing strategies of risk management according to the different perceptions cultural groups have.

Research limitations/implications

The findings of this research are based on theoretical analysis and are not supported by relevant empirical research. Further research is also required for incorporating the identified key issues into information security management systems (ISMS).

Originality/value

IS security management overlooks stakeholders' risk perception; for example, there is no scheme developed to understand and manage the perception of IS stakeholders. This paper proposes some key issues that should be taken into account when developing strategies for addressing the issue of understanding and managing the perception of IS stakeholders.

Details

Information Management & Computer Security, vol. 14 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 3 April 2009

Maria Karyda, Stefanos Gritzalis, Jong Hyuk Park and Spyros Kokolakis

This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research.

1465

Abstract

Purpose

This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research.

Design/methodology/approach

The paper analyses the privacy implications of particular characteristics of ubiquitous applications and discusses the fundamental principles and information practices used in digital environments for protecting individuals' private data.

Findings

A significant trend towards shifting privacy protection responsibility from government to the individuals is identified. Also, specific directions for future research are provided with a focus on interdisciplinary research.

Research limitations/implications

This paper identifies key research issues and provides directions for future research.

Originality/value

This study contributes by identifying major challenges that should be addressed, so that a set of “fair information principles” can be applied in the context of ubiquitous environments. It also discusses the limitations of these principles and provides recommendations for future research.

Details

Internet Research, vol. 19 no. 2
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 18 July 2008

Aggeliki Tsohou, Spyros Kokolakis, Maria Karyda and Evangelos Kiountouzis

The purpose of this paper is to study the way information systems (IS) security researchers approach information security awareness and examine whether these approaches are…

4708

Abstract

Purpose

The purpose of this paper is to study the way information systems (IS) security researchers approach information security awareness and examine whether these approaches are consistent with the organization theory and IS approaches for the study of organizational processes.

Design/methodology/approach

Open coding analysis was performed on selected publications (articles, surveys, standards, and reports). The chosen publications were classified and the classification results are presented, based on a proposed typology.

Findings

The proposed typology allows us to identify different types of research models followed by security researchers and practitioners, and to infer a set of practical implications, for the benefit of those interested in empirically studying information security awareness.

Research limitations/implications

The paper represents a pilot survey, performed in a selected number of publications.

Practical implications

The paper helps researchers and practitioners to distinguish the research models that can be adopted for the study of information security awareness organizational process, by identifying the key dimensions along which they differ.

Originality/value

The proposed typology provides a guide to identify the range of options available to researchers and practitioners when they design their work regarding the security awareness topic. Moreover, it can facilitate the communication between scholars in the field of security awareness.

Details

Information Management & Computer Security, vol. 16 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 July 2005

Petros Belsis, Spyros Kokolakis and Evangelos Kiountouzis

Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of…

7239

Abstract

Purpose

Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role of an IS security knowledge management system.

Design/methodology/approach

The results of this paper are based on field research involving five organizations (public and private) and five security experts and consultants. A model to illustrate the structure of IS security knowledge in an organization is then proposed.

Findings

Successful security management largely depends on the involvement of users and other stakeholders in security analysis, design, and implementation, as well as in actively defending the IS. However, most stakeholders lack the required knowledge of IS security issues that would allow them to play an important role in IS security management.

Originality/value

In this paper, the knowledge management aspect of IS security management has been highlighted. Moreover, the basic sources of security‐related knowledge have been identified and a model of IS security knowledge has been created. Also, the activities to be supported by a security‐focused KM system have been identified. Thus, the basis for the development of specialized security KM systems has been set.

Details

Information Management & Computer Security, vol. 13 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of 14