You are on page 1of 52

ISSN 0970-647X | Volume No. 39 | Issue No.

2 | May 2015

Cover Story
Cloud Security – Challenges at a Glance 8 Research Front
Do You Need an Operating System to
Cover Story Run an Application 33
Improving Cybersecurity using NIST
Framework 11 Article
Cover Story Context Aware Intelligence: Approach
for Multi-Dimensional Security 36
Security, Privacy and Trust in Social
Networking Sites 14 CSI Communications | May 2015 | 1

Know Your CSI
Executive Committee (2015-16/17) »
President Vice-President Hon. Secretary Hon. Treasurer
Prof. Bipin V Mehta Dr. Anirban Basu Mr. Sanjay Mohapatra Mr. R K Vyas
Immd. Past President
Mr H R Mohan

Nomination Committee (2015-2016)
Dr. Anil K Saini Mr. Rajeev Kumar Singh Prof. (Dr.) U.K. Singh

Regional Vice-Presidents
Region - I Region - II Region - III Region - IV
Mr. Shiv Kumar Mr. Devaprasanna Sinha Dr. Vipin Tyagi Mr. Hari Shankar Mishra
Delhi, Punjab, Haryana, Himachal Assam, Bihar, West Bengal, Gujarat, Madhya Pradesh, Jharkhand, Chattisgarh,
Pradesh, Jammu & Kashmir, North Eastern States Rajasthan and other areas Orissa and other areas in
Uttar Pradesh, Uttaranchal and and other areas in in Western India Central & South
other areas in Northern India. East & North East India Eastern India
Region - V Region - VI Region - VII
Mr. Raju L kanchibhotla Dr. Shirish S Sane Mr. K. Govinda Publication Committee (2015-16)
Karnataka and Andhra Pradesh Maharashtra and Goa Tamil Nadu, Pondicherry, Andaman and Nicobar, Dr. A K Nayak Chairman
Kerala, Lakshadweep Prof. M N Hoda Member Dr. R Nadarajan Member
Mr. Ravikiran Mankikar Member
Division Chairpersons Dr. Durgesh Kumar Mishra Member
Dr. Suresh Chandra Satapathy Member
Division-I : Hardware (2015-17) Division-II : Software (2014-16) Division-III : Applications (2015-17)
Dr. Vipin Tyagi Member
Prof. M N Hoda Dr. R Nadarajan Mr. Ravikiran Mankikar
Dr. R N Satapathy Member
Division-IV : Communications Division-V : Education and Research
(2014-16) (2015-17)
Dr. Durgesh Kumar Mishra Dr. Suresh Chandra Satapathy

Important links on CSI website »
About CSI Membership Subscription Fees
Structure and Orgnisation Membership and Grades
Executive Committee Institutional Membership /web/guest/institiutional-
Nomination Committee membership
Statutory Committees Become a member
Who's Who Upgrading and Renewing Membership
CSI Fellows Download Forms
National, Regional & State Membership Eligibility
Student Coordinators Code of Ethics
Collaborations From the President Desk
Distinguished Speakers CSI Communications (PDF Version)
Divisions CSI Communications (HTML Version)
Regions html-version
Chapters CSI Journal of Computing
Policy Guidelines CSI eNewsletter
Student Branches CSIC Chapters SBs News
Membership Services Education Directorate
Upcoming Events National Students Coordinator /web/national-students-
Publications coordinators/home
Student's Corner Awards and Honors
CSI Awards eGovernance Awards
CSI Certification IT Excellence Awards
Upcoming Webinars YITP Awards
About Membership CSI Service Awards
Why Join CSI Academic Excellence Awards
Membership Benefits awards
BABA Scheme Contact us
Special Interest Groups

Important Contact Details »
For queries, correspondence regarding Membership, contact

CSI Communications | May 2015 | 2

CSI Communications
Volume No. 39 • Issue No. 2 • May 2015

Cover Story
Chief Editor
Dr. A K Nayak
8 Cloud Security – Challenges at a Glance
R Sridaran, Disha H Parekh Doshi and Sudhir
29 Importance of Morality, Ethical
Practices and Cyber Laws as Prelude
to Cybersecurity
Guest Editor Kumar Suman D G Jha
Dr. Vipin Tyagi

Published by
Executive Secretary
11 Improving Cybersecurity using NIST
Sandeep Godbole
Research Front
Do You Need an Operating System
to Run an Application
Mr. Suchit Gogwekar
Biswajit Mohapatra and Debasis Roy
For Computer Society of India

Design, Print and
13 Cyber Security : Issues and Challenges
N J Rao

Dispatch by
CyberMedia Services Limited 14 Security, Privacy and Trust in Social
Networking Sites
Richa Garg, Ravi Sankar Veerubhotla and
Context Aware Intelligence:
Approach for Multi-Dimensional
Ashutosh Saxena Security
Amit Badheka

19 Comparative Evidence of Cryptographic
Based Algorithms under the Cloud
Computing Environment to Ensure Data/
Case Study
System Security
Shruti Chhabra and V S Dixit 40 e-Learning for Effective Classroom
Teaching: A Case Study on
Educational Institutes in India

26 Privacy Security Settings – Challenges of Sarika Sharma
Social Media
Mini Ulanat and K Poulose Jacob

Please note:
CSI Communications is published by Computer
Society of India, a non-profit organization.
Views and opinions expressed in the CSI
Communications are those of individual authors,
contributors and advertisers and they may
differ from policies and official statements of
CSI. These should not be construed as legal or
professional advice. The CSI, the publisher, the
editors and the contributors are not responsible
for any decisions taken by readers on the basis of
these views and opinions.
Although every care is being taken to ensure
genuineness of the writings in this publication,
CSI Communications does not attest to the
originality of the respective authors’ content.
© 2012 CSI. All rights reserved.
Instructors are permitted to photocopy isolated Brain Teaser
articles for non-commercial classroom use 44
without fee. For any other copying, reprint or
Dr. Durgesh Kumar Mishra
republication, permission must be obtained
in writing from the Society. Copying for other
A Report from CSI Division IV Communications 45
than personal use or internal reference, or of Dr. Durgesh Kumar Mishra
articles or columns not owned by the Society
without explicit permission of the Society or the CSI News 47
copyright owner is strictly prohibited.

Printed and Published by Suchit Shrikrishna Gogwekar on Behalf of Computer Soceity of India, Printed at G.P.Offset Pvt Ltd. Unit No.81, Plot No.14, Marol Co-Op. Industrial Estate, off
Andheri Kurla Road, Andheri (East), Mumbai 400059 and Published from Computer Society of India, Samruddhi Venture Park, Unit No. 3, 4th Floor, Marol Industrial Area Andheri
(East), Mumbai 400093. Editor: A K Nayak
Tel. : 022-2926 1700 • Fax : 022-2830 2133 • Email : Printed at GP Offset Pvt. Ltd., Mumbai 400 059.

CSI Communications | May 2015 | 3

Prof. AK Nayak
Editorial Chief Editor

Dear Fellow CSI Members,

The internet has changed the world completely. Now it is available This issue has come up with a new column “Message from Vice-
for us for the fast data transmission, for doing all kind business and President”. This issue has a number of good articles related to
satisfying needs. But at the same time, data passing from source Cyber Security. In the article by R. Sridaran, D.H.P. Doshi and
to destination securely is the important task. One of the necessary S. K. Suman, challenges in cloud security are described, while
requirements to prevent data theft and protect the same is S. Godbole has described the ways to improve cybersecurity
securing the information on the transmission channel and across using National Institute of Standards and Technology (NIST)
the network. Further, open access to the Internet has revolutionized framework. We have also provided gist of National Cyber
the way individuals communicate and collaborate, entrepreneurs Security Policy – 2013. N. J. Rao has described cyber security
and corporations conduct business, and governments and citizens issues and challenges in his article. S. Chhabra and V.S. Dixit
interact. As number of internet users is about to touch three have done a study on “Comparative Evidence of Cryptographic
billion, the number of cyber security threats is also increasing. based Algorithms under the Cloud Computing Environment to
Cyber threats are no longer restricted to fragments of malicious ensure Data/System Security” to identify, analyze and report
code, aimed to exasperate, incite or stall; now the threats are the evidence of different cryptographic security algorithms.
strategic, targeted, organised and relentless. Such targeted
Social networking is very popular these days. M. Ulanat and
attacks, can cause significant financial losses as well as deep-
K. P. Jacob in “Privacy Security Settings – Challenges of Social
seated damage. In the age on internet, cybercriminality affects
Media” and R. Garg, R.S. Veerubhotla and A. Saxena in “Security,
everyone individuals, companies, institutions, governments. It has
Privacy and Trust in Social Networking Sites” have described
become a curse of society.
security issues related to social networking sites. In the use of
As per a study of ASSOCHAM, the cyber crimes in India are likely the technology, there is a need of moral values and ethics in every
to cross the 3,00,000 at compounded annual growth rate (CAGR) citizen. D. G. Jha in his article has described the importance of
of about 107 per cent. As per the findings, every month nearly morality and ethical practices. In an article, Amit Badhekha has
12,456 cyber crime cases are registered in India. What is causing given an approach for multidimensional security called context
even more concern is that the origin of these crimes is widely aware intelligence for enterprise applications.
based abroad in countries including China, Pakistan, Bangladesh
We have included a case study on e-learning for effective
and Algeria among others. Phishing attacks of online banking
classroom teaching by Sarika Sharma. Hope this study will help
accounts or cloning of ATM, Debit cards are common occurrences.
in planning of e-learning in schools, colleges and universities.
The increasing use of smartphones, tablets for online banking,
In Research Front category we have selected an article by
financial transactions has also increased the vulnerabilities to
B. Mohapatra and D.R. Choudhuri that describes allocation
a great extent. With increasing use of information technology
containerization in their article “Do you need an OS”. This issue
enabled services such as e-governance, online business and
also contains practitioners’ workbench, crosswords, CSI reports,
electronic transactions protection of personal and sensitive data
and news from divisions, chapters, student branches, and
have assumed paramount importance. The economic growth
calendar of events.
of any nation and its security whether internal or external and
competiveness depends on how well is its cyberspace secured I take this opportunity to credit of successfully bringing this issue
and protected. to guest editor Dr. Vipin Tyagi. I am thankful to Prof. M.N. Hoda
and Dr. Durgesh Mishra for their support in bringing out this issue.
Due to increase in internet penetration and use of online banking
On behalf of publication committee, I wish to express my sincere
India is becoming a favourite among the cybercriminals, who
gratitude to all authors and reviewers for their contribution to this
target online financial transactions using malware. India ranks
third after Japan and US in the tally of countries most affected by
online banking malware during the year of 2014. Indian websites I hope this issue will be successful in its aim of creating awareness
are being hacked by various hacker group spread across worldwide about Cyber Security, providing information about latest trends in
and likely to touch 85,000 by now.   cyber security research and provide new ideas for research in the
The economic growth of a country depends on how well it’s
physical and cyber space is secured. Today we are living in a world Finally we look forward to receive the feedback, contribution,
that has virtually no privacy and a big number of cybercrimes. criticism, suggestions and reply from our esteemed members and
Due to nature of cyberspace cyber security is a very big challenge. readers at
None of us is immune from the threat of cyberattacks. So there is
an urgent need of developing techniques to secure our cyberspace.
Apart from developing techniques awareness related to cyber
security is also needed. Computer Society of India selected theme
of CSI communications (The Knowledge Digest for IT Community)
Prof. A.K. Nayak
- May issue as Cyber Security to discuss various techniques and
create awareness about cyber security. Chief Editor

CSI Communications | May 2015 | 4

President’s Message Prof. Bipin Mehta
From : President’s Desk::
Subject : President's Message
Date : 1st May 2015

Dear Members

I am happy to inform you that CSI Communications, April 2015 issue
with a theme “Digital India” has been well received by the members
at large. The newly formed Publication Committee headed by Dr. A.
K. Nayak and the Guest Editor Dr. Durgesh Kumar Mishra has done a
commendable work in bringing April, 2015 issue of CSI Communications
well. You could have observed the changes like more coverage of
activities conducted by various chapters and student branches. I request
all the Chapters and Student Branches to send their activity reports for
timely publications in CSI Communications. CSI is now adopting Green
initiative by changing over from print version of CSI Communications to
digital version in immediate future. The digital version will be available
on CSI website and Mobile App. This is a practice followed by majority
of the professional bodies over the globe.
I acknowledge the exemplary work done by the previous
Publications Committee chaired by Dr. S. S. Agarwal and the editorial
team for bringing various theme based issues of CSI Communications.
As per CSI byelaws, various committees are formed by the Executive
Committee. These Committees have started working on the tasks assigned
to them. The Membership Committee has prepared a blue print for the
growth of the membership and better service to the members. This initiative
will attract more IT professionals, academicians and students to get
associated with CSI - the largest network of computer professionals in India.
The 50th Annual Convention - CSI – 2015 with the theme DIGITAL
LIFE is being held during 3-5December, 2015 at New Delhi. The team of
Delhi Chapter has started gearing for the grand success of this Golden
Jubilee Convention. The call for papers is announced. I hope you all will
participate in large number to deliberate and discuss the emerging
trends in ICT Based Innovation, Next Generation Networks, 3-D Silicon
Photonics & HPC, Real Time Languages Translation, Sensors, Big Data
Analytics, Systems and Architecture and Cyber Security.
We have received very good response towards the Call for Members of Pune Chapter are visiting student branches and interacts
Nominations for Regional Student Co-ordinators (RSC) and State with the student members regularly. Their enthusiasm attracts more
Student Co-ordinators (SSC). The region wise committee headed by students to join CSI. The Ahmedabad Chapter has planned a common
each RVP will scrutinize nominations and identify RSC and SSC under placement platform to provide equal opportunities to students and
that region in due course of time. recruiters by arranging a Placement Week in near future. As part of
At present, most of the IT companies want to automate work Golden Jubilee Celebrations, this Chapter has planned lecture series
to improve the efficiency and economize the error free processes like during the year, by inviting prominent professionals to share their
software testing. The processes adopted by BPO and KPO are repetitive expertise in different domains in which IT is a major tool. May I suggest
in nature and can be automated easily. This will bring major change in the MC members of other Chapters to follow such best practices to reach to
employment opportunity. Many entry level jobs will become redundant a large number of members, students and society at large.
affecting the placement opportunity of young IT graduates. However, At present, there are many Special Interest Groups (SIGs) under
the acquiring skills required for automation will bring high level quality the banner of CSI. Many SIGs are active and others are required to be
employment. We need to deliberate on this major paradigm shift in job active. My colleague Dr. Anirban Basu, Vice President and President
market and CSI can play a role in Elect is working on revamping SIGs to strengthen their presence. I urge
Re-skilling to help employees to survive the automation wave in Conveners of SIGs to take positive steps to make SIGs, more vibrant.
the IT industry. Recently, I represented CSI at SEARCC (South-East Asian
The other area of interest for CSI is to discuss the importance of Regional Computer Confederation) Executive Committee Meeting at
STEM (Sciences, Technology, Engineering and Mathematics) courses Singapore. This committee meets twice in a year and deliberates on
which have become increasingly important and prominent in all sectors new initiatives. In this Meeting, the members deliberated on SEARCC
of economy in which Computing and IT are playing major role. The Awards and Recognition Program, Virtual Conferences, Draft Strategic
Indian universities are required to enhance their policies and practices Plan 2015 – 2020 and SEARCC Conference at WCC-2015 hosted by
to emphasize the importance of STEM courses. The role of CSI could Australian Computer Society in South Korea. The other representatives
be promoting innovation and computing tools in the fields other than of Computer Societies of Sri Lanka, New Papua Guinea, Australia and
traditional computing and programming. Malaysia presented their views on important issues. The ISSC – 2015 is
hosted by Sri Lanka Computer Society during 9-11 October, 2015 at Sri
These days, debate went on Net Neutrality in India. The majority of
Lanka. This will be great opportunity for our schools to participate in this
the net users have favoured net neutrality and sent petitions in lakhs to
competition. An announcement in this regard will be made by Education
TRAI and objected the move of ISP against net neutrality.
Directorate, CSI in due course of time.
I had an opportunity to meet the prominent members of I look forward for your valuable suggestions for the better working
Ahmedabad, Vallabh Vidyanagar, Pune and Udaipur Chapter recently. of CSI.
The Chapters are very active in conducting various activities for the
members and IT fraternity in the emerging areas. They are also active With best wishes,
in arranging advance level training programs for students, academicians
and IT professionals. It is heartening to note that Managing Committee Bipin V Mehta

CSI Communications | May 2015 | 5

the country. Secretary. These are being looked into so that these MOUs To achieve these: can be used more effectively for the benefit of our Members. An appeal is being of all sections of CSI Members. I am happy that the response to the call has been extremely good and a very large number of our members have shown interest in contributing towards increasing our student activities. Treasurer. A Call for Editors was made which received an Dr Anirban Basu CSI Communications | May 2015 | 6 www. transparency and effectiveness in functioning of the society. the Computer Society of India. Prospective For the last 50 years. we hope to get the cooperation to attract young IT professionals to CSI. This has become essential working of CSI. members of CSI. interact with the members. the largest members have failed to file their membership application and oldest body of IT professionals in India has been working on and pay their fees by credit cards due to poor operation promoting use of IT among the different segments of the society. In this endeavor. All chapters have been asked to use the official logo of CSI given below and misuse of CSI The new ExecCom which assumed office effective April 1. Decision has been taken to develop a new CSI was considered to be the prime body of IT professionals web site at the earliest and to integrate all operations of CSI few decades back and recognized by the Governments in the under the same software framework. states and at the Centre as a prominent group with capability • It has been decided that Chapters when organizing any to advise the Governments on framing policy matters. For any suggestions or issues. • A call has been given to enlist a new team of student coordinators both at the Region and at State levels. Vice President Column overwhelming response. 2015 is committed to bring more efficiency. • ExecCom in its first meeting decided to rationalize the To summarize. • The Publication Committee has started their work in the right earnest.csi-india. Hony. III. new procedures are being put in place for timely response to queries and for processing membership applications. CSI has signed Memorandum of quality events and improve the quality of our journals. Let us work together to make a difference. of CSI web site. New Editorial team is getting constituted for all the CSI journals. Attempts are being made to start a Journal solely dedicated to publishing papers by the students. Anirban Basu. Understanding with different bodies and international societies. made to CSI Members to approach their acquaintances in members can always approach the ExecCom members at any the Industry and in the academic community to make them point of time. and Chairs of Division II and IV and Vice Presidents of Regions II and VI are determined to change the face of Computer Society of India. They along with the incumbent President. Efforts are on to ensure the timely publication of Journal of Computing. To attract more members we need to organize better • Over the years. V and VII. we need to increase our membership substantially • The procedure for publishing reports of various events both from the corporate world and from the academic community. For this the CSI Education Directorate is being revamped. we need to have more Student Branches throughout announced . In this golden jubilee year.III and V and as Vice Presidents of Regions I. Dr. in the brief period that the new ExecCom has Membership fee structure and decided to have an uniform fee taken over. Chairs of Division I. Due to the resignation of the erstwhile Members of Editorial Board of CSI Communications. the high time to take the society to a greater height to contribute The RVPs are being encouraged to visit the Chapters and to significantly for transforming the nation to Digital India. logo will be taken seriously. a plan of work has been drawn to improve the structure irrespective of the age. Now it is event will keep the relevant RVP in the Advisory Committee. • CSI Web site has not been working satisfactorily and there have been numerous complaints about the difficulties the members have been facing in using the web site. • Students and members of the Academic Community have been the main strength of CSI. efforts have been made to publish CSI Communications in time. all Best wishes.Vice President’s Prof. organized by different CSI Chapters and Student Branches Although CSI has the biggest following among the student is being worked upon and the streamlined procedure will be community. The team comprises of dynamic members who have been elected this year as Vice President.

for two weeks in May 2012. M N Hoda met the legendary personality Padma Bhusan Faqir progressing India in the fields of Education. He shared his thoughts with the about CSI and sought his blessings and good wishes to restore the ExecCom members on a variety of subjects including direction past glory of CSI. Power and Agriculture. Guna (MP) India. He is an expert in the area of Cyber Security. improving the condition of India in these areas and shared his Sri F C Kohli who turned 90 in February last year shared personal experiences on these aspects. ISCA. Information Chand Kohli. Guest Editor . his views on Computer Society of India. He was President of Engineering Sciences Section of the Indian Science Congress Association for the term 2010-11. Raghogarh.2010. He was nominated by Indian National Science Academy (INSA). He feels that the Mr. New Delhi under international collaboration to visit Czech Republic. Vipin Tyagi. Anirban Basu. Dr A K Nayak. Guest editor for May Issue of CSI Communications is working as faculty in Dept. Cyber Forensics and Image Processing. He is a Life Fellow of the Institution of Electronics and Telecommunication Engineers. IEEE etc. He is a senior life member of Computer Society of India. MP Council of Science and Technology and CSI. Meeting with Dr. He is Regional Vice President of Computer Society of India of Region 3. IETE. CSI Communications | May 2015 | 7 .Dr. Senior ExecCom Members (left to right) : Dr. of CSE at Jaypee University of Engg and Technology. He has about 20 years of teaching and research experience.tyagi@gmail. Dr.vipin. Sanjay Mohapatra and accompanied by DIV V Chair and Vice Indian IT industry should give lot of thrust on computerization President cum President (Elect) of CSI for the year 2015-16/17 in Indian languages. He can be reached at dr. Sanjay Mohapatra . and recorder for the term 2008 . Secretary CSI should take to bring IT to the masses. Vipin Tyagi Dr. Sri Kohli shared his thoughts on several Prof. M N Hoda. He has published more than 100 papers in various reputed journals. He is actively associated with professional societies like CSI. He has been working on March 27. DIV III Chair Dr. A K Nayak and DIV I Chair other topics and discussed his thoughts on priorities for Dr. Indian Society of Remote Sensing. He is also associated with CSI Special Interest Group on Cuber Forensics. considered Father of Indian Software Industry on Technology. FC Kohli Members of CSI ExecCom led by the Hony. 2015 at his office in Mumbai. Anirban Basu. Sri F C Kohli . He is Principal Investigator of research projects funded by DRDO. Mr. of which he was the The ExecCom members who met him shared their plans President few decades back. advanced research series and has attended several national and international conferences in India and abroad.

security. Any connection regardless of its Any organization today requires management. negative effects also that need to be deletion of record. The data security consists of methods and policies relating to encryption and data sharing. The this way are depicted in Fig. detection of malware in scale.. ☛ Data Loss: Data in the cloud is connected with cloud computing. The threats of CC vary according to the success. The traditional issues associated with each one of them will automatically become part of cloud computing issues also. ☛ Data Segregation: It is generally in genuine computing model – known as integrity and availability(CIA)[4]. Rajkot Cloud Security – Challenges at a Glance Introduction widely for resource allocation. to devastate the data. loss of encryption This has been already pointed by the addressed. International Data Corporation (IDC)[1] and Aman Bakshi et al. 1. which factor that avoids happening of APIs are proposing much more prevents data loss or mismanagement of crashes by malicious insider or any associated services in order to help files. memory management etc. Cloud APIs with improved data security. which is becoming the most common threats categorized in the encrypted form.Cover R Sridaran*. of issues relating to the aspects of safety change management policies because of malevolent intents. and security. Fig.[5] of the pertaining . These three requirements delivery model in used. The data segregation backbone of CC model is a server which problem emerges when some clients is considered as a very crucial part behind Threats associated with Confidentiality do not support encryptions due to the entire processing environment. person. Server ☛ Malicious Insiders: CC presents the fear that encryption may mislead environment involved in cloud computing flexibility by outsourcing the services.csi-india. memory etc. Marwadi Education Foundation’s Group of Institutions. Rajkot. Rajkot ***Assistant Professor & Faculty of Computer Applications. Disha H Parekh Doshi** and Sudhir Kumar Suman*** Story *Dean & Faculty of Computer Applications. key. There is a special category of threats emerge due to virtualization[3]. This helps an organization to gain outsider. weak encryption. This threat is also commonly their own clients. altered data. It is helpful for an enterprise ☛ External Attackers: CC vendors supply to gain an unauthorized access to the to use CC capabilities since it allows all Application Program Interface (API) cloud services and data sources. any Threats associated with Availability recent years tend to keep their data and vulnerability in the API can endanger ☛ Change Management: The cloud information in the cloud. the Sometimes this may lead to some prone to plentiful risks. 1: Cloud Security threats based on CIA Security algorithms are also being used CSI Communications | May 2015 | 8 www.[2]. Marwadi Education Foundation’s Group of Institutions. security is being the most sensitive one. This raises lot provider is expected to have proper the security issues for the users. Marwadi Education Foundation’s Group of Institutions. Some of practice to keep the data in cloud in Cloud Computing(CC). for clients to merge with and avail of their customers to access the data ☛ Data Quality: This is a very important services. This improves the technology trend of the future. by an unauthorized individual sharing at a superior level in order to can have large-scale sway on the Cloud Security Threats at a Glance: flourish and accomplish maximum business[4]. abstraction and resource clouds using data mining techniques etc. Gujarat **Assistant Professor & Faculty of Computer Applications. Since CC incorporates different technologies used with operating system such as resource sharing.. An ideal way is Threats associated with Integrity mentioned are satisfied by the one. Moreover cloud itself consists of many contexts for security issues. very to categorize them into confidentiality. This happens due when a virtual machine is to be mapped to several physical machines. for example. When users who are tremendously increased in the services are deployed. Customers utilizing these from any computer when required. and also some others relating to networks databases and so on. transaction management. occurring when multiple customer’s frail authentication and access to CC has become the most preferred data are being hosted by the cloud command can risk the confidentiality business model of this decade. Amongst the different issues across all the cloud delivery models. need not be a high-end hardware but but it also adds intrinsic risks of ☛ User Access: Threats due to user instead it ties together the power of malicious insiders and offensive use access may happen because of inexpensive hardware on a larger scale in of login access by an unauthorized unsafe access control processers contrast to using lesser amount of servers. which may even enable the outsider high in quality. relies on data and infringement dynamism. scheduling. Since cloud providers.

2010. Sandhir of MECON. P. Lakshmipriya and Krishnapriya with their families in Delhi and Hyderabad respectively. 2013. the then fast emerging role of computerization in coal mining. pp. at Marwadi Education Foundation’s Group of Institutions. Mechanization. Joshi and whenever the client initiates. he kept himself active teaching in several engineering colleges in and around Hyderabad. James B. OBITUARY Mr. the threats associated and Applications. R. Virtualization and Applications of Cloud. L. IEEE. Disha H. About the Authors Mrs. the and ever growing. International Journal of to cloud services caused due to features contain the above capabilities. Kanta Rao of BIT Mesra. Prof. R Sridaran. 1 Issue 7. Swamy passed away on 28th March 2015. *** CSI Communications | May 2015 | 9 . such as Mr. 2011.V. Parekh Doshi is an Assistant Professor. at Marwadi Education Foundation’s Group of Institutions. This has at defined intervals should be performed Gail-Joon Ahn. IEEE. 625-631. Vol. He is a life member of CSI and also the Founder Chairman for CSI. a proper cloud from DDOS Attacks using Intrusion of launching applications or services access control mechanism should also be Detection System in VM”. V V P Swamy.. [7] Lori M Kaufman and Bruce Potter. capabilities at a gross level in order in the CC scenario. between cloud service providers is also time to think of a proper security [4] Disha H Parekh and Dr.P. may cause a denial of service. Mr. L. 2010. Rajkot Chapter. Kaushik Roy of HEC. security issues connected with the cloud. 2010. 4. He has having 2 years of teaching experience. Faculty of Computer Applications. No. Member. Mr. Rajkot. V.[6] Environments”. Her areas of interest are Cloud Computing. It (IJERT). He has 15 years of teaching experience. He has given talks in CSI seminars/workshops. 1. Sudhir Kumar Suman is an Assistant Professor. Swamy was one of the early members of the Computer Society of India. USA. data security features embedded with [3] Nagaraju Kilari and Dr. Gujarat and also a research scholar of Bharathiar University. She has 6 years of teaching experience. Sridaran. in Hyderabad at the age of 72. N & Iacono. Cloud Computing and E-Learning. Sita Devi and two well-settled daughters. September .V. After his retirement from the industry in 2001 till the last days of his life. Rajkot. CSI deeply mourns his death and conveys condolence to the bereaved members of his family and friends. explorations. incorporate the threat management common errors any human may commit pp. “Vulnerable with them need to be brought under Cloud: SOAP Message Security Validation occur.P.☛ Denial of Service threat: This is caused to ensure that the shared storage References normally in public cloud services. “Securing models. the threat can also have time tested encryption plan should be in Research about Cloud Computing Security an impact on different cloud service place since majority of threats are due Protect Policy”. pp. V. at Marwadi Education Foundation’s Group of Institutions. V. threats relating to the data and (ICWS’09). Sridaran is a Dean. While in Delhi. mine planning and development. 214-216. Ranchi chapter. management preserves all its data. Gujarat. Computer Society of India. pp.2012 ISSN: 2278-0181. physical interruption threats may [5] Gruschka. His areas of interest are Software Engineering. he also worked on themes like Modernization.Swamy is survived by his wife. Rajkot. V. 7 years of industry experience. A proper auditing [6] Hassan Takabi. This would narrow down the Challenges in Cloud Computing time also. In case either models which promotes CIA. May God’s grace grants his soul to rest in peace. “A ☛ Physical Interruption: This threat storage. Faculty of Computer Applications. Gujarat. It is also needed to have the 260-264. Survey on Security Threats for Cloud is caused due to the interruption Even though many of the securities Computing”. in Proceedings of IEEE across different levels from network to International Conference on Web Services This threat will be frequently application. occurring due to insufficient policies also issues linked with the confidentiality July 2009. Los Angeles. relating to hardware which in turn thought of. Mr. (IJACSA) International protected properly or the remote Even though the CC is very much popular Journal of Advanced Computer Science working is dealt frequently. This includes the threats ☛ Exploiting fragile recovery practices: Revisited”. K. 55-57. R. along with other IT stalwarts in Ranchi. Mr. MIS and Office Automation. Analysis of Security Challenges in Cloud of the office environments are not Conclusion Computing”. pertaining to the recovery procedure and integrity and so on.Vol. R. Automation. n Dr. limelight. backup and retrieval procedure. “Security and Privacy got an implication on the recovery mandatorily. Faculty of Computer Applications. He contributed significantly to the chapter by bringing in on the table. California. 24-31. Engineering Research & Technology dissimilarities in the physical access there is a need for better awareness[7]. Mr. A [1] Haoyong Lv and Yin Hu. pp. and Computerization in Asian Coal mines. [2] Aman Bakshi and Yogesh B. “An and their customers. IEEE. even may go to the extent to the illegal access to the data. IEEE. “Analysis and However.D. Some Threat Avoidance Practices The Service Level Agreements (SLA) “Can Public-Cloud Security Meet Every cloud provider is expected to should also aim at capturing the most Its Unique Challenges”.

Guna (MP) National Cyber Security Policy 2013 http://deity. storage Development in cyber security for obtaining strategic information & transit so as to safeguard privacy • Reducing supply chain risks regarding threats to ICT of citizen’s data and for reducing • Human Resource Development infrastructure. Hony. • to develop effective public private build capabilities to prevent and respond to use and operation of information partnerships and collaborative cyber threats. security of cyberspace and cooperation solution oriented research. partnerships predictive. Raghogarh. Fellow .gov. CSI congratulates VISION : To build a secure and resilient operating a 24x7 National Critical and privacy enabling responsible cyberspace for citizens. Jaypee University of Engg and Technology. As on date Dr.csi-india. Research Centre Imarat. acquisition. creating scenarios economic losses due to cyber crime • Creating cyber security awareness for response resolution and crisis or data theft • Developing effective Public Private management through effective • to enable effective prevention. investigation and prosecution of • Information sharing and cooperation response and recovery actions cyber crime and enhancement of • Prioritized approach for • to enhance the protection and law enforcement capabilities through implementation resilience of Nation’s critical appropriate legislative intervention • Opertaionalisation of the policy information infrastructure by • to create a culture of cyber security n Congratulations!!! Dr. reduce vulnerabilities. businesses and Information Infrastructure Protection user behaviour & actions through Government Centre (NCIIPC) and mandating an effective communication and MISSION : To protect information and security practices related to the promotion strategy information infrastructure in cyberspace. processes. and resources engagements through technical minimize damage from cyber incidents • to develop suitable indigenous and operational cooperation and through a combination of institutional security technologies through contribution for enhancing the structures. people. G. development. generate adequate and specifically for addressing the cause of security of cyberspace trust & confidence in IT systems National Security requirements • to improve visibility of the integrity Strategies and transactions in cyberspace and of ICT products and services by • Creating a secure cyber ecosystem thereby enhance adoption of IT in all establishing infrastructure for testing • Creating an assurance framework sectors of the economy & validation of security of such • Encouraging open standards • to create an assurance framework products • Strengthening the regulatory for design of security policies and • to create a workforce of 500. preventive. design. skill development and management and response to process. protective. CSI Communications | May 2015 | 10 www. Vipin Tyagi Guest Editor. handling. pilot deployment of secure promoting shared understanding and • to create a secure cyber ecosystem ICT products/processes in general leveraging relationships for furthering in the country. technology frontier technology. DRDO has been conferred with the prestigious Fellowship of the Royal Institute of Navigation for his significant contributions in the fields of inertial and satellite-based Navigation and avionics . Satheesh Reddy.000 framework for promotion and enabling actions professionals skilled in cyber security • Creating mechanisms for security for compliance to global security in the next 5 years through capacity threat early warning. Satheesh Reddy is the only one to be elected from India for this award.Computer Society of India. technology & people) training security threats • to strengthen the Regulatory • to provide fiscal benefits to • Securing E-governance services framework for ensuring a Secure businesses for adoption of standard • Protection and resilience of critical Cyberspace ecosystem security practices and processes information infrastructure • to enhance and create National and • to enable protection of information • Promotion of Research & Sectoral level 24x7 mechanisms while in process. Distinguished Scientist & Director. vulnerability standards and best practices by way of conformity assessment (product. proof of • to enhance global cooperation by Objectives: concept. research. Reddy on receiving this honor. building.

are common across critical infrastructure profile of the organizations. Corporate espionage. criminal. education. Protect. and strategies at a high level. Information Security at Syntel Improving Cybersecurity using NIST Framework Cybersecurity refers to the tools.Partial Entertainment. too have borne the brunt. It is a cohesive manner. For each of the subcategory equally good news for individuals or entities The Department of Electronics and references to standards and frameworks involved in dubious.nist. Distances and geographical diversity and complex nature of cyberspace correlated from multiple sources and limitations when transacting and obtaining requires that protection and security be sensors services have become redundant by the driven by wholesome policies. hosts valuable information assets and also systems is established and managed New vistas have opened up in multiple attackers who are on the prowl. development of a voluntary. identity theft. practices and • Impact of events is determined pervasive nature of the cyber world. severely damaged Iran’s Nuclear Program overall approach. The • Event data are aggregated and and many more. The the India’s National Cybersecurity Policy. Government of India notified below provides list of functions and technology infrastructure provides immense the National Cyber Security Policy in July the corresponding categories. The weapons used in cyber-attacks is code. Protection • Detected events are analyzed to sectors including banking. Unpatched systems. desired challenges. for addressing Cybersecurity risk. The framework is technology neutral appropriate to its activities and risk profile. Each of these five functions includes approaches and safeguards implemented to multiplication of the attack weapon – the categories and sub-categories along with protect information and information assets code. In 2007. It can between the “Current” Profile and the A common feature in all these attacks therefore be viewed as complementary to “Target” Profile identifies areas for was the remote nature of the attacks. (http:// spying. The table protected information and information Technology. improvement. the order. Framework Profiles Frameworks like these provide a great that provided them an attack route to the The Framework core is composed advantage in meeting the cybersecurity victim. risk based Tiers helps an organization to view itself Organizations like New York Times. once created.pdf ) of concern from a national. reactive cyber-attacks that have been sophisticated. Serious attacks in the cyber space of cybersecurity activities. financial crimes. vision. Framework has identified categories and CSI Communications | May 2015 | 11 .Cover Sandeep Godbole Story General Manager. Detailed opportunities for mischief mongers as well 2013. the NIST Framework helps Profiles are useful to identify opportunities was an eye opener for the cyber protection organizations in developing an a method for improving cybersecurity. E. and security is thus an imperative for private understand attack targets and methods e-commerce. Target. practices.g. is simple and does not consume references.Adaptive These Tiers reflect Anthem have experienced of advanced and Technology (NIST) developed the – a progression from informal. Sophisticated attacks are known five Functions—Identify. In response to in one of the four tiers from Tier 1. state that lays down the objectives. They are non-prescriptive and have moved up from the network layer to outcomes. Framework Implementation Tiers reference to cybersecurity. The five when viewed and the building blocks necessary for known in public domain (zero day). these attacks came through the cyberspace 3. Inadequately of Communication and Information 53 have been provided. The gap of Critical Infrastructure. reference to ensure that basic processes to exploit vulnerabilities that are not yet Respond. The interconnected cyberspace expected data flows for users and opportunities where none existed earlier. Unlike physical weapons. entertainment. the US President issued a Presidential www. Cobit5. The significant amount of resources. cybersecurity risk management cycle. This frameworks that address multiple aspects in • Incident alert thresholds are established. travel. commercial Cybersecurity’. In February can be found in the document. Sony Cybersecurity Framework. The Stuxnet episode that high level context to Cybersecurity and the Framework Categories and Subcategories. indeed is good news for bona fide users. governance enterprises and governments alike. ‘Framework for Improving Critical responses to approaches that are agile stealthy and caused significant damage. This helps in prioritization attackers were nowhere near the scene The Framework is composed of three parts: of efforts that should primarily be driven of the crime and in many cases located 1. It over the Internet – some for free and others • A baseline of network operations and has brought the world closer and offered at a price. Detect. While India’s outcomes based on business needs that Foreign Minister accused Russia of direct National Cyber Security Framework sets the an organization has selected from the involvement. Information Technology under the Ministry like ISO27001. Majority of privacy compromises have become matters Order on ‘Improving Critical Infrastructure cybersecurity-framework-021214. The sequentially can be come close to a resilience and recovery are identified. 2013. The Framework Core has defined provide a much needed guidance and attackers. Framework Core by the organizational risk assessment with across international borders. The Policy is an important document information on all the sub categories as dedicated and hardened criminals. The order called for the The Framework Implementation as well as individuals perspective. anti. Frameworks outdated software provide avenues to sectors. Home Depot. Many such and Events under Detect function includes internet and the cyberspace has brought attack tools and attack codes are available subcategories: immense benefit to the human society. Recover. Estonia hence can be adopted irrespective of the Framework Profile represents the experienced cyber-attacks and the Estonian technology implementation. and applicable references that provide for flexibility in line with the risk the application layer. mission within each category and the references actors and terrorists. NIST SP 800- national or unethical activities. National Institute of Standards to Tier 4 . illegal. An organization may Cyber-attacks are not limited to commercial this article as the Framework) in February select a Tier profile for itself that seems organizations and national governments 2014. Infrastructure Cybersecurity’ (referred to in and risk-informed. the category Anomalies in the interconnected cyber world.

CM Security Continuous Monitoring DE .IM Improvements Recover RC . He can be reached at Sandeep_godbole@yahoo. He is a Past President of ISACA Pune Chapter.nist. Sandeep is a speaker at national and international events and conferences.GV Governance ID . Govt of India provides for informational references that resilient from cyber attacks.csi-india.AE Anomalies and Events DE DE . that organizations define and implement controls and technology that ensure that g o v/c y b e r f r a m e w o r k /u p l o a d / comprehensive processes and capabilities requirements defined by the categories/ cybersecurity-framework-021214. The capability capability.pdf ) for log/alert definition.RM Risk Management Strategy Protect PR . sub categories are addressed help to [2] Notification on National Cyber collection and correlation. by NIST (http://www.RP Recovery Planning RC RC .DP Detection Processes Respond RS . Information Security at Syntel.CO Communications sub-categories that can map to or spawn comes from implementing preventive References specific can be useful in this regard.RA Risk Assessment ID . CSI Communications | May 2015 | 12 www.IM Improvements RC . Processes.IP Information Protection Processes and Procedures PR .AN Analysis RS .AC Access Control PR .MI Mitigation RS . Recover) measures Infrastructure Cybersecurity from multiple sources and sensors requires against cyber attacks. thus provided a reference and framework f i l e s /d i t / f i l e s / N a t i o n a l % 2 0 The framework underscores the that organizations can adopt to evaluate Cyber%20Security%20Policy%20 point that there is no silver bullet themselves and build cyber security (1). Eg the sub category (Identify. Protect).pdf) against . n About the Author Sandeep Godbole works as Dy General Manager.AM Asset Management ID .CO Communications RS RS .MA Maintenance PR . Function Unique Catagory Unique Function Catagory Identifier Identifier Identify ID . detective (Detect) and [1] Framework for Improving Critical Event data are aggregated and correlated corrective (Respond. The views expressed in the article are his own and do not necessarily reflect those of his employer or anybody else.DS Data Security PR PR . NIST has (http://deity.AT Awareness and Training PR .PT Protective Technology Detect DE .RP Response Planning RS . The Framework build an organization that is secure and Security Policy -2013.BE Business Environment ID ID .

There Human values. country where it is stored. The storage is in a domain where • Create mechanisms which ensure power grids.MP Cyber Security : Issues and Challenges India is marching towards “Digital India” Security”. create defence mechanisms public-private partnerships adequate address to social security. The need of the day to create worried. The core issues is “Cyber Security” production methodologies need to cyber system which while meeting the and “Dependability”. In has to be understanding on issues and behaviour stand far above freedom. are prone to cyber attacks is application of rules and laws of that trust exist and those interacting are all over the world. Our data is not stored trust in dynamic environment where banks and almost all systems attempting with us. security. Result identities are protected. there is increase of security their availability without compromising with assured empowerment of user threat. the damage. working towards • Create mechanisms for protection and sustainability ensuring freedom of systems which the hackers can’t hack. If this cyber-security activities to assure netizens management in a distributed world dream has to be realized. thermal power plants. There other words our activities get interlinked challenges of “Cyber Security. Reliability seems to be an erosion in these facets to ICT age. of personal data in third party individual and security to society. increasing stress due to words like “Disrupt”. etc. researchers ahead of attackers. attacker. outsources during along with rights and freedom increasing along with their numbers. a risk. cyber cloud storage accounts. the gap between means to check • Create new flexible access control as the world is about to commemorate attacks and actual attacks seems to be technologies which are ethical. websites. This needs to change. cyber security “Destroy”. domain namely. • Create mechanisms which will . it is stored elsewhere. cost and ease Todays attackers/hackers are ahead of time. focus on the product developments basic parameters of utility. organizations are at all levels from technical to top level security risks are universal and these are providing cloud space free. proactive while the people responsible where security. we need policies. Today’s netizens are under • Social networks functioning on issues of “Security and Privacy” with act with regard to freedom of expression. programmable machines. We need advancements • Develop mechanisms for ensuring 7 devices per capita. as our assist in regulating the protection of data.better response and sharing of recyclable. and the need for R&D activities in on “Privacy” and “Security”. privacy are assured in with security must be sustainable. processing or storage cyber R&D community. Raghogarh. That is the challenge to new age spite of increasing R&D activities in “Cyber transmission. Guna . that the ICT activities are safe and Indians • We need better risk mitigation techniques and procedures which address dream of digitization is based on sound strategies for the whole system to issues of “Cyber Risks and Security” to system founded on security and reliability. This is in a transparent we are looking a world of 7 billion people. People are • The engineering process design and and control. This is a cause of serious concerns them increased surface to operate. We need qualification/training and skills forward looking and is ahead of its time. n CSI Communications | May 2015 | 13 . These are immense challenges. The protection trustworthy. so is coordination in approach among world corruption and loss in concept of fellow the opportunities for attackers. of specialists and experts in Cyber Security users with full control on their own data as • Create protocols for creating field. social networks. The system must ensure efficient security researcher is often chasing the information on prevention of cyber energy and environmental management.. morals and ethical intelligent surveillance cameras. The impact after threat is large. through precise. The issues and problems needing attention of global community of researchers are : and calls for redefining these facts and providing them greater potential to damage establish new norms particularly in IT- and create havoc.e. This for ensuring security and reliability. and Availability with Privacy” along with and quantum jump in unethical practices. There has to be a strong international form a healthy base for use. Technological to manage their data and avoid these areas. “Down”. realistic guarantee success to these concepts. using more reliable way of connectivity through digital means. As internet device’ in technological solutions and ease of digital rights and protecting privacy use increases. anchors of to be digital. cooperation to implement this.Must ensure continuous service with They think in general after the event to find provide avenues for improved profit and productivity. safety fighting the vulnerabilities. The world will fell the shortage solutions need to be developed to empower anonymous usage. risks and cyber incidents to dependency increases on mobile phones. "World Telecommunications Day” this increasing. As ICT dependence is growing. As we march to 2020. The system must solutions. providing community of nations. computers. of personal information is a matter of domain 50 billion devices connected to internet or serious concern. Jaypee University of Engineering and Technology. namely software designs stems from the following parameters systems and R&D personnel are reactive. With over a billion personnel with measurements to help management Cyber attacks are global. -Issues of ethics must weigh heavily The motivation for attacking is cloud providers. feeling. there is no freedom. In various phases of its life cycle i. All the citizens of the country need The answer lies in renewing efforts on identities. Our safety and privacy increase well as to provide technological support to increased awareness on issues of are influenced in our daily life. reliable. Satellites. This is with with assured levels of security not the concerns of India alone. emphasis on “Malware Detection” acceptable code of conduct. The cyber • . less dependent on dynamic month. Current practice of cyber security methods for cyber attacks detection use resources which are recoverable and and defence is too late to act. trying to find one more innovative attack -The system must ensure creation of solution to combat the attackers move after • Create manpower with better suitable human resources which is dynamic.. anticipate on cyber security matters through .All this must be capped with the moves.Cover N J Rao Story Vice Chancellor. “Damage”.

Ravi Sankar Veerubhotla** and Ashutosh Saxena*** Story *Senior Associate. SNS found its application in location-based services. sharing interests and collaboration. Few of them adds a new dimension to the usage parameters based on which these social are listed here – of SNS. it and reach out to a large number of Internet. advantages of adopting social networking as avoid negative publicity from unhappy • Location Based Social Networking sites and also determine the associated customers. a real time. social media has connect millions of individuals. individuals • Social E-commerce – SNS aid in the to their employees. major objectives of social media include Background connecting individuals. across the globe. (LBSN) –The integration of SNS and risks. It channels the social interactions aspects of the SNS to reap the best out of using extremely accessible and scalable them for the individuals. access to they provide a platform for users to From an individual perspective. be a serious threat for their privacy. privacy Overall. Privacy and Trust in Social Networking Sites To embrace social networking sites or not. SNS and organizations for exchange of ideas.. We also present various many areas as shown in Fig. Social media has in October 2012[4]. Hyderabad Security. enterprises recognized this platform marketing through SNS has gained location update from users on the Social as a potential business opportunity popularity these days. communities With the proliferation of Web 2. The The reason behind the fitment of Web social media has generated numerous 2. has become an integral part of our life.g. Cognizant Technology Solutions **Research Scientist. organize events intention for branding on SNS could devices. Infosys Labs. In the changing customers. Infosys Labs. The blend of location based and distribute their photos or videos in a be to seek for better opportunities. SNS as a first hand tool to vouch for • Digital Marketing – Enterprises use an ignorant click on a shared link over a the professional details of an individual different marketing techniques to social networking site by an employee during the recruitment phase. Nowadays. SNS are not only beneficial At the same time.0. YouTube) and has reached one billion active users steps taken up by individuals blogs (e. altogether and trust. services. many individuals as well as new users.g. expediting the flow of information. Web 2. than looking at the company’s brochures utilize banners over SNS (as a means with an emphasis on Social Networking or advertisements. the social media is expanding through mobile share the information.. Similarly. primarily related to security. relying parties publishing methods over the Internet. The reason for the or enterprises to highlight their introduced substantial change in the way skyrocketing popularity of SNS is that presence and generate public trust. Facebook. We • Branding – Branding refers to the of enquiry to cater user’s needs CSI Communications | May 2015 | 14 www. 1. Hence for the individuals but also useful for it is an effective tool for personal or instigated specific concerns related to the enterprises.. digital may prove catastrophic for the entire organization. Popular social social networking platform to share their media tools include social networking sites personal and professional data. Infosys Ltd. it could media facilitates the users to update their Today. It creates a unique domain networking sites can be evaluated. mobile technology and social friendly manner. prefer to read product reviews of existing promotion of e-commerce websites. This article aims to discuss various customers on the Internet blogs rather The e-commerce portal owners aspects related to social media in general. For customers as well as a large number of helps in customer identification.0 are suitable for the evolution aimed at marketing and managing and sustenance of SNS. security and privacy globe. scenario. retention and also organizations are skeptic to endorse them.. user’s security and privacy. for expanding their customer acquisition. Some employers chose corporate branding.0 for SNS is that many components of business opportunities[2] for enterprises. Wikipedia). generate current location. SNS has a potential to a new location or a service. thereby Fig. many enterprises are stepping bring awareness to public. Different sell their offerings.. SNS channel Networking Sites (SNS) may turn out to since it connects them to their existing opens up new business opportunities. Blogger).g. Further. whereas for an enterprise. share their views on out of their corporate walls and embracing positive impression and attract new visiting places and use the data to discover the social networks[5].csi-india. is a dilemma for many online entities today Today. A Social Media Source: Infosys Research collaborative projects (e. SNS offer open communication simplifies the communication However. people communicate. 1: Building blocks and applications of (e. Social Media[1] is instrumental conclude this article by suggesting a trade- for rapid communications across the off between usability. we identify several can bring customer satisfaction as well customers. The and the enterprises. their own social networking sites [3] limited and delivery. prevalent social networking site Facebook content communities (e. In specific. People use the customer relationships. LinkedIn. these reasons.g. few enterprises chose to design thereby enhancing information discovery .Cover Richa Garg*. base. Hyderabad ***Associate Vice President. However. For example. and Twitter). If a company can of advertisement) which are not Sites (also known as Online Social quickly resolve a complaint raised by its limited to one geographical region Networks) that are predominant on the customer on a social networking site.

facilitating third-party applications. potentially losing control the profile is visible to everyone. activities. in social networking sites to the users so that they need not unknown friends and entities. consequences. SNS may also implicate Moreover. at a new location.Few individuals victim’s profile leaving it vulnerable lead to privacy breaches[10] unless perceive social networking platform to new attacks. from employees on SNS that caused share it with the third parties or sell employers may also use SNS as a tool reputation loss to third parties. The by the attackers. community or country. attacker may use these resumes to personal information can cause them – Defamation suites due to posts gather victims’ personal information. This Risks and Challenges over the shared data. The information revealed on the – Posting offensive content against a posts. These not respect the privacy of the user data.   used to share identity across multiple also use this information as a part of user – Leaking confidential information on domains. remained a complex problem as the to create multiple accounts. Nowadays. Popular LBSN may happen via user posts. This may • Social Gaming . Some of these way. If the interests to connect. profile. Security Concerns users can’t control what others can organization’s security as an outcome of • Identity Misuse – The impersonation post about them. A list of privacy concerns of their handheld devices. privacy the attack originated from the SNS. networking site. purpose in the foreground may also interests and alumni information but also generated a large number of download a malware on the user’s which may lead to undesirable security concerns. the leakage of third party confidential may capture users’ information and • Tracking Users – A recent surge of information due to the use of SNS. – SNS offer the integration with SNS provide a range of profile jokes and online gaming. cause significant damage to individuals a track on them and monitor their on SNS. mother’s particular entity. attacker may cache or modify the information on SNS. LBSN is also used for promoting may spread spam mails and steal • Data Privacy – Users share their advertisements. • Identity Federation Challenges – maiden name and e-mail can allure the – Anti-legal or anti-national activities Identity Federation is the technique attackers since many financial institutes of individuals using SNS. 9] privacy are quite opposite to each other. The probability of such SNS websites offer users to login using attacks can increase further. Besides. Likewise. share and learn information present in the user user’s profile has the default setting from each other. There Privacy Concerns purpose here is to add convenience can be potential data leaks through these Privacy. tweets The fact that most of the current SNS do applications such as Foursquare[6] and email communications. appropriate privacy settings are as a source of entertainment as well. The user clicks on ‘Allow’ as ‘public’. – Liability due to the breach of the sensitive information. This way. The personal and sometimes sensitive offering rewards. The attacker friends is at stake.   their Facebook account. everyone can view the personal The massive growth of SNS has brought applications. of a legitimate user by an attacker can of both the user and the associated – Legal implications as a result of result in Identity misuse. • Threats from 3rd party applications applied for the user’s profile. adding plenty of personal For example. they also provide • Legal Aspects . rumours. Some of the risks and for an organization can be broadly ‘unknown friend’ may abuse the challenges associated with adoption of summarized as follows. many online identification. The outsiders probing into the users’ violence. tradeshows and proprietary or confidential data. access to the network. the HR agency may the individuals. physical security concerns. After gaining providers of SNS. associations. The primary accepts requests from strangers. This way. But • Malwares.The legal risks from unknown people may also a vulnerable platform to be exploited associated with the use of SNS adversely affect user’s privacy. then all the information in button. Consider LBSN has invited serious concerns [11] – Risks associated with attacks against an attacker who creates a fake HR on users’ privacy. These privacy settings. harm them subsequently. Hence. most of the users global participation. The SNS operate in machine without their knowledge. Similarly. challenges because users do not CSI Communications | May 2015 | 15 . Accepting requests public domain. SNS also applications initially seek permission are either unaware of them or find empower the people with common from the user to access personal the mechanism as complex. if the user – Invading on someone’s privacy. SNS such as full date of birth. to an advertising agency. serving the intended information. the attacker common among SNS users is as follows. to keep a check on their employees. Viruses and Phishing Attacks concept of social networking and user this ability presents tough privacy – Malware and Virus attacks[8. user’s trust and may try to capture SNS are as follows. A real time update the employees through social networking representative profile on a social on users’ location may prove intrusive sites or associated applications. The attacker to the users since the third parties – Implications due to posts from posts an attractive job opening and may collect personal information employees or outsiders that spread legitimate users may become the of the roaming users. cause hatred or communal victims by sharing their resumes. Individuals may face legal information in public profiles may also attach itself to the employees to keep charges in the following scenarios. numerous benefits to online communities. and Gowalla [7] allow users to attacks are also used by intruders to is not because of the technical difficulties reveal their whereabouts and find obtain the user’s credentials and gain but rather a design choice made by the about their friends with the help access to the network. Though since it supports sharing anecdotes. Besides.

a • Active protection of information de-centralized approach based on P2P group of individuals may establish related to user architecture. if the data available with SNS operators Improving Privacy. disgruntled employee may post • Explicit privacy policy statement Privacy preserving data mining[17] and some adverse comments which from SNS communication protocols like zero could damage the reputation of the • Data retention policy for SNS knowledge[18]. data collection to what is directly relevant applications. Security and Trust encryption. where user attributes are is in an unencrypted form. They should also restrict the use by creating a proxy that participates in and employment details is known of personal data through transparent the decryption process and enforces as Social Engineering. user data. connections can help in identifying suitable social fake data to the social networking site and even friend-of-a-friend (FOAF). People tend to spend their processing of personal data by providing online. of sharing their travel plans with relevant significant and allow users to choose or Considering two entities A and . information is disseminated or friends in a secure manner. Users SNS before adopting them. to abuse user’s trust. Also. and by storing the sensitive data in But attackers use different techniques Few parameters which can help in this encrypted form on a separate server. keys to other users or re-encrypting their personal and confidential disseminating and processing user existing cipher texts. The analysis FaceCloak achieved the goal by providing often trust their friends. it is necessary to identify with intensifying addiction is making people choices of individuals with respect to the whom we are communicating or dealing not-so-social. Similarly. users post or upload content in their • Ownership of the User data It is useful to share updates on SNS profile on SNS. platform (being an electronic medium) is provide adequate security and privacy for This ‘expected’ behavior is often refuted by a poor means for conveying the emotions. This emotional invisibility can further for users to correct errors in data or Different trust related concerns in SNS are affect the human relationships. • Privacy policy for applications on SNS a technique to deliver the content to a • Trusting SNS Operators – Whatever • Privacy Monitoring for SNS users large group of people in encrypted form. management principles that can be used and cannot decrypt ciphertexts or provide Moreover. it means a Management used as encryption key. Social media platform can to enhance privacy aspects in SNS are access to previously revoked users. The CSI Communications | May 2015 | 16 www. a privacy settings encryption[15. extent their personal information may cause physical and emotional Data minimization principle restricts the could be shared among third party distress to the users. Safebook[14] also attempted to provide a the attacker creates fake identity • Level of Customization of access secure architecture for privacy preserving of the legitimate user and exploits controls and a trusted online social network using the user’s connections. Impact on Human Relationships and necessary to accomplish a specified Trust Concerns With the proliferation of SNS. They are responsible for storing. human purpose. entity A is people.csi-india. Attackers methods governed by the security policies revocation constraints. SNS operators are custodians for the it is also possible to remove access from • Social Engineering – The technique large volumes of user data available with an existing user without issuing new to persuade the users to disclose them. plays a vital role communication and relationships have purpose it was collected and preserved for for their adoption and is an active area[12] picked up a new facet. In this scheme. EASiER Therefore. individuals tend to post a message device appropriate privacy settings. SNS abuse broadcast encryption over the SNS. Two popular privacy act as the proxy. Instead consider personal data protection as SNS as there is hardly any direct contact. Although SNS a specified period only. the user’s data by using attribute-based account is deleted by the user. The SNS itself can use such a non-technical means and statutory laws. the default settings of SNS should exactly in the same way as entity A expects. it is important to assess from the SNS and unauthorized users. Due to the high susceptibility offer an effective way of socialization. SNS fact. Group key exchange[16]. For example. evaluation are as follows . certain behavior among each other • Controlling Customized search Cryptography based techniques and provide unfair ratings such as options can be used to enhance the security of exaggerated recommendations • User-friendliness in configuring SNS. FaceCloak[13] is as follows. networking channel for a specific context. an architecture proposed to protect user Evaluation Parameters privacy on a social networking site by • Online Trust and Reputation Due to the known risks associated with shielding a user’s personal information Management– Trust provides a the use of SNS. However. have the visibility on how and to what be used for Internet bullying[1] which data minimization and the data protection. SNS shall provide an interface attackers to exploit the individuals on SNS. in social networks. Data protection of research. SNS should and establish trust for an individual on interacting with family and friends. posts relevant to them. who is minimally trusted to exploit the user’s trust on SNS. The data should be used for Trust. its principle aims to protect the rights and of Internet. In some cases. users can’t trust SNS • Reporting mechanisms for spam/ in [19] presented architecture to support operators in the first place. it is very difficult to identify time on these SNS rather than directly guidelines to process the data. Broadcast encryption is employer. the information is • Tracking options on how user’s with a large number of relevant users usually available with SNS operators. These techniques include Broadcast to each other.20]. This is achieved information such as passwords data. direct threat to the user. Moreover. decision support system in SNS. It operators can retain a copy of the • Trust and Reputation management offers fine-grained access control on account data even if the original on SNS. In said to trust entity B when entity B behaves on Twitter or on Facebook.

large number of users. The not have enough attributes to decrypt maximize the benefits for the users collected information about the service the content itself. Disclaimer identity. Trust Modeling is mainly measures to avert them. An Identity and activity. customer provides • At the same time. Further. Privacy preserving data shall maximize the benefits of SNS while users of the Web. without decrypting it. Digital signatures [18] using respect the legal framework of the the encrypted content in such a way x509 certificates can further enhance trust countries they operate and cooperate that only authorized users will be in online transactions. appropriate privacy settings and Conclusion Zero knowledge protocol[18] based methods secure connection (HTTPS) to log- In this work. social status and popularity. we illustrated the potential of permit SNS users to prove a statement or on to the SNS. to feedback about the service provider. The key listing is of facts about the service providers on their need not to be re-encrypted. However. Similarly. data. using SNS a better and safer medium to interact. portal. It collects a set update their key and also content expansion of it in future. the owner first sends the address the problems of social trust with settings.9] happening on firewalls and monitoring user SNS operators. security measures include the powerful communications channel. This removes • Exploring context in the social for a user (or skillset) from the rest of the the problem of sharing the secret key with networking industry. combined with efforts from governments. information prudently. SNS shall • To share the data with selective One such case is OST [23] which tries to allow users to choose their security contacts. minimize security risks. as follows. Organizations and the sophisticated attacks [8. We also presented to third parties without relieving the actual actions on SNS while sharing their various parameters based on which social information. competitive online environment and keys with its contacts. the key is generated by the entire the best practices. W3C organized contact or attributes are changed. It provides a decision to mitigate the threats from SNS for SNS operators should create a balance by support system for online users who can’t their organization. acting Trust management schemes in SNS deployment of anti-virus software as a dynamic source for information. networking sites can be evaluated. SNS is a rapidly expanding segment in • When revocation happens on a Online auction and shopping platform. The increase in distrust over SNS is • Organizations may implement a combatting the security challenges posed primarily due to the presence of multiple multi-layered approach to tackle by social networking sites need a united avatars of some online users on SNS and the security threats such as using effort from the Users. preserving privacy of user data on SNS. Broadcast • Address the disparity between encryption methods can be combined Role of Stakeholders current implementations of SNS with Group key exchange methods[20] A realistic approach for adopting SNS and the devices or capabilities of all as well. They should • Owner encrypts the data with set of qualitative approach based on certain tailor their product to meet the attributes and shares the attribute parameters such as user’s association. Trust Metric [22] is a measure to • SNS Operators should apply security All the logos. respect confidentiality and encrypted content to the proxy. product names and trademarks depict how much a particular individual patches as soon as a threat is are owned by the respective owners and can be trusted by the relying parties in a reported and also take preventive the authors have no intention to use them CSI Communications | May 2015 | 17 . Additional risks. sellers can also Ideally. Few social networking sites group and everybody arrives at the same and the provider. both for the user rate the buyers. activities. • Preservation of privacy by following service provider. Rest users need not to challenges in SNS to allow a healthy building and propagation. EBay’s[24] Trust and reputation management only proxy has to be updated with a workshop[25] to discuss the current system is a good example to describe trust the new key. Code signing of SNS with law enforcement agencies.steps used in this scheme are. In fact. mining techniques[21] allow computations keeping risks at a possible minimum. proxy itself does • Distributed social networking. social network. social media possibly will remain as a online entity and transact. The security policies and personal information prudently to avoid any Trust management system is crucial for user guidelines should be in place identity misuse or theft. relying parties as the reputation level of the to establish a session key among the group. a trust model based on social activity and privacy of user data. They use Trust Modeling and Trust to counter the threats originated Metrics to establish trust in online user’s from SNS. Despite of the inherent on this system to reinforce their trust in an social engineering attacks. talent are responsible for building and propagating and intrusion prevention systems and customers. The outcome of W3 workshop or processing of data in encrypted form This needs a combined effort from Users. In this system. They should be aware social networking sites and determined confirm the position of confidential data of the security implications of their the associated risks. global researchers. use similar system and allow endorsement key at the end of the protocol. by using interoperable formats and provider is aggregated and notified to Group key exchange is particularly used protocols. able to decrypt the content with their applications can verify the authenticity and Future Directions set of attributes. integrity of these applications. They also should • Proxy (using its own key) will convert transactions. trust. Users should protect their SNS to steal personal data. International allow SNS operators or third parties to run • Users should protect their accounts organizations and SNS operators can make queries and establish relationships for user by strong passwords. SNS users. Information Technology. The employees enforcing adequate security measures to check the authenticity physically. Users rely should also be educated to avoid reap the best results. These techniques Organizations and SNS operators as well. Organizations and the adoption of SNS.

Lei Zhang. DOI -10. Internet [17] Privacy Preserving Data Mining. pages 177-206. Yi Fu. ACM. Urs Hengartner. pp. Key Management. Bruce Schneier. Springer. IEEE. published by Tata McGraw-Hill. Ubiquitous Computing. India. IEEE. http:// and Data Mining. http://www. Josep Domingo- Institute. ISBN-10: 0471117099 [1] The Complete guide to Social Media Conference on Knowledge Discovery [19] EASiER: Encryption based Access from the Social Media Guys. May 2009. IEEE. [21] Privacy Preserving Data Mining social_economy 0603-1 Research: Current Status and Key [3] IBM Beehive. CSI Communications | May 2015 | 18 www.pdf Micheal Decker. John Erickson. Sigrun Goluch. Autonomic [16] Securing Group Key Exchange against forum/Trust-Safety-Safe/107 and Secure Computing. The Computing. Chu.5067467 IEEE. DOI - Li. Minbo Antonio Cutillo. Pritam Gundecha. 762-772 facebook-users-on-earth-are-we.1109/CSCWD. July 2012. His research interests are in the areas of authentication technologies. Digital Fingerprinting. DOI . Hyderabad. research. Public key Cryptography and Encryption Technologies. [2] The Social Economy: Unlocking Conference on Mobile Business.387 [22] Trust Metrics. of their parent organization. Mulazzani. pp.2011. International Conference of the 7th international conference on h t t p : //w w w . DOI . Chandigarh in summer 2007. pages 249– A. DOI .24 of Cryptology.10. Dianmin Yue. In Journal views presented in this paper are authors’ 10. MTech (1992) and PhD in Computer Science (1999).1007/3. f o r b e s . Oct. 7th International ASIACCS’11. 8th International [6] https://foursquare. Markus Huber. technology_and_innovation/the_ 2009. DOI .6221890 WoWMoM. Melek Systems. Qianhong Wu. June 2012. International Symposium on [5] A Social Collaboration Platform for Preserving Online Social Network. DOI -10. Xiaodan [15] Long-Lived Broadcast Encryption. Bonti Alessio. Ravi Sankar Veerubhotla is a Research Scientist at Infosys Labs. there-yet/ [14] Safebook: A Distributed Privacy IEEE. pp.. Ravi received a PhD (2006) in Computer Science from University of Hyderabad. Fengli Liu. Control in Social Networks with www. Part III: ICCS limyunghui/2012/09/30/1-billion. Juan Conference on Embedded and [7] http://en. Yehuda Lindell. Refik Molva. DOI:   10. Jingbo anybody’s favor. http://www-01. December 2011. CompleteGuidetoSocialMedia. [8] An Analysis of Security in Social LNCS. ASIACRYPT mckinsey. and received his MSc (1990). pp.5986118 Wanlie Zhou. . pp1-3. Brisbane.1109/CSE.333-352. CISA and PMP professional. 2002. Australia He has authored the book titled PKI Concepts. Prior to that. Networks.E) degree from Panjab University. 2007. Benny Pinkas. 28-34. Yunfeng Wang. International Conference 10. she was a part of Infosys Labs at Infosys Limited. pp. Chao Hsien com/software/ucd/gallery/beehive_ Privacy on Social Networking Sites.2009. Exploiting Social Networking Sites and Communications Security report.14 Group Key Agreement.1109/DASC. Second Edition. Jing ‘00. Emmanuel [25] W3C Workshop on the Future of Social 2009. Martin (ASIACCS’08). 143-160. August 2011. 2011.2009. March 2011. Edgar Weippl.wikipedia. technologies. Privacy on a Social Networking Site. 16th International Conference on World of Wireless. Design and Deployment. Hyderabad. She received her Master of Engineering (M. August 2009. Önen.1109/ Sharing Security. data privacy. Garay. Trust. IEEE. His primary research interests include Digital Rights Management.1109/MIC.pdf for Spam. Algorithms and Source Code in C.ebay. DOI .html Wanying Luo. January 2009. He also obtained his MPhil Computational Physics (2000) and MSc Electronics (1998) degrees from the About the Authors same university. He is also a certified CISSP.10. ACM n Richa Garg is a Senior Associate at Cognizant Technology Solutions. Her primary research interests include PKI. Avishai Wool. Engineering. [9] Friend-in-the-Middle Attacks: Symposium on Information. personal and need not represent the opinion [10] Exploiting Vulnerability to Secure User [18] Applied Cryptography: Protocols. Infosys Ltd.10. Gerhard Press.1109/CTS. She is also a certificated SSCP Professional. June 2011. International 540-44598-6_21 board. DRM and Strong Authentication. CTS’09.2008. Geoffrey Barbier. LNCS 7073. Nikita Borisov.w3. December Strong Corruptions. ACM Networking. Sonia Jahid. The Indian government awarded him the post-doctorate BOYSCAST Fellowship in 2002 to research on ’Security Framework for E-Commerce’ at ISRC. 2008. understanding of various technologies. http://forums. July [20] Binding Broadcast Encryption and value and productivity through social 2008. ICCS ‘07 Proceedings [4] 1 Billion Facebook Users on Earth.1109/ICMB.thesocialmediaguys. Zhe Zhang.2009. and Oriol Farràs. SIGKDD International 1996.100 Conference on Dependable. DOI . 10. [13] FaceCloak: An Architecture for User Issues. Qi Xie.2020489 Efficient Revocation. [24] EBay Trust and Safety Discussion Liu.0 Social Networks: The Role of Bo Qin.1007/s10551-010. Prior to that he worked as a Principal consultant (Security Practice) in a multi-national company. Without any prejudice. Ashutosh Saxena is an Associate Vice President at Infosys Labs. IEEE. Journal Ferrer.2012. c o m /s i t e s / on Computational Science and Computational Science. Advances in Cryptology Crypto 2010. Mark Manulis. Prateek Mittal.1145/2020408. Leucio Collaborative Technologies and Enterprise Social Networking. key management and security assurance. 2011. the authors presented their views and Kitzler. India. He also co-authored more than 80 research papers and several patents. McKinsey Global [12] Web 2. Sonja Grabner-Kraüter. Chengyu Fan. Ming Li. References Huan of Business Ethics. Jessica Staddon. Computer http://www. content/uploads/downloads/2011/03/ [11] Location Privacy – An Overview. Mobile and [23] OST: The Transaction Based Online on Computer Supported Cooperative Multimedia Networks (WoWMoM). 826-832. Guangyu Chen. Weimin Trust Model for Social Network and File Work in Design (CSCWD). 10. 2000.csi-india.

This paper aims to identify. network. Natural disasters like Benefits of Cloud Computing Infrastructure as a Service (IaaS): floods. language execution environment.Cover Shruti Chhabra* and V S Dixit** Story *Department of Computer Science. business models for the customer to Cloud Security Issues Cloud services have to be reliable and choose from[7]: Despite of various benefits and services scalable to provide ubiquitous network Software as a Service (SaaS): Allows provided by Cloud Computing. Availability. The Computing applies pay-per-use model. etc. Agreement (SLA)[2]. Therefore. PC) having Public Cloud: The resources are data of the cloud user. combination of the private and public resources can be in the form of storage. Such kind of attack is termed CSI Communications | May 2015 | 19 . several benefits to the organizations[1]. requirement[4]. etc[5]. can access resources and services anytime Measured Services: Cloud Hybrid Cloud: Such clouds are a and anywhere as per requirement. with common interest or motive like policy pay-per-use utility model. The Physical security: Physical data for meeting various QoS parameters of platform includes operating system. organization who have authorized access can avail resources from the cloud as per Cloud Deployment Models to the data[7]. Malicious Insider: Data can be They are: software applications and virtual misused by the employees of the On-demand resources: A customer networks. Sensitive information is placed on software applications.shruts@gmail. Atma Ram Sanatan Dharma College. servers. for securing data of the customers. Cloud Computing gives the users Account Hijack: By stealing the Ubiquitous network: Resources capability to choose amongst various username and password of the account. India. University of Delhi. resources such as Servers. CSP is responsible for providing security measures to secure data by including use of cryptography and encryption algorithms to achieve data/system goals like Confidentiality. India. network. fire and theft can also damage data As per NIST. services or resources by the user and thus the private cloud and rest on public cloud. The data of all the customers are stored on the cloud. technology which provides on-demand as the requirements expand and shrink of This provides data security to the cloud resources over the Network.Cryptography is considered as the strongest tool for controlling against multiple security threats. Cloud Computing provides Provides the complete infrastructural centers[4. This raises concerns for data be used by the attacker such that only allows several users to share resources security as the malicious users can try to few are left for the cloud **Department of Computer Science. Integrity. tablet. This requires keeping track of usage of cloud. (QoS) expected by the customer and Platform as a Service (PaaS): The security threats can be due to data other details are specified in a negotiation Provides the platform to the software leakage. making the from the resource pool provided by the CSP. veersaindixit@rediffmail. Comparative Evidence of Cryptographic Based Algorithms under the Cloud Computing Environment to Ensure Data/System Security Abstract . lack of CSP agreement known as Service Level developers of the organization to build security. access it. analyze and report the evidence published in the literature (In major journals and conference proceedings) of different cryptographic security algorithms. An Organization Cloud Business Models considerations or security requirements providing Cloud Computing services is Cloud computing also offers various forms the community cloud. there are access and dynamic resource allocation to access to an application and its data several security issues related to it: the clients. University of Delhi. Cloud users the Organization[3]. arora. center without the need to install it. Internet connection on it[4]. laptop. The customers have to pay just for the maintaining transparency between both Community Cloud: Organizations services availed by them i. provided by the CSP publicly on the Denial of service: The resources can Multi-tenancy: Cloud Computing Internet. Information and data security is the primary concern for Cloud computing users. known as Cloud Service Provider (CSP). system slow. Accountability and Non Repudiation.e. centers can be attacked by intruders clients as per agreed and mentioned in database server. attacks by customers. CSP is responsible their own software applications. can be accessed via a network using any deployment models[7]: the intruders can misuse the sensitive device (mobile. users. Acharya Narendra Dev College. 5]. Introduction Elasticity: This provides flexibility of Private Cloud: The enterprises can Cloud Computing is an emerging allocation and de-allocation of resources have their dedicated cloud infrastructure. external people). The Data security: CSP are responsible The nature and Quality of Service application can be accessed via a network. according to the CSP and the cloud user. and programming (malicious internal employees and their respective SLAs.

maintaining the privacy and secrecy of the data. 7]: • Accountability: It helps to • Choose the best CSP after the careful trace the responsible party/ due-diligence. S will encode/encipher Cryptographic Types cloud. there is a need to take various The identity of the sender and security measures to maintain data receiver of the information security in the cloud. or encrypt the message and transmit it Cryptographic systems are generally • Trust should be maintained between CSP and the cloud user by applying to R. 1: Cryptography Algorithm without unauthorized modification or the loss/destruction of data/information. single key or private key is used use of cryptography and encryption P = D (C). decryption. Integrity: It ensures that the data must be transmitted over the secure channel Fig. Few of them are must be verified. they strongest tool for controlling against of encryption and decryption. the encrypted classified on the basis of three independent several security policies and process message will be decoded/deciphered dimensions for encryption[22. entities (sender or receiver) in Fig. . M. D is the decryption rule. a. algorithms[3]. primary concern for Cloud computing cipher text. These goals are: Confidentiality: It states that the data must be accessible to authorized persons only. E is the a. C. [23] encryption algorithm are: regular back-up of data and recovery The process of encrypting the a. And the encrypted message is known as users. policies should be done. Cryptosystem is the system standards and guidelines. for encryption and decryption. are stored on the cloud. Availability: It assures that the data There are certain set of rules for of keys (public key and private and information is timely available for encrypting the plain text and decrypting key) is used for encryption and use. through a transmission medium. Thus. C = E (P). The should be regularly Denial of Service attack. Cryptography b. At the receiving end. listed here [5. S. authorized users. thus. entity in case of any security • Transmission of data should be from breach. R. 16]. The services are not denied to the the cipher text known as algorithms. • Non-Repudiation: This • Data privacy should be maintained prevents denial by one of the by authorizing access. 24]: control techniques. multiple security threats. Also. The Information and data security is the plain text are rearranged to form original message is termed as plain text. 3. entities must be maintained for • Regular auditing of the security security purposes. 2: Classification of Cryptographic Algorithms • Regular training programs should be the communication of having less or developed to keep the skills of the no participation. The data of all the customers Number of keys used: The encryption Cipher text. The element is transformed to process of decrypting the encrypted another element. CSP security team updated. Cryptosystem states P = D (E (P)). message is known as Encryption. accessing the data is genuine. be used before data enters into the to a recipient. as shown in the figure[15. P. The actions of all the a secure channel. hidden writing. Some additional goals are: Cloud Security Measures • Authenticity: Authentication Cloud Computing is widely accepted by means verifying that the user several organizations all over the world. Cryptography means secret or • CSP must follow the updated policies. or decrypted to obtain the original Types of operations: The 2 principles for • CSP should make provisions for the message . These algorithms use a device called Processing of plain text: Processing of CSI Communications | May 2015 | 20 www. encryption algorithm can be classified • Data encryption techniques should Sender. Transposition: Elements of the message is known as Decryption. It is considered as the a key. Therefore. Substitution: Each plain text in case of server/system failure. Thus. CSP algorithm can use one of the two options: is responsible for providing security Therefore. wants to send a message. Asymmetric Encryption: Pair Security Goals There are some specific security goals that must be achieved to ensure secrecy of the data/system [24]. Symmetric Encryption: Only measures to secure data including encryption rule. For example.

types: transformation. Few examples of Block ciphers are Table 1 : Comparison of Block Cipher and Stream Cipher DES. Some of the the blocks are chained together. the error. E (KE. therefore. block length is generated as an output. AES [22]. time. it is Size block at a time. Here. Transformation Low: Block of several bits High: Only one character is Speed have to transform at a transformed at a time. algorithms and Asymmetric encryption or one byte is done at a time. 4: Symmetric Encryption before the encryption begins. Asymmetric Encryption cipher. information of cipher text various plain text letters symbol depends only on one plain text symbol only. making Symmetric Encryption Factor Block Cipher Stream Cipher If only one key. shift register is encrypted with a key and P = D (KD. RC4. Stream Cipher: Each bit is text is handled at a time and each block processed at a time to produce is encrypted using the same key. Encryption Algorithms Cipher Block Chaining (CBC) mode: Based on number of keys used in an Fig.plain text is done in one of the following Block Cipher Modes of Operations ways: Block cipher provides various modes of a. transmission and it is known as Asymmetric Encryption transformation of s-bits is done at a time. Cipher text depends on at a time. 10]. Block Cipher: A block of plain text is Malicious Less susceptible: Full block More Susceptible: As only one taken as an input. forming algorithms. all bits of encryption begins as a single the block must be received character is read. Fig. 3: Asymmetric Encryption Following tables summarizes the bits are replaced with s-bits of cipher text. P = D (K. is the simplest mode where b-bits of plain a. is used in algorithm Transformation Transforms one b-bits Transforms one bit at a time. for encryption and decryption. Algorithm. P)) [23] Error High: An error will affect Low: An error during transformation These algorithms are divided into two propagation the entire block during will affect only that symbol. P)) a cipher text of b-bits is produced. termed as Symmetric Encryption Algorithm. Thus. 5: Block cipher Encryption is done using the XOR of the algorithm. b-bit block. The key is also called as Diffusion High: Information of Low: As each symbol is transformed private key or single key. there will be a unique cipher text for a given key. Block Cipher: Processes n-bit operation [17. a b-bit shift register is taken and pairs and called as public key and private set to some initialization vector. therefore. These keys often come in Initially. comparison between the two ciphers [23]: This process also forms the chain. E (K. K. Usually. malicious upon the symmetric encryption insertion makes the block intruder can insert other characters algorithm and cipher text of the same size incorrect and reveals that may look authentic. so any symbol is transformed. The leftmost (most significant) s-bits of plain text are XORed with the s-bits of the current cipher text to produce new s-bits of cipher text. stream cipher. For every single output bit. whose size depends insertions is transformed. 6: Stream cipher The shift register is left shifted s-times and rightmost (least significant) Fig. block size of 64 or 128 bits is taken. examples of stream ciphers are Vigenere dependency on the previous blocks. Fig. This key [22. the encryption algorithms current plain text block and the previous are classified as Symmetric encryption Stream Cipher: Encryption of one bit cipher text block with the same key. CSI Communications | May 2015 | 21 . Cipher Feedback (CFB) mode: When separate keys are used for Helps in converting block cipher into a encryption (KE) and decryption (KD). 22]: block at a time and produces Electronic Codebook (ECB) mode: It n-bit output block.

value and encrypted using a key to produce of the final cipher text. Bryan Weeks. to produce the final cipher text. After the initial Comparisons of cryptographic algorithms cipher text. encryption algorithm accepts the cipher Encryption algorithms are classified under A counter with b-bits is initialized to some text of the previous encryption. except that the Algorithms the counter mode has increased recently. bits Encryption submitted to NIST Standard) DES (Data IBM and submitted to Jan 1977 56 bits Block of 64 bits 16 rounds Single key Encryption NIST Standard) TDES NIST 1998 3 keys of 56 bits Block of 64 bits 16 * 3 = 48 rounds Three Keys (Triple Data each Encryption Standard) Blowfish Bruce Schneier 1993 Vary from 32 to Block of 64 bits 16 Single key 448 bits Camellia Mitsubishi. Lars Knudsen bits Clefia Sony 2007 128/192/ 256 128 bits 18/22/26 Single key bits Simon Ray Beaulieu. 256 bits Clark. Jesse Walker Table 2: Comparison of Block Cipher Algorithms CSI Communications | May 2015 | 22 www. This cipher text is XORed with encryption of the shift register. NTT 2000 128/192/ 256 128 bits 18/24 Single key bits Serpent Ross Anderson. Douglas 2013 64/72/ 96/ 32/ 48/ 64/ 32/36/ 42/ 44/ Single key Shors.Stefan bits bits bits) Lucks. Jason Smith. 128/ 144/ 192/ 96/128 bits 52/ 54/68/69/72  Stefan Treatman.csi-india. The counter is incremented by 1 for shift register for next block and the same Block Cipher Algorithms the next block. Eli 1998 128/192/ 256 128 bits 32 Single key Biham. Jon Callas. There is no dependency is also used in XOR with the s-bit plain text A comparative study of the several block Founded Transformation Attribute Designers Key Size Data Size Keys Used Year Rounds AES Joan Daemen and Dec 2001 128/ 192/ 256 Block of 128 bits 10/ 12/ 14 rounds Single key (Advanced Vincent Riimen. the cipher based on that classification is given below. Niels 2008 256/ 512/ 1024 256/ 512/ 1024 72/80 (for 1024 Single key Ferguson. Mihir Bellare. Tadayoshi Kohno. instead numerous categories described above. Output Feedback (OFB) mode: This is Comparison of Various Encryption Counter (CTR) mode: The interest in quite similar to CFB mode. Louis Wingers (National Security Agency) Threefish Bruce Schneier. Doug .each cipher text block dependant on the and chaining among various cipher text. the plain text to produce to final cipher text produced is again transferred to the text. plain text and previous cipher text.

etc. Stream Cipher Algorithms Rabbit. ciphers algorithms like RC4 and Rabbit is Key Management founded year. Mette Feb 2003 128 bits 64 bits 512 bits - Vesterager. 18] . Shamir. are compared in the TDES. J. is given in the table. This requires continuous efforts to Attribute Designer(s) Founded Key Size Initial Vector Block Size Transformation Year Rounds RC4 (Rivest Ronal L. Bernstein Mar 2005 256 64-bit Nonce 512 20 and 64- bit stream position Achterbahn Berndt Gammel. key size. Comparison between various stream following table [18. Thomas Pedersen.800 - Efficient Gittinsand Howard Substitution Landman Transformation) Spritz Ronald L. Jesper Christiansen and Ove Scavenius VEST (Very Sean O’Neil. etc. DES. 19]: Cryptography is considered as the key transformation rounds and key used [8. as follows [18. Benjamin June 2005 80–256 bits 80–256 bits 256 . Kravitz 1991 • Digital Signature Standard Algorithm) • Uses two hash functions Table 4: Comparison of Asymmetric Encryption Algorithms CSI Communications | May 2015 | 23 . 12. 16. Adi Shamir. Leonard Adleman • Factoring large numbers Adleman) Diffie-Hellman Key Whitfield Diffie and Martin 1976 • Discrete logarithm problems Exchange Hellman • Provides perfect security in Transport Layer Ceilidh  Alice Silverberg and Karl Rubin 2003 • Discrete logarithm problem in algebraic torus ElGamal Encryption Taher Elgamal 1985 • Discrete logarithm problem in cyclic groups System • Hybrid cryptosystems DSA (Digital Signature David W. Public key Algorithms such as RSA. (Rivest. 10. 2014 256 . 20]: The factors presented are designers. Rainer 2006 80/128 80/128 297/351 - Göttfert and Oliver Kniffler Chacha D. 9. 896 1 N. data size. Bernstein 2008 256 64-bit Nonce 8/12/20 8/12/20 and 64- bit stream position Table 3: Comparison of Stream Cipher Algorithms Factor Designer(s) Founded Year Usage RSA Ronald Rivest. 256 bits 1 Cipher 4) 40 to 2048 bits Rabbit Martin Boesgaard. Rivest. Schuldt Salsa 20 Daniel J. Blowfish. 1978 • Used for secure data transmission. cloud.cipher encryption algorithms AES. Jacob C. Rivest 1987 Vary from . Asymmetric Encryption Algorithms technology to make data secure in the 11.

“Cloud computing and computation time is required to encrypt Cloud computing is being adopted by emerging IT platforms: Vision. the perspective of the cloud computing the world. They are used can help us in understanding the true also present. Also more Conclusion Ivona Brandic. publications/nistpubs/800-145/ are to be considered for the data security. If the seal is found based security algorithms on certain the plain text. short key various organizations over worldwide. Founded Message Transformation Factor Designer(s) Block Size Word Size Security Year Digest Size Rounds MD-2 1989 128 128 32 864 64 MD-4 1990 128 512 32 48 64 Ronal Rivest MD-5 1992 128 512 32 64 64 160/224/256/ 80/96/104/ 80/112/128/ MD-6 2008 512 64/32/8 384/512 136/168 192/256 SHA-1 1995 160 512 32 80 80 SHA-224 2004 224 512 32 64 112 SHA-256 2002 National Institute 256 512 32 64 128 of Standards and SHA-384 2002 Technology 384 512 80 80 192 SHA-512 2002 512 512 80 80 256 224/256/ 1152/1088/ 112/128/ SHA-3 2008 64 24 384/512 832/576 192/256 Vincent Rijmen. functions are summarized in the table [18. 21]. http://csrc. Cryptography is a Encryption involves converting generation. technology having different encryption plain text to cipher text which replacement and use of keys. Keys used in the available such as Message Digest (MD) References cryptography needs to be secret for each and Secure Hash Algorithms (SHA). MD-4. Power Consumption: Processors Hash function helps to maintain integrity to their requirements. algorithms under different categories. Whirlpool 2000 512 512 8 10 256 Paulo Barreto Ross Anderson. User can choose the best one according Hash Functions b.nist. requires more power consumption. in Message Authentication Codes (MAC). MD-5. SHA-1. To provide overheads associated with it [3. Comparison between the hash [2] Rajkumar Buyya. number of keys. SHA-224. This also involves and can be attacked by the intruder. SHA-256. it will characteristics. We have studied consume more power in of the data. to be broken at the receiving end. James Broberg. assignment. and decrypt the data. It provides a seal/ shield to the and compared several cryptographic generating keys and encrypting data before transmission. Srikumar Venugopal. CSP should make adequate data security. Hash function can be a checksum. Whereas. Therefore. Data security is the primary . Eli Tiger 1996 128/192/160 512 64 24 192 Biham Table 5: Comparison of Various Hash Functions generate keys. generating more heat. cryptography a.csi-india. faced by the users is of security. strengths and limitations of the Cloud Computing services are used Digital Signatures and many information cryptographic security algorithms from by several organizations and users all over security applications [22]. there are bandwidth is used by the clients the file. their length. Transformation Speed: provisions to provide security in can be implemented. significant other characteristics which as additional bits of the keys are index data in hash table. hype. Less Bandwidth: Limited state that something has been changed in characteristics were examined. [1] The The NIST definition of Cloud and every user. etc. Chee Shin Yeoa. SHA-384 and SP800-145. Though only few c. 13]: Therefore. major concern over the network. encrypt data and transmit length and short data sizes are insecure Inspite of several benefits. potential. Various versions of hash functions have Computing. There are many hash functions goal of CSP and the user. generation and transportation been published like MD-2.pdf Longer key length and data size SHA-512. causes delay in time. and reality for delivering computing CSI Communications | May 2015 | 24 www.

DES Cryptographic Algorithm”. International Journal of Engineering Cloud Computing”. Comparison between AES and [15] K S Suresh. Journal of Emerging Technologies in Mohamed Hadhoud. [22] Cryptography and Network Security. Applications (IJERA) ISSN: 2248. Himani Agrawal. o r g /w i k i / (2013). “Cloud Computing: Security Issues Secured Data Communication in [19] Ronald L Rivest. [4] Qi Zhang. Algorithms”. 2010. V S Dixit. 4th Edition {Pearson} Cloud Computing”. Journal of Advanced Research in {Pearson} December 2012. International Security in Computing. Anderson Fonseka · (IJETCAS). International Journal of May 2010. October 27. Computing Security Algorithm”. and Raman Maini. Fifth Edition. Sachdeva. 2013. Simulation Based Performance Internet Services and Applications. “The MD6 hash Security”. “A Study of Encryption Computing Using Encryption Algorithms AES. “Analysis and 9622. 2014. Nagesh Kumar.Network Security. International “Spritz|a spongy RC4-like stream [7] Shruti Chhabra. “Security Threats and Journal of Computer Science and Engineering. Manoj Jhuria Engineering.w i k i p e d i a . “Cloud Journal of Engineering and cipher and hash function”. “A systematic [11] Rachna Jain. International Vinicius Cardoso Garcia. M L Singh. and Research Challenges” (2011). Security Issues” (2015). Monisha Sharma. 4th Edition and Innovative Technology (IJEIT). of Engineering Research and function A proposal to NIST for SHA- [9] Shraddha Soni. Suresh Chandra Satapathy. Essentials Applications and Cryptographic Algorithms for [16] Diaa Salama Abd Elminaam. Encryption Algorithms”. Jose Fernando Computational and Applied Sciences The Performance of Symmetric S Carvalho. Solutions in Cloud Computing” Communication. Issues and Security Algorithms in [23] Charles P Pfleeger. 2011. Research in Computer Science [17] Jawahar Thakur. Oct [24] William Stallings. [6] Rabi Prasad Padhy. [8] Prerna Mahajan & Abhishek “Secure User Data in Cloud “Torus-Based Cryptography”. P K Bansal. K V Prasad. Springer Science+Business Media International Journal of Advanced New York 2014. December 2011. 2012. DES and RSA for Algorithms”. Anshu Parashar. [20] Karl Rubin and Alice Silverberg. ISSN: “DES. “Cloud Journal of . Lu Cheng. Computer Science and Software [10] Rashmi Nigoti. Algorithms and Techniques for April 2015. and Software Engineering. Key Cryptography Algorithms and research challenges”. AES and Blowfish: Symmetric “Cloud computing: state-of-the-art 2277128X. Raouf Boutaba. Hatem Standards. International Mohamed Abdual Kader. “Evaluating [3] Frederico Durao. Ankur Aggarwal. “Security William Stallings. Journal of [12] Simar Preet Singh. October Computing: State of the Art and Technology. Patra. “A Survey of 2012. 3”. International Emerging Technology and Advanced [5] Hamm Eken. May review on cloud computing”. Multinode Network”. S L Pfleeger. 27. [14] Rachna Arora. 2014. Jacob C N Schuldt. 2008. Network Security Shailendra Singh. [18] h t t p : //e n . “Comparison of Data Encryption Analysis”. [13] Ajay Kakkar. and Mohiy n CSI Communications | May 2015 | 25 . 2013. Manas Ranjan “Comparison of Various Encryption Category:Cryptographic_algorithms. ISSN: 2277 128X. International Journal [21] Ronald L Rivest. as the 5th utility”(2009).

Smartphone generating effective solutions. the strong potential risks of wilfully disclosing their actors. issues therein? When posting information amount of information about any single stay in touch. recommendations for public policy. This kind of unexpected behaviours. Just lies in these numbers and database of and parties increasingly engaging over like spams affecting email. reconnect with old friends to a social network. a user probably individual. for people with wrong intentions to use interaction and revolutionised the way The type of social media that is the most social engineering methods to gain access humans communicate. users of which 798 million are mobile utilised the advantage of social media there has been increased reports of daily active users. 27 billion messages sent each day. privacy. The size and reach of media is visible in India also. Security professionals have presence of social media has created a own information to public domain. With CSI Communications | May 2015 | 26 www.csi-india. Political parties started find a place to creep in. wikis. Twitter. different organisations to improve visibility out to people without any geographical becomes a breeding ground for these and knowledge sharing with customers differentiation of urban and rural. our digital dependency level is increasing at a fast pace. information. to developing and testing combination of WhatsApp and Facebook Facebook[1] has become part of life. but the smartphone has privacy issues associated with social Facebook with acquisition of popular become responsible for revolutionising media at the level of the individual. Social Though they have become a part platform to get connected to potential life has migrated to online communities. The networked nature of social This platform has got into the social stopped and wondered about the privacy media makes available a substantial space helping people to get connected. Whatsapp and Instagram became a how the information is collected and the enterprise and society. It aims at multidisciplinary online conglomerate distributed to the masses. Many third party Facebook are increasingly used by understanding the new way of reaching applications. Being top in the information is posted. corruption. CEO. on social information they hold. social individuals to construct a public or profile.Cover Mini Ulanat* and K Poulose Jacob** Story *Systems Manager of Cochin University of Science & Technology **Pro-Vice-Chancellor of Cochin University of Science & Technology Privacy Security Settings – Challenges of Social Media Abstract: With social media proliferated and affecting our day to day life. WhatsApp focused on instant affordable and the wireless networks more and informed consent. Can we think of a day without checking our and establishing communication without any frills ubiquitous and faster can be attributed as corporate guidelines for protecting became hit among common masses. European Commission’s interconnected world. We saw candidates malware attacks through this site. users forget the control over the privacy of the information published. will allow us to connect many more people influencing our day to day activities and The reach and impact of this digital round the world. The more medium has found a new way of sharing Twitter and Whatsapp. have we victims.44 poverty and economy including the latest Though Facebook has active security billion monthly active users as on March debate on “Net neutrality”. the more the and extracting information. from built on the massive success of Facebook. This indiscriminately posted and also it has permitted creation of expects authorized contacts to be able to information gets collected and analysed new friendships. this article primarily focus on security and privacy of the individual is at become a new community space to Facebook. penetration which made devices providing users with technical safeguards com. Social networking sites information that gets posted on social this medium? Social media today has facilitate collaborating. In the rush to be live in the connected world. scammers and spammers always technologies like blogs. like never before. Newsroom[2] confirms that there are 1. Facebook and project on Privacy Challenges in Social Facebook acquired and created other social networks are used to share Media[3] is an ongoing project exploring various new apps over the past years. which interact with users. India which is monitoring with the site actively scanning 31. The social media Facebook.’ according to Marc decision . This participatory used in India are sites like Facebook. This is to look beyond defending its network new community culture. The value of Facebook in 2014 elections. status or reading what is new happening without any financial commitments for This volume of users and the in the life of our family and friends through organisation. Criminals are increasingly using this interact with friends and relatives. of the rhythm of our daily life. These technologies have a place in both the traditional and digital organisations in the new ecosystem of grown in leaps and bounds during the marketplace. content. Social media Zuckerberg . 2015 and 936 million daily active conventionally an orthodox society. This article hints at some of the Facebook threats and precautions that would help to avoid becoming victim of cyber crime. to the accounts of individuals. twitter. identity thieves. risk. has for malware and offering security options. Social media is a has also democratized the tools of self organizations who are seeking to secure growing challenge posing new risks for expression. Messages on social media trend is only expected to increase over the messages on Whatsapp? Updating our can reach massive audience organically coming years. and state people joining the bandwagon. Little are the users aware of the by marketers. The Facebook or sensitive issues like politics. last few years. twitter and similar like forums media. sharing that allow media sites has opened a new avenue integrated technology. WhatsApp is actually Facebook speaks about the acceptability is promoting a lot of discussions on critical the world’s most popular messaging with and adoption rate. This has user base. ‘The the most influential factor for this change. Social media relevant market information gathered for and infrastructure. With more and more view it.

it can also expose your sends the logged data to phishers as system was compromised. When clicked. The virus infects the totally different from user’s to click the link which points to a fake computer and hijacks your expectations. Facebook is a the victim’s computer is installed and display.s e e .such a large userbase.a b o u t - propagate further and more quickly. There is of phishing attacks in 2014. the link would is on why user sees the ads two options to activate the fake app. simply stating “lol” and in web pages forces users to “like. that boasted it could enable users to was specialised in stealing bank b. Kaspersky Lab’s statistics by clicking the links. The then spreading to his or her contacts. W h a t . “LOL” Virus – The “Lol” virus the examples of attacks[4]. Exclusive content etc. If opened.[5] on the social a link promising naked videos of spreads through Facebook’s media sites we usually use. You may hide your Without realising that. If you click “install”. the target for scams. A typical It was able to collect login details also a provision for reactivating example of this attack was an app through key logins. This drive includes continue”. a malware is planted the standard message “Log in to itself to your network of friends. : This helps user to manage how app promised Facebook users the b. This helps the user to while the second option asked users video hosted as the name of control whose post appears on to download and install software in your Facebook friend as stated their newsfeeds. popular technique for accessing and misuse their account.” accounts registered by the friends of with an attachment. user and content. the persons whom the to offer the said video. This personal information far beyond your soon as an Internet connection was bot could install malicious apps group of friends. Koobface –In 2009. This helps the a friend. aftermath! available to secure their account. This credentials of the user. When the user clicks Facebook login page that contains Facebook account and spreads a malicious link. where the Trojan social network from compromised friends. discusses a set of tools Latest news. users are more likely a. They have divided the tagging property of Facebook users in Since it appears to come from a privacy basics into four subdivisions: the spammy links helps the scam to trusted contact. order to receive notifications when in the website. friends list from general public the credentials and is into serious a. if the user is not careful. If users are not careful Facebook in its Facebook Privacy some key words like “Breaking News”. users key in ads. Once in the video d. It would be instructive to look at some of Another badly affected one was c. A site. onto the system. Mostly these phishing chat function. to fall prey to it. Users are prompted Dropbox. Curious. and the attack is planned as the Facebook wide range of malicious programs ways to recognize and avoid attempts to user is tagged in a post made by installed on a user’s computer compromise the account. take you to YouTube or another popping up. This Trojan a dormant account. you can deactivate Facebook accounted for nearly 22% files. In some cases. Phishing attacks: This is the most malwares can impersonate users setting for Facebook users. which is in infecting the computer of a user and user wants to share with and also who fact a malware-ridden website. these you/posts? : This is a priority 2. With the limitation that trouble. Clicking the link leads to without their explicit consent. Zeus – a Trojan that was spread also. and enter their credentials. the site spoofed the appearance of video” with a link to watch. Malwares: Malware describes a keep your information secure. Also the This helps you to choose who sensitive information. message containing a question like triggers the download of a Java Users are tricked and driven into “Is that you in this photo?” and a link file containing malware from clicking a link which does something to the “photo”. This user to control the information the user an external webpage that appears spread quickly on a social network. stole personal information. A short personal they click the attachment which Facebook without their knowledge. How Others Interact With You? ‘guess who viewed your profile’. or delete the account. How-to-keep-your-account- someone viewed their profile. at a later stage too. a message says an update secure? This covers the most malware that set up a keylogger on of flash is needed for video important aspects a user CSI Communications | May 2015 | 27 . the machine with endless pop-up have made. The user has The first option asked users to enter trustworthy website which minimal control over this their credentials into the fake website seemed to have a legitimate setting. can share with you. struck social networking sites. is the c. “share” or “comment” on pages in the potential victim.o t h e r s . This some of your activity will still reveal that fake sites imitating malware scanned all personal be visible. Users receive 1. their friends. wishes to share. This includes which installed malware to spy on A message from friend with a untagging as well as unfriending their web browsing. detected. What-you-see?: This section Facebook’s login page and offered start. guess the Basics[6]. LikeJacking Attacks : This is a click messages are sent within the a message from one of their jacking attack . it exclusively other people’s activity affect the ability to see who viewed their profile. Fake web pages attackers install some form of adware sees your post. The 3. who sees the masquerading as legitimate ones on your computer which bombards tags or delete the posts you force users to key in their credentials. sentence “you look funny in this or blocking someone. to which attract the user attention.

when a login is attempted from The virus affecting pattern is highly [2] “Facebook Newsroom. Available: http:// software spreading through it.php?id=2935. [Accessed 04 04 attacks. [Accessed 15 04 2015]. several edited / are found malicious. approval with a security code. The official Facebook Fellow. because it is That Can Infect Your PC. K Poulose Jacob is an active researcher and has published more than 100 publications in refereed journals. Available: www. any aware at all times. UK. Ulanat is the reciepient of Chevening TCS Cyber Security fellowship and is undergoing training on Cyber Security and Information Assurance at UK Defence Academy. “European Users should not click or share report any vulnerability discovered on the Commission : CORDIS : Projects but report if anything that looks website by financially compensating for it.” [Online]. extend it to the [6] “Facebook Privacy” [Online]. and Director of the School of Computer Science Studies prior to this. strategies and five-facebook-threats-can-infect-pc- virus service and more user awareness.facebook. really secure. A login approval for new exploits and immediately notifies References with a code sent to the registered users through the security pages. we en. Social media is here attacks. CSI Cochin Chapter. CSI Cochin Chapter. Australia and other countries. Available: options to blocking and remove links which be implemented in the already existing http://www.makeuseof. He has given several invited talks at various conferences in Europe. phone or browser. [Accessed 15 04 to get people to click on infected links and make the employees aware of the 2015]. USA. “Five Facebook Threats with click-bait the user has not used /malware_ attackers have used social engineering organisation need to put in policy of usage news. Cranfield Attracted by the volumes that space. there is an are committed to building this Better [4] “Top Facebook scams and malware increasing number of scams and malicious Connected World. facebook. The www. and Results : Addressing Privacy suspicious or sounds too good The Digital and Network technologies Challenges in Social Media. Prof.csi-india. Millions [1] Facebook [Online] . [Accessed 15 04 2015]. K Poulose Jacob is the Pro-Vice-Chancellor of Cochin University of Science & Technology. Phishing has taken us from the industrial era to the European mobile number would appear. attempts should be spotted and information era. He was Professor of Computer Science at Cochin University of Science and Technology since 1994. program which encourages the user to [3] E Commission. With the new anti. She was the National Student Coordinator of CSI for 2013-2015. Facebook has challenges for organisations. the users of Facebook and other social Authors wish to acknowledge the inputs of n Mini Ulanat. attacks to a minimum level. • The word Netizen was coined by Michael Hauben • Netizen is someone who spends considerable time online • 5P mantra for Netizens for online security is (a) Precaution (b) Prevention (c) Protection (d) Preservation • (e) Perseverance • For cybersafety remember "Stranger is Danger" • Report every cybercrime. should know regarding secure media sites to be vigilant and situationally Ms.html.. And How been trying its best through the feedback a new communication tool that needs to They Work.2014 towards the compilation of changes made and to make it security team is constantly on the lookout this article. created cyberspace which is never a secure europa. Systems Manager of Cochin University of Science & Technology is a senior Life Member CSI and Chapter Patron. Be work/. spreading through friends’ news feeds policies as the use of social media brings [5] K Kimachia.” [Online]. Deepika Suri. Dr. it is the responsibility of Acknowledgement 2015]. conference proceedings. alerts of logins. He is senior Life Member About the Authors CSI and Chapter Patron. the daily activities of the organisation.” [Online]. Hence. Ms. TCS-Cyber Chevening passwords. of malware. 2012. A high level of carelessness society and make cyberworld a safe and Available: https://www. Facebook has engendered. alerted. As an interconnected society. on the part of users attracts most of the secure place to digitally coexist. The to stay and become more powerful. polymorphic. of people have fallen for Facebook scams. many of the company-info/. com/about/basics. This information era [Online]. UK. that comes to your knowledge CSI Communications | May 2015 | 28 www.” to be true is found. communication goals. social network hopes to reduce the spread a responsible netizen. To curb and bring down the Available: http://newsroom. Available: http://cordis. [Accessed 15 04 Facebook notifies and asks user organisations has a security bug bounty 2015 ]. a computer.

anthropology. Ethical Practices and Cyber Laws as Prelude to Cybersecurity The 20th century saw evolving of Propagating Moral Values and Ethical justice to each of the stake holder/s. it the right way. categorized as right or wrong. ideal code of moral administration. Practices in Organisations Being ethical implies conformity modern techniques of industrial Moral implies conformity with the with an elaborated.Cover D G Jha Story Professor and Area Chairperson . Ethically responsible use of communication over network gets professional matters. Moral Standards: A criterion IT infrastructure – hardware. computerizing a politics etc. controlling. radar. It deals • aims at creating norms for providing be to communicate to all the stakeholders with consortium of bodies. Vidyavihar. working different perspective depending upon the determination of what’s right or wrong conditions and crimes that use of IT has varieties of discipline and subjects such with the action or activity and then doing on business and society[1]. shrinking right or wrong. organization and generally accepted standards of goodness principles that is used to describe practices that aimed at attaining higher or rightness in conduct or character. duty. Communication can assume Immanuel Kant (1724 -1804). scientific management methodologies. have the beneficial result of improving communication over computer network. Kantianism is an ethic of For instance. denying access to the unauthorized user with malicious intention. Mumbai Importance of Morality. diode (Sir John Ambrose Fleming) – our learning experiences. Moral Judgments: Statement/s Responsibility of a digital firm is to meanings between individuals through a about the rightness or wrongness of promote ethical uses of informational common system of symbols.. as architecture. maintenance. Moral responsibility. Fig. new world of computer technology. increase in production Morals are those principles and values and behave within and outside the capacity. • generates respect for individuals working conditions and producing With respect to computing world. cathode ray tube of television religions. computers. cation devices). They are part of who we that can be classified as Ethical and notable developments in the field of are and our unique personality. and friends and by in the field of management (activities set. According to Kant . Vidyanagar. ethical practices and cyber laws are three important guiding parameters that a digital firm needs to look into before deciding and Fig. evolving technologies. professionals are of circuit sizes and instantaneous 2. software.e. The subsequent development in field components: upkeep and repairs of component of of electronic engineering created a 1. It deals with individuality. places. teachers. procuring. triode (Lee Dee Forest foundations or framework for our moral forecasting and budgeting) and infor- – 1906) that led to broadcasting of actions. effect of eliminating people’s jobs but also environment that facilitates • principles are based on moral values.Ethics [3]: manufacturing process may have adverse Cyberspace refers to a notional • is the basis for life. used as rectifier.IT. privacy. definition.[3] mation  technology (tasks such as live-voice across Europe and America. privacy. networks and telecommuni- remote controlled devices. processes and practices aimed at protecting networks. conduct efficiency. Moral Principles: Actions or activities expected to understand the importance communication. the electronic we learn them from parents. and information technology in this case would extended as cybersecurity. damage or unrecognized access i. psychology. health. Programme Coordinator – MCA: K J Somaiya Institute of Management Studies and Research. Natural fallout term communication using one single and coined by German philosopher being impact on employment. The to the system. of moral values and ethical practices. All these lay such as planning. organizing. enhancing firms’ positioning that have internalized automatic response organisation. We make Unethical[3]: communication due to the introduction moral decision without much thought Importance of Ethical Practices to of devices such as thermionic valves because they are based on the principles Secure use of Information Technology in (Thomas Alva Edison) – used in electron and values we believe in most deeply. (parameter) used to decide what is storages. how people perform. programs and data from attack. Business microscope. 1: Ethical and Unethical actions framing policy for cyber security. operate. 1 describes actions and greater profitability. technology within and across the to comprehend the entire meaning of the Ethics as a term was first invented organizational boundaries. Apart from having sound knowledge computer. CSI Communications | May 2015 | 33 . Moral theory is made up of three scheduling. Communication is the exchange of 3. and therefore the opinion of his/ products of higher qualities with a the term security needed for safe her is considered and preferred in reduced cost. It is difficult particular actions.

2. He categorized ethical issues into four groups as exhibited in table 1. 4. The newer programs such as intelligent agents .the software that assist people and act on their behalf and software robots . work activities and electronic email. Essentials of Business Ethics (New York Meridian. “Defending Corporate Ethics. 5. shopping carts management. and act as interactive assistants for computer interfaces. Electronic access to employees’ personal records and/or workstation files. technology and the ways it can optimize society. Along with the expertise in the task. Selling of customer information extracted from transaction processing systems to other companies. and will continue to play a very large role on the web. 1990. This increases the complexity of computer systems and software. bargain determiner and bots (short cuts for software robots)[2]. • Ensuring privacy and secrecy of data. up especially in a digital firm are[1]: The diversity of IT applications • Data confidentiality.csi-india. They play an integral role in the function of search engines. (Source: Adapted from The Conference Board. 1. Using work computers (office nodes) for personal and private business activities. p 18. An attempt to identify. the organisations across the globe are attempting to resolve. Electronic monitoring of employees and increased use of technology have • Prevention of . e-commerce portals. Basic grouping of business processes leading to ethical issues are (indicative list): Table 1: Grouping of Ethical issues Rapid changes in information CSI Communications | May 2015 | 34 www. testing and maintenance. development.are increasingly being used to deal with vast amount of information available on the Internet. p383) set. resulted in many ethical issues that • Promotion of data-integrity (accuracy.” in Peter implementation. Since such agents are frequently used to find or filter information for a user. design.) cited in Each of these tasks requires certain skill O’Brien. identify patterns and trends from a very large amount of data (data mining). These agents came into existence with the development of the Internet and the World Wide Web (WWW). Madsen & Jay Shafritz. 3. Using of company’s software for personal use. ethics too is needed to be followed by – those bringing in the change and those technology have made dramatic changes computer professionals in order to help impacted by it – about detrimental effects in the very structure and characteristics maintain standards and therefore improve of business applications of information of human life making it information driven organisations brand image. 2004. organize and classify these issues into a framework was undertaken by Mason in 1986[3]. the responsibilities beneficial effects society has improved and matured which in include: Some of the very ethical issues that creep turn provides better standards of human life. The social and judicial structure of As a professional. Task typically associated with computer professionals are analysis. specifications.

education. common sense. Feb 21. These amongst • Prevent unethical and illegal use of • the unauthorized use. • Educate the users about the the internet and other networks. 2000. Business Week. understanding • Facilitate the fair use of computer Computer crime as defined by AITP of the existing law/s.aitp. • denying an end user access the resources for everyone. • Working Knowledge. reliability and completeness). privacy. quality and • Appropriate clause of applicable information. 2000. • Promote effective use of resources.40. software hardware/software and network communication. “Cyber crime”.https://www. social responsibility. p. division communication facilities • the unauthorized release of of labor. Ira et al. privacy and ensuring equal access to resources. other users use and vulnerability of computers and • Facilitate data-inspection. honesty. decency to protect • Minimize the misuse of computer software. facility (Association of Information Technology Code of ethics defines norms and • Reduce (if not eliminate) the Professionals . cited in O’Brien. CSI Communications | May 2015 | 35 . p385). of many include fair treatment. access. discipline. These guidelines are based laws and copyright protection • the unauthorized copy and piracy of on. system integrity. resources that lawfully belongs to Cyber (Computer) Crime Every organisation is expected to him or her The cyber criminals are the individuals provide ethical guidelines (outlining the or the group of individuals with intention • using or conspiring to use IT resources policy statement/s) that would: of taking advantage of the widespread to illegally obtain information or • Cultivate the respect for privacy of tangible property. Table 2: Common hacking techniques (Source: Adapted from Sager. Cyber • Achieve utmost quality of services. importance of not sharing the crime is becoming one of the Net’s growth • Creation of efficient product account and password businesses[1]. principles to be followed and it is a way unauthorized access of data includes: of setting standards. cooperative.

communication and storage of Business ethics are moral principles that [3] Murthy. The date of publication shall be communication (referred to as electronic [2] Leon. and Sobig have to do refers to authentication of any is ethical to one person or in one country with quality and information technology? electronic record by a subscriber may not be so in another. Business Ethics: information.csi-india.” provides the importance of the References attribution. Table 2. A & Leon. deemed to be the date of the gazette commerce) also: Introduction to Information Systems. 2004. The fact users around the world is lost productivity records refers to filing of any form that an action is legally permissible does due to computer viruses and spam – or application (on line/or in any not mean that it is morally and ethically unsolicited e-mail sent to multiple mailing other electronic form) in a particular permissible. to paper-based methods of Conclusions Ltd. India): (paper or electronic). Mumbai: Himalaya • facilitate electronic filing of of business.. He is a Ph. 2007. by the public interest groups. individuals or newsgroups. Legal provisions make lists. as well as an individual’s 4th ed. Data Interchange (EDI) and by electronic Limited. Noida (Uttar Pradesh. or any other matters 3) carried out by means of Electronic McGraw-Hill Publishing Company published in the electronic gazette. computer viruses (hacking) have caused and individuals should be careful Ethical issues are important because they across the globe (see table 2) and the while sending e-mails. IT acts covers the following areas: organisations. involves the use of alternatives McGraw-Hill Education (India) Pvt. K. Table 3: Attribution. can damage the image of an organisation. of the total e-mail volume worldwide.IT at K J Somaiya Institute of Management Studies and Research. define right or wrong behavior in the world Text & Cases. the organisation.e. He has over 25 years of experience and has authored a text book in the area of computing concepts and Management Information System. What constitutes right or Publishing House. order. n About the Author Prof (Dr) D G Jha is currently working as Professor and Area Chairperson .org .4. acknowledgement and Information Technology Act of India [1] Brien. 2009. CSV.6th Schwalbe[4] produces the media basis for launching litigation in a need to deal with the ethical issues of snapshot indicating the menace the court of law. customers and suppliers. Spam manner with any office or appropriate working for computer professionals. which was first published in any form • encourages paper-less office i. Information agencies. therefore companies their employees. 2008.D from University of Information anecdote is “What do Melisa. Law indicates They are all the names of the recent computer with the help of an electronic method the rule and regulations to be obeyed in viruses that have cost companies million of or procedure. Management dispatch of electronic records 2000 (IT Act): Some Preliminary Facts Information Systems: Managing • Electronic Gazette: Publication of IT Act 2000 apart from providing legal Information Technology in the Business rules. J A. A quality issue faced by computer • Electronic records: Electronic all the employees to follow it. users currently accounts for more than 70 percent government department. documents with the government wrong behavior in business is determined [4] Schwalbe. acknowledgement and dispatch of electronic records (Source: Information Technology Act. New Delhi: Tata notifications. Available at http://www. It makes it binding on dollars. Anna • Digital Signature: Digital signature What makes ethics difficult is that what Kournikovo.. and HRIS. Haryana: Thomson Course • E-mail: E-mails could become the personal morals and values organizations Technology. bye-law recognition for transactions (see Table Enterprise. regulations. 2000.4 and society easier. M. and business Technology: Project Management. Code Red. DBMS. His area of interests are computing concepts. He is also the programme coordinator of MCA. CSI Communications | May 2015 | 36 www.

(LXC) is an  operating system level As Information Technology (IT) industry It doesn’t really matter from business virtualization  technique to run multiple is getting matured more and more in the perspective whether it needs full-blown isolated Linux systems we call it cloud computing environment. It provides a virtual enterprise has shifted their paradigm of without having additional overhead or environment that has its own process and application hosted into cloud platform. which are eye catchers for CIOs and CXOs with stack of middleware loaded in it The most common cloud platform of the business enterprise: to deploy or support their business is based on virtualization or a bare metal application into the cloud platform. space where an application can be hosted. “virtualization” an application so that it can be supported Containers are lightweight virtual • Flexibility by a right Operating system into the machines (VMs) which are realized using  . Single or multiple applications. 2. management cost. Application Workload Optimization and Front Cloud Migration Competency. In today’s cloud platform. network allocation other similar OS who supports Our traditional computing platform for etc. However. the contained within the operating system. this is applicable more for its customer. Deploying needs a space which can be self bare metal runtime which is mostly an application into a cloud platform.e. set of hardware or computing device associated support & license costs. However. Now from business perspective. Platform as a Service Windows OS with Microsoft Hyper-V or Cloud Platform (PaaS) and Software as a Service (SaaS). Some of the highlights shown below is application containerization. Operating system.Containerize a “system” cloud platform. managing a VM needs large Figure A overhead such as computing power. What most of us really want is just a way to make the application up and running. most of the service provider runs multiple virtualized machines (VM) on a set of hardware that supports industry leading hypervisors which are capable of hosting multiple VMs. Today’s Operational Challenge The reason for this is that most Cloud hosting is based on virtualization or bare metal servers. business needs a deployment So in Linux world. VMs without the hypervisor. Today’s advance technology of an Solaris container in case Oracle OS. cloud supported platform i. Today’s IT scenarios of Cloud computing Similar principle of application Technology Solution to Support is broadly categories in Infrastructure as containerization works in case of Next Generation Virtualization in a Service (IaaS). IBM India **Lead Architect. running a business application is to have management overhead for supporting Microsoft Hyper-V features of an Operating System (OS) hosted in a this peripheral components and their Windows 2008 and 2012. if we think from features provided by a modern Linux  . Research Biswajit Mohapatra* and Debasis Roy Choudhuri** *Competency Head. LinuX Containers peripheral accessories in a data center. All we need is a mechanism to deploy and manage the application into the cloud platform.g. they run Operating Systems. there are quite a few emerging So net-net Containers are going to be Operating System (OS) does support a cloud services came up into the limelight next generation virtualization in the cloud building block where business doesn’t of cloud computing arena and one of them really need to buy an entire OS platform era. One Agility to run in cloud: servers with additional support service of the most industry recognized pattern • Provision of application space into wrapping around the virtualization or is the Linux X container.Containerize “application(s)” the enterprise business point of view. kernel. Technologists spend significant can run an OS that hosts containers with • VM-like agility – it’s still time to determine the right platform for applications. Neither of these technologies run applications. Australia Do You Need an Operating System to Run an Application Introduction memory. the most of important part is the containerization e. a service provider provided. Linux Operating Systems or (JeOS). supported by a network and other However. Financial and Mining Organization. It’s based on cloud in seconds / milliseconds bare metal to support client’s cloud the container concept where application • Application performance is near platform for a cloud consumer. storage. offered today by the cloud service first question comes into the mind is the In a container model. • Lightweight operating system is not the business or Application Containerization of:  . Modernization. network space. CSI Communications | May 2015 | 33 . most of OS or a container which is capable containers on a single host or Operating the of large scale organization or business supporting the business application system Instance (OSI).Just enough Operating System application service requirement to support 1. Solaris. Global Specialized Application Modernization.

requirement of the deliver and manage applications in the operating platform IBM Cloud environment in association and its underlying with other IBM tools and technologies. Solaris Zones. Linux is deploying such disk images is a time the operational cost not only from definitely a preferred operating platform consuming work and many in instances. large ecosystem. which may have looked hypervisor. service management IBM Container supported by Docker and and network OpenStack VM. So container programmable interface (API) and can be leveraged set of files to manage the application CSI Communications | May 2015 | 34 www. creating. (B) represents Open which are same across multiple VMs. virtualization As we discussed the implementation modifies an existing view here. (C) shows BlueMix which is a next generation cloud standard technology platform meets the the demand for standardize environment. deploy. Google claims that they run is the additional guest OS layer and the standardize the client application and everything in their environment in the management overhead to manage the database to run into a homogenous containers. updating. and for a client organization to reduce the current technology trend.g. Docker in the cloud space for lower cost of barring application binaries and data. and docker so that client can take an For example. it’s good to compare the OS to provide an difference also between container extra isolation level. the to choose a similar operating platform IaaS environment however.e. consistent performance which is a costly affair in the cloud packaging application into a virtual and reliability. This way it can provide similar of Linux Platform a deeper look on the implementation side separation of duties and requirement • For LXC. adding new access Here Fig. different distributions of Linux who a container-based support Docker. some of them VMs generally access storage through in order to take vantage of Docker or of them have switched back to VMs to emulated block devices that is nothing container concept and this type of get more consistent performance when but an image files. (D) shows that docker control checks is just additional layer abstraction with to every system an available client interface.g. Red hat Linux or Ubuntu or provider compared to traditional virtual when sharing data between guest SuSE etc. VM with respect to of application while saving the storage modern Linux kernel application deployment. its supported with OOTB of the container vs. adding appropriate judgment to choose the a container ID to right deployment pattern based on their every process and application requirement. If we look into management.Minimal per container penalty of the client application deployment in addition to the user and group • Open source – free – lower TCO in case model into the cloud platform. wide hardware This is also a wastage of storage space which supports a mechanism for vendor support. Here the key difference container concept in the cloud is to domain. LXC features requires to adopt standardization as additional level of access control  . we look into the broader Container (LxC). environments based on Cloud Foundry. containers. Now for day-to-day standardization is anyway welcome it operates in a large scale. easy to develop. Implementing container operation. it can be very well Implementation and Best Practices deployed into the The concept of container has been around container level than Figure (C) for long and Sun Microsystems was one of managing through the pioneers with their Unix distribution guest OS. application and respective database. is nothing but an application container . application Figure (B) call. platform than heterogeneous operating IT giant IBM also uses heavily on As long as application or database environment. attention. Many VMs or between the guest VM and the or Docker based implementation in the server providers. Linux Another import aspect of leveraging In fact. cloud platform but also for application choice for most of the IT service requester disk images will have duplicate contents management and support cost. App-centric runtime data volume group). files system (e. Let us take policy. So instead of running a full OS container so that it can be run across on a virtual platform. for running an application cloud the application or database need into this as a precursor to cloud PaaS or in a cloud computing environment. using container concept represents a new separation of duties from the guest’s we have a flexibility of choosing our interesting alternative to cloud service perspective but they add overhead own OS e. Usually i. It supports three type of application root volume group. The following Fig. Now virtualization the VM is very in terms of isolation and In Hypervisor-based virtualization. Source technology of KVM vs. foundry platform. where as if we go to container machines (VM) in cloud space.csi-india. space of common file systems for OS • Growing in popularity and industry The above Fig. requirement.

technology innovation and delivery of large cloud modernization engagements at IBM. About the Authors Biswajit Mohapatra is an IBM Certified Consultant and Global Integrated Delivery Leader for IBM Application Development and Innovation Digital Modernization Service (DMS) passionate participant of various Industry Academia initiatives around Cloud Computing and has several international journal publications on cloud modernization. So Docker. Linux CSI Communications | May 2015 | 35 . CoreOS all open source technologies are on the limelight to attract the industry into the container management and simplification of application management environment into cloud platform.wikipedia. IBM BlueMix environment. So cloud customer n Figure (D) will have lot less requirement of direct Debasis Roychoudhuri is an IBM Certified Senior Architect and Enterprise Solution Architect of Cloud Modernization in IBM Amazon. So in cloud computing environment for Containers monitoring and health check and [6] http://www. computing environment. It into the cloud like a Software as a Service may not be applicable for all and complex (SaaS).com. early-adopters of these technologies will have its own challenges but there is a significant Reference Considered motivation of IT giants to invest their energy to get a quick ROI for companies access of OS to manage their application seeking better agility and lower costs.wikipedia. encompassing roles across the verticals. server consolidation and workload migration from legacy IT environment to various virtualized and cloud environment. He is currently supporting large financial and mining organization of Australia as a lead architect. He has been instrumental in IBM Global Delivery for developing several cloud computing initiatives such as open source Cloud integration with IBM software. offering incubation.uniformly without getting into too much details of platform details as it would be managed by cloud vendor e.g. Biswajit is founder member of IBM Faculty of Academy specializing in creating signature client experience.mohapatra@in.infoworld. The key takeaway here is that docker decouples the service provider from the operations so LxC provider agnostic where docker “images” run anywhere docker is supported. He can be reached at biswajit. He has 16 years Industry experience. there [4] h t t p s : // w w w .com/ with the advancement of technology library/hh831531. He is also Certification Review Board member for Architecture Review Board (India). d o c k e r . specializing in application infrastructure design. Google. Most of the IT big players such as applications landscape however if 80% Microsoft. c o m / will be more standardization in system whatisdocker managements and system integration [5] http://en. He can be reached at dchoudhu@in. Application Workload Optimization and Cloud Migration Competency.aspx in containerization and docker. an early adopter of these technology Reference Sites while other 20% critical apps can [1] https://linuxcontainers. [3] support mechanism. He is IBM India Competency Head for Global Specialized Application Modernization. solution architecting. enabling client and business partners in various cloud environment. IBM are keen of the non-critical applications can be to play their role in containerization. Conclusion CoreOS was announced in 2014 as part of new Linux distribution to minimize the operating platform complexity and simplify the container deployment at a large scale deployment model. Biswajit is a known thought leader in Indian IT community for leading Application Modernization and Cloud modernization initiatives from concept to realization. He is involved in several cloud education initiative in various universities and engineering institutes as part of IBM University Relationship follow later to maintain a hybrid cloud [2] http://en. Biswajit leads consulting.

2. absolute. longitude> pair. as user profile. IGATE Global Solutions Mumbai. The security. term from ubiquitous computing and has security features. increasing exposure of applications application security is also described deal with natural geographic objects. e. section below explains the key concepts of environment. relative vs. The functions such technologies related to location tracking. Due to of more than one dimension of the users time zones. modeling in enterprise applications. location point Fig. We present a conceptual Physical location is related to applications and sensitive data. framework for modeling Context Aware a global geographic coordinate security was thought of as physical Intelligence[6] (CAI). the framework in order to take security-related decisions.Article Amit Badheka Senior Technical Architect Research & Innovation. geographical. social media integration and so on. big data different sources. and systems performing critical networks enable organizations to leverage For simplicity and completeness of context business function. developments in smart mobile devices. affordable solution for integrating information from are: wireless communications. and also zip being highly vulnerable to a wide variety of sections. reasoning and action. based on this framework.csi-india. recent Context Aware Intelligence (CAI) from industry norms as shown in Fig. remediation activities requirements such as local vs. cities. the core functions of the framework ubiquitous presence of sensors. critical resources technologies and proliferation of social awareness within an enterprise . 4. and identify actions as demanded by the security situation. 1. voice recognition. thereby enhancing information security. Our framework provides a context engine that uses intelligence to extract and analyze contexts. accurate. The viability of the context engine is exemplified by a simple web application featuring security aspects such as authentication. The enterprise security space has • Time Context – This category Context Aware Intelligence & Security already gone through one transformation deals with information required Context Aware Intelligence (CAI) with a shift in focus from parameterized to to handle dynamic environment framework helps enterprises identify and de-parameterized security solutions that in the application such as change develop adaptive enterprise applications. to take well informed security preferences. India Context Aware Intelligence: Approach for Multi-Dimensional Security Abstract: In this paper. be described in different ways. access to other information such as user’s characteristics. such a platform can be used to enhance Geographical location is used to However. However. interest and history. enterprises can better prioritize their depending on the application policy adaptations. demographics. and so on. 1: Security model This paper describes how enterprise vs. is a step devices that exist in an application in that direction. location area. and incorporating context • Identify – Identify risk. threats. Also. • Identity Context – This category The contextualization in security will bring considers data about an entity such in more than one aspect of the user. protect the point of access to the data. over cloud has resulted in application data through a case study in subsequent such as countries. framework provides a scalable and flexible Hence. 3. current context any point of time. a novel approach to implementing contextualized security features for enterprise applications is presented. Conceptual Security Framework been a topic of research since the last Context Aware Intelligence Framework The core security model is not very different few decades[1. This approach provides adaptability to existing security infrastructure of enterprise applications. and emphasis was on securing our platform. by leveraging data • Location Context – Location can about what is happening in real-time.g. The inference on various changes that situations that can be evaluated based on next wave of transformation will be the use may take place over a period of time. authorization and transactional security. The architecture of system and provides an absolute. security. CAI as identity and content management proximity awareness. its highly adaptable design. codes. remote. The two CSI Communications | May 2015 | 36 www. enterprise application infrastructure. and attack-response practices. actions. Introduction applications can implement security main groups that we have considered Enterprise security includes the measures features that uses context to take security are physical vs. as described in this paper. to categories: build context aware intelligent solutions. policy decisions. Earlier. How form of a <latitude. postal addresses and so on. classifies contexts into the following four could be defined by this core function. rather of situation over time. taken to ensure security of enterprise decisions. support for The CAI framework is designed to define than the physical database and servers. • Environment Context – This category has wide level of applicability across various The use of context aware intelligence for deals with physical objects and domains including enterprise security. intent. and participate in data Context awareness originated as a CAI and how it can be used in implementing acquisition. time interval and so on. location. grid based position in the physical space and premises that contained is discussed in the next section. 5].

audit logs are not example. etc. which some insights into how we can use simple focus on Act functions of security suggests that an entity trying to access an contexts and implement basic security framework. transaction. ACLs are normally static in nature and it becomes difficult to define when we have a large number of resources with varying permissions for each user. Most of the time. such as firewalls. Authorization and Audit detect vulnerable events using various form of authentication is username (AAA) properly. on the activities of the entity. access control to prevent threats and countermeasures and their challenges Audit log should be kept to keep a check fraud transaction. Signature-based mechanisms security to the financial institutes such as reported in an audit log. 2 below. It has been Obective phishing attack is launched with an email The finance application built using CAI observed that not much attention is containing a link to a targeted attack given to identify critical situations security provides simplistic and dynamic download. a basic understanding on some of the key by Authentication and Authorization.k. This allowed to access the application security features such as AAA. in order to protect sensitive data. The person will be driven security services that provide social details (social network details). The generate audit situations dynamically and navigation will be blocked. • Audit – (a. also the one of the most unsecure provides a scalable and flexible solution password). However. In order to Case Study – CAI Security in Banking Some of these countermeasures are build a secure application. it is important to have application or data should be controlled functionality such as authentication. section.g. • Access Control – Access Control. account type). begin the transformation to context- sometimes known as countermeasure. 2: CAI Security in Banking reporting some key user activities. The next section provides For the purpose of this paper we will very basic security architecture. the secure web and other contextual information such as CSI Communications | May 2015 | 37 . E. it is Context aware security architecture details (name. current location). of the challenges described in the above security gateway and endpoint protection message protection. and web are authentication. The permissions are mostly implemented using Access Control List (ACL) where access permissions are defined for each user. (c) Location details for a password when a person is sources and building dynamic policy (base location. gateway performs a look-up of the URL’s that can be a threat to the critical It would be a good idea if we can reputation (which is a form of context).• Detect – Detect any unwanted event logs are not recorded appropriately.a Accounting). we need to The use case considered here is to covered here: implement these three services namely enable a financial services application to • Authentication – The most prevalent Authentication. The audit logs will not stop this — the organization’s banks. It could "bad". consider a situation where a given its due importance. For is depicted in Fig. is log statements for the purpose of Fig. and (d) trying to login. access control. resources and information. fault handling applications can capture critical At present. Hence. system asks for integrating information from different details. preventing activities such as continuous intrusion based on contextual data so that the virus attack. also known as Authorization . CAI Security Architecture aware and adaptive security infrastructure Some of the countermeasures that can In order to come up with contextualized as they enhance static security be implemented under Act function security architecture and address some infrastructure. Unfortunately. information about any critical Gartner[7] recommends that organizations • Act – Take preventive action. system does not establish that the person who is given access is the genuine user of the application. It can be a crucial piece of information antivirus software will not detect the also provides opportunities for reducing to identify fraudulent transactions payload and that the URL is known to be security needs of a user depending on and the user performing it. before the user is allowed intent (type of activities to be performed) result in big loss if evidences of audit to navigate to the site. username. (b) Financial details (account method. setting permission for too many files in the file mediating policy-driven access to resources on the basis of identity. contextual information such as: (a) User and password. For example. and tamper detection. are examples of the detect function. industry analysts such as etc. on providing the correct password. that we can address by contextualization. date of birth. However. we start with the standard and platforms.

3: Contextualized security solution CSI Communications | May 2015 | 38 www. the social behavior of user and Business Scenarios • Restricted access on multiple determines any indicator suggesting The application demonstrates three attempts in a time period: The change of location by the user.time and location. Fig. The user will be notified to attempts to change credentials on pairing of personalized device(s): change credentials on possibility of possibility of compromised account.csi-india. or mobile app or smart watch app. The situations implemented are as follows: can be blocked for the security user will be notified on unsuccessful • Personality association using reason. The in a duration. this sample application is to demonstrate can pair his personal device such • Social network analysis (a): The the following aspects of CAI security: as mobile or smart watch. If there is a request for control depending upon context. order to define application’s security existence of the person’s registered The system can determine what behaviour. Whenever the user tries to dynamic security questions in order detect any threat without referring to access the net banking application. Authorization banking application is being accessed situation uses social network details countermeasure using contextual strengthens the parameters that of user as available. static security policy. define authenticity of the user. money withdrawal from any ATM situations that were implemented as a access channel (web. Demonstrate a few security the computer from where the net • Social network analysis (b): The situations in Authentication. security level part of this case study are hypothetical location of access. If there are can be increased to get some more in nature and implementation may vary multiple access attempts made personalized information from the depending on the business needs of and contextual information is user such as security questions to financial institutes. and the situation uses social network • Easy-to-define situations in a finance business app is installed on that details of user in order to generate application that can be evaluated to device. mobile device that gets paired to questions to ask and when to ask. The details of the varying drastically then access establish the authenticity of user. This type of situation can be used to • Situations that can consume data the availability of paired devices can enhance user experience by reducing from various sources and capture be used to strengthen the parameters security overheads on the user to (re) contextual information of the user in that define authenticity of user. to personalize security parameters. The main objective of Consider the situation where a user compromised . The set the answers to these questions. It analyses information from different sources. scenarios where a user is provided with situation used the information which is different from his base authentication option and data access such as number of access attempts country. local time zone. mobile) and in his base country.

” from any of the personal devices or • Financial transactions are very Department of Computer Science. mobile devices and social networks are the details.bile Computing attempt made to access user account questionable quality of data.” SIGMOD Record. the account details context to take security decisions. Tanca and F. Research (Tech. location details. using a web channel the password critical and time sensitive.” 1st International CAI framework uses query based data space to establish benefits and value add Workshop on Mobile Computing retrieval for the context manager to to the financial business process. CAI and framework to integrate with various travel. Oriented Survey of Context Mod- CAI framework are used by the sample Hence. The finance “Context Aware Computing analytics like NLP for location detection. configurable manner. Vol. So. social context to informed with relevant information. social context to convenience. ease of use Application Security. G Abowd and D Salber. “Context in • Personality association using • It is very critical to identify reliable Robotic Vision: Control for Real- pairing of personal device(s): In this sources of information in order Time Adaptation. time of request. 2014 attempts made on a user account. One Systems and Applications. and what that can recognize the situation. 2001. there are a few challenges that we els. context stores base location and Conclusion IJARCS.Solution • Social network analysis (a): In provisioning. about the personal device that will contextual information source due [4] G Chen and D Kotz. Inc. “A Data- The events & notifications generated by transaction that involves transfer of money. pp. user context stores base • Data retrieval and aggregation is 16. Schreiber. are user context. The rise in IoT. of the main objectives of security is to [2] C Bolchini. whenever there is an to its perceived lack of security and Context-Aware Mo. in a relatively easy. by providing the intent and user and identify some personalized important to understand end-user needs. No. A. May-June transaction location details. we used the CAI determine status/ post suggesting make decision making easier. This should allow did not in order to provide personalized environmental information we have systems to be dynamic and present service experience to each and every end- considered for these situations are personalized user experience instead user. Immersive Customer Experience”. environmental information (context) questions that can be used as what worked for him/ her. C A Curino. to In this solution. 3. Some implementation details on the for implementing security in financial [3] P Lombardi. can be used in conjunction with a huge challenge to ensure real-time [5] A Dey. situation. 4. The security questions. the contexts used in order to keep customers regularly depicted in Fig. pp. and location different data formats. decision-support (Facebook). Vol. It is a Conference on Informatics in Control. No. time context stores a challenge since information can [6] Amit Badheka. identified in adopting contextualization 2007. 2004. prevent frauds happening with financial L. “Context Aware base time zone. 97-166. Hence. 2014 these contextual information will industry needs to offer innovative [7] Gartner.” International situation. can be used to keep information challenge to use social media as Auto. social details. Hanover. account details. 36. the contexts used not just products and services but also built using Context Aware Intelligence are user context. details. security features for large number of of Context-Aware Applications.” • Restricted access on successive attempts in a time period: In this concurrent users. All In the age of digital transformation. data analytics.. N Adams and R Want. Human-Computer Interaction. “A paired devices to ensure the user is performance with different types Conceptual Frame. TR2000-381).work and a Toolkit the same person by authenticating of contexts used for implementing for Supporting the Rapid Prototyping the person. 19-26. it is situations. V Cantoni and situations are as below: applications which are as below: B Zavidovique. It will be Dartmouth College. E Quintarelli. No. Rep. industry will need lots of research in this Applications. Customers are expecting The context aware security solution is this situation.mation and Robotics. 5. identify & evaluate impacted situations. and pre-populating them for further security is an emerging area. Hype Cycle for be validated on successive access products & services. 2-4. periodically evaluate contextual data. address of static security questions. come from many sources supporting Intelligence: A Framework for number of occurrences. smart personal details. Volume 5. The solution is this situation. and any indicative location. location context storing base context aware security are examples of data sources such as social network location. We are fetching a Implementation Challenges References huge amount of data from social networks Using context aware computing for [1] B Schilit. and enterprise data stores in account context for debit/ credit card capabilities can be provided to individuals order to extract information such as user details. comfort and assistance in framework that enables us to define analyze social network behavior of making informed decisions. 2000. 1994. application to take security decisions. account details. how such personalized. “A survey of get paired. and ensure efficiency in service n CSI Communications | May 2015 | 39 . time related details • Social network analysis (b): In catalysts that an enterprise can leverage and social network details.

asynchronous and the objective following sub-objectives are set: evidenced from wireless broadband computer based. Introduction technologies a mixed approach is to be and practitioners have given methods In today’s global society. The structure and environment.Case Sarika Sharma Study Director. ways it can be used effectively to impart are there. As e-Learning provides the many for implementation. The technology progression has been led implementation methods for e-learning. Methodology Literature review shows that Universe of the Study Administrators there is various works done on the Higher education Technical Institutes in Authoring Run-time System System e-learning implementation and Pune region of India are included in the development and it is presented in study as Pune is the educational hub in Import/Export the literature. It has also impacted on socio. electronic means. There are more than 70 institutes running under the trust These institutes have organized a series of lectures for MCA students to implement effective e-learning in collaboration with Maharashtra Knowledge Corporation Limited (MKCL). It can be concluded from the required in this area and it needs lots of e-Learning: Evaluation and Development literature that although there are various understanding in this particular area. There are several development and society has resulted in evaluation of features of the medium. They are investing in this. learning. Table 1 below provide a lot of useful features in a wide opportunities to facilitate and support summarizes the various methods. range of learning and teaching situations. that’s why more higher education institutes have implemented it. Author defines the • To find out the impact of technical access technologies to the development e-Learning as use and acquisition of support and arrangements on the of client-server networks. knowledge facilitated and distributed by effectiveness of the teaching. in the various ways including the classroom teaching. Jayawant Shikshan Prasarak Mandal is an educational Trust in Pune. learning. infrastructure and human the class. and the of the study. it was observed that there is a lot more to e-learning than just technology. in the table 1. Factors affecting e-Learning • To compare the effectiveness of There are various form of learning Implementation teaching through ICT and e-learning. Some of the researchers suggest The environment facilitated by The existing literature on e-learning is that the e-learning is not time tested the e-learning where student takes the reviewed and presented in summary form and therefore a continuous research is ownership of their own learning. knowledge and attitude. However. Authors/Content Creation People Learning/Learners resources such as experience. Sampling Frame Fig. This study also reviewed the literature available on implementation methods of e-learning and recommendations are given for the improvement of classroom teaching through e-learning. as well as various and e-learning implementation models e-learning. e-learning may adopted. evaluation. India which is providing technical education in various disciplines. Pune e-Learning for Effective Classroom Teaching: A Case Study on Educational Institutes in India Abstract: The use of technology-based learning and electronic learning (e-learning) is one of major trends in the field of higher education. cultural and economic development the learning”. The effectiveness of these lectures was evaluated by feedback of students. Review of the Literature globally. Students associated Learning Management System (LMS) the studies is done. forms the universe Content Storage and Management Interaction/Trainers the perception. issues. pedagogy and monitoring studies. Main objective is to find out methods internet which are supporting the [1] e-learning can be implemented to implement e-learning for effective e-learning with web based environment. so there is a need to analyze the methodology for effective use of e-learning in class room . JSPM’s Eniac Institute of Computer Application.csi-india. 1: Generic view of e-learning systems List of higher technical institutes in In this direction researchers CSI Communications | May 2015 | 44 www. The comparison of west of the India. It is a type of learning supported by to the wireless broadband development the organization has to decide which information communication technology technologies which are supporting the method is suitable and applicable on their that improves quality of teaching and learning with the portable devices. e-learning encompasses all above architecture is further developed Research Objectives and Methodology computers and internet based activities including web based features leading that support teaching and learning both Objectives to the emergence of intranet/extranet/ on campus and on distance. To achieve main The network technology evolution is synchronous. skills. The creation of an e-Learning and challenges for implementation of The emergence of Information technology experience has “to understand the various e-learning. The topics are with various institutes. and for the e-learning skills and The implementation will depend on the with traditional method of teaching level of readiness in terms of the this is physical presence of teacher in budget. E-learning has advantage.

Table 1: Summary of literature on e-Learning implementation CSI Communications | May 2015 | 45 .

effectiveness of the teaching. vision quality. were used for collecting the data.01 questionnaires (schedules) was tested Predictors: (Constant).314 which is significant too. Table 4: Coefficients Data Collection Primary data collection was done Conversation ability factors. vision quality. continuity of data. The modified questionnaires teaching physical presence of teacher in the class. on a small group of respondents and the voice. It shows that students were satisfied with the virtual lectures and are ready to accept the e-learning along with the Table 2: Model Summery traditional teaching method. offering Post graduate degree in Business administration and computer Applications in the JSPM trust. continuity of data. To compare the effectiveness of teaching necessary modifications were made on the Conversation ability through ICT and e-learning. and arrangements on the . Rest of the voice. clarity of is 31 percent. The tables above Empirical Data Analysis represent the regression model. Conversation ability Conversation ability on Effectiveness of teaching Predictors: (Constant). Total number of the students are about 3000. From each of these institutes 10 fully filled questionnaires were collected. Sampling Method The sample technique selected is random sampling. which forms the sampling frame. Duration of the data collection was May 2013 to July 2013. vision quality. it can be seen that the To find out the impact of technical value of ‘R square’ in table 1 is support. 2.919 significant at 0. or worse in their choices and the data is analyzed as and presented as in Fig. and 17 percent find the presence of teacher better than the virtual teaching.csi-india. Dependent Variable: Effectiveness of It can be analyzed that the teaching impact of the clarity of voice. same. Sample Size As per list there are 12 higher learning Technical Education Institutes. Results and Discussions • It is advisable to have a robust Table 3: Anova technical support system CSI Communications | May 2015 | 46 www. performances affected by the other e-learning lecture as better. with basis of the feedback received from these Dependent Variable: Effectiveness of traditional method of teaching this is respondents. Figure 2: Teaching Effectiveness quality. The Dependent Variable: Effectiveness of Students were asked to rate the questions were framed so as to cover all teaching the dimensions for the . interviewing method. vision voice. The efficacy of the teaching vision quality are significant at 0. In total 120 respondents participated in the study. Independent Variables: clarity of continuity of data. From the coefficient’s table 3 it using two pre-tested questionnaires and Dependent Variable: Effectiveness of can be analyzed that continuity of data. continuity of data.Pune Region was considered. clarity of level.01 level. as 51 percent have rated the virtual lectures better than that of actual presence of the teacher. From table 2 the F value is Tool Applied: Multiple Regression 7. 32 percent did not find any difference between the two.

She is also life member of professional bodies like Computer Society of India. No. and specialized e-learning centres is the implementation of e-learning: [17] Scottish Funding Council. New on.hrdgateway. [6] MW Brodsky. implementation at the University org/hub5/research/E-learning. significantly while the lecture is going of the 7th International Conference [14] A S Sife. Challenges for service through Evaluation. No. 1. R D McNeil classroom lectures for e-learning. 207- continuous training of faculty members [8] T Govindasamy. faculty and individuals. C Y (2006). Internet council strategy on e-Learning. G (2004). new_about_council_papers/about_ [1] E L Meyen. Vol. The electronic Journal of of strategy. 287. New York. Education Technology. in press. Implementing International of e-learning is to improve the learning Key Ingredients to e-Learning Virtuel Elementary Classroom Activities outcomes and educational processes. issue 3. a c . www. network infrastructure. www. Vol. pp. from the survey that most ranking goal Collaboration andSupport: Two [16] E J O’Neill. International 2007. and Higher Education. [2] F Deepwell Deepwell. 2002.” 2002. as they affect the teaching quality Blended e-Learning Journal of Contemporary Hospitality [3] MRA Karim and Y Hashim. University Of Zagreb. Implementation. university. Review on outcome of the study. 19-23 and Korea. Journal of Special Issue. [online]. 2005 from [19] J O’ Contact Professional. pp.14.d. New Delhi. Vol. Technology. 2006. in Proceedings Issue. 4. 2002. s f c . “Sizing the Proceedings of ASCILITE 2002. 10th n Pendidikam Sultan Idris. ACM’s Computer Science Teachers Association. pp. It is concluded that e-learning system has Bureau for Learning Development. P Tangen and C Lian. 3. 97- The experience of the e-learning Region. 2005.12. Sydney. and they are ready to accept it in case [5] E Engelbrecht. [9] Conole. New Zealand. in Data Mining from GGSIP University. No. http://www.Sarika Sharma is Director at JSPM’s Eniac Institute of Computer Application. [11] Toh. 34-43. to be aligned at various levels including Unisa. E T Lwoga and C Sanga. Special [18] S Marshall and G Mitchell. implemented for conduction of virtual online Journal of Instructional [12] A Gunasekaran.pdf Developing online instruction: The hype and the Reality. Educational http/www. 18–31. 2. A look at e-learning International Journal of Education the implementation is done models: investigating their value for and Development using information Talking About Future developing an e-learning strategy. pp. pp. e-Learning: papers_25oct07/paper_sfc07159. Vol. Implementation Preparation in Asia Management. e-Learning acquisition of Knowledge Strategic Problems and actions to be taken have to Implementation: Your Roadmap to Planning of e-Learning. It can be concluded [7] MG Mason and L Wozniak. Malaysian September 2006. Strategic Planning for and Commercial training. Challenges for Higher Learning methods among the student if there July 2006. pp. learning organization. Pune. Embedding Online education in the Unites States. 2007. e-Learning. Quality in e-Learning Implementation Retrieved March 10. on Creating E-Learning Vision And be considered as an essential element of contactprofessional. Journal of Industrial quality has an important role to play [4] S Wills. e-learning should Success. 1999. [10] IE Allen and J Seaman. Journal of [accessed 26th November 2007]. and communication Technology. 10 (2). Vol. She has done MCA from Banasthali Vidyapith. Vol. Partnership between instructors and Interactive Media in Education. technical developers. pp. 57-67. About the Author Dr.5.2. opportunity. Rajasthan and Ph. on Information Technology Based Technologies for Teaching and Learning: • Adoptability of the e-learning Higher Education & Training. Institutions in Developing Countries. Indian Science Congress. and D Shaul. 2000. 2008 Strategy. Progressio 2003 25(2):38-47 [15] B Divjak and N Begicevic. u k /a b o u t / References 299. An e-Learning maturity model. Imaginative state.1. Successful 218. 106. leaders: setting the agenda for the virtual Technology & Society.pdf. Implementation .March learning and teaching.june. h t t p : //w w w.aln. Issue. 32.1. e-Learning Research • Continuity of data and the vision 2004. 73rd IFLA General for Public School Students in the US The requirement for development Conference and Council. 2. opportunity: The Quality and Extent of Auckland. August 2007. Workshop be identified at all levels. 50-59. pedagogical considerations. CSI Communications | May 2015 | 47 .

Durgesh Kumar Mishra Chairman Division IV Communications. A digital form of social engineering to deceive individuals into providing sensitive information. A network point that acts as an entrance to another network. 13. Your password 19. 5. A characteristic or specific weakness that renders an organization or asset open to exploitation by a given threat. 10. Any computer that has full two-way access to other computers on the Internet 23. date of birth or Solution to April 2015 crossword mobile number with passwords as they can be easily guessed. DOWN 2. Mysore). 9. CLUES ACROSS 1. Sri Aurobindo Institute of Technology Indore We are overwhelmed by the response and solutions received from our enthusiastic readers Congratulations! All Correct answers to April 2015 month’s crossword received from the following reader: Er. mechanisms that are in place. special symbols. Send your answer to CSI Communications at email address csic@csi-india. A mathematical process applied on a set of data to represent that data. 6. Rashid Sheikh Associate Professor. 19. A tool installed after a compromise to give an attacker easier access to the compromised system around any security. 20. programs. It will become more difficult to crack if it is a combination of upper and lower letters. to gain knowledge of passwords. 7. An authentication service. Aruna Devi (Surabhi Softwares. Software that compromises the operation of a system by performing an unauthorized function or process. Creating strong password is very important 11. A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. The process of verifying the user. with subject: Crossword Solution – CSIC May Issue. Faking the sending address of a transmission to gain illegal entry into a secure Did you know How to create strong password? system. attacker tries different combinations to hack 14. An unauthorized act of bypassing the security mechanisms of a network or while making an account anywhere as the information system. The protocol used for email security. Listening to a private conversation which may reveal information which can your account. 22. and numbers. 25. 21. A collection of compromised computers. The information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities. password must contain as many characters as 15. A malicious program which does not need a host program. 18. possible (typically minimum 8). The device which checks all incoming and outgoing traffic for defined security . 3.Brain Teaser Dr. 4. An attack which tries to make services and resources unavailable.csi-india. The property that ensures that the information is not modified. Sri Aurobindo Institute of Technology. please change your password right now. Professor (CSE) and Director Microsoft Innovation Center. CSI Communications | May 2015 | 44 www. 17. Do not use names. usually on a local area network. As a counter measure your provide access to a facility or network. Indore Crossword » Test your knowledge on Cyber Security Solution to the crossword with name of all correct solution providers(s) will appear in the next issue. 12. A small update released by a software manufacturer to fix bugs in existing must be a combination of alphabets. Passive wiretapping. The protocol which provides security at the network layer 8. The mathematical science that deals with cryptanalysis and cryptography. A message in encrypted form. Based on above suggestions if your password is weak. A computer connected to the Internet that has been secretly compromised with malicious logic to perform activities under remote control of a remote administrator.

Total 21 papers Head-CSE facilitated the guest with souvenir of memories and are presented in first day. CSE . Total 15 papers were presented in whole day.CSIT to distribute the certificates . start the work. thanks. Indore has successfully organized Expert talk on were received in the conference. Prof. P. CSIT. Anurag Verma . The methodical investigation into study Engineering Colleges. The general feedback from the participants was to conduct many more such CSI events in the college campus. In his welcome address the Director Communications. Directors and Principals of place to knock on earth. Professor & Dean(R&D). Vijay Birchha.The function saw the gracious presence of Dr. Dr. ING BVA Rao. Neeraj Kushwah. A Report from CSI Division IV Communications Chairman. N T always strikes that. Ajay Prakash Verma . Microsoft Innovation on importance of Plagiarism and unique quality solutions. AICON’2015 was concluded by Valedictory function addressed by Dr. how to write the algorithm and how to Parnerkar along with Mr. N T Khobragade.V. Chairman Div . Dr. Institution of Engineers (IE) as the Chief Guest. Asha The complete talk was great success with participation of Ambhaikar. Dr. researchers and faculty members. ING B. Indore discussed The event was started with lighting of lamp followed the way of improving the research capability and way to do the Prof. He also enlightens a light of beam Mishra. shared his experiences person of stature of Dr.). H S Hota . the role of Cloud computing in the research area. Bilaspur university was the key note speaker. ceremonial lighting of the lamp and the welcome of the guests by SVCE” Student Chapter on April 15. He addressed all the dignitaries and research scholars and invited Er. Director.csi-udaipur. The Program started with the “Quality Research and Plagiarism” in association with “CSI. 2015 www. Professor (CSE) and Director. Anurag International Conference on ICT for Healthcare 24-25 July 2015 Papers due : May 30. Chairman. CSI Div. Second day Dr. that engineers should do something in right Khobragade. National Design Forum. Preetesh Purohit-CSE welcomed research for research scholars. He also said that it is a matter of great honor to have a was expert of happening. Ajay Prakash It can be written as Quality Research. keynote speaker was Dr. Dr.All India Conference on Sustainable Product Development (AICON’2015) CSIT Engineering College Durg organized AICON’2015 on 24th – 25th April 2015. His lecture provided the guidelines the chief CSI Communications | May 2015 | 45 . Ashish Hardia & Mr. Chairman.. give givess vote gives vote o off th than anks ks.IV. of CSIT and Organizing Chair. 2. CSIT . The inaugural function of the AICON’2015 (All India Conference) with the theme “Sustainable Product Development” took place on 24th April 2015. The occasion was managed by Contact : Dr.” Famous quote by Plato Verma. CSI. K. drdurgeshmishra@gmail. Director . He delivered the lecture on Data Mining in research area. Er. with different research problems and discussed variety The first day Session Chair & keynote speaker Dr. also some dignitaries for collecting the feedback. A. Amit Joshi. Pradeep Rusiya-CSE & Prof. IV Communications theme.Expert Talk on “Quality Research and Plagiarism” “Necessity is the mother of invention. D K of practical solutions. was attended by nearly 175 participants. Dr. Principal. Dr. Associate professor. D K Mishra. CSIT. Durgesh Mishra. Dean (Acad. The conference way to reach conclusions. Anurag Verma welcomed the guests and highlighted upon the significance of the conference Dr. amitjoshiudr@gmail.Mahesh . akn_iibm@yahoo. Mr. Mishra. In second session. Total 273 papers Engineering. 2015 and CSI Division IV the presentation of bouquets. across and sources always requires establishing facts and determining the country and representatives of the media. Durgesh Kumar Mishra 1. Centre at Shri Aurobindo Institute of Technology. Dr. including more than 25 Department of CSE & IT of Swami Vivekanand College of listener participants from the different Chairman. chairman CSIT and Dr. Surbhi how to choose the topic.Rao to have as the Chief Guest.Raipur discussed about more than 60 students and faculty members. Nayak. Dean (Academics).

Total 35 doctorates of Rajkot Chapter. The Vice-President seminar was conducted by CSI. Prof. arranged a two The session targeted many PG students. Vipin Tyagi. introduced and welcomed the speaker.csi-india. The session taken by a very renowned personality. to keep webpage and other information updated and to take necessary steps to get database uptodate. chairman. Also advised to increase the CSI activities under chapter. Dr. CSI Rajkot Chapter. MCA Department. Atul Gonsai provided different evolutions of networks devices Associate Professor. Dr. • A presentation was made by Dr. RVP. CSI Communications | May 2015 | 46 www. This and gave insight to Layer-2-3 switching. Chapter secretory has made all the arrangements in connection Immediate Past Chairman. Report on CSI Gwalior Chapter Meeting on 12 April 2015 Date: 24-25 July • Chapter Chairman informed about the activities of CSI Gwalior chapter . Advised all to increase CSI members and student branches in the chapter.III on the activities of CSI to the gathering. Saurashtra University. He also participation. Jobi . Rajkot Chapter. The session got inaugurated by Dr. Sunil Bajeja. Research Scholars and hour Knowledge Forum Session on “Layer-3 Switching”. He welcomed new with session. R. Prof. Nilesh Advani presented vote of thanks. Computer Society of India – Rajkot Chapter “Layer-3 Switching” Computer Society of India – Rajkot Chapter. successes by the CSI Rajkot Chapter. who further talked about CSI Rajkot All participants were provided with certificates for their Chapter and its various roles and achieved milestones. under Knowledge Prof. Atul Gonsai. Forum Session. • A discussion was done with MC members and other CSI members. Sridaran. It added a feather in the list of participants attended this workshop.

Under the able leadership of Mathuradas Laljidas Gandhi and his team.L Gandhi Higher Education Society. Modasa Prof. Hon. Patel. Department of CSE. Arvalli is a backward district on the border of Gujarat-Rajasthan.J GANDHI BCA COLLEGE (REGION III) Prof. Ankit S.I) (REGION -I ) ITM UNIVERSITY. It is surrounded by the Arvalli Hills . The objective for open CSI student branch in modasa is provide skill for students of the different schools (Primary or secondary ) because the students of the rural area they don’t have technical skill. it is populated by the people of this area contributed substantially. Patel. CSE Event. Secretary. Sanjay Feb 19. Participants have been introduced with all the news trending web technologies like php. BCA College. This workshop has been conducted by V Srinivas Raju.2 Day Workshop on “Web Design and Development” A 3 day Workshop on Web Design and Development has been organised by ANITS CSI Student Branch at ANITS from 19th to 21st of December .Class Room. Baroda. Paldi is hilly and rich with minerals and forest produce.csi-india. GURGAON AMITY UNIVERSITY. Our aim will be to develop technical skill in this district. Assistant Professor. The entire topographical sight of the district is rich in natural beauty and it has many spots which can be developed as picnic places. NOIDA 20 & 21-2-2015 .org/web/guest/csic-chapters-sbs-news SPEAKER(S) TOPIC AND GIST AHMEDABAD / MATRUSHRI L. The area M. Modasa is Blessing for Poor People who can not afford the Higher Education in Ahemdabad. BCA College. Aniyor District” High School Shri Surendrabhai Shah. Though the area is rich in natural wealth.CSI News From CSI Chapters » Please check detailed news at:  http://www. 2014 at E. Dept of CSE to enable the students and even the faculty to become familiar with web design and development. Assistant Professor. Vidhyanagar .the oldest mountain ranges in the world. SPEAKER(S) TOPIC AND GIST ANITS CSI STUDENT BRANCH (REGION V) V Srinivas Raju. html 5 etc. Workshop on Web design and development From Student Branches » (REGION .National Workshop on Big Data Analytics and Data 25-3-2015 – during Expert talk on  the New Generation Technologies : A Mining Tools Paradigm Shift CSI Communications | May 2015 | 47 . Modasa Shri Girish Darji. The our campus is blessing for those people.L Gandhi Higher Education Society. 2015: "Computer Awareness Program in the villages Aravalli G. Around 50 people have participated in this workshop.

csi-india. INDORE SILICON INSTITUTE OF TECHNOLOGY. NEW PANVEL 9-4-2015 . MANGALORE BNM INSTITUTE OF . (REGION-III) (REGION-IV) TRUBA COLLEGE OF ENGINEERING & TECHNOLOGY. Senior Engineer. Cisco during the 20-3-2015 – during Seminar on Awareness of secure programming workshop SDN and Data Center Networking (REGION-V) (REGION-V) SRI KRISHNA INSTITUTE OF TECHNOLOGY.Dr. BANGALORE 4-4-2015 – Mr. BANGALURU BLDEA’S ENGINEERING COLLEGE. HYDERABAD PIIT. Hyderabad during Guest Lecture 27-3-2015 – during Magazine Launch event on Computational Complexity and Theory of NP Completeness CSI Communications | May 2015 | 48 www. Kartheek Kangala. Shekar Muddana. BHUBANESWAR 19-3-2015 – during Inter College Programming Competition : Code 26 to 28-2-2015 – Participants during Annual Inter College Technical Combat ‘15 Festival (REGION-V) (REGION-V) SRINIVAS INSTITUTE OF TECHNOLOGY. Google. BIJAPUR 11-3-2015 – during one day workshop on Android Applications 18 & 19-3-2015 – during Tech Fest on TECHSTORM 2K15 Development (REGION-V) (REGION-VI) BVRIT.

RAMAPURAM CAMPUS. CHENNAI SRM UNIVERSITY. CHENNAI 20-1-2015 – Dr Vijayaragavan Vishwanathan distributed certificates 20-3-2015 – Dr Vijaya Chamundeeswari. COIMBATORE 24-3-2015 – During National Level Conference on Emerging Trends in 19 & 20-3-2015 – During National Level Technical Workshop on Scalable Information & Computer Science 15 Realtime NoSQL Datastores (REGION-VII) (REGION-VII) NANDHA COLLEGE OF TECHNOLOGY. ERODE EINSTEIN COLLEGE OF ENGINEERING. Please send only 1 photo per event. Mr. CHENNIMALAI. (REGION-VII) (REGION-VII) SONA COLLEGE OF TECHNOLOGY. ERODE DR. TIRUNELVELI 1-4-2015 – During National Conference Recent Trends in Computing 21-3-2015 – Prof. CHENNAI 20-2-2015 – Participants during the event on Research Forum 10-4-2015 – During the event on Acquisition or Innovation: Which is more favoured today Please send your student branch news to Education Director at director. Mathivanan & Dr Ramar during seminar on Advanced Java Programming (REGION-VII) (REGION-VII) SHRI SHANKARLAL SUNDARBAI SHASUN JAIN COLLEGE FOR WOMEN. not more. during the contest on Reverse Coding and Ethical Hacking Dr Duraipandian & Mr Muralidhar during National Conference on Advanced Computing Technologies (REGION-VII) (REGION-VII) M P NACHIMUTHU M JAGANATHAN ENGINEERING COLLEGE. SALEM VELAMMAL ENGINEERING Dr. Technologies & Applications Mr. Mr Somasundaram Jambunathan. N G P INSTITUTE OF TECHNOLOGY. Velayutham. News sent to any other email id will not be considered. CSI Communications | May 2015 | 49 . Karthick Natarajan.

Chairperson (Elect. R Nadarajan. Bhide situations where HAMs could not find to VU2JAU. ITM University advantages of HAM Radio during Advisor Mr. if absolutely necessary. Projects demonstration to Jury members Felicitation of Mr. CSI Gwalior set up the station at proper place. OM Jayu communication system when nothing VU2JAU was supported by OM Kamal works. The possible attended the program. via email id nadarajan_psg@yahoo. CSE department has organized CSI Project Competition cum Exhibition held on 18th April. Research Front. Mrs. Plagiarism is strictly prohibited. Bhanumathi K S.30 am to 4:30 pm) Event Name: “Programming and Hands on Workshop on Design Patterns” Computer Society of India [CSI].co. Chairman.M. should be minimum. VADODARA Babaria Institute of Technology. we expect articles written at the level of general audience of varied member categories. Please send your articles in MS-Word and/or PDF format to Dr.csi-india. R. Therefore. Bangalore Chapter organized a One day Programming and Hands on workshop on Design Patterns at CSI-BC premises on 19th NC member. Please send your contributions before 20th May 2015. Vadodara Chapter. Include a brief biography of four to six lines for each author with high resolution author picture. 2015. Activity Report of CSI-Bangalore Chapter Name of the Chapter: Bangalore Region-V Event Date: 19th April. A M Nayak. 2015 under the umbrella of CSI Vadodara Chapter in which a total of 12 best projects were presented in front of IT Experts from different industries in the esteemed presence of Mr. Kind Attention: Prospective Contributors of CSI Communications Please note that Cover Theme for forthcoming issue of June 2015 is planned as follows: • June 2015 – Data Science Articles may be submitted in the categories such as: Cover Story. He also pointed out different types Raj VU3RAE and OM Aditya Ashtikar of disasters faced and how HAMs have VU3LKA during the program. Sanjay Jain along with other Radio has always worked as supporting faculties attended the program. (REGION-III) BABARIA INSTITUTE OF TECHNOLOGY. She spoke about the upcoming events of CSI-BC. Equations and mathematical expressions within articles are not recommended and.Gupta along with HOD- Disasters. 2015 (9. Technical Trends and . (Issued on the behalf of Editorial Board CSI Communications) CSI Communications | May 2015 | 50 www. Please note that CSI Communications is a magazine for membership at large and not a research journal for publishing full-fledged research papers.T. Gwalior. Guest Editor . He demonstrated that HAM CSE Mr. Saurabh Shah A Report on Special Lecture Disaster Communication and HAM Radio at Gwalior A special lecture on use of HAM Radio provided the necessary communication in Emergencies and Disasters was to mankind and authorities in difficult conducted by OM Jayant S. University.) and Event co-ordinator welcomed the participants with a brief introduction of the speaker. A M Nayak by Prof. She proudly mentioned that Introductory Session Photograph CSI-BC has been the most vibrant Chapter. The articles may be long (2500-3000 words maximum) or short (1000-1500 words) and authored in as original with a copy to csic@csi-india. Chapter in I. More than 100 University students on 27 March 2015.D.

Guna (MP) Mr. Committee Email: July 2015 events 3-4 July 2015 International Conference on ICT for Sustainable Development. CSI Division IV.gnipg@gniindia. Anirban Basu CSI Calendar Vice President. and ICTs: Drivers of Innovations  at CSI Udaipur Chapter. Durgesh Kumar Mishra drdurgeshmishra@gmail.csi-udaipur. ACM Udaipur Chapter. Gujarat At  Ahmedabad Oct 2015 events 9-10 Oct 2015 International Congress on Information and Communication Technology (ICICT-2015) at Dr. Amit Josi amitjoshiudr@gmail. Bangalore. India Division IV and Hyderabad Dr. Sept 2015 event 10-12 Sep 2015 International Conference on Computer Communication and Control (IC4-2015) at Medicaps Dr. http://transformhealth-it.   organized by CSI Division Amit Joshi amitjoshiudr@gmail. Shishir Kumar Based Software Engineering (IAOOM-2015) to be organized at Jaypee University of Engineering dr. Dr.ict4sd. SIG-e-Agriculture and drycbhatt@hotmail.shishir@yahoo. Y C Bhatt IE(I) ULC At  Udaipur drycbhatt@hotmail. Amit Josi amitjoshiudr@gmail. www. Aug 2015 event 7-8 Aug 2015 International Conference on Innovations in Computer Science & Engineering (ICICSE-2015) Dr. A K Nayak Patna organized by CSI Patna Chapter in association with Division III ad Division IV of  Amit Joshi amitjoshiudr@gmail. CSI & Chairman. AK Nayak aknayak@iibm. Ahmedabad Chapter. Hyderabad in association with Computer Society of Polytechnic of Namibia in Association with Computer Society of India Division 15–17 May 2015 International Conference on Emerging Trend in Network and Computer Communication Prof. at Sri Aurobindo Institute Dr. Nisarg Indore CSI Communications | May 2015 | 51 .pathak@ Girls. drdurgeshmishra@gmail. 16-17 Oct 2015 6th Edition of the International Conference on Transforming Healthcare with IT to be held at gmail. D D Sharma Chapter. Pankaj Dahore & IV. Y C Bhatt Udaipur. mail@transformhealth-it. CSI Computer Society of India. India. Indore in association with Computer Society of India Division IV. Prof. ASSOCHAM Gujarat Chapter and Sabar Institute of Technology for 30-31 May 2015 Two Day National Conference on ICT Applications “CONICTA-2015” at IIBM Auditorium. H S Saini Organized by Guru Nanak Institution. Conference Hotel Lalit Ashok. Suresh Kotchatill. Prof. Indore Chapter and IEEE MP subsection. Division IV. Indore in association with Computer Society of India Division ACM Udaipur School of Computing and Informatics dsingh@polytechnic.juet.icicse2015. Durgesh Kumar Mishra of Technology. Promod Nair Group of Institutions. Dharm Singh (ETNCC2015) at Department of Computer Science. organized by CSI Udaipur 24-25 July 2015 International Conference on ICT in Health Care and 2015 Date Event Details & Organizers Contact Information May 2015 events 07-09 May 2015 International Workshop on Intelligent Approaches for Object Oriented Modeling in Component 17 May 2015 WTISD 2015 .

3. Marol. Mumbai-400 093 Date of Publication: 10th of every month submission . Posting Date: 10 & 11 every month. Registered with Registrar of News Papers for India . Posted at Patrika Channel Mumbai-I 4th floor.RNI 31668/1978 If undelivered return to : Regd. MIDC. MCN/222/20l5-2017 Samruddhi Venture Park. Unit No. Andheri (E). No.