CSIC Cyber Security

ISSN 0970-647X | Volume No. 39 | Issue No.
2 | May 2015
Cover Story
Cloud Security Challenges at a Glance 8 Research Front
Do You Need an Operating System to
Cover Story Run an Application 33
Improving Cybersecurity using NIST
Framework 11 Article
Cover Story Context Aware Intelligence: Approach
for Multi-Dimensional Security 36
Security, Privacy and Trust in Social
Networking Sites 14 CSI Communications | May 2015 | 1
Know Your CSI
Executive Committee (2015-16/17)
President Vice-President Hon. Secretary Hon. Treasurer
Prof. Bipin V Mehta Dr. Anirban Basu Mr. Sanjay Mohapatra Mr. R K Vyas
president@csi-india.org vp@csi-india.org secretary@csi-india.org treasurer@csi-india.org
Immd. Past President
Mr H R Mohan
ipp@csi-india.org
Nomination Committee (2015-2016)

Dr. Anil K Saini Mr. Rajeev Kumar Singh Prof. (Dr.) U.K. Singh
Regional Vice-Presidents
Region - I Region - II Region - III Region - IV
Mr. Shiv Kumar Mr. Devaprasanna Sinha Dr. Vipin Tyagi Mr. Hari Shankar Mishra
Delhi, Punjab, Haryana, Himachal Assam, Bihar, West Bengal, Gujarat, Madhya Pradesh, Jharkhand, Chattisgarh,
Pradesh, Jammu & Kashmir, North Eastern States Rajasthan and other areas Orissa and other areas in
Uttar Pradesh, Uttaranchal and and other areas in in Western India Central & South
other areas in Northern India. East & North East India rvp3@csi-india.org Eastern India
rvp1@csi-india.org rvp2@csi-india.org rvp4@csi-india.org
Region - V Region - VI Region - VII
Mr. Raju L kanchibhotla Dr. Shirish S Sane Mr. K. Govinda Publication Committee (2015-16)
Karnataka and Andhra Pradesh Maharashtra and Goa Tamil Nadu, Pondicherry,
rvp5@csi-india.org rvp6@csi-india.org Andaman and Nicobar, Dr. A K Nayak Chairman
Kerala, Lakshadweep Prof. M N Hoda Member
rvp7@csi-india.org Dr. R Nadarajan Member
Mr. Ravikiran Mankikar Member
Division Chairpersons Dr. Durgesh Kumar Mishra Member
Dr. Suresh Chandra Satapathy Member
Division-I : Hardware (2015-17) Division-II : Software (2014-16) Division-III : Applications (2015-17)
Dr. Vipin Tyagi Member
Prof. M N Hoda Dr. R Nadarajan Mr. Ravikiran Mankikar
Dr. R N Satapathy Member
div1@csi-india.org div2@csi-india.org div3@csi-india.org
Division-IV : Communications Division-V : Education and Research
(2014-16) (2015-17)
Dr. Durgesh Kumar Mishra Dr. Suresh Chandra Satapathy
div4@csi-india.org div5@csi-india.org
Important links on CSI website

About CSI http://www.csi-india.org/about-csi Membership Subscription Fees http://www.csi-india.org/fee-structure
Structure and Orgnisation http://www.csi-india.org/web/guest/structureandorganisation Membership and Grades http://www.csi-india.org/web/guest/174
Executive Committee http://www.csi-india.org/executive-committee Institutional Membership http://www.csi-india.org /web/guest/institiutional-
Nomination Committee http://www.csi-india.org/web/guest/nominations-committee membership
Statutory Committees http://www.csi-india.org/web/guest/statutory-committees Become a member http://www.csi-india.org/web/guest/become-a-member
Who's Who http://www.csi-india.org/web/guest/who-s-who Upgrading and Renewing Membership http://www.csi-india.org/web/guest/183
CSI Fellows http://www.csi-india.org/web/guest/csi-fellows Download Forms http://www.csi-india.org/web/guest/downloadforms
National, Regional & State http://www.csi-india.org/web/guest/104 Membership Eligibility http://www.csi-india.org/web/guest/membership-eligibility
Student Coordinators Code of Ethics http://www.csi-india.org/web/guest/code-of-ethics
Collaborations http://www.csi-india.org/web/guest/collaborations From the President Desk http://www.csi-india.org/web/guest/president-s-desk
Distinguished Speakers http://www.csi-india.org/distinguished-speakers CSI Communications (PDF Version) http://www.csi-india.org/web/guest/csi-communications
Divisions http://www.csi-india.org/web/guest/divisions CSI Communications (HTML Version) http://www.csi-india.org/web/guest/csi-communications-
Regions http://www.csi-india.org/web/guest/regions1 html-version
Chapters http://www.csi-india.org/web/guest/chapters CSI Journal of Computing http://www.csi-india.org/web/guest/journal
Policy Guidelines http://www.csi-india.org/web/guest/policy-guidelines CSI eNewsletter http://www.csi-india.org/web/guest/enewsletter
Student Branches http://www.csi-india.org/web/guest/student-branches CSIC Chapters SBs News http://www.csi-india.org/csic-chapters-sbs-news
Membership Services http://www.csi-india.org/web/guest/membership-service Education Directorate http://www.csi-india.org/web/education-directorate/home
Upcoming Events http://www.csi-india.org/web/guest/upcoming-events National Students Coordinator http://www.csi-india.org /web/national-students-
Publications http://www.csi-india.org/web/guest/publications coordinators/home
Student's Corner http://www.csi-india.org/web/education-directorate/student-s-corner Awards and Honors http://www.csi-india.org/web/guest/251
CSI Awards http://www.csi-india.org/web/guest/csi-awards eGovernance Awards http://www.csi-india.org/web/guest/e-governanceawards
CSI Certification http://www.csi-india.org/web/guest/csi-certification IT Excellence Awards http://www.csi-india.org/web/guest/csiitexcellenceawards
Upcoming Webinars http://www.csi-india.org/web/guest/upcoming-webinars YITP Awards http://www.csi-india.org/web/guest/csiyitp-awards
About Membership http://www.csi-india.org/web/guest/about-membership CSI Service Awards http://www.csi-india.org/web/guest/csi-service-awards
Why Join CSI http://www.csi-india.org/why-join-csi Academic Excellence Awards http://www.csi-india.org/web/guest/academic-excellence-
Membership Benefits http://www.csi-india.org/membership-benefits awards
BABA Scheme http://www.csi-india.org/membership-schemes-baba-scheme Contact us http://www.csi-india.org/web/guest/contact-us
Special Interest Groups http://www.csi-india.org/special-interest-groups
Important Contact Details

For queries, correspondenceregarding Membership, contact helpdesk@csi-india.org
CSI Communications | May 2015 | 2 www.csi-india.org

CSI Communications
Contents
Volume No. 39 Issue No. 2 May 2015
Cover Story
Chief Editor
Dr. A K Nayak
8 Cloud Security Challenges at a Glance
R Sridaran, Disha H Parekh Doshi and Sudhir
29 Importance of Morality, Ethical
Practices and Cyber Laws as Prelude
to Cybersecurity
Guest Editor Kumar Suman D G Jha
Dr. Vipin Tyagi
Published by
Executive Secretary
11 Improving Cybersecurity using NIST
Framework
Sandeep Godbole
33
Research Front
Do You Need an Operating System
to Run an Application
Mr. Suchit Gogwekar
Biswajit Mohapatra and Debasis Roy
For Computer Society of India
Design, Print and

13 Cyber Security : Issues and Challenges
N J Rao
Choudhuri
Dispatch by
CyberMedia Services Limited 14 Security, Privacy and Trust in Social
Networking Sites
Richa Garg, Ravi Sankar Veerubhotla and
36
Article
Context Aware Intelligence:
Approach for Multi-Dimensional
Ashutosh Saxena Security
Amit Badheka
19 Comparative Evidence of Cryptographic

Based Algorithms under the Cloud
Computing Environment to Ensure Data/
Case Study
System Security
Shruti Chhabra and V S Dixit 40 e-Learning for Effective Classroom
Teaching: A Case Study on
Educational Institutes in India
26 Privacy Security Settings Challenges of Sarika Sharma

Social Media
Mini Ulanat and K Poulose Jacob
Please note:
CSI Communications is published by Computer
Society of India, a non-prot organization.
Views and opinions expressed in the CSI
Communications are those of individual authors,
contributors and advertisers and they may
differ from policies and official statements of
CSI. These should not be construed as legal or
professional advice. The CSI, the publisher, the
editors and the contributors are not responsible
for any decisions taken by readers on the basis of
these views and opinions.
Although every care is being taken to ensure
genuineness of the writings in this publication,
CSI Communications does not attest to the
originality of the respective authors content.
2012 CSI. All rights reserved.
PLUS
Instructors are permitted to photocopy isolated Brain Teaser
articles for non-commercial classroom use 44
without fee. For any other copying, reprint or
Dr. Durgesh Kumar Mishra
republication, permission must be obtained
in writing from the Society. Copying for other
A Report from CSI Division IV Communications 45
than personal use or internal reference, or of Dr. Durgesh Kumar Mishra
articles or columns not owned by the Society
without explicit permission of the Society or the CSI News 47
copyright owner is strictly prohibited.
Printed and Published by Suchit Shrikrishna Gogwekar on Behalf of Computer Soceity of India, Printed at G.P.Offset Pvt Ltd. Unit No.81, Plot No.14, Marol Co-Op. Industrial Estate, off
Andheri Kurla Road, Andheri (East), Mumbai 400059 and Published from Computer Society of India, Samruddhi Venture Park, Unit No. 3, 4th Floor, Marol Industrial Area Andheri
(East), Mumbai 400093. Editor: A K Nayak
Tel. : 022-2926 1700 Fax : 022-2830 2133 Email : hq@csi-india.org Printed at GP Offset Pvt. Ltd., Mumbai 400 059.
CSI Communications | May 2015 | 3

Prof. AK Nayak
Editorial Chief Editor
Dear Fellow CSI Members,
The internet has changed the world completely. Now it is available This issue has come up with a new column Message from Vice-
for us for the fast data transmission, for doing all kind business and President. This issue has a number of good articles related to
satisfying needs. But at the same time, data passing from source Cyber Security. In the article by R. Sridaran, D.H.P. Doshi and
to destination securely is the important task. One of the necessary S. K. Suman, challenges in cloud security are described, while
requirements to prevent data theft and protect the same is S. Godbole has described the ways to improve cybersecurity
securing the information on the transmission channel and across using National Institute of Standards and Technology (NIST)
the network. Further, open access to the Internet has revolutionized framework. We have also provided gist of National Cyber
the way individuals communicate and collaborate, entrepreneurs Security Policy 2013. N. J. Rao has described cyber security
and corporations conduct business, and governments and citizens issues and challenges in his article. S. Chhabra and V.S. Dixit
interact. As number of internet users is about to touch three have done a study on Comparative Evidence of Cryptographic
billion, the number of cyber security threats is also increasing. based Algorithms under the Cloud Computing Environment to
Cyber threats are no longer restricted to fragments of malicious ensure Data/System Security to identify, analyze and report
code, aimed to exasperate, incite or stall; now the threats are the evidence of different cryptographic security algorithms.
strategic, targeted, organised and relentless. Such targeted
Social networking is very popular these days. M. Ulanat and
attacks, can cause signicant nancial losses as well as deep-
K. P. Jacob in Privacy Security Settings Challenges of Social
seated damage. In the age on internet, cybercriminality affects
Media and R. Garg, R.S. Veerubhotla and A. Saxena in Security,
everyone individuals, companies, institutions, governments. It has
Privacy and Trust in Social Networking Sites have described
become a curse of society.
security issues related to social networking sites. In the use of
As per a study of ASSOCHAM, the cyber crimes in India are likely the technology, there is a need of moral values and ethics in every
to cross the 3,00,000 at compounded annual growth rate (CAGR) citizen. D. G. Jha in his article has described the importance of
of about 107 per cent. As per the ndings, every month nearly morality and ethical practices. In an article, Amit Badhekha has
12,456 cyber crime cases are registered in India.What is causing given an approach for multidimensional security called context
even more concern is that the origin of these crimes is widely aware intelligence for enterprise applications.
based abroad in countries including China, Pakistan, Bangladesh
We have included a case study on e-learning for effective
and Algeria among others. Phishing attacks of online banking
classroom teaching by Sarika Sharma. Hope this study will help
accounts or cloning of ATM, Debit cards are common occurrences.
in planning of e-learning in schools, colleges and universities.
The increasing use of smartphones, tablets for online banking,
In Research Front category we have selected an article by
nancial transactions has also increased the vulnerabilities to
B. Mohapatra and D.R. Choudhuri that describes allocation
a great extent. With increasing use of information technology
containerization in their article Do you need an OS. This issue
enabled services such as e-governance, online business and
also contains practitioners workbench, crosswords, CSI reports,
electronic transactions protection of personal and sensitive data
and news from divisions, chapters, student branches, and
have assumed paramount importance. The economic growth
calendar of events.
of any nation and its security whether internal or external and
competiveness depends on how well is its cyberspace secured I take this opportunity to credit of successfully bringing this issue
and protected. to guest editor Dr. Vipin Tyagi. I am thankful to Prof. M.N. Hoda
and Dr. Durgesh Mishra for their support in bringing out this issue.
Due to increase in internet penetration and use of online banking
On behalf of publication committee, I wish to express my sincere
India is becoming a favourite among the cybercriminals, who
gratitude to all authors and reviewers for their contribution to this
target online nancial transactions using malware. India ranks
issue.
third after Japan and US in the tally of countries most affected by
online banking malware during the year of 2014. Indian websites I hope this issue will be successful in its aim of creating awareness
are being hacked by various hacker group spread across worldwide about Cyber Security, providing information about latest trends in
and likely to touch 85,000 by now. cyber security research and provide new ideas for research in the
area.
The economic growth of a country depends on how well its
physical and cyber space is secured. Today we are living in a world Finally we look forward to receive the feedback, contribution,
that has virtually no privacy and a big number of cybercrimes. criticism, suggestions and reply from our esteemed members and
Due to nature of cyberspace cyber security is a very big challenge. readers at csic@csi-india.org.
None of us is immune from the threat of cyberattacks. So there is
an urgent need of developing techniques to secure our cyberspace.
Apart from developing techniques awareness related to cyber
security is also needed. Computer Society of India selected theme
of CSI communications (The Knowledge Digest for IT Community)
Prof. A.K. Nayak
- May issue as Cyber Security to discuss various techniques and
create awareness about cyber security. Chief Editor

Presidents Message Prof. Bipin Mehta
From : Presidents Desk:: president@csi-india.org
Subject : President's Message
Date : 1st May 2015
Dear Members
I am happy to inform you that CSI Communications, April 2015 issue

with a theme Digital India has been well received by the members
at large. The newly formed Publication Committee headed by Dr. A.
K. Nayak and the Guest Editor Dr. Durgesh Kumar Mishra has done a
commendable work in bringing April, 2015 issue of CSI Communications
well. You could have observed the changes like more coverage of
activities conducted by various chapters and student branches. I request
all the Chapters and Student Branches to send their activity reports for
timely publications in CSI Communications. CSI is now adopting Green
initiative by changing over from print version of CSI Communications to
digital version in immediate future. The digital version will be available
on CSI website and Mobile App. This is a practice followed by majority
of the professional bodies over the globe.
I acknowledge the exemplary work done by the previous
Publications Committee chaired by Dr. S. S. Agarwal and the editorial
team for bringing various theme based issues of CSI Communications.
As per CSI byelaws, various committees are formed by the Executive
Committee. These Committees have started working on the tasks assigned
to them. The Membership Committee has prepared a blue print for the
growth of the membership and better service to the members. This initiative
will attract more IT professionals, academicians and students to get
associated with CSI - the largest network of computer professionals in India.
The 50th Annual Convention - CSI 2015 with the theme DIGITAL
LIFE is being held during 3-5December, 2015 at New Delhi. The team of
Delhi Chapter has started gearing for the grand success of this Golden
Jubilee Convention. The call for papers is announced. I hope you all will
participate in large number to deliberate and discuss the emerging
trends in ICT Based Innovation, Next Generation Networks, 3-D Silicon
Photonics & HPC, Real Time Languages Translation, Sensors, Big Data
Analytics, Systems and Architecture and Cyber Security.
We have received very good response towards the Call for Members of Pune Chapter are visiting student branches and interacts
Nominations for Regional Student Co-ordinators (RSC) and State with the student members regularly. Their enthusiasm attracts more
Student Co-ordinators (SSC). The region wise committee headed by students to join CSI. The Ahmedabad Chapter has planned a common
each RVP will scrutinize nominations and identify RSC and SSC under placement platform to provide equal opportunities to students and
that region in due course of time. recruiters by arranging a Placement Week in near future. As part of
At present, most of the IT companies want to automate work Golden Jubilee Celebrations, this Chapter has planned lecture series
to improve the efficiency and economize the error free processes like during the year, by inviting prominent professionals to share their
software testing. The processes adopted by BPO and KPO are repetitive expertise in different domains in which IT is a major tool. May I suggest
in nature and can be automated easily. This will bring major change in the MC members of other Chapters to follow such best practices to reach to
employment opportunity. Many entry level jobs will become redundant a large number of members, students and society at large.
affecting the placement opportunity of young IT graduates. However, At present, there are many Special Interest Groups (SIGs) under
the acquiring skills required for automation will bring high level quality the banner of CSI. Many SIGs are active and others are required to be
employment. We need to deliberate on this major paradigm shift in job active. My colleague Dr. Anirban Basu, Vice President and President
market and CSI can play a role in Elect is working on revamping SIGs to strengthen their presence. I urge
Re-skilling to help employees to survive the automation wave in Conveners of SIGs to take positive steps to make SIGs, more vibrant.
the IT industry. Recently, I represented CSI at SEARCC (South-East Asian
The other area of interest for CSI is to discuss the importance of Regional Computer Confederation) Executive Committee Meeting at
STEM (Sciences, Technology, Engineering and Mathematics) courses Singapore. This committee meets twice in a year and deliberates on
which have become increasingly important and prominent in all sectors new initiatives. In this Meeting, the members deliberated on SEARCC
of economy in which Computing and IT are playing major role. The Awards and Recognition Program, Virtual Conferences, Draft Strategic
Indian universities are required to enhance their policies and practices Plan 2015 2020 and SEARCC Conference at WCC-2015 hosted by
to emphasize the importance of STEM courses. The role of CSI could Australian Computer Society in South Korea. The other representatives
be promoting innovation and computing tools in the elds other than of Computer Societies of Sri Lanka, New Papua Guinea, Australia and
traditional computing and programming. Malaysia presented their views on important issues. The ISSC 2015 is
hosted by Sri Lanka Computer Society during 9-11 October, 2015 at Sri
These days, debate went on Net Neutrality in India. The majority of
Lanka. This will be great opportunity for our schools to participate in this
the net users have favoured net neutrality and sent petitions in lakhs to
competition. An announcement in this regard will be made by Education
TRAI and objected the move of ISP against net neutrality.
Directorate, CSI in due course of time.
I had an opportunity to meet the prominent members of I look forward for your valuable suggestions for the better working
Ahmedabad, Vallabh Vidyanagar, Pune and Udaipur Chapter recently. of CSI.
The Chapters are very active in conducting various activities for the
members and IT fraternity in the emerging areas. They are also active With best wishes,
in arranging advance level training programs for students, academicians
and IT professionals. It is heartening to note that Managing Committee Bipin V Mehta

Vice Presidents Prof. Dr. Anirban Basu, Vice President
Column
overwhelming response. New Editorial team is getting
constituted for all the CSI journals. Efforts are on to ensure
the timely publication of Journal of Computing.
Students and members of the Academic Community have been
the main strength of CSI. For this the CSI Education Directorate
is being revamped, new procedures are being put in place for
timely response to queries and for processing membership
applications. Attempts are being made to start a Journal solely
dedicated to publishing papers by the students.
A call has been given to enlist a new team of student
coordinators both at the Region and at State levels. I am
happy that the response to the call has been extremely
good and a very large number of our members have shown
interest in contributing towards increasing our student
activities.
CSI Web site has not been working satisfactorily and there
have been numerous complaints about the difficulties the
members have been facing in using the web site. Prospective
For the last 50 years, the Computer Society of India, the largest members have failed to le their membership application
and oldest body of IT professionals in India has been working on and pay their fees by credit cards due to poor operation
promoting use of IT among the different segments of the society. of CSI web site. Decision has been taken to develop a new
CSI was considered to be the prime body of IT professionals web site at the earliest and to integrate all operations of CSI
few decades back and recognized by the Governments in the under the same software framework.
states and at the Centre as a prominent group with capability
It has been decided that Chapters when organizing any
to advise the Governments on framing policy matters. Now it is event will keep the relevant RVP in the Advisory Committee.
the high time to take the society to a greater height to contribute The RVPs are being encouraged to visit the Chapters and to
signicantly for transforming the nation to Digital India. interact with the members. All chapters have been asked to
use the official logo of CSI given below and misuse of CSI
The new ExecCom which assumed office effective April 1, logo will be taken seriously.
2015 is committed to bring more efficiency, transparency and
effectiveness in functioning of the society. The team comprises
of dynamic members who have been elected this year as Vice
President, Treasurer, Chairs of Division I,III and V and as Vice
Presidents of Regions I, III, V and VII. They along with the
incumbent President, Hony. Secretary, and Chairs of Division II
and IV and Vice Presidents of Regions II and VI are determined
to change the face of Computer Society of India. In this golden
jubilee year, we need to increase our membership substantially The procedure for publishing reports of various events
both from the corporate world and from the academic community. organized by different CSI Chapters and Student Branches
Although CSI has the biggest following among the student is being worked upon and the streamlined procedure will be
community, we need to have more Student Branches throughout announced soon.
the country. To attract more members we need to organize better Over the years, CSI has signed Memorandum of
quality events and improve the quality of our journals. Understanding with different bodies and international
societies. These are being looked into so that these MOUs
To achieve these: can be used more effectively for the benet of our Members.
ExecCom in its rst meeting decided to rationalize the To summarize, in the brief period that the new ExecCom has
Membership fee structure and decided to have an uniform fee taken over, a plan of work has been drawn to improve the
structure irrespective of the age. This has become essential working of CSI. In this endeavor, we hope to get the cooperation
to attract young IT professionals to CSI. An appeal is being of all sections of CSI Members. For any suggestions or issues,
made to CSI Members to approach their acquaintances in members can always approach the ExecCom members at any
the Industry and in the academic community to make them point of time.
members of CSI.
Let us work together to make a difference.
The Publication Committee has started their work in
the right earnest. Due to the resignation of the erstwhile
Members of Editorial Board of CSI Communications, all Best wishes,
efforts have been made to publish CSI Communications
in time. A Call for Editors was made which received an Dr Anirban Basu

Meeting with Dr. FC Kohli
Members of CSI ExecCom led by the Hony. Secretary CSI should take to bring IT to the masses. He feels that the
Mr. Sanjay Mohapatra and accompanied by DIV V Chair and Vice Indian IT industry should give lot of thrust on computerization
President cum President (Elect) of CSI for the year 2015-16/17 in Indian languages. Sri Kohli shared his thoughts on several
Prof. Dr. Anirban Basu, DIV III Chair Dr. A K Nayak and DIV I Chair other topics and discussed his thoughts on priorities for
Dr. M N Hoda met the legendary personality Padma Bhusan Faqir progressing India in the fields of Education, Information
Chand Kohli, considered Father of Indian Software Industry on Technology, Power and Agriculture. He has been working on
March 27, 2015 at his office in Mumbai. improving the condition of India in these areas and shared his
Sri F C Kohli who turned 90 in February last year shared personal experiences on these aspects.
his views on Computer Society of India, of which he was the The ExecCom members who met him shared their plans
President few decades back. He shared his thoughts with the about CSI and sought his blessings and good wishes to restore the
ExecCom members on a variety of subjects including direction past glory of CSI.
Senior ExecCom Members (left to right) : Dr. Anirban Basu, Dr A K Nayak, Sri F C Kohli , Dr. M N Hoda, Mr. Sanjay Mohapatra .
Guest Editor - Dr. Vipin Tyagi

Dr. Vipin Tyagi, Guest editor for May Issue of CSI Communications is working as faculty
in Dept. of CSE at Jaypee University of Engg and Technology, Raghogarh, Guna (MP)
India. He is Regional Vice President of Computer Society of India of Region 3. He is also
associated with CSI Special Interest Group on Cuber Forensics. He has about 20 years
of teaching and research experience. He is a senior life member of Computer Society of
India. He was President of Engineering Sciences Section of the Indian Science Congress
Association for the term 2010-11, and recorder for the term 2008 - 2010. He is a Life
Fellow of the Institution of Electronics and Telecommunication Engineers. He is actively
associated with professional societies like CSI, IETE, ISCA, Indian Society of Remote
Sensing, IEEE etc. He was nominated by Indian National Science Academy (INSA), New
Delhi under international collaboration to visit Czech Republic, for two weeks in May 2012.
He has published more than 100 papers in various reputed journals, advanced research
series and has attended several national and international conferences in India and abroad.
He is Principal Investigator of research projects funded by DRDO, MP Council of Science
and Technology and CSI.
He is an expert in the area of Cyber Security, Cyber Forensics and Image Processing. He
can be reached at dr.vipin.tyagi@gmail.com

Cover R Sridaran*, Disha H Parekh Doshi** and Sudhir Kumar Suman***
Story *Dean & Faculty of Computer Applications, Marwadi Education Foundations Group of Institutions, Rajkot, Gujarat
**Assistant Professor & Faculty of Computer Applications, Marwadi Education Foundations Group of Institutions, Rajkot
***Assistant Professor & Faculty of Computer Applications, Marwadi Education Foundations Group of Institutions, Rajkot
Cloud Security Challenges at a Glance

Introduction widely for resource allocation, memory etc., Any connection regardless of its
Any organization today requires management, detection of malware in scale, relies on data and infringement
dynamism, abstraction and resource clouds using data mining techniques etc. by an unauthorized individual
sharing at a superior level in order to can have large-scale sway on the
Cloud Security Threats at a Glance:
ourish and accomplish maximum business[4].
The threats of CC vary according to the
success. These three requirements delivery model in used. An ideal way is Threats associated with Integrity
mentioned are satised by the one, very to categorize them into condentiality, Data Segregation: It is generally in
genuine computing model known as integrity and availability(CIA)[4]. Some of practice to keep the data in cloud in
Cloud Computing(CC), which is becoming the most common threats categorized in the encrypted form. This improves
the technology trend of the future. The this way are depicted in Fig. 1. security. The data segregation
backbone of CC model is a server which problem emerges when some clients
is considered as a very crucial part behind Threats associated with Condentiality
do not support encryptions due to
the entire processing environment. Server Malicious Insiders: CC presents
the fear that encryption may mislead
environment involved in cloud computing exibility by outsourcing the services,
to devastate the data.
need not be a high-end hardware but but it also adds intrinsic risks of
User Access: Threats due to user
instead it ties together the power of malicious insiders and offensive use
access may happen because of
inexpensive hardware on a larger scale in of login access by an unauthorized
unsafe access control processers
contrast to using lesser amount of servers, person.
which may even enable the outsider
high in quality. It is helpful for an enterprise External Attackers: CC vendors supply
to gain an unauthorized access to the
to use CC capabilities since it allows all Application Program Interface (API)
cloud services and data sources.
for clients to merge with and avail
of their customers to access the data Data Quality: This is a very important
services. Customers utilizing these
from any computer when required, which factor that avoids happening of
APIs are proposing much more
prevents data loss or mismanagement of crashes by malicious insider or any
associated services in order to help
les. This helps an organization to gain outsider. This threat is also commonly
their own clients. Cloud APIs with
improved data security. occurring when multiple customers
frail authentication and access to
CC has become the most preferred data are being hosted by the cloud
command can risk the condentiality
business model of this decade. Since cloud providers.[5]
of the pertaining customer. When
users who are tremendously increased in
the services are deployed, any Threats associated with Availability
recent years tend to keep their data and
vulnerability in the API can endanger Change Management: The cloud
information in the cloud. This raises lot provider is expected to have proper
the security issues for the users,
of issues relating to the aspects of safety change management policies
because of malevolent intents.
and security. Amongst the different issues across all the cloud delivery models.
Data Loss: Data in the cloud is
connected with cloud computing, the Sometimes this may lead to some
prone to plentiful risks, for example,
security is being the most sensitive one. negative effects also that need to be
deletion of record, loss of encryption
This has been already pointed by the addressed.
key, weak encryption, altered data,
International Data Corporation (IDC)[1]
and Aman Bakshi et al.[2].
Since CC incorporates different
technologies used with operating system
such as resource sharing, transaction
management, scheduling, memory
management etc., and also some others
relating to networks databases and so
on. The traditional issues associated
with each one of them will automatically
become part of cloud computing issues
also. Moreover cloud itself consists of
many contexts for security issues. There
is a special category of threats emerge
due to virtualization[3]. This happens due
when a virtual machine is to be mapped
to several physical machines. The data
security consists of methods and policies
relating to encryption and data sharing. Fig. 1: Cloud Security threats based on CIA
Security algorithms are also being used

Denial of Service threat: This is caused to ensure that the shared storage References
normally in public cloud services. management preserves all its data. A [1] Haoyong Lv and Yin Hu, Analysis and
However, the threat can also have time tested encryption plan should be in Research about Cloud Computing Security
an impact on different cloud service place since majority of threats are due Protect Policy, IEEE, 2011, pp. 214-216.
[2] Aman Bakshi and Yogesh B, Securing
models, even may go to the extent to the illegal access to the data, a proper
cloud from DDOS Attacks using Intrusion
of launching applications or services access control mechanism should also be Detection System in VM, IEEE, 2010, pp.
relating to hardware which in turn thought of. It is also needed to have the 260-264.
may cause a denial of service. data security features embedded with [3] Nagaraju Kilari and Dr. R Sridaran, A
Physical Interruption: This threat storage, backup and retrieval procedure. Survey on Security Threats for Cloud
is caused due to the interruption Even though many of the securities Computing, International Journal of
to cloud services caused due to features contain the above capabilities, Engineering Research & Technology
dissimilarities in the physical access there is a need for better awareness[7]. It (IJERT), Vol. 1 Issue 7, September - 2012
ISSN: 2278-0181.
between cloud service providers is also time to think of a proper security
[4] Disha H Parekh and Dr. R. Sridaran, An
and their customers. In case either models which promotes CIA. Analysis of Security Challenges in Cloud
of the office environments are not Conclusion Computing, (IJACSA) International
protected properly or the remote Even though the CC is very much popular Journal of Advanced Computer Science
working is dealt frequently, the and ever growing, the threats associated
and Applications,Vol. 4, No. 1, 2013.
physical interruption threats may [5] Gruschka, N & Iacono, L. L., Vulnerable
with them need to be brought under Cloud: SOAP Message Security Validation
occur. limelight. This includes the threats
Exploiting fragile recovery practices: Revisited, in Proceedings of IEEE
across different levels from network to International Conference on Web Services
This threat will be frequently application, threats relating to the data and (ICWS09), Los Angeles, California, USA,
occurring due to insufficient policies also issues linked with the condentiality July 2009, pp. 625-631.
pertaining to the recovery procedure and integrity and so on. A proper auditing [6] Hassan Takabi, James B.D. Joshi and
whenever the client initiates. This has at dened intervals should be performed Gail-Joon Ahn, Security and Privacy
got an implication on the recovery mandatorily. This would narrow down the
Challenges in Cloud Computing
time also.[6] Environments, IEEE, 2010, pp. 24-31.
security issues connected with the cloud. [7] Lori M Kaufman and Bruce Potter,
Some Threat Avoidance Practices The Service Level Agreements (SLA) Can Public-Cloud Security Meet
Every cloud provider is expected to should also aim at capturing the most Its Unique Challenges, IEEE, 2010,
incorporate the threat management common errors any human may commit pp. 55-57.
capabilities at a gross level in order in the CC scenario. n
Dr. R. Sridaran is a Dean, Faculty of Computer Applications, at Marwadi Education Foundations Group of Institutions, Rajkot,
Gujarat. He is a life member of CSI and also the Founder Chairman for CSI, Rajkot Chapter. He has 15 years of teaching experience,
7 years of industry experience. His areas of interest are Software Engineering, Cloud Computing and E-Learning.
About the Authors
Mrs. Disha H. Parekh Doshi is an Assistant Professor, Faculty of Computer Applications, at Marwadi Education Foundations
Group of Institutions, Rajkot, Gujarat and also a research scholar of Bharathiar University. She has 6 years of teaching experience.
Her areas of interest are Cloud Computing, Virtualization and Applications of Cloud.
Mr. Sudhir Kumar Suman is an Assistant Professor, Faculty of Computer Applications, at Marwadi Education Foundations
Group of Institutions, Rajkot, Gujarat. He has having 2 years of teaching experience.
OBITUARY
Mr. V V P Swamy,
Member, Computer Society of India.
Mr. V.V.P. Swamy passed away on 28th March 2015, in Hyderabad at the age of 72.
Mr. V. V. P. Swamy was one of the early members of the Computer Society of India, Ranchi chapter, along
with other IT stalwarts in Ranchi, such as Mr. R. K. Sandhir of MECON, Prof. Kanta Rao of BIT Mesra,
Mr. Kaushik Roy of HEC. He contributed signicantly to the chapter by bringing in on the table, the then
fast emerging role of computerization in coal mining, explorations, mine planning and development, MIS
and Office Automation. He has given talks in CSI seminars/workshops.
After his retirement from the industry in 2001 till the last days of his life, he kept himself active teaching in several engineering
colleges in and around Hyderabad. While in Delhi, he also worked on themes like Modernization, Mechanization, Automation, and
Computerization in Asian Coal mines.
Mr. V.V.P.Swamy is survived by his wife, Sita Devi and two well-settled daughters, Lakshmipriya and Krishnapriya with their families in
Delhi and Hyderabad respectively. CSI deeply mourns his death and conveys condolence to the bereaved members of his family and
friends. May Gods grace grants his soul to rest in peace.
***

Vipin Tyagi
Guest Editor, Jaypee University of Engg and Technology, Raghogarh, Guna (MP)
National Cyber Security Policy 2013

http://deity.gov.in/content/national-cyber-security-policy-2013-1
VISION : To build a secure and resilient operating a 24x7 National Critical and privacy enabling responsible
cyberspace for citizens, businesses and Information Infrastructure Protection user behaviour & actions through
Government Centre (NCIIPC) and mandating an effective communication and
MISSION : To protect information and security practices related to the promotion strategy
information infrastructure in cyberspace, design, acquisition, development, to develop effective public private
build capabilities to prevent and respond to use and operation of information partnerships and collaborative
cyber threats, reduce vulnerabilities, and resources engagements through technical
minimize damage from cyber incidents to develop suitable indigenous and operational cooperation and
through a combination of institutional security technologies through contribution for enhancing the
structures, people, processes, technology frontier technology, research, security of cyberspace
and cooperation solution oriented research, proof of to enhance global cooperation by
Objectives: concept, pilot deployment of secure promoting shared understanding and
to create a secure cyber ecosystem ICT products/processes in general leveraging relationships for furthering
in the country, generate adequate and specically for addressing the cause of security of cyberspace
trust & condence in IT systems National Security requirements
to improve visibility of the integrity Strategies
and transactions in cyberspace and
of ICT products and services by Creating a secure cyber ecosystem
thereby enhance adoption of IT in all
establishing infrastructure for testing Creating an assurance framework
sectors of the economy
& validation of security of such Encouraging open standards
to create an assurance framework
products Strengthening the regulatory
for design of security policies and
to create a workforce of 500,000 framework
for promotion and enabling actions
professionals skilled in cyber security Creating mechanisms for security
for compliance to global security
in the next 5 years through capacity threat early warning, vulnerability
standards and best practices by way
of conformity assessment (product, building, skill development and management and response to
process, technology & people) training security threats
to strengthen the Regulatory to provide scal benets to Securing E-governance services
framework for ensuring a Secure businesses for adoption of standard Protection and resilience of critical
Cyberspace ecosystem security practices and processes information infrastructure
to enhance and create National and to enable protection of information Promotion of Research &
Sectoral level 24x7 mechanisms while in process, handling, storage Development in cyber security
for obtaining strategic information & transit so as to safeguard privacy Reducing supply chain risks
regarding threats to ICT of citizens data and for reducing Human Resource Development
infrastructure, creating scenarios economic losses due to cyber crime Creating cyber security awareness
for response resolution and crisis or data theft Developing effective Public Private
management through effective to enable effective prevention, partnerships
predictive, preventive, protective, investigation and prosecution of Information sharing and cooperation
response and recovery actions cyber crime and enhancement of Prioritized approach for
to enhance the protection and law enforcement capabilities through implementation
resilience of Nations critical appropriate legislative intervention Opertaionalisation of the policy
information infrastructure by to create a culture of cyber security n
Congratulations!!!
Dr. G. Satheesh Reddy, Hony. Fellow - Computer Society of India, Distinguished Scientist & Director, Research
Centre Imarat, DRDO has been conferred with the prestigious Fellowship of the Royal Institute of Navigation for
his signicant contributions in the elds of inertial and satellite-based Navigation and avionics technologies.
As on date Dr. Satheesh Reddy is the only one to be elected from India for this award.
CSI congratulates Dr. Reddy on receiving this honor.

Cover Sandeep Godbole
Story General Manager, Information Security at Syntel
Improving Cybersecurity using NIST Framework

Cybersecurity refers to the tools, practices, Unlike physical weapons, once created, Each of these ve functions includes
approaches and safeguards implemented to multiplication of the attack weapon the categories and sub-categories along with
protect information and information assets code, is simple and does not consume references. E.g. the category Anomalies
in the interconnected cyber world. The signicant amount of resources. Many such and Events under Detect function includes
internet and the cyberspace has brought attack tools and attack codes are available subcategories:
immense benet to the human society. It over the Internet some for free and others A baseline of network operations and
has brought the world closer and offered at a price. The interconnected cyberspace expected data ows for users and
opportunities where none existed earlier. hosts valuable information assets and also systems is established and managed
New vistas have opened up in multiple attackers who are on the prowl. Protection Detected events are analyzed to
sectors including banking, education, travel, and security is thus an imperative for private understand attack targets and methods
e-commerce, entertainment, governance enterprises and governments alike. The Event data are aggregated and
and many more. Distances and geographical diversity and complex nature of cyberspace correlated from multiple sources and
limitations when transacting and obtaining requires that protection and security be sensors
services have become redundant by the driven by wholesome policies, practices and Impact of events is determined
pervasive nature of the cyber world. This frameworks that address multiple aspects in Incident alert thresholds are established.
indeed is good news for bona de users. It is a cohesive manner. For each of the subcategory
equally good news for individuals or entities The Department of Electronics and references to standards and frameworks
involved in dubious, illegal, criminal, anti- Information Technology under the Ministry like ISO27001, Cobit5, NIST SP 800-
national or unethical activities. Inadequately of Communication and Information 53 have been provided. The table
protected information and information Technology, Government of India notied below provides list of functions and
technology infrastructure provides immense the National Cyber Security Policy in July the corresponding categories. Detailed
opportunities for mischief mongers as well 2013. The Policy is an important document information on all the sub categories
as dedicated and hardened criminals, state that lays down the objectives, vision, mission within each category and the references
actors and terrorists. Corporate espionage, and strategies at a high level. In February can be found in the document. (http://
spying, nancial crimes, identity theft, 2013, the US President issued a Presidential www.nist.gov/cyberframework/upload/
privacy compromises have become matters Order on Improving Critical Infrastructure cybersecurity-framework-021214.pdf )
of concern from a national, commercial Cybersecurity. The order called for the The Framework Implementation
as well as individuals perspective. development of a voluntary, risk based Tiers helps an organization to view itself
Organizations like New York Times, Sony Cybersecurity Framework. In response to in one of the four tiers from Tier 1- Partial
Entertainment, Target, Home Depot, the order, National Institute of Standards to Tier 4 - Adaptive These Tiers reect
Anthem have experienced of advanced and Technology (NIST) developed the a progression from informal, reactive
cyber-attacks that have been sophisticated, Framework for Improving Critical responses to approaches that are agile
stealthy and caused signicant damage. Infrastructure Cybersecurity (referred to in and risk-informed. An organization may
Cyber-attacks are not limited to commercial this article as the Framework) in February select a Tier prole for itself that seems
organizations and national governments 2014. The framework is technology neutral appropriate to its activities and risk prole.
too have borne the brunt. In 2007, Estonia hence can be adopted irrespective of the Framework Prole represents the
experienced cyber-attacks and the Estonian technology implementation. While Indias outcomes based on business needs that
Foreign Minister accused Russia of direct National Cyber Security Framework sets the an organization has selected from the
involvement. The Stuxnet episode that high level context to Cybersecurity and the Framework Categories and Subcategories.
severely damaged Irans Nuclear Program overall approach, the NIST Framework helps Proles are useful to identify opportunities
was an eye opener for the cyber protection organizations in developing an a method for improving cybersecurity. The gap
of Critical Infrastructure. for addressing Cybersecurity risk. It can between the Current Prole and the
A common feature in all these attacks therefore be viewed as complementary to Target Prole identies areas for
was the remote nature of the attacks. The the Indias National Cybersecurity Policy. improvement. This helps in prioritization
attackers were nowhere near the scene The Framework is composed of three parts: of efforts that should primarily be driven
of the crime and in many cases located 1. Framework Core by the organizational risk assessment with
across international borders. Majority of 2. Framework Implementation Tiers reference to cybersecurity.
these attacks came through the cyberspace 3. Framework Proles Frameworks like these provide a great
that provided them an attack route to the The Framework core is composed advantage in meeting the cybersecurity
victim. Serious attacks in the cyber space of cybersecurity activities, desired challenges. They are non-prescriptive and
have moved up from the network layer to outcomes, and applicable references that provide for exibility in line with the risk
the application layer. Unpatched systems, are common across critical infrastructure prole of the organizations. Frameworks
outdated software provide avenues to sectors. The Framework Core has dened provide a much needed guidance and
attackers. Sophisticated attacks are known ve FunctionsIdentify, Protect, Detect, reference to ensure that basic processes
to exploit vulnerabilities that are not yet Respond, Recover. The ve when viewed and the building blocks necessary for
known in public domain (zero day). The sequentially can be come close to a resilience and recovery are identied. The
weapons used in cyber-attacks is code. cybersecurity risk management cycle. Framework has identied categories and

Function Unique Catagory Unique
Function Catagory
Identier Identier
Identify ID .AM Asset Management
ID .BE Business Environment
ID ID .GV Governance
ID .RA Risk Assessment
ID .RM Risk Management Strategy
Protect PR .AC Access Control
PR .AT Awareness and Training
PR .DS Data Security

PR PR .IP Information Protection Processes and
Procedures
PR .MA Maintenance
PR .PT Protective Technology
Detect DE .AE Anomalies and Events
DE DE .CM Security Continuous Monitoring
DE .DP Detection Processes
Respond RS .RP Response Planning

RS .CO Communications
RS RS .AN Analysis
RS .MI Mitigation
RS .IM Improvements
Recover RC .RP Recovery Planning
RC RC .IM Improvements
RC .CO Communications
sub-categories that can map to or spawn comes from implementing preventive References
specic processes. Eg the sub category (Identify, Protect), detective (Detect) and [1] Framework for Improving Critical
Event data are aggregated and correlated corrective (Respond, Recover) measures Infrastructure Cybersecurity
from multiple sources and sensors requires against cyber attacks. Processes, by NIST (http://www.nist.
that organizations dene and implement controls and technology that ensure that g o v/c y b e r f r a m e w o r k /u p l o a d /
comprehensive processes and capabilities requirements dened by the categories/ cybersecurity-framework-021214.pdf )
for log/alert denition, generation, sub categories are addressed help to [2] Notication on National Cyber
collection and correlation. The Framework build an organization that is secure and Security Policy -2013, Govt of India
provides for informational references that resilient from cyber attacks. NIST has (http://deity.gov.in/sites/upload_
can be useful in this regard. thus provided a reference and framework f i l e s /d i t / f i l e s / N a t i o n a l % 2 0
The framework underscores the that organizations can adopt to evaluate Cyber%20Security%20Policy%20
point that there is no silver bullet themselves and build cyber security (1).pdf)
against cyberattacks. The capability capability. n
About the Author
Sandeep Godbole works as Dy General Manager, Information Security at Syntel. He is a Past President of ISACA
Pune Chapter. Sandeep is a speaker at national and international events and conferences. He can be reached at
Sandeep_godbole@yahoo.com. The views expressed in the article are his own and do not necessarily reect those of
his employer or anybody else.

Cover N J Rao
Story Vice Chancellor, Jaypee University of Engineering and Technology, Raghogarh, Guna - MP
Cyber Security : Issues and Challenges

India is marching towards Digital India Security, the gap between means to check Create new exible access control
as the world is about to commemorate attacks and actual attacks seems to be technologies which are ethical,
"World Telecommunications Day this increasing. The impact after threat is large. less dependent on dynamic
month. All the citizens of the country need The answer lies in renewing efforts on identities, using more reliable way of
connectivity through digital means. If this cyber-security activities to assure netizens management in a distributed world
dream has to be realized, we need policies, that the ICT activities are safe and Indians We need better risk mitigation
techniques and procedures which address dream of digitization is based on sound strategies for the whole system
to issues of Cyber Risks and Security to system founded on security and reliability. through precise, reliable, realistic
guarantee success to these concepts. With over a billion personnel with measurements to help management
Cyber attacks are global, cyber cloud storage accounts, organizations are at all levels from technical to top level
security risks are universal and these are providing cloud space free. This is with with assured levels of security
not the concerns of India alone. Satellites, a risk. The storage is in a domain where Create mechanisms which ensure
power grids, thermal power plants, websites, there is no freedom. Our data is not stored trust in dynamic environment where
banks and almost all systems attempting with us, it is stored elsewhere,. Result identities are protected, anchors of
to be digital, are prone to cyber attacks is application of rules and laws of that trust exist and those interacting are
all over the world. As we march to 2020, country where it is stored. The protection trustworthy. This is in a transparent
we are looking a world of 7 billion people, of personal information is a matter of domain
50 billion devices connected to internet or serious concern. We need advancements Develop mechanisms for ensuring
7 devices per capita. As internet device in technological solutions and ease of digital rights and protecting privacy
use increases, there is increase of security their availability without compromising with assured empowerment of user
threat, and the need for R&D activities in on Privacy and Security. Technological to manage their data and avoid
these areas. The world will fell the shortage solutions need to be developed to empower anonymous usage.
of specialists and experts in Cyber Security users with full control on their own data as Create protocols for creating
eld. Our safety and privacy increase well as to provide technological support to increased awareness on issues of
are inuenced in our daily life, as our assist in regulating the protection of data. security, risks and cyber incidents to
dependency increases on mobile phones, There has to be a strong international
form a healthy base for use.
computers, programmable machines, cooperation to implement this. There
Human values, morals and ethical
intelligent surveillance cameras, etc. In has to be understanding on issues and
behaviour stand far above freedom. There
other words our activities get interlinked challenges of Cyber Security, Reliability
seems to be an erosion in these facets
to ICT age. and Availability with Privacy along with
and quantum jump in unethical practices,
As ICT dependence is growing, so is coordination in approach among world
corruption and loss in concept of fellow
the opportunities for attackers, providing community of nations.
feeling. This is a cause of serious concerns
them increased surface to operate, The issues and problems needing attention
of global community of researchers are : and calls for redening these facts and
providing them greater potential to damage establish new norms particularly in IT-
and create havoc. Todays netizens are under Social networks functioning on
issues of Security and Privacy with act with regard to freedom of expression,
increasing stress due to words like Disrupt,
emphasis on Malware Detection acceptable code of conduct, cyber security
Destroy, Damage, Down. People are
The engineering process design and and control. The need of the day to create
worried. The core issues is Cyber Security
production methodologies need to cyber system which while meeting the
and Dependability.
focus on the product developments basic parameters of utility, cost and ease
Todays attackers/hackers are ahead of
time, proactive while the people responsible where security, privacy are assured in with security must be sustainable. This
for ensuring security and reliability, namely software designs stems from the following parameters
systems and R&D personnel are reactive. Create mechanisms which will - Must ensure continuous service with
They think in general after the event to nd provide avenues for improved prot and productivity. The system must
solutions. Current practice of cyber security methods for cyber attacks detection use resources which are recoverable and
and defence is too late to act. The cyber - better response and sharing of recyclable. The system must ensure efficient
security researcher is often chasing the information on prevention of cyber energy and environmental management.
attacker, trying to nd one more innovative attack -The system must ensure creation of
solution to combat the attackers move after Create manpower with better suitable human resources which is dynamic,
the damage. This needs to change. We need qualication/training and skills forward looking and is ahead of its time.
researchers ahead of attackers, anticipate on cyber security matters through - All this must be capped with
the moves, create defence mechanisms public-private partnerships adequate address to social security, safety
ghting the vulnerabilities, working towards Create mechanisms for protection and sustainability ensuring freedom of
systems which the hackers cant hack. of personal data in third party individual and security to society.
These are immense challenges. domain namely, social networks, -Issues of ethics must weigh heavily
The motivation for attacking is cloud providers, outsources during along with rights and freedom
increasing along with their numbers. In various phases of its life cycle i.e., That is the challenge to new age
spite of increasing R&D activities in Cyber transmission, processing or storage cyber R&D community. n

Cover Richa Garg*, Ravi Sankar Veerubhotla** and Ashutosh Saxena***
Story *Senior Associate, Cognizant Technology Solutions

**Research Scientist, Infosys Labs, Hyderabad
***Associate Vice President, Infosys Labs, Infosys Ltd., Hyderabad
Security, Privacy and Trust in Social Networking Sites

To embrace social networking sites or not, is a dilemma for many online entities today
Today, Social Media[1] is instrumental conclude this article by suggesting a trade-
for rapid communications across the off between usability, security and privacy
globe. It channels the social interactions aspects of the SNS to reap the best out of
using extremely accessible and scalable them for the individuals, relying parties
publishing methods over the Internet. The and the enterprises.
major objectives of social media include Background
connecting individuals, communities With the proliferation of Web 2.0, SNS
and organizations for exchange of ideas, has become an integral part of our life.
sharing interests and collaboration. The The reason behind the tment of Web
social media has generated numerous 2.0 for SNS is that many components of
business opportunities[2] for enterprises, Web 2.0 are suitable for the evolution
aimed at marketing and managing and sustenance of SNS. People use the
customer relationships. Popular social social networking platform to share their
media tools include social networking sites personal and professional data, thereby Fig. 1: Building blocks and applications of
(e.g., Facebook, LinkedIn, and Twitter), expediting the ow of information. A Social Media Source: Infosys Research
collaborative projects (e.g., Wikipedia), prevalent social networking site Facebook
content communities (e.g., YouTube) and has reached one billion active users steps taken up by individuals
blogs (e.g., Blogger). Social media has in October 2012[4]. The reason for the or enterprises to highlight their
introduced substantial change in the way skyrocketing popularity of SNS is that presence and generate public trust.
people communicate. Further, access to they provide a platform for users to From an individual perspective, the
social media is expanding through mobile share the information, organize events intention for branding on SNS could
devices. The blend of location based and distribute their photos or videos in a be to seek for better opportunities,
services, mobile technology and social friendly manner. whereas for an enterprise, it could
media facilitates the users to update their Today, many enterprises are stepping bring awareness to public, generate
current location, share their views on out of their corporate walls and embracing positive impression and attract new
visiting places and use the data to discover the social networks[5]. In the changing customers. SNS has a potential to
a new location or a service. scenario, SNS are not only benecial
At the same time, social media has connect millions of individuals. Hence
for the individuals but also useful for it is an effective tool for personal or
instigated specic concerns related to
the enterprises. Some employers chose corporate branding.
users security and privacy. For example,
SNS as a rst hand tool to vouch for Digital Marketing Enterprises use
an ignorant click on a shared link over a
the professional details of an individual different marketing techniques to
social networking site by an employee
during the recruitment phase. Different sell their offerings. However, digital
may prove catastrophic for the entire
organization. Similarly, a real time, enterprises recognized this platform marketing through SNS has gained
location update from users on the Social as a potential business opportunity popularity these days. SNS channel
Networking Sites (SNS) may turn out to since it connects them to their existing opens up new business opportunities,
be a serious threat for their privacy. For customers as well as a large number of helps in customer identication,
these reasons, many individuals as well as new users, for expanding their customer acquisition, retention and also
organizations are skeptic to endorse them. base. SNS offer open communication simplies the communication
However, few enterprises chose to design thereby enhancing information discovery process.
their own social networking sites [3] limited and delivery. Nowadays, individuals Social E-commerce SNS aid in the
to their employees. prefer to read product reviews of existing promotion of e-commerce websites.
This article aims to discuss various customers on the Internet blogs rather The e-commerce portal owners
aspects related to social media in general, than looking at the companys brochures utilize banners over SNS (as a means
with an emphasis on Social Networking or advertisements. If a company can of advertisement) which are not
Sites (also known as Online Social quickly resolve a complaint raised by its limited to one geographical region
Networks) that are predominant on the customer on a social networking site, it and reach out to a large number of
Internet. In specic, we identify several can bring customer satisfaction as well customers, across the globe.
advantages of adopting social networking as avoid negative publicity from unhappy Location Based Social Networking
sites and also determine the associated customers. (LBSN) The integration of SNS and
risks; primarily related to security, privacy Overall, SNS found its application in location-based services, altogether
and trust. We also present various many areas as shown in Fig. 1. Few of them adds a new dimension to the usage
parameters based on which these social are listed here of SNS. It creates a unique domain
networking sites can be evaluated. We Branding Branding refers to the of enquiry to cater users needs

at a new location. Popular LBSN may happen via user posts, tweets The fact that most of the current SNS do
applications such as Foursquare[6] and email communications. These not respect the privacy of the user data,
and Gowalla [7] allow users to attacks are also used by intruders to is not because of the technical difficulties
reveal their whereabouts and nd obtain the users credentials and gain but rather a design choice made by the
about their friends with the help access to the network. After gaining providers of SNS. A list of privacy concerns
of their handheld devices. Besides, access to the network, the attacker common among SNS users is as follows.
LBSN is also used for promoting may spread spam mails and steal Data Privacy Users share their
advertisements, tradeshows and proprietary or condential data. The personal and sometimes sensitive
offering rewards. attacker may cache or modify the information on SNS. This may
Social Gaming - Few individuals victims prole leaving it vulnerable lead to privacy breaches[10] unless
perceive social networking platform to new attacks. appropriate privacy settings are
as a source of entertainment as well, Threats from 3rd party applications applied for the users prole. Though
since it supports sharing anecdotes, SNS offer the integration with SNS provide a range of prole
jokes and online gaming, facilitating third-party applications. These privacy settings, most of the users
global participation. SNS also applications initially seek permission are either unaware of them or nd
empower the people with common from the user to access personal the mechanism as complex. If the
interests to connect, share and learn information present in the user users prole has the default setting
from each other. prole. The user clicks on Allow as public, then all the information in
button, potentially losing control the prole is visible to everyone. This
Risks and Challenges
over the shared data. Some of these way, everyone can view the personal
The massive growth of SNS has brought
applications, serving the intended information, associations, activities,
numerous benets to online communities,
purpose in the foreground may also interests and alumni information
but also generated a large number of
download a malware on the users which may lead to undesirable
security concerns. The SNS operate in
machine without their knowledge. consequences. Accepting requests
public domain. Hence, they also provide
Legal Aspects - The legal risks from unknown people may also
a vulnerable platform to be exploited
associated with the use of SNS adversely affect users privacy. The
by the attackers. Some of the risks and
for an organization can be broadly unknown friend may abuse the
challenges associated with adoption of
summarized as follows. users trust and may try to capture
SNS are as follows.
Liability due to the breach of the sensitive information. Besides,
Security Concerns users cant control what others can
organizations security as an outcome of
Identity Misuse The impersonation post about them. This way, privacy
the attack originated from the SNS.
of a legitimate user by an attacker can of both the user and the associated
Legal implications as a result of
result in Identity misuse. The attacker friends is at stake.
the leakage of third party condential
may capture users information and Tracking Users A recent surge of
information due to the use of SNS.
harm them subsequently. Consider LBSN has invited serious concerns [11]
Risks associated with attacks against
an attacker who creates a fake HR on users privacy. A real time update
the employees through social networking
representative prole on a social on users location may prove intrusive
sites or associated applications.
networking site. The attacker to the users since the third parties
Implications due to posts from
posts an attractive job opening and may collect personal information
employees or outsiders that spread
legitimate users may become the of the roaming users. This way,
rumours, cause hatred or communal
victims by sharing their resumes. The outsiders probing into the users
violence.
attacker may use these resumes to personal information can cause them
Defamation suites due to posts
gather victims personal information, physical security concerns. Likewise,
from employees on SNS that caused
share it with the third parties or sell employers may also use SNS as a tool
reputation loss to third parties.
to an advertising agency. to keep a check on their employees.
Similarly, SNS may also implicate
Moreover, adding plenty of personal For example, the HR agency may
the individuals. Individuals may face legal
information in public proles may also attach itself to the employees to keep
charges in the following scenarios.
cause signicant damage to individuals a track on them and monitor their
on SNS. The information revealed on the Posting offensive content against a
posts.
SNS such as full date of birth, mothers particular entity, community or country.
Identity Federation Challenges
maiden name and e-mail can allure the Anti-legal or anti-national activities
Identity Federation is the technique
attackers since many nancial institutes of individuals using SNS.
used to share identity across multiple
also use this information as a part of user Leaking condential information on domains. Nowadays, many online
identication. The probability of such SNS websites offer users to login using
attacks can increase further, if the user Invading on someones privacy. their Facebook account. The primary
accepts requests from strangers. There Privacy Concerns purpose here is to add convenience
can be potential data leaks through these Privacy, in social networking sites to the users so that they need not
unknown friends and entities. remained a complex problem as the to create multiple accounts. But
Malwares, Viruses and Phishing Attacks concept of social networking and user this ability presents tough privacy
Malware and Virus attacks[8, 9] privacy are quite opposite to each other. challenges because users do not

have the visibility on how and to what be used for Internet bullying[1] which data minimization and the data protection.
extent their personal information may cause physical and emotional Data minimization principle restricts the
could be shared among third party distress to the users. data collection to what is directly relevant
applications. Impact on Human Relationships and necessary to accomplish a specied
Trust Concerns With the proliferation of SNS, human purpose. The data should be used for
Trust, in social networks, plays a vital role communication and relationships have purpose it was collected and preserved for
for their adoption and is an active area[12] picked up a new facet. Although SNS a specied period only. Data protection
of research. Due to the high susceptibility offer an effective way of socialization, its principle aims to protect the rights and
of Internet, it is necessary to identify with intensifying addiction is making people choices of individuals with respect to the
whom we are communicating or dealing not-so-social. People tend to spend their processing of personal data by providing
online. However, it is very difficult to identify time on these SNS rather than directly guidelines to process the data. SNS should
and establish trust for an individual on interacting with family and friends. Instead consider personal data protection as
SNS as there is hardly any direct contact. of sharing their travel plans with relevant signicant and allow users to choose or
Considering two entities A and B, entity A is people, individuals tend to post a message device appropriate privacy settings. In
said to trust entity B when entity B behaves on Twitter or on Facebook. Moreover, SNS fact, the default settings of SNS should
exactly in the same way as entity A expects. platform (being an electronic medium) is provide adequate security and privacy for
This expected behavior is often refuted by a poor means for conveying the emotions. user data. SNS shall provide an interface
attackers to exploit the individuals on SNS. This emotional invisibility can further for users to correct errors in data or
Different trust related concerns in SNS are affect the human relationships. posts relevant to them. FaceCloak[13] is
as follows. an architecture proposed to protect user
Evaluation Parameters privacy on a social networking site by
Online Trust and Reputation
Due to the known risks associated with shielding a users personal information
Management Trust provides a
the use of SNS, it is important to assess from the SNS and unauthorized users.
decision support system in SNS. Users
SNS before adopting them. The analysis FaceCloak achieved the goal by providing
often trust their friends, connections
can help in identifying suitable social fake data to the social networking site
and even friend-of-a-friend (FOAF).
networking channel for a specic context. and by storing the sensitive data in
But attackers use different techniques
Few parameters which can help in this encrypted form on a separate server.
to abuse users trust. For example,
evaluation are as follows - Safebook[14] also attempted to provide a
the attacker creates fake identity
Level of Customization of access secure architecture for privacy preserving
of the legitimate user and exploits
controls and a trusted online social network using
the users connections. Similarly, a
Active protection of information de-centralized approach based on P2P
group of individuals may establish
related to user architecture.
certain behavior among each other
Controlling Customized search Cryptography based techniques
and provide unfair ratings such as
options can be used to enhance the security of
exaggerated recommendations
User-friendliness in conguring SNS. These techniques include Broadcast
to each other. In some cases, a
privacy settings encryption[15,20], Group key exchange[16],
disgruntled employee may post
Explicit privacy policy statement Privacy preserving data mining[17] and
some adverse comments which
from SNS communication protocols like zero
could damage the reputation of the
Data retention policy for SNS knowledge[18]. Broadcast encryption is
employer.
Privacy policy for applications on SNS a technique to deliver the content to a
Trusting SNS Operators Whatever
Privacy Monitoring for SNS users large group of people in encrypted form.
users post or upload content in their
Ownership of the User data It is useful to share updates on SNS
prole on SNS, the information is
Tracking options on how users with a large number of relevant users
usually available with SNS operators.
information is disseminated or friends in a secure manner. EASiER
Therefore, users cant trust SNS
Reporting mechanisms for spam/ in [19] presented architecture to support
operators in the rst place. SNS
abuse broadcast encryption over the SNS. It
operators can retain a copy of the
Trust and Reputation management offers ne-grained access control on
account data even if the original
on SNS. the users data by using attribute-based
account is deleted by the user. Also, if
the data available with SNS operators Improving Privacy, Security and Trust encryption, where user attributes are
is in an unencrypted form, it means a Management used as encryption key. In this scheme,
direct threat to the user. SNS operators are custodians for the it is also possible to remove access from
Social Engineering The technique large volumes of user data available with an existing user without issuing new
to persuade the users to disclose them. They are responsible for storing, keys to other users or re-encrypting
their personal and condential disseminating and processing user existing cipher texts. This is achieved
information such as passwords data. They should also restrict the use by creating a proxy that participates in
and employment details is known of personal data through transparent the decryption process and enforces
as Social Engineering. Attackers methods governed by the security policies revocation constraints. The SNS itself can
use such a non-technical means and statutory laws. Two popular privacy act as the proxy, who is minimally trusted
to exploit the users trust on SNS. management principles that can be used and cannot decrypt ciphertexts or provide
Moreover, Social media platform can to enhance privacy aspects in SNS are access to previously revoked users. The

steps used in this scheme are- social network. Trust Modeling is mainly measures to avert them. They should
Owner encrypts the data with set of qualitative approach based on certain tailor their product to meet the
attributes and shares the attribute parameters such as users association, competitive online environment and
keys with its contacts. activities, social status and popularity. minimize security risks. SNS shall
To share the data with selective One such case is OST [23] which tries to allow users to choose their security
contacts, the owner rst sends the address the problems of social trust with settings, respect condentiality and
encrypted content to the proxy. a trust model based on social activity and privacy of user data. They also should
Proxy (using its own key) will convert transactions. Digital signatures [18] using respect the legal framework of the
the encrypted content in such a way x509 certicates can further enhance trust countries they operate and cooperate
that only authorized users will be in online transactions. Code signing of SNS with law enforcement agencies.
able to decrypt the content with their applications can verify the authenticity and
Future Directions
set of attributes. integrity of these applications.
SNS is a rapidly expanding segment in
When revocation happens on a Online auction and shopping platform,
Information Technology. W3C organized
contact or attributes are changed, EBays[24] Trust and reputation management
only proxy has to be updated with a workshop[25] to discuss the current
system is a good example to describe trust
the new key. Rest users need not to challenges in SNS to allow a healthy
building and propagation. It collects a set
update their key and also content expansion of it in future. The key listing is
of facts about the service providers on their
need not to be re-encrypted. as follows.
portal. In this system, customer provides
At the same time, proxy itself does Distributed social networking, to
feedback about the service provider. The
not have enough attributes to decrypt maximize the benets for the users
collected information about the service
the content itself. by using interoperable formats and
provider is aggregated and notied to
Group key exchange is particularly used protocols.
relying parties as the reputation level of the
to establish a session key among the group. Preservation of privacy by following
service provider. Similarly, sellers can also
Ideally, the key is generated by the entire the best practices, both for the user
rate the buyers. Few social networking sites
group and everybody arrives at the same and the provider.
use similar system and allow endorsement
key at the end of the protocol. This removes Exploring context in the social
for a user (or skillset) from the rest of the
the problem of sharing the secret key with networking industry.
SNS users.
large number of users. In fact, Broadcast Address the disparity between
encryption methods can be combined Role of Stakeholders current implementations of SNS
with Group key exchange methods[20] A realistic approach for adopting SNS and the devices or capabilities of all
as well. Further, Privacy preserving data shall maximize the benets of SNS while users of the Web.
mining techniques[21] allow computations keeping risks at a possible minimum. The outcome of W3 workshop
or processing of data in encrypted form This needs a combined effort from Users, combined with efforts from governments,
without decrypting it. These techniques Organizations and SNS operators as well. global researchers, International
allow SNS operators or third parties to run Users should protect their accounts organizations and SNS operators can make
queries and establish relationships for user by strong passwords, using SNS a better and safer medium to interact.
data, preserving privacy of user data on SNS. appropriate privacy settings and
Conclusion
Zero knowledge protocol[18] based methods secure connection (HTTPS) to log-
In this work, we illustrated the potential of
permit SNS users to prove a statement or on to the SNS. They should be aware
social networking sites and determined
conrm the position of condential data of the security implications of their
the associated risks. We also presented
to third parties without relieving the actual actions on SNS while sharing their
various parameters based on which social
information. information prudently.
networking sites can be evaluated. However,
The increase in distrust over SNS is Organizations may implement a
combatting the security challenges posed
primarily due to the presence of multiple multi-layered approach to tackle
by social networking sites need a united
avatars of some online users on SNS and the security threats such as using
effort from the Users, Organizations and the
sophisticated attacks [8,9] happening on rewalls and monitoring user
SNS operators. Users should protect their
SNS to steal personal data. An Identity and activity. The security policies and
personal information prudently to avoid any
Trust management system is crucial for user guidelines should be in place
identity misuse or theft. Organizations and
the adoption of SNS. It provides a decision to mitigate the threats from SNS for
SNS operators should create a balance by
support system for online users who cant their organization. The employees
enforcing adequate security measures to
check the authenticity physically. Users rely should also be educated to avoid
reap the best results. Despite of the inherent
on this system to reinforce their trust in an social engineering attacks. Additional
risks, social media possibly will remain as a
online entity and transact. security measures include the
powerful communications channel, acting
Trust management schemes in SNS deployment of anti-virus software
as a dynamic source for information, talent
are responsible for building and propagating and intrusion prevention systems
and customers.
trust. They use Trust Modeling and Trust to counter the threats originated
Metrics to establish trust in online users from SNS. Disclaimer
identity. Trust Metric [22] is a measure to SNS Operators should apply security All the logos, product names and trademarks
depict how much a particular individual patches as soon as a threat is are owned by the respective owners and
can be trusted by the relying parties in a reported and also take preventive the authors have no intention to use them

in anybodys favor. Without any prejudice, Mulazzani, Edgar Weippl, Gerhard Press, 2008.
the authors presented their views and Kitzler, Sigrun Goluch. IEEE, Internet [17] Privacy Preserving Data Mining.
understanding of various technologies. The Computing, pp. 28-34, 2011. DOI - Yehuda Lindell, Benny Pinkas. In Journal
views presented in this paper are authors 10.1109/MIC.2011.24 of Cryptology, pages 177-206, 2002.
personal and need not represent the opinion [10] Exploiting Vulnerability to Secure User [18] Applied Cryptography: Protocols,
of their parent organization. Privacy on a Social Networking Site. Algorithms and Source Code in C.
Pritam Gundecha, Geoffrey Barbier, Bruce Schneier. Second Edition, Oct,
References Huan Lui. ACM, SIGKDD International 1996. ISBN-10: 0471117099
[1] The Complete guide to Social Media Conference on Knowledge Discovery [19] EASiER: Encryption based Access
from the Social Media Guys, http:// and Data Mining, August 2011. DOI - Control in Social Networks with
www.thesocialmediaguys.co.uk/wp- 10.1145/2020408.2020489 Efficient Revocation, Sonia Jahid,
content/uploads/downloads/2011/03/ [11] Location Privacy An Overview. Prateek Mittal, Nikita Borisov, ACM,
CompleteGuidetoSocialMedia.pdf Micheal Decker. IEEE, 7th International ASIACCS11, March 2011.
[2] The Social Economy: Unlocking Conference on Mobile Business, July [20] Binding Broadcast Encryption and
value and productivity through social 2008. DOI - 10.1109/ICMB.2008.14 Group Key Agreement. Qianhong Wu,
technologies, McKinsey Global [12] Web 2.0 Social Networks: The Role of Bo Qin, Lei Zhang, Josep Domingo-
Institute, July 2012. http://www. Trust. Sonja Grabner-Krater. Journal Ferrer, and Oriol Farrs, ASIACRYPT
mckinsey.com/insights/mgi/research/ of Business Ethics, Springer, December 2011, LNCS 7073, pp. 143-160, 2011.
technology_and_innovation/the_ 2009. DOI - 10.1007/s10551-010- [21] Privacy Preserving Data Mining
social_economy 0603-1 Research: Current Status and Key
[3] IBM Beehive, http://www-01.ibm. [13] FaceCloak: An Architecture for User Issues. Xiaodan Wu, Chao Hsien
com/software/ucd/gallery/beehive_ Privacy on Social Networking Sites. Chu, Yunfeng Wang, Fengli Liu,
research.html Wanying Luo, Qi Xie, Urs Hengartner. Dianmin Yue. ICCS 07 Proceedings
[4] 1 Billion Facebook Users on Earth, IEEE, International Conference of the 7th international conference on
h t t p : //w w w . f o r b e s . c o m /s i t e s / on Computational Science and Computational Science, Part III: ICCS
limyunghui/2012/09/30/1-billion- Engineering, August 2009. DOI - 2007, pp. 762-772
facebook-users-on-earth-are-we- 10.1109/CSE.2009.387 [22] Trust Metrics. John Erickson.
there-yet/ [14] Safebook: A Distributed Privacy IEEE, International Symposium on
[5] A Social Collaboration Platform for Preserving Online Social Network. Leucio Collaborative Technologies and
Enterprise Social Networking. Minbo Antonio Cutillo, Rek Molva, Melek Systems, CTS09, May 2009. DOI -
Li, Guangyu Chen, Zhe Zhang, Yi Fu. nen. IEEE, International Conference 10.1109/CTS.2009.5067467
IEEE, 16th International Conference on World of Wireless, Mobile and [23] OST: The Transaction Based Online
on Computer Supported Cooperative Multimedia Networks (WoWMoM), Trust Model for Social Network and File
Work in Design (CSCWD), June 2012. pp1-3, June 2011. DOI: 10.1109/ Sharing Security. Ming Li, Bonti Alessio,
DOI -10.1109/CSCWD.2012.6221890 WoWMoM.2011.5986118 Wanlie Zhou. IEEE, 8th International
[6] https://foursquare.com/ [15] Long-Lived Broadcast Encryption. Juan Conference on Embedded and
[7] http://en.wikipedia.org/wiki/Gowalla A. Garay, Jessica Staddon, Avishai Wool. Ubiquitous Computing, pp. 826-832,
[8] An Analysis of Security in Social LNCS, Advances in Cryptology Crypto 2010.
Networks. Weimin Luo, Jingbo Liu, Jing 00, pp.333-352, 2000. DOI - 10.1007/3- [24] EBay Trust and Safety Discussion
Liu, Chengyu Fan. IEEE, International 540-44598-6_21 board, http://forums.ebay.com/db2/
Conference on Dependable, Autonomic [16] Securing Group Key Exchange against forum/Trust-Safety-Safe/107
and Secure Computing, December Strong Corruptions. Emmanuel [25] W3C Workshop on the Future of Social
2009. DOI -10.1109/DASC.2009.100 Bresson, Mark Manulis. ACM Networking, January 2009, Barcelona.
[9] Friend-in-the-Middle Attacks: Symposium on Information, Computer http://www.w3.org/2008/09/msnws/
Exploiting Social Networking Sites and Communications Security report.pdf
for Spam. Markus Huber, Martin (ASIACCS08), pages 249260. ACM n
Richa Garg is a Senior Associate at Cognizant Technology Solutions. Prior to that, she was a part of Infosys Labs at Infosys
Limited. She received her Master of Engineering (M.E) degree from Panjab University, Chandigarh in summer 2007. She
is also a certicated SSCP Professional. Her primary research interests include PKI, Key Management, DRM and Strong
Authentication.
Ravi Sankar Veerubhotla is a Research Scientist at Infosys Labs, Hyderabad. Prior to that he worked as a Principal consultant
(Security Practice) in a multi-national company. Ravi received a PhD (2006) in Computer Science from University of
Hyderabad, India. He also obtained his MPhil Computational Physics (2000) and MSc Electronics (1998) degrees from the
About the Authors
same university. He is also a certied CISSP, CISA and PMP professional. His primary research interests include Digital Rights
Management, Digital Fingerprinting, Public key Cryptography and Encryption Technologies.
Ashutosh Saxena is an Associate Vice President at Infosys Labs, Infosys Ltd., Hyderabad, India, and received his MSc (1990),
MTech (1992) and PhD in Computer Science (1999). The Indian government awarded him the post-doctorate BOYSCAST
Fellowship in 2002 to research on Security Framework for E-Commerce at ISRC, QUT, Brisbane, Australia He has authored
the book titled PKI Concepts, Design and Deployment, published by Tata McGraw-Hill. He also co-authored more than 80
research papers and several patents. His research interests are in the areas of authentication technologies, data privacy, key
management and security assurance.

Cover Shruti Chhabra* and V S Dixit**
Story *Department of Computer Science, Acharya Narendra Dev College, University of Delhi, India, arora.shruts@gmail.com
**Department of Computer Science, Atma Ram Sanatan Dharma College, University of Delhi, India, veersaindixit@rediffmail.com
Comparative Evidence of Cryptographic

Based Algorithms under the Cloud Computing
Environment to Ensure Data/System Security
Abstract - Cryptography is considered as the strongest tool for controlling against multiple security threats. Information and data
security is the primary concern for Cloud computing users. The data of all the customers are stored on the cloud. Therefore, CSP is
responsible for providing security measures to secure data by including use of cryptography and encryption algorithms to achieve
data/system goals like Condentiality, Integrity, Availability, Authenticity, Accountability and Non Repudiation. This paper aims
to identify, analyze and report the evidence published in the literature (In major journals and conference proceedings) of different
cryptographic security algorithms.
Introduction Elasticity: This provides exibility of Private Cloud: The enterprises can
Cloud Computing is an emerging allocation and de-allocation of resources have their dedicated cloud infrastructure.
technology which provides on-demand as the requirements expand and shrink of This provides data security to the cloud
resources over the Network. Cloud users the Organization[3]. users.
can access resources and services anytime Measured Services: Cloud Hybrid Cloud: Such clouds are a
and anywhere as per requirement. The Computing applies pay-per-use model. combination of the private and public
resources can be in the form of storage, This requires keeping track of usage of cloud. Sensitive information is placed on
software applications, servers, network, services or resources by the user and thus the private cloud and rest on public cloud.
etc. The customers have to pay just for the maintaining transparency between both Community Cloud: Organizations
services availed by them i.e. according to the CSP and the cloud user. with common interest or motive like policy
pay-per-use utility model. An Organization Cloud Business Models considerations or security requirements
providing Cloud Computing services is Cloud computing also offers various forms the community cloud.
known as Cloud Service Provider (CSP). business models for the customer to Cloud Security Issues
Cloud services have to be reliable and choose from[7]: Despite of various benets and services
scalable to provide ubiquitous network Software as a Service (SaaS): Allows provided by Cloud Computing, there are
access and dynamic resource allocation to access to an application and its data several security issues related to it:
the clients. center without the need to install it. The Data security: CSP are responsible
The nature and Quality of Service application can be accessed via a network. for securing data of the customers.
(QoS) expected by the customer and Platform as a Service (PaaS): The security threats can be due to data
other details are specied in a negotiation Provides the platform to the software leakage, attacks by customers, lack of CSP
agreement known as Service Level developers of the organization to build security, etc[5].
Agreement (SLA)[2]. CSP is responsible their own software applications. The Physical security: Physical data
for meeting various QoS parameters of platform includes operating system, centers can be attacked by intruders
clients as per agreed and mentioned in database server, and programming (malicious internal employees and
their respective SLAs. language execution environment. external people). Natural disasters like
Benets of Cloud Computing Infrastructure as a Service (IaaS): oods, re and theft can also damage data
As per NIST, Cloud Computing provides Provides the complete infrastructural centers[4, 5].
several benets to the organizations[1]. resources such as Servers, network, Malicious Insider: Data can be
They are: software applications and virtual misused by the employees of the
On-demand resources: A customer networks. organization who have authorized access
can avail resources from the cloud as per Cloud Deployment Models to the data[7].
requirement[4]. Cloud Computing gives the users Account Hijack: By stealing the
Ubiquitous network: Resources capability to choose amongst various username and password of the account,
can be accessed via a network using any deployment models[7]: the intruders can misuse the sensitive
device (mobile, laptop, tablet, PC) having Public Cloud: The resources are data of the cloud user.
Internet connection on it[4]. provided by the CSP publicly on the Denial of service: The resources can
Multi-tenancy: Cloud Computing Internet. This raises concerns for data be used by the attacker such that only
allows several users to share resources security as the malicious users can try to few are left for the cloud user, making the
from the resource pool provided by the CSP. access it. system slow. Such kind of attack is termed

as Denial of Service attack. Some additional goals are:
Cloud Security Measures Authenticity: Authentication
Cloud Computing is widely accepted by means verifying that the user
several organizations all over the world. accessing the data is genuine.
Thus, there is a need to take various The identity of the sender and
security measures to maintain data receiver of the information
security in the cloud. Few of them are must be veried.
listed here [5, 3, 7]: Accountability: It helps to
Choose the best CSP after the careful trace the responsible party/
due-diligence. entity in case of any security
Transmission of data should be from breach. The actions of all the
a secure channel. entities must be maintained for
Regular auditing of the security security purposes.
policies should be done. Non-Repudiation: This
Data privacy should be maintained prevents denial by one of the
by authorizing access. entities (sender or receiver) in
Fig. 2: Classification of Cryptographic Algorithms
Regular training programs should be the communication of having less or
developed to keep the skills of the no participation.
CSP security team updated. Cryptography means secret or
CSP must follow the updated policies, hidden writing. It is considered as the a key, K. Cryptosystem is the system
standards and guidelines. Also, they strongest tool for controlling against of encryption and decryption. The
should be regularly reviewed. multiple security threats. For example, encryption algorithm can be classified
Data encryption techniques should Sender, S, wants to send a message, M, as shown in the figure[15, 16].
be used before data enters into the to a recipient, R, through a transmission
medium. Thus, S will encode/encipher Cryptographic Types
cloud.
or encrypt the message and transmit it Cryptographic systems are generally
Trust should be maintained between
CSP and the cloud user by applying to R. At the receiving end, the encrypted classied on the basis of three independent
several security policies and process message will be decoded/deciphered dimensions for encryption[22, 24]:
control techniques. or decrypted to obtain the original Types of operations: The 2 principles for
CSP should make provisions for the message . [23] encryption algorithm are:
regular back-up of data and recovery The process of encrypting the a. Substitution: Each plain text
in case of server/system failure. message is known as Encryption. The element is transformed to
process of decrypting the encrypted another element.
Cryptography b. Transposition: Elements of the
message is known as Decryption. The
Information and data security is the plain text are rearranged to form
original message is termed as plain text,
primary concern for Cloud computing cipher text.
P. And the encrypted message is known as
users. The data of all the customers Number of keys used: The encryption
Cipher text, C.
are stored on the cloud. Therefore, CSP algorithm can use one of the two options:
is responsible for providing security Therefore, C = E (P), E is the
a. Symmetric Encryption: Only
measures to secure data including encryption rule.
single key or private key is used
use of cryptography and encryption P = D (C), D is the decryption rule.
for encryption and decryption.
algorithms[3]. Cryptosystem states P = D (E (P)).
a. Asymmetric Encryption: Pair
Security Goals
There are some specic security goals
that must be achieved to ensure secrecy
of the data/system [24]. These goals are:
Condentiality: It states that the data
must be accessible to authorized persons
only, thus, maintaining the privacy and
secrecy of the data.
Integrity: It ensures that the data must
be transmitted over the secure channel Fig. 1: Cryptography Algorithm
without unauthorized modication or the
loss/destruction of data/information.
Availability: It assures that the data There are certain set of rules for of keys (public key and private
and information is timely available for encrypting the plain text and decrypting key) is used for encryption and
use. The services are not denied to the the cipher text known as algorithms. decryption.
authorized users. These algorithms use a device called Processing of plain text: Processing of

plain text is done in one of the following Block Cipher Modes of Operations
ways: Block cipher provides various modes of
a. Block Cipher: Processes n-bit operation [17, 22]:
block at a time and produces Electronic Codebook (ECB) mode: It
n-bit output block. is the simplest mode where b-bits of plain
a. Stream Cipher: Each bit is text is handled at a time and each block
processed at a time to produce is encrypted using the same key. For every
single output bit. b-bit block, there will be a unique cipher
text for a given key.
Encryption Algorithms
Cipher Block Chaining (CBC) mode:
Based on number of keys used in an
Fig. 5: Block cipher Encryption is done using the XOR of the
algorithm, the encryption algorithms
current plain text block and the previous
are classied as Symmetric encryption
Stream Cipher: Encryption of one bit cipher text block with the same key. Thus,
algorithms and Asymmetric encryption
or one byte is done at a time. Some of the the blocks are chained together, forming
algorithms.
examples of stream ciphers are Vigenere dependency on the previous blocks.
Asymmetric Encryption cipher, RC4. Cipher Feedback (CFB) mode:
When separate keys are used for Helps in converting block cipher into a
encryption (KE) and decryption (KD), stream cipher. Here, transmission and
it is known as Asymmetric Encryption transformation of s-bits is done at a time.
Algorithm. These keys often come in Initially, a b-bit shift register is taken and
pairs and called as public key and private set to some initialization vector. This
key [22, 10]. shift register is encrypted with a key and
P = D (KD, E (KE, P)) a cipher text of b-bits is produced. The
leftmost (most signicant) s-bits of plain
text are XORed with the s-bits of the
current cipher text to produce new s-bits
of cipher text.
Fig. 6: Stream cipher
The shift register is left shifted
s-times and rightmost (least signicant)
Fig. 3: Asymmetric Encryption
Following tables summarizes the bits are replaced with s-bits of cipher text.
comparison between the two ciphers [23]: This process also forms the chain, making
Symmetric Encryption Factor Block Cipher Stream Cipher

If only one key, K, is used in algorithm
Transformation Transforms one b-bits Transforms one bit at a time.
for encryption and decryption, it is
Size block at a time.
termed as Symmetric Encryption
Algorithm. The key is also called as Diffusion High: Information of Low: As each symbol is transformed
private key or single key. Cipher text depends on at a time, information of cipher text
various plain text letters symbol depends only on one plain
text symbol only.
Transformation Low: Block of several bits High: Only one character is
Speed have to transform at a transformed at a time; therefore,
time, therefore, all bits of encryption begins as a single
the block must be received character is read.
Fig. 4: Symmetric Encryption
before the encryption
begins.
P = D (K, E (K, P)) [23] Error High: An error will affect Low: An error during transformation
These algorithms are divided into two propagation the entire block during will affect only that symbol.
types: transformation.
Block Cipher: A block of plain text is
Malicious Less susceptible: Full block More Susceptible: As only one
taken as an input, whose size depends
insertions is transformed, so any symbol is transformed, malicious
upon the symmetric encryption
insertion makes the block intruder can insert other characters
algorithm and cipher text of the same
size incorrect and reveals that may look authentic.
block length is generated as an output.
the error.
Usually, block size of 64 or 128 bits is
taken. Few examples of Block ciphers are Table 1 : Comparison of Block Cipher and Stream Cipher
DES, AES [22].

each cipher text block dependant on the and chaining among various cipher text. to produce the nal cipher text.
plain text and previous cipher text. Output Feedback (OFB) mode: This is Comparison of Various Encryption
Counter (CTR) mode: The interest in quite similar to CFB mode, except that the Algorithms
the counter mode has increased recently. encryption algorithm accepts the cipher Encryption algorithms are classied under
A counter with b-bits is initialized to some text of the previous encryption, instead numerous categories described above.
value and encrypted using a key to produce of the nal cipher text. After the initial Comparisons of cryptographic algorithms
cipher text. This cipher text is XORed with encryption of the shift register, the cipher based on that classication is given below.
the plain text to produce to nal cipher text produced is again transferred to the
text. The counter is incremented by 1 for shift register for next block and the same Block Cipher Algorithms
the next block. There is no dependency is also used in XOR with the s-bit plain text A comparative study of the several block
Founded Transformation
Attribute Designers Key Size Data Size Keys Used
Year Rounds
AES Joan Daemen and Dec 2001 128/ 192/ 256 Block of 128 bits 10/ 12/ 14 rounds Single key
(Advanced Vincent Riimen, bits
Encryption submitted to NIST
Standard)
DES (Data IBM and submitted to Jan 1977 56 bits Block of 64 bits 16 rounds Single key
Encryption NIST
Standard)
TDES NIST 1998 3 keys of 56 bits Block of 64 bits 16 * 3 = 48 rounds Three Keys
(Triple Data each
Encryption
Standard)
Blowsh Bruce Schneier 1993 Vary from 32 to Block of 64 bits 16 Single key
448 bits
Camellia Mitsubishi, NTT 2000 128/192/ 256 128 bits 18/24 Single key
bits
Serpent Ross Anderson, Eli 1998 128/192/ 256 128 bits 32 Single key
Biham, Lars Knudsen bits
Clea Sony 2007 128/192/ 256 128 bits 18/22/26 Single key
bits
Simon Ray Beaulieu, Douglas 2013 64/72/ 96/ 32/ 48/ 64/ 32/36/ 42/ 44/ Single key
Shors, Jason Smith, 128/ 144/ 192/ 96/128 bits 52/ 54/68/69/72
Stefan Treatman- 256 bits
Clark, Bryan Weeks,
Louis Wingers
(National Security
Agency)
Threesh Bruce Schneier,Niels 2008 256/ 512/ 1024 256/ 512/ 1024 72/80 (for 1024 Single key
Ferguson,Stefan bits bits bits)
Lucks,Doug
Whiting,Mihir
Bellare,Tadayoshi
Kohno,Jon
Callas,Jesse Walker
Table 2: Comparison of Block Cipher Algorithms

cipher encryption algorithms AES, DES, Stream Cipher Algorithms Rabbit, etc. are compared in the
TDES, Blowsh, etc. is given in the table. Comparison between various stream following table [18, 20]:
The factors presented are designers, ciphers algorithms like RC4 and Rabbit is
Key Management
founded year, key size, data size, as follows [18, 19]: Cryptography is considered as the key
transformation rounds and key used [8, 9, 10, Asymmetric Encryption Algorithms technology to make data secure in the
11, 12, 16, 18]
. Public key Algorithms such as RSA, cloud. This requires continuous efforts to
Attribute Designer(s) Founded Key Size Initial Vector Block Size Transformation
Year Rounds
RC4 (Rivest Ronal L. Rivest 1987 Vary from - 256 bits 1

Cipher 4) 40 to 2048
bits
Rabbit Martin Boesgaard,Mette Feb 2003 128 bits 64 bits 512 bits -
Vesterager,Thomas
Pedersen,Jesper
ChristiansenandOve
Scavenius
VEST (Very Sean ONeil,Benjamin June 2005 80256 bits 80256 bits 256 - 800 -
Efficient GittinsandHoward
Substitution Landman
Transformation)
Spritz Ronald L. Rivest, Jacob C. 2014 256 - 896 1
N. Schuldt
Salsa 20 Daniel J. Bernstein Mar 2005 256 64-bit Nonce 512 20
and 64-
bit stream
position
Achterbahn Berndt Gammel,Rainer 2006 80/128 80/128 297/351 -
GttfertandOliver
Kniffler
Chacha D. J. Bernstein 2008 256 64-bit Nonce 8/12/20 8/12/20

and 64-
bit stream
position
Table 3: Comparison of Stream Cipher Algorithms
Factor Designer(s) Founded Year Usage
RSA Ronald Rivest, Adi Shamir, 1978 Used for secure data transmission.
(Rivest, Shamir, Leonard Adleman Factoring large numbers
Adleman)
Diffie-Hellman Key Whiteld Diffie and Martin 1976 Discrete logarithm problems
Exchange Hellman Provides perfect security in Transport Layer
Ceilidh Alice SilverbergandKarl Rubin 2003 Discrete logarithm problem in algebraic torus
ElGamal Encryption Taher Elgamal 1985 Discrete logarithm problem in cyclic groups
System Hybrid cryptosystems
DSA (Digital Signature David W. Kravitz 1991 Digital Signature Standard
Algorithm) Uses two hash functions
Table 4: Comparison of Asymmetric Encryption Algorithms

Founded Message Transformation
Factor Designer(s) Block Size Word Size Security
Year Digest Size Rounds
MD-2 1989 128 128 32 864 64
MD-4 1990 128 512 32 48 64

Ronal Rivest
MD-5 1992 128 512 32 64 64
160/224/256/ 80/96/104/ 80/112/128/

MD-6 2008 512 64/32/8
384/512 136/168 192/256
SHA-1 1995 160 512 32 80 80
SHA-224 2004 224 512 32 64 112
SHA-256 2002 National Institute 256 512 32 64 128

of Standards and
SHA-384 2002 Technology 384 512 80 80 192
SHA-512 2002 512 512 80 80 256
224/256/ 1152/1088/ 112/128/

SHA-3 2008 64 24
384/512 832/576 192/256
Vincent Rijmen,
Whirlpool 2000 512 512 8 10 256
Paulo Barreto
Ross Anderson, Eli

Tiger 1996 128/192/160 512 64 24 192
Biham
Table 5: Comparison of Various Hash Functions
generate keys, encrypt data and transmit length and short data sizes are insecure Inspite of several benets, major concern
over the network. This also involves and can be attacked by the intruder. faced by the users is of security. To provide
overheads associated with it [3, 13]: Therefore, CSP should make adequate data security, cryptography
a. Transformation Speed: provisions to provide security in can be implemented. Cryptography is a
Encryption involves converting generation, assignment, storage, technology having different encryption
plain text to cipher text which replacement and use of keys. algorithms under different categories.
causes delay in time. User can choose the best one according
Hash Functions
b. Power Consumption: Processors Hash function helps to maintain integrity to their requirements. We have studied
consume more power in of the data. It provides a seal/ shield to the and compared several cryptographic
generating keys and encrypting data before transmission. If the seal is found based security algorithms on certain
the plain text. to be broken at the receiving end, it will characteristics. Though only few
c. Less Bandwidth: Limited state that something has been changed in characteristics were examined, there are
bandwidth is used by the clients the le. Hash function can be a checksum, signicant other characteristics which
as additional bits of the keys are index data in hash table, etc. They are used can help us in understanding the true
also present. in Message Authentication Codes (MAC), potential, strengths and limitations of the
Cloud Computing services are used Digital Signatures and many information cryptographic security algorithms from
by several organizations and users all over security applications [22]. the perspective of the cloud computing
the world. Data security is the primary technology.
There are many hash functions
goal of CSP and the user. Keys used in the available such as Message Digest (MD) References
cryptography needs to be secret for each and Secure Hash Algorithms (SHA). [1] The The NIST denition of Cloud
and every user. Therefore, number of keys, Various versions of hash functions have Computing, http://csrc.nist.gov/
their length, generation and transportation been published like MD-2, MD-4, MD-5, publications/nistpubs/800-145/
are to be considered for the data security. SHA-1, SHA-224, SHA-256, SHA-384 and SP800-145.pdf
Longer key length and data size SHA-512. Comparison between the hash [2] Rajkumar Buyya, Chee Shin Yeoa,
requires more power consumption, functions are summarized in the table [18, 21]. Srikumar Venugopal, James Broberg,
generating more heat. Also more Conclusion Ivona Brandic, Cloud computing and
computation time is required to encrypt Cloud computing is being adopted by emerging IT platforms: Vision, hype,
and decrypt the data. Whereas, short key various organizations over worldwide. and reality for delivering computing

as the 5th utility(2009). Journal of Emerging Technologies in Mohamed Hadhoud, Evaluating
[3] Frederico Durao, Jose Fernando Computational and Applied Sciences The Performance of Symmetric
S Carvalho, Anderson Fonseka (IJETCAS), 2013. Encryption Algorithms, International
Vinicius Cardoso Garcia, A systematic [11] Rachna Jain, Ankur Aggarwal, Cloud Journal of .Network Security, May
review on cloud computing, Computing Security Algorithm,
2010.
Springer Science+Business Media International Journal of Advanced
New York 2014. Research in Computer Science [17] Jawahar Thakur, Nagesh Kumar,
[4] Qi Zhang, Lu Cheng, Raouf Boutaba, and Software Engineering, ISSN: DES, AES and Blowsh: Symmetric
Cloud computing: state-of-the-art 2277128X, 2014. Key Cryptography Algorithms
and research challenges, Journal of [12] Simar Preet Singh, and Raman Maini, Simulation Based Performance
Internet Services and Applications, Comparison of Data Encryption Analysis, International Journal of
May 2010. Algorithms, International Emerging Technology and Advanced
[5] Hamm Eken, Security Threats and Journal of Computer Science and Engineering, December 2011.
Solutions in Cloud Computing Communication, 2011.
[18] h t t p : //e n .w i k i p e d i a . o r g /w i k i /
(2013). [13] Ajay Kakkar, M L Singh, P K Bansal,
[6] Rabi Prasad Padhy, Manas Ranjan Comparison of Various Encryption Category:Cryptographic_algorithms,
Patra, Suresh Chandra Satapathy, Algorithms and Techniques for April 2015.
Cloud Computing: Security Issues Secured Data Communication in [19] Ronald L Rivest, Jacob C N Schuldt,
and Research Challenges (2011). Multinode Network, International Spritz|a spongy RC4-like stream
[7] Shruti Chhabra, V S Dixit, Cloud Journal of Engineering and cipher and hash function, October
Computing: State of the Art and Technology, 2012. 27, 2014.
Security Issues (2015). [14] Rachna Arora, Anshu Parashar, [20] Karl Rubin and Alice Silverberg,
[8] Prerna Mahajan & Abhishek Secure User Data in Cloud
Torus-Based Cryptography.
Sachdeva, A Study of Encryption Computing Using Encryption
Algorithms AES, DES and RSA for Algorithms, International Journal [21] Ronald L Rivest, The MD6 hash
Security. of Engineering Research and function A proposal to NIST for SHA-
[9] Shraddha Soni, Himani Agrawal, Applications (IJERA) ISSN: 2248- 3, October 27, 2008.
Monisha Sharma, Analysis and 9622, 2013. [22] Cryptography and Network Security,
Comparison between AES and [15] K S Suresh, K V Prasad, Security William Stallings, Fifth Edition.
DES Cryptographic Algorithm, Issues and Security Algorithms in [23] Charles P Peeger, S L Peeger,
International Journal of Engineering Cloud Computing, International Security in Computing, 4th Edition
and Innovative Technology (IJEIT), Journal of Advanced Research in
{Pearson}
December 2012. Computer Science and Software
[10] Rashmi Nigoti, Manoj Jhuria Engineering, ISSN: 2277 128X, Oct [24] William Stallings, Network Security
Shailendra Singh, A Survey of 2012. Essentials Applications and
Cryptographic Algorithms for [16] Diaa Salama Abd Elminaam, Hatem Standards, 4th Edition {Pearson}
Cloud Computing, International Mohamed Abdual Kader, and Mohiy n

Cover Mini Ulanat* and K Poulose Jacob**
Story *Systems Manager of Cochin University of Science & Technology

**Pro-Vice-Chancellor of Cochin University of Science & Technology
Privacy Security Settings Challenges of Social Media

Abstract: With social media proliferated and affecting our day to day life, our digital dependency level is increasing at a fast pace. In the rush to
be live in the connected world, users forget the control over the privacy of the information published. This article hints at some of the Facebook
threats and precautions that would help to avoid becoming victim of cyber crime.
Can we think of a day without checking our and public. Messages on social media trend is only expected to increase over the
messages on Whatsapp? Updating our can reach massive audience organically coming years.
status or reading what is new happening without any nancial commitments for This volume of users and the
in the life of our family and friends through organisation. Social networking sites information that gets posted on social
this medium? Social media today has facilitate collaborating, sharing that allow media sites has opened a new avenue
integrated technology, content, social individuals to construct a public or prole. for people with wrong intentions to use
interaction and revolutionised the way The type of social media that is the most social engineering methods to gain access
humans communicate. This participatory used in India are sites like Facebook, to the accounts of individuals. The more
medium has found a new way of sharing Twitter and Whatsapp. Being top in the information is posted, the more the
and extracting information. This has user base, this article primarily focus on security and privacy of the individual is at
become a new community space to Facebook. risk. Criminals are increasingly using this
interact with friends and relatives. Social Though they have become a part platform to get connected to potential
life has migrated to online communities. of the rhythm of our daily life, have we victims. The networked nature of social
This platform has got into the social stopped and wondered about the privacy media makes available a substantial
space helping people to get connected, issues therein? When posting information amount of information about any single
stay in touch, reconnect with old friends to a social network, a user probably individual. This indiscriminately posted
and also it has permitted creation of expects authorized contacts to be able to information gets collected and analysed
new friendships. With more and more view it. Little are the users aware of the by marketers, identity thieves, and state
people joining the bandwagon, the strong potential risks of wilfully disclosing their actors. Security professionals have
presence of social media has created a own information to public domain. This is to look beyond defending its network
new community culture. Social media relevant market information gathered for and infrastructure. Social media is a
has also democratized the tools of self organizations who are seeking to secure growing challenge posing new risks for
expression. These technologies have a place in both the traditional and digital organisations in the new ecosystem of
grown in leaps and bounds during the marketplace. European Commissions interconnected world.
last few years. Twitter, Facebook and project on Privacy Challenges in Social Facebook acquired and created
other social networks are used to share Media[3] is an ongoing project exploring various new apps over the past years.
information, but the smartphone has privacy issues associated with social Facebook with acquisition of popular
become responsible for revolutionising media at the level of the individual, Whatsapp and Instagram became a
how the information is collected and the enterprise and society. It aims at multidisciplinary online conglomerate
distributed to the masses. Smartphone generating effective solutions, from built on the massive success of Facebook.
penetration which made devices providing users with technical safeguards com. WhatsApp focused on instant
affordable and the wireless networks more and informed consent,to establishing communication without any frills
ubiquitous and faster can be attributed as corporate guidelines for protecting became hit among common masses. The
the most inuential factor for this change. privacy, to developing and testing combination of WhatsApp and Facebook
Facebook[1] has become part of life, recommendations for public policy. will allow us to connect many more people
inuencing our day to day activities and The reach and impact of this digital round the world, according to Marc
decision making. The size and reach of media is visible in India also. Social media Zuckerberg , CEO. WhatsApp is actually
Facebook speaks about the acceptability is promoting a lot of discussions on critical the worlds most popular messaging with
and adoption rate. The Facebook or sensitive issues like politics, corruption, 27 billion messages sent each day.
Newsroom[2] conrms that there are 1.44 poverty and economy including the latest Though Facebook has active security
billion monthly active users as on March debate on Net neutrality. India which is monitoring with the site actively scanning
31, 2015 and 936 million daily active conventionally an orthodox society, has for malware and offering security options,
users of which 798 million are mobile utilised the advantage of social media there has been increased reports of
daily active users. The value of Facebook in 2014 elections. We saw candidates malware attacks through this site. Just
lies in these numbers and database of and parties increasingly engaging over like spams affecting email, on social
information they hold. The social media Facebook, twitter and similar like forums media, scammers and spammers always
technologies like blogs, wikis, twitter, like never before. Political parties started nd a place to creep in. Many third party
Facebook are increasingly used by understanding the new way of reaching applications, which interact with users,
different organisations to improve visibility out to people without any geographical becomes a breeding ground for these
and knowledge sharing with customers differentiation of urban and rural. This kind of unexpected behaviours. With

such a large userbase, Facebook is a the victims computer is installed and display. If you click install, the
target for scams; it can also expose your sends the logged data to phishers as system was compromised. This
personal information far beyond your soon as an Internet connection was bot could install malicious apps
group of friends, if the user is not careful. detected. at a later stage too.
It would be instructive to look at some of Another badly affected one was c. LOL Virus The Lol virus
the examples of attacks[4],[5] on the social a link promising naked videos of spreads through Facebooks
media sites we usually use- their friends. Mostly these phishing chat function. Users receive
1. LikeJacking Attacks : This is a click messages are sent within the a message from one of their
jacking attack , where the Trojan social network from compromised friends, simply stating lol and
in web pages forces users to like, accounts registered by the friends of with an attachment. Curious,
share or comment on pages in the potential victim. A short personal they click the attachment which
Facebook without their knowledge. message containing a question like triggers the download of a Java
Users are tricked and driven into Is that you in this photo? and a link le containing malware from
clicking a link which does something to the photo. Users are prompted Dropbox. The virus infects the
totally different from users to click the link which points to a fake computer and hijacks your
expectations. When the user clicks Facebook login page that contains Facebook account and spreads
a malicious link, a malware is planted the standard message Log in to itself to your network of friends.
onto the system. This drive includes continue. If users are not careful Facebook in its Facebook Privacy
some key words like Breaking News, and enter their credentials, guess the Basics[6], discusses a set of tools
Latest news, Exclusive content etc. aftermath! available to secure their account, to
which attract the user attention. The 3. Malwares: Malware describes a keep your information secure, and the
attack is planned as the Facebook wide range of malicious programs ways to recognize and avoid attempts to
user is tagged in a post made by installed on a users computer compromise the account. This helps the
a friend. Clicking the link leads to without their explicit consent. This user to control the information the user
an external webpage that appears spread quickly on a social network, wishes to share, the persons whom the
to offer the said video, which is in infecting the computer of a user and user wants to share with and also who
fact a malware-ridden website. The then spreading to his or her contacts. can share with you. They have divided the
tagging property of Facebook users in Since it appears to come from a privacy basics into four subdivisions:
the spammy links helps the scam to trusted contact, users are more likely a. W h a t - o t h e r s - s e e - a b o u t -
propagate further and more quickly. to fall prey to it. In some cases, these you/posts? : This is a priority
2. Phishing attacks: This is the most malwares can impersonate users setting for Facebook users.
popular technique for accessing and misuse their account. Also the This helps you to choose who
sensitive information. Fake web pages attackers install some form of adware sees your post, who sees the
masquerading as legitimate ones on your computer which bombards tags or delete the posts you
force users to key in their credentials. the machine with endless pop-up have made. You may hide your
Without realising that, users key in ads. friends list from general public
the credentials and is into serious a. Zeus a Trojan that was spread also. With the limitation that
trouble. Kaspersky Labs statistics by clicking the links. This some of your activity will still
reveal that fake sites imitating malware scanned all personal be visible, you can deactivate
Facebook accounted for nearly 22% les, stole personal information. or delete the account. There is
of phishing attacks in 2014. A typical It was able to collect login details also a provision for reactivating
example of this attack was an app through key logins. This Trojan a dormant account.
that boasted it could enable users to was specialised in stealing bank b. How Others Interact With You?
guess who viewed your prole. This credentials of the user. : This helps user to manage how
app promised Facebook users the b. Koobface In 2009, it exclusively other peoples activity affect the
ability to see who viewed their prole, struck social networking sites. user and content. This includes
which installed malware to spy on A message from friend with a untagging as well as unfriending
their web browsing. When clicked, sentence you look funny in this or blocking someone.
the site spoofed the appearance of video with a link to watch, is the c. What-you-see?: This section
Facebooks login page and offered start. If opened, the link would is on why user sees the ads
two options to activate the fake app. take you to YouTube or another popping up. The user has
The rst option asked users to enter trustworthy website which minimal control over this
their credentials into the fake website seemed to have a legitimate setting. This helps the user to
while the second option asked users video hosted as the name of control whose post appears on
to download and install software in your Facebook friend as stated their newsfeeds.
order to receive notications when in the website. Once in the video d. How-to-keep-your-account-
someone viewed their prole. A site, a message says an update secure? This covers the most
malware that set up a keylogger on of ash is needed for video important aspects a user

should know regarding secure media sites to be vigilant and situationally Ms. Deepika Suri, TCS-Cyber Chevening
passwords, alerts of logins, any aware at all times. The official Facebook Fellow- 2014 towards the compilation of
changes made and to make it security team is constantly on the lookout this article.
really secure,. A login approval for new exploits and immediately noties
References
with a code sent to the registered users through the security pages. Millions
[1] Facebook [Online]. Available: www.
mobile number would appear, of people have fallen for Facebook scams.
facebook.com.
when a login is attempted from The virus affecting pattern is highly
[2] Facebook Newsroom, [Online].
a computer, phone or browser, polymorphic. To curb and bring down the
Available: http://newsroom.fb.com/
the user has not used before. attacks to a minimum level, many of the
company-info/. [Accessed 15 04
Facebook noties and asks user organisations has a security bug bounty
2015 ].
approval with a security code. program which encourages the user to
[3] E Commission, European
Users should not click or share report any vulnerability discovered on the
Commission : CORDIS : Projects
but report if anything that looks website by nancially compensating for it.
and Results : Addressing Privacy
suspicious or sounds too good The Digital and Network technologies
Challenges in Social Media,
to be true is found. Phishing has taken us from the industrial era to the
European Commission, 2012.
attempts should be spotted and information era. This information era
[Online]. Available: http://cordis.
alerted. created cyberspace which is never a secure
europa.eu/project/rcn/102946_
Attracted by the volumes that space. As an interconnected society, we
en.html. [Accessed 15 04 2015].
Facebook has engendered, there is an are committed to building this Better
[4] Top Facebook scams and malware
increasing number of scams and malicious Connected World. Social media is here
attacks, [Online]. Available: http://
software spreading through it. The to stay and become more powerful. The
www.net-security.org /malware_
attackers have used social engineering organisation need to put in policy of usage
news.php?id=2935. [Accessed 15 04
to get people to click on infected links and make the employees aware of the
2015].
spreading through friends news feeds policies as the use of social media brings
[5] K Kimachia, Five Facebook Threats
with click-bait headlines. Facebook has challenges for organisations, because it is
That Can Infect Your PC, And How
been trying its best through the feedback a new communication tool that needs to
They Work, [Online]. Available:
options to blocking and remove links which be implemented in the already existing
http://www.makeuseof.com/tag /
are found malicious. With the new anti- communication goals, strategies and
ve-facebook-threats-can-infect-pc-
virus service and more user awareness, the daily activities of the organisation. Be
work/. [Accessed 15 04 2015].
social network hopes to reduce the spread a responsible netizen, extend it to the
[6] Facebook Privacy Basics, [Online].
of malware. A high level of carelessness society and make cyberworld a safe and
Available: https://www.facebook.
on the part of users attracts most of the secure place to digitally coexist.
com/about/basics. [Accessed 04 04
attacks. Hence, it is the responsibility of Acknowledgement 2015].
the users of Facebook and other social Authors wish to acknowledge the inputs of n
Mini Ulanat, Systems Manager of Cochin University of Science & Technology is a senior Life Member CSI and Chapter
Patron, CSI Cochin Chapter. She was the National Student Coordinator of CSI for 2013-2015. Ms. Ulanat is the reciepient
of Chevening TCS Cyber Security fellowship and is undergoing training on Cyber Security and Information Assurance at
UK Defence Academy, Craneld University, UK.
Prof. K Poulose Jacob is the Pro-Vice-Chancellor of Cochin University of Science & Technology. He is senior Life Member
About the Authors
CSI and Chapter Patron, CSI Cochin Chapter. He was Professor of Computer Science at Cochin University of Science
and Technology since 1994, and Director of the School of Computer Science Studies prior to this. Dr. K Poulose Jacob
is an active researcher and has published more than 100 publications in refereed journals, conference proceedings,
several edited books. He has given several invited talks at various conferences in Europe, USA, UK, Australia and other
countries.
The word Netizen was coined by Michael Hauben

Netizen is someone who spends considerable time online
5P mantra for Netizens for online security is (a) Precaution (b) Prevention (c) Protection (d) Preservation
(e) Perseverance
For cybersafety remember "Stranger is Danger"
Report every cybercrime, that comes to your knowledge

Cover D G Jha
Story Professor and Area Chairperson - IT; Programme Coordinator MCA: K J Somaiya Institute of Management Studies and Research,
Vidyanagar, Vidyavihar, Mumbai
Importance of Morality, Ethical Practices and Cyber

Laws as Prelude to Cybersecurity
The 20th century saw evolving of Propagating Moral Values and Ethical justice to each of the stake holder/s.
scientific management methodologies, Practices in Organisations Being ethical implies conformity
modern techniques of industrial Moral implies conformity with the with an elaborated, ideal code of moral
administration, organization and generally accepted standards of goodness principles that is used to describe
practices that aimed at attaining higher or rightness in conduct or character. how people perform, operate, conduct
efficiency, increase in production Morals are those principles and values and behave within and outside the
capacity, enhancing firms positioning that have internalized automatic response organisation. Fig. 1 describes actions
and greater profitability. The to the system. They are part of who we that can be classied as Ethical and
notable developments in the field of are and our unique personality. We make Unethical[3]:
communication due to the introduction moral decision without much thought Importance of Ethical Practices to
of devices such as thermionic valves because they are based on the principles
Secure use of Information Technology in
(Thomas Alva Edison) used in electron and values we believe in most deeply; Business
microscope, radar, the electronic we learn them from parents, teachers, Apart from having sound knowledge
computer, cathode ray tube of television religions, places, and friends and by
in the eld of management (activities
set; diode (Sir John Ambrose Fleming) our learning experiences. All these lay
such as planning, organizing, controlling,
used as rectifier; triode (Lee Dee Forest foundations or framework for our moral forecasting and budgeting) and infor-
1906) that led to broadcasting of actions.[3] mation technology (tasks such as
live-voice across Europe and America. Moral theory is made up of three scheduling, procuring, maintenance,
The subsequent development in field components: upkeep and repairs of component of
of electronic engineering created a 1. Moral Standards: A criterion IT infrastructure hardware, software,
new world of computer technology, (parameter) used to decide what is storages, networks and telecommuni-
remote controlled devices, shrinking right or wrong. cation devices); professionals are
of circuit sizes and instantaneous 2. Moral Principles: Actions or activities expected to understand the importance
communication. categorized as right or wrong. of moral values and ethical practices.
Communication is the exchange of 3. Moral Judgments: Statement/s Responsibility of a digital rm is to
meanings between individuals through a about the rightness or wrongness of promote ethical uses of informational
common system of symbols. It is difficult particular actions. technology within and across the
to comprehend the entire meaning of the Ethics as a term was rst invented organizational boundaries. Natural fallout
term communication using one single and coined by German philosopher being impact on employment, privacy,
denition. Communication can assume Immanuel Kant (1724 -1804). It deals with individuality, privacy, health, working
different perspective depending upon the determination of whats right or wrong conditions and crimes that use of IT has
varieties of discipline and subjects such with the action or activity and then doing on business and society[1].
as architecture, anthropology, psychology, it the right way. Kantianism is an ethic of For instance, computerizing a
politics etc. duty. According to Kant - Ethics [3]: manufacturing process may have adverse
Cyberspace refers to a notional is the basis for life; effect of eliminating peoples jobs but also
environment that facilitates principles are based on moral values; have the benecial result of improving
communication over computer network. generates respect for individuals working conditions and producing
With respect to computing world, and therefore the opinion of his/ products of higher qualities with a
the term security needed for safe her is considered and preferred in reduced cost. Ethically responsible use of
communication over network gets professional matters; and information technology in this case would
extended as cybersecurity. It deals aims at creating norms for providing be to communicate to all the stakeholders
with consortium of bodies, evolving
technologies, processes and practices
aimed at protecting networks, computers,
programs and data from attack, damage or
unrecognized access i.e., denying access
to the unauthorized user with malicious
intention.
Moral responsibility, ethical practices
and cyber laws are three important
guiding parameters that a digital rm
needs to look into before deciding and
Fig. 1: Ethical and Unethical actions
framing policy for cyber security.

the organisations across the globe are
attempting to resolve. An attempt to
identify, organize and classify these issues
into a framework was undertaken by
Mason in 1986[3]. He categorized ethical
issues into four groups as exhibited in
table 1.
The newer programs such as
intelligent agents - the software that assist
people and act on their behalf and software
robots - are increasingly being used to
deal with vast amount of information
available on the Internet. This increases
the complexity of computer systems and
software. Since such agents are frequently
used to nd or lter information for a
user, identify patterns and trends from a
very large amount of data (data mining),
and act as interactive assistants for
computer interfaces. These agents came
into existence with the development of
the Internet and the World Wide Web
(WWW), and will continue to play a very
large role on the web. They play an integral
role in the function of search engines,
e-commerce portals, shopping carts
management, bargain determiner and
bots (short cuts for software robots)[2].
Task typically associated with
computer professionals are analysis,
specications, design, development,
(Source: Adapted from The Conference Board, Defending Corporate Ethics, in Peter implementation, testing and maintenance.
Madsen & Jay Shafritz, Essentials of Business Ethics (New York Meridian, 1990, p 18.) cited in Each of these tasks requires certain skill
OBrien. 2004, p383) set. Along with the expertise in the task,
ethics too is needed to be followed by
those bringing in the change and those technology have made dramatic changes computer professionals in order to help
impacted by it about detrimental effects in the very structure and characteristics maintain standards and therefore improve
of business applications of information of human life making it information driven organisations brand image.
technology and the ways it can optimize society. The social and judicial structure of As a professional, the responsibilities
benecial effects society has improved and matured which in include:
Some of the very ethical issues that creep turn provides better standards of human life. Ensuring privacy and secrecy of data,
up especially in a digital rm are[1]: The diversity of IT applications Data condentiality,
1. Electronic monitoring of employees and increased use of technology have Prevention of data-misuse,
work activities and electronic email. resulted in many ethical issues that Promotion of data-integrity (accuracy,
2. Using work computers (office nodes)
for personal and private business
activities.
3. Electronic access to employees
personal records and/or workstation
les.
4. Using of companys software for
personal use.
5. Selling of customer information
extracted from transaction processing
systems to other companies.
Basic grouping of business processes
leading to ethical issues are (indicative
list): Table 1: Grouping of Ethical issues
Rapid changes in information

reliability and completeness), other users use and vulnerability of computers and
Facilitate data-inspection, Educate the users about the the internet and other networks. Cyber
Achieve utmost quality of services, importance of not sharing the crime is becoming one of the Nets growth
Creation of efficient product account and password businesses[1].
Working Knowledge, understanding Facilitate the fair use of computer Computer crime as dened by AITP
of the existing law/s. facility (Association of Information Technology
Code of ethics denes norms and Reduce (if not eliminate) the Professionals - https://www.aitp.org/)
principles to be followed and it is a way unauthorized access of data includes:
of setting standards. These amongst Prevent unethical and illegal use of the unauthorized use, access, of
many include fair treatment; privacy; software hardware/software and network
communication; system integrity; Promote effective use of resources;
cooperative; honesty; education; division communication facilities the unauthorized release of
of labor; social responsibility; quality and Appropriate clause of applicable information;
discipline. These guidelines are based laws and copyright protection the unauthorized copy and piracy of
on; common sense; decency to protect Minimize the misuse of computer software;
privacy and ensuring equal access to resources. denying an end user access the
resources for everyone. resources that lawfully belongs to
Cyber (Computer) Crime
Every organisation is expected to him or her
The cyber criminals are the individuals
provide ethical guidelines (outlining the or the group of individuals with intention using or conspiring to use IT resources
policy statement/s) that would: of taking advantage of the widespread to illegally obtain information or
Cultivate the respect for privacy of tangible property.
Table 2: Common hacking techniques

(Source: Adapted from Sager, Ira et al. 2000. Cyber crime, Business Week, Feb 21, 2000, p.40, cited in OBrien. 2004, p385).

Table 3: Attribution, acknowledgement and dispatch of electronic records
(Source: Information Technology Act, 2000. Available at http://www.dot.gov.in/act-rules/information-technology-act-2000)
Schwalbe[4] produces the media basis for launching litigation in a need to deal with the ethical issues of
snapshot indicating the menace the court of law, therefore companies their employees, customers and suppliers.
computer viruses (hacking) have caused and individuals should be careful Ethical issues are important because they
across the globe (see table 2) and the while sending e-mails. can damage the image of an organisation.
anecdote is What do Melisa, Anna Digital Signature: Digital signature What makes ethics difficult is that what
Kournikovo, Code Red, and Sobig have to do refers to authentication of any is ethical to one person or in one country
with quality and information technology? electronic record by a subscriber may not be so in another. Law indicates
They are all the names of the recent computer with the help of an electronic method the rule and regulations to be obeyed in
viruses that have cost companies million of or procedure. the organisation. It makes it binding on
dollars. A quality issue faced by computer Electronic records: Electronic all the employees to follow it. The fact
users around the world is lost productivity records refers to ling of any form that an action is legally permissible does
due to computer viruses and spam or application (on line/or in any not mean that it is morally and ethically
unsolicited e-mail sent to multiple mailing other electronic form) in a particular permissible. Legal provisions make
lists, individuals or newsgroups. Spam manner with any office or appropriate working for computer professionals, users
currently accounts for more than 70 percent government department. Table 2.4.4 and society easier.
of the total e-mail volume worldwide. provides the importance of the References
attribution, acknowledgement and
Information Technology Act of India [1] Brien, J A, 2004. Management
dispatch of electronic records
2000 (IT Act): Some Preliminary Facts Information Systems: Managing
Electronic Gazette: Publication of
IT Act 2000 apart from providing legal Information Technology in the Business
rules, regulations, order, bye-law
recognition for transactions (see Table Enterprise.6th ed. New Delhi: Tata
notications, or any other matters
3) carried out by means of Electronic McGraw-Hill Publishing Company
published in the electronic gazette.
Data Interchange (EDI) and by electronic Limited.
The date of publication shall be
communication (referred to as electronic [2] Leon, A & Leon, M, 2008.
deemed to be the date of the gazette
commerce) also: Introduction to Information Systems.
which was rst published in any form
encourages paper-less office i.e., Noida (Uttar Pradesh, India):
(paper or electronic).
involves the use of alternatives McGraw-Hill Education (India) Pvt.
to paper-based methods of Conclusions Ltd.
communication and storage of Business ethics are moral principles that [3] Murthy. CSV., 2009. Business Ethics:
information, dene right or wrong behavior in the world Text & Cases. Mumbai: Himalaya
facilitate electronic ling of of business. What constitutes right or Publishing House.
documents with the government wrong behavior in business is determined [4] Schwalbe, K, 2007. Information
agencies. by the public interest groups, and business Technology: Project Management.
IT acts covers the following areas: organisations, as well as an individuals 4th ed. Haryana: Thomson Course
E-mail: E-mails could become the personal morals and values organizations Technology. n
About the Author
Prof (Dr) D G Jha is currently working as Professor and Area Chairperson - IT at K J Somaiya Institute of Management
Studies and Research. He has over 25 years of experience and has authored a text book in the area of computing
concepts and Management Information System. He is a Ph.D from University of Mumbai. He is also the programme
coordinator of MCA. His area of interests are computing concepts, DBMS, Information systems, and HRIS.

Research Biswajit Mohapatra* and Debasis Roy Choudhuri**
*Competency Head, Global Specialized Application Modernization, Application Workload Optimization and
Front Cloud Migration Competency, IBM India
**Lead Architect, Modernization, Financial and Mining Organization, Australia
Do You Need an Operating System to Run an Application

Introduction memory, storage, network allocation other similar OS who supports
Our traditional computing platform for etc. the most of important part is the containerization e.g. Solaris,
running a business application is to have management overhead for supporting Microsoft Hyper-V features of
an Operating System (OS) hosted in a this peripheral components and their Windows 2008 and 2012.
set of hardware or computing device associated support & license costs. 2. Single or multiple applications.
supported by a network and other However, business needs a deployment So in Linux world, LinuX Containers
peripheral accessories in a data center. space where an application can be hosted. (LXC) is an operating system level
As Information Technology (IT) industry It doesnt really matter from business virtualization technique to run multiple
is getting matured more and more in the perspective whether it needs full-blown isolated Linux systems we call it
cloud computing environment, most of OS or a container which is capable containers on a single host or Operating
the of large scale organization or business supporting the business application system Instance (OSI). It provides a virtual
enterprise has shifted their paradigm of without having additional overhead or environment that has its own process and
application hosted into cloud platform. management cost. network space.
Todays IT scenarios of Cloud computing Similar principle of application
Technology Solution to Support
is broadly categories in Infrastructure as containerization works in case of
Next Generation Virtualization in
a Service (IaaS), Platform as a Service Windows OS with Microsoft Hyper-V or
Cloud Platform
(PaaS) and Software as a Service (SaaS). Todays advance technology of an Solaris container in case Oracle OS.
However, there are quite a few emerging So net-net Containers are going to be
Operating System (OS) does support a
cloud services came up into the limelight next generation virtualization in the cloud
building block where business doesnt
of cloud computing arena and one of them really need to buy an entire OS platform era. Some of the highlights shown below
is application containerization. which are eye catchers for CIOs and CXOs
with stack of middleware loaded in it
The most common cloud platform of the business enterprise:
to deploy or support their business
is based on virtualization or a bare metal
application into the cloud platform. One Agility to run in cloud:
servers with additional support service
of the most industry recognized pattern Provision of application space into
wrapping around the virtualization or
is the Linux X container. Its based on cloud in seconds / milliseconds
bare metal to support clients cloud
the container concept where application Application performance is near
platform for a cloud consumer. Deploying
needs a space which can be self bare metal runtime which is mostly
an application into a cloud platform, the
contained within the operating system. offered today by the cloud service
rst question comes into the mind is the
In a container model, a service provider provided.
cloud supported platform i.e. Operating
system. Technologists spend signicant can run an OS that hosts containers with VM-like agility its still
time to determine the right platform for applications. virtualization
an application so that it can be supported Containers are lightweight virtual Flexibility
by a right Operating system into the machines (VMs) which are realized using - Containerize a system
cloud platform. However, if we think from features provided by a modern Linux - Containerize application(s)
the enterprise business point of view, kernel, VMs without the hypervisor. Lightweight
operating system is not the business or Application Containerization of: - Just enough Operating System
application service requirement to support 1. Linux Operating Systems or (JeOS), this is applicable more for
its customer. All we need is a mechanism
to deploy and manage the application into
the cloud platform.
Todays Operational Challenge
The reason for this is that most Cloud
hosting is based on virtualization or
bare metal servers. Neither of these
technologies run applications, they run
Operating Systems. What most of us really
want is just a way to make the application
up and running. In todays cloud platform,
most of the service provider runs multiple
virtualized machines (VM) on a set of
hardware that supports industry leading
hypervisors which are capable of hosting
multiple VMs. Now from business
perspective, managing a VM needs large
Figure A
overhead such as computing power,

LXC features requires to adopt standardization as additional level of access control
- Minimal per container penalty of the client application deployment in addition to the user and group
Open source free lower TCO in case model into the cloud platform. Let us take policy. This way it can provide similar
of Linux Platform a deeper look on the implementation side separation of duties and requirement
For LXC, its supported with OOTB of the container vs. VM with respect to of application while saving the storage
modern Linux kernel application deployment. space of common file systems for OS
Growing in popularity and industry The above Fig. (B) represents Open which are same across multiple VMs.
attention. Source technology of KVM vs. Linux Another import aspect of leveraging
In fact, we look into the broader Container (LxC). Here the key difference container concept in the cloud is to
domain, Google claims that they run is the additional guest OS layer and the standardize the client application and
everything in their environment in the management overhead to manage the database to run into a homogenous
containers. application and respective database. platform than heterogeneous operating
IT giant IBM also uses heavily on As long as application or database environment. The following Fig. (C) shows
BlueMix which is a next generation cloud standard technology platform meets the the demand for standardize environment.
foundry platform, easy to develop, deploy, requirement of the
deliver and manage applications in the operating platform
IBM Cloud environment in association and its underlying
with other IBM tools and technologies. files system (e.g.
It supports three type of application root volume group,
containers; App-centric runtime data volume group),
environments based on Cloud Foundry, service management
IBM Container supported by Docker and and network
OpenStack VM. requirement, it
can be very well
Implementation and Best Practices
deployed into the
The concept of container has been around
container level than Figure (C)
for long and Sun Microsystems was one of
managing through
the pioneers with their Unix distribution
guest OS. Usually
i.e. Solaris Zones. Now virtualization
the VM is very in terms of isolation and In Hypervisor-based virtualization,
using container concept represents a new
separation of duties from the guests we have a flexibility of choosing our
interesting alternative to cloud service
perspective but they add overhead own OS e.g. Red hat Linux or Ubuntu or
provider compared to traditional virtual
when sharing data between guest SuSE etc. where as if we go to container
machines (VM) in cloud space. Many
VMs or between the guest VM and the or Docker based implementation in the
server providers, which may have looked
hypervisor. for running an application cloud the application or database need
into this as a precursor to cloud PaaS or
in a cloud computing environment, the to choose a similar operating platform
IaaS environment however, some of them
VMs generally access storage through in order to take vantage of Docker or
of them have switched back to VMs to
emulated block devices that is nothing container concept and this type of
get more consistent performance when
but an image files. Now for day-to-day standardization is anyway welcome
it operates in a large scale. If we look into
management, creating, updating, and for a client organization to reduce
the current technology trend, Linux is
deploying such disk images is a time the operational cost not only from
denitely a preferred operating platform
consuming work and many in instances, cloud platform but also for application
choice for most of the IT service requester
disk images will have duplicate contents management and support cost. Docker
in the cloud space for lower cost of
barring application binaries and data. is nothing but an application container
license, large ecosystem, wide hardware
This is also a wastage of storage space which supports a mechanism for
vendor support, consistent performance
which is a costly affair in the cloud packaging application into a virtual
and reliability. Implementing container
operation. So instead of running a full OS container so that it can be run across
on a virtual platform, different distributions of Linux who
a container-based support Docker.
virtualization As we discussed the implementation
modifies an existing view here, its good to compare the
OS to provide an difference also between container
extra isolation level. and docker so that client can take an
For example, adding appropriate judgment to choose the
a container ID to right deployment pattern based on their
every process and application requirement.
adding new access Here Fig. (D) shows that docker
control checks is just additional layer abstraction with
to every system an available client interface, application
Figure (B)
call. So container programmable interface (API) and
can be leveraged set of les to manage the application

uniformly without getting into too much
details of platform details as it would
be managed by cloud vendor e.g. IBM
BlueMix environment. The key takeaway
here is that docker decouples the service
provider from the operations so LxC
provider agnostic where docker images
run anywhere docker is supported.
Conclusion
CoreOS was announced in 2014 as part
of new Linux distribution to minimize
the operating platform complexity and
simplify the container deployment at
a large scale deployment model. So
Docker, Linux Container, CoreOS all open
source technologies are on the limelight
to attract the industry into the container
management and simplication of
application management environment
into cloud platform. So, early-adopters
of these technologies will have its own
challenges but there is a signicant Reference Considered
motivation of IT giants to invest their
energy to get a quick ROI for companies access of OS to manage their application
seeking better agility and lower costs. It into the cloud like a Software as a Service
may not be applicable for all and complex (SaaS). Most of the IT big players such as
applications landscape however if 80% Microsoft, Amazon, Google, IBM are keen
of the non-critical applications can be to play their role in containerization.
an early adopter of these technology Reference Sites
while other 20% critical apps can [1] https://linuxcontainers.org/
follow later to maintain a hybrid cloud [2] http://en.wikipedia.org/wiki/LXC
computing environment. So in summary, [3] https://technet.microsoft.com/
with the advancement of technology library/hh831531.aspx
in containerization and docker, there [4] h t t p s : // w w w . d o c k e r . c o m /
will be more standardization in system whatisdocker
managements and system integration [5] http://en.wikipedia.org/wiki/Solaris_
cloud computing environment for Containers
monitoring and health check and [6] http://www.infoworld.com
support mechanism. So cloud customer n
Figure (D)
will have lot less requirement of direct
Debasis Roychoudhuri is an IBM Certied Senior Architect and Enterprise Solution Architect of Cloud Modernization in IBM Australia.
He has 16 years Industry experience, encompassing roles across the verticals, specializing in application infrastructure design,
server consolidation and workload migration from legacy IT environment to various virtualized and cloud environment. He has been
instrumental in IBM Global Delivery for developing several cloud computing initiatives such as open source Cloud integration with
IBM software, enabling client and business partners in various cloud environment. He is involved in several cloud education initiative
in various universities and engineering institutes as part of IBM University Relationship program. He is also Certication Review Board
member for Architecture Review Board (India). He is currently supporting large nancial and mining organization of Australia as a lead
architect, modernization. He can be reached at dchoudhu@in.ibm.com.
About the Authors
Biswajit Mohapatra is an IBM Certied Consultant and Global Integrated Delivery Leader for IBM Application Development and
Innovation Digital Modernization Service (DMS) practice. He is IBM India Competency Head for Global Specialized Application
Modernization, Application Workload Optimization and Cloud Migration Competency. Biswajit is a known thought leader in Indian
IT community for leading Application Modernization and Cloud modernization initiatives from concept to realization. Biswajit leads
consulting, solution architecting, offering incubation, technology innovation and delivery of large cloud modernization engagements
at IBM. Biswajit is founder member of IBM Faculty of Academy specializing in creating signature client experience, passionate
participant of various Industry Academia initiatives around Cloud Computing and has several international journal publications on
cloud modernization. He can be reached at biswajit.mohapatra@in.ibm.com

Article Amit Badheka
Senior Technical Architect Research & Innovation, IGATE Global Solutions Mumbai, India
Context Aware Intelligence: Approach for

Multi-Dimensional Security
Abstract: In this paper, a novel approach to implementing contextualized security features for enterprise applications is presented. This
approach provides adaptability to existing security infrastructure of enterprise applications, thereby enhancing information security.
Our framework provides a context engine that uses intelligence to extract and analyze contexts, and identify actions as demanded by
the security situation. The viability of the context engine is exemplied by a simple web application featuring security aspects such as
authentication, authorization and transactional security.
Introduction applications can implement security main groups that we have considered
Enterprise security includes the measures features that uses context to take security are physical vs. geographical.
taken to ensure security of enterprise decisions. We present a conceptual Physical location is related to
applications and sensitive data. Earlier, framework for modeling Context Aware a global geographic coordinate
security was thought of as physical Intelligence[6] (CAI). The architecture of system and provides an absolute,
security, and emphasis was on securing our platform, based on this framework, accurate, grid based position in the
physical space and premises that contained is discussed in the next section. How form of a <latitude, longitude> pair.
enterprise application infrastructure. such a platform can be used to enhance Geographical location is used to
However, increasing exposure of applications application security is also described deal with natural geographic objects,
over cloud has resulted in application data through a case study in subsequent such as countries, cities, and also zip
being highly vulnerable to a wide variety of sections. codes, postal addresses and so on.
threats. The enterprise security space has Time Context This category
Context Aware Intelligence & Security
already gone through one transformation deals with information required
Context Aware Intelligence (CAI)
with a shift in focus from parameterized to to handle dynamic environment
framework helps enterprises identify and
de-parameterized security solutions that in the application such as change
develop adaptive enterprise applications.
protect the point of access to the data, rather of situation over time, support for
The CAI framework is designed to dene
than the physical database and servers. The inference on various changes that
situations that can be evaluated based on
next wave of transformation will be the use may take place over a period of time,
current context any point of time. Due to
of more than one dimension of the users time zones, time interval and so on.
its highly adaptable design, the framework
in order to take security-related decisions. Environment Context This category
has wide level of applicability across various
The use of context aware intelligence for deals with physical objects and
domains including enterprise security. The
security, as described in this paper, is a step devices that exist in an application
in that direction. section below explains the key concepts of environment, and participate in data
Context awareness originated as a CAI and how it can be used in implementing acquisition, reasoning and action.
term from ubiquitous computing and has security features.
Conceptual Security Framework
been a topic of research since the last Context Aware Intelligence Framework The core security model is not very different
few decades[1, 2, 3, 4, 5]. However, recent Context Aware Intelligence (CAI) from industry norms as shown in Fig. 1.
developments in smart mobile devices, framework provides a scalable and exible Hence, the core functions of the framework
ubiquitous presence of sensors, affordable solution for integrating information from are:
wireless communications, big data different sources, and incorporating context Identify Identify risk, critical resources
technologies and proliferation of social awareness within an enterprise application. and systems performing critical
networks enable organizations to leverage For simplicity and completeness of context business function. The functions such
technologies related to location tracking, modeling in enterprise applications, CAI as identity and content management
proximity awareness, voice recognition, classies contexts into the following four could be dened by this core function.
social media integration and so on, to categories:
build context aware intelligent solutions. Identity Context This category
The contextualization in security will bring considers data about an entity such
in more than one aspect of the user, e.g. as user prole, intent, actions,
access to other information such as users characteristics, demographics,
location, to take well informed security preferences, interest and history.
policy decisions. Also, by leveraging data Location Context Location can
about what is happening in real-time, be described in different ways,
enterprises can better prioritize their depending on the application
policy adaptations, remediation activities requirements such as local vs. remote,
and attack-response practices. relative vs. absolute, location point
Fig. 1: Security model
This paper describes how enterprise vs. location area, and so on. The two

Detect Detect any unwanted event logs are not recorded appropriately. gateway performs a look-up of the URLs
that can be a threat to the critical It would be a good idea if we can reputation (which is a form of context),
resources and information. The generate audit situations dynamically and navigation will be blocked, preventing
activities such as continuous intrusion based on contextual data so that the virus attack.
and tamper detection, fault handling applications can capture critical At present, industry analysts such as
etc. are examples of the detect function. information about any critical Gartner[7] recommends that organizations
Act Take preventive action, transaction. begin the transformation to context-
sometimes known as countermeasure. CAI Security Architecture aware and adaptive security infrastructure
Some of the countermeasures that can In order to come up with contextualized as they enhance static security
be implemented under Act function security architecture and address some infrastructure, such as rewalls, and web
are authentication, access control, of the challenges described in the above security gateway and endpoint protection
message protection, etc. section, we start with the standard and platforms. The next section provides
For the purpose of this paper we will very basic security architecture, which some insights into how we can use simple
focus on Act functions of security suggests that an entity trying to access an contexts and implement basic security
framework. Hence, it is important to have application or data should be controlled functionality such as authentication,
a basic understanding on some of the key by Authentication and Authorization. access control to prevent threats and
countermeasures and their challenges Audit log should be kept to keep a check fraud transaction.
that we can address by contextualization. on the activities of the entity. In order to Case Study CAI Security in Banking
Some of these countermeasures are build a secure application, we need to The use case considered here is to
covered here: implement these three services namely enable a nancial services application to
Authentication The most prevalent Authentication, Authorization and Audit detect vulnerable events using various
form of authentication is username (AAA) properly. contextual information such as: (a) User
and password. Unfortunately, it is Context aware security architecture details (name, date of birth, username,
also the one of the most unsecure provides a scalable and exible solution password), (b) Financial details (account
method. For example, system asks for integrating information from different details, account type), (c) Location details
for a password when a person is sources and building dynamic policy (base location, current location), and (d)
trying to login. The person will be driven security services that provide social details (social network details). This
allowed to access the application security features such as AAA. For is depicted in Fig. 2 below.
on providing the correct password.
However, system does not establish
that the person who is given access
is the genuine user of the application.
Access Control Access Control,
also known as Authorization - is
mediating policy-driven access to
resources on the basis of identity.
The permissions are mostly
implemented using Access Control
List (ACL) where access permissions
are dened for each user. ACLs
are normally static in nature and it
becomes difficult to dene when we
have a large number of resources
with varying permissions for each
user. E.g. setting permission for too
many les in the le system.
Audit (a.k.a Accounting), is log
statements for the purpose of Fig. 2: CAI Security in Banking
reporting some key user activities.
Most of the time, audit logs are not example, consider a situation where a
given its due importance. It has been Obective
phishing attack is launched with an email The nance application built using CAI
observed that not much attention is containing a link to a targeted attack
given to identify critical situations security provides simplistic and dynamic
download. Signature-based mechanisms security to the nancial institutes such as
reported in an audit log. The audit logs will not stop this the organizations banks, in order to protect sensitive data. It
can be a crucial piece of information antivirus software will not detect the also provides opportunities for reducing
to identify fraudulent transactions payload and that the URL is known to be security needs of a user depending on
and the user performing it. It could "bad". However, before the user is allowed intent (type of activities to be performed)
result in big loss if evidences of audit to navigate to the site, the secure web and other contextual information such as

time and location. The main objective of Consider the situation where a user compromised account.
this sample application is to demonstrate can pair his personal device such Social network analysis (a): The
the following aspects of CAI security: as mobile or smart watch, and the situation uses social network
Easy-to-dene situations in a nance business app is installed on that details of user in order to generate
application that can be evaluated to device. Whenever the user tries to dynamic security questions in order
detect any threat without referring to access the net banking application, to personalize security parameters.
static security policy. or mobile app or smart watch app, This type of situation can be used to
Situations that can consume data the availability of paired devices can enhance user experience by reducing
from various sources and capture be used to strengthen the parameters security overheads on the user to (re)
contextual information of the user in that dene authenticity of user. The set the answers to these questions.
order to dene applications security existence of the persons registered The system can determine what
behaviour. mobile device that gets paired to questions to ask and when to ask.
Demonstrate a few security the computer from where the net Social network analysis (b): The
situations in Authentication, Authorization banking application is being accessed situation uses social network details
countermeasure using contextual strengthens the parameters that of user as available. It analyses
information from different sources. dene authenticity of the user. the social behavior of user and
Business Scenarios Restricted access on multiple determines any indicator suggesting
The application demonstrates three attempts in a time period: The change of location by the user,
scenarios where a user is provided with situation used the information which is different from his base
authentication option and data access such as number of access attempts country. If there is a request for
control depending upon context. The in a duration, local time zone, money withdrawal from any ATM
situations that were implemented as a access channel (web, mobile) and in his base country, security level
part of this case study are hypothetical location of access. If there are can be increased to get some more
in nature and implementation may vary multiple access attempts made personalized information from the
depending on the business needs of and contextual information is user such as security questions to
nancial institutes. The details of the varying drastically then access establish the authenticity of user. The
situations implemented are as follows: can be blocked for the security user will be notied on unsuccessful
Personality association using reason. The user will be notified to attempts to change credentials on
pairing of personalized device(s): change credentials on possibility of possibility of compromised account.
Fig. 3: Contextualized security solution

Solution Social network analysis (a): In provisioning. Customers are expecting
The context aware security solution is this situation, the contexts used not just products and services but also
built using Context Aware Intelligence are user context, social context to convenience, comfort and assistance in
framework that enables us to dene analyze social network behavior of making informed decisions. Hence, it is
situations, by providing the intent and user and identify some personalized important to understand end-user needs,
environmental information (context) questions that can be used as what worked for him/ her, and what
that can recognize the situation. The security questions. This should allow did not in order to provide personalized
environmental information we have systems to be dynamic and present service experience to each and every end-
considered for these situations are personalized user experience instead user. The rise in IoT, data analytics, smart
personal details, account details, address of static security questions. mobile devices and social networks are the
details, social details, time related details Social network analysis (b): In catalysts that an enterprise can leverage
and social network details. The solution is this situation, the contexts used in order to keep customers regularly
depicted in Fig. 3. are user context, social context to informed with relevant information, to
In this solution, we used the CAI determine status/ post suggesting make decision making easier. CAI and
framework to integrate with various travel, location context storing base context aware security are examples of
data sources such as social network location, and any indicative location, how such personalized, decision-support
(Facebook), and enterprise data stores in account context for debit/ credit card capabilities can be provided to individuals
order to extract information such as user details. in a relatively easy, congurable manner.
details, account details. We are fetching a
Implementation Challenges References
huge amount of data from social networks
Using context aware computing for [1] B Schilit, N Adams and R Want,
and pre-populating them for further
security is an emerging area. The nance Context Aware Computing
analytics like NLP for location detection.
industry will need lots of research in this Applications, 1st International
CAI framework uses query based data
space to establish benets and value add Workshop on Mobile Computing
retrieval for the context manager to
to the nancial business process. One Systems and Applications, 1994.
periodically evaluate contextual data,
of the main objectives of security is to [2] C Bolchini, C A Curino, E Quintarelli,
identify & evaluate impacted situations.
prevent frauds happening with nancial L. Tanca and F. A. Schreiber, A Data-
The events & notications generated by
transaction that involves transfer of money. Oriented Survey of Context Mod-
CAI framework are used by the sample
Hence, there are a few challenges that we els, SIGMOD Record, Vol. 36, No. 4,
application to take security decisions.
identied in adopting contextualization 2007, pp. 19-26.
Some implementation details on the
for implementing security in nancial [3] P Lombardi, V Cantoni and
situations are as below:
applications which are as below: B Zavidovique, Context in
Personality association using
It is very critical to identify reliable Robotic Vision: Control for Real-
pairing of personal device(s): In this
sources of information in order Time Adaptation, International
situation, the account details context
to take security decisions. It is a Conference on Informatics in Control,
can be used to keep information
challenge to use social media as Auto- mation and Robotics, 2004.
about the personal device that will
contextual information source due [4] G Chen and D Kotz, A survey of
get paired. So, whenever there is an
to its perceived lack of security and Context-Aware Mo- bile Computing
attempt made to access user account
questionable quality of data. Research (Tech. Rep. TR2000-381),
from any of the personal devices or
Financial transactions are very Department of Computer Science,
using a web channel the password
critical and time sensitive. It will be Dartmouth College, Hanover, 2000.
can be used in conjunction with
a huge challenge to ensure real-time [5] A Dey, G Abowd and D Salber, A
paired devices to ensure the user is
performance with different types Conceptual Frame- work and a Toolkit
the same person by authenticating
of contexts used for implementing for Supporting the Rapid Prototyping
the person.
security features for large number of of Context-Aware Applications,
Restricted access on successive
attempts in a time period: In this concurrent users. Human-Computer Interaction, Vol.
situation, user context stores base Data retrieval and aggregation is 16, No. 2-4, 2001, pp. 97-166.
location details; time context stores a challenge since information can [6] Amit Badheka, Context Aware
base time zone, time of request, come from many sources supporting Intelligence: A Framework for
number of occurrences; and location different data formats. Immersive Customer Experience,
context stores base location and Conclusion IJARCS, Volume 5, No. 5, May-June
transaction location details. All In the age of digital transformation, 2014
these contextual information will industry needs to offer innovative [7] Gartner, Inc., Hype Cycle for
be validated on successive access products & services, ease of use Application Security, 2014
attempts made on a user account. and ensure efficiency in service n

Case Sarika Sharma
Study Director, JSPMs Eniac Institute of Computer Application, Pune
e-Learning for Effective Classroom Teaching: A Case

Study on Educational Institutes in India
Abstract: The use of technology-based learning and electronic learning (e-learning) is one of major trends in the eld of higher education.
E-learning has advantage, thats why more higher education institutes have implemented it. They are investing in this, so there is a need to
analyze the methodology for effective use of e-learning in class room teaching. Jayawant Shikshan Prasarak Mandal is an educational Trust
in Pune, India which is providing technical education in various disciplines. There are more than 70 institutes running under the trust These
institutes have organized a series of lectures for MCA students to implement effective e-learning in collaboration with Maharashtra Knowledge
Corporation Limited (MKCL). However, it was observed that there is a lot more to e-learning than just technology. The effectiveness of these
lectures was evaluated by feedback of students. This study also reviewed the literature available on implementation methods of e-learning and
recommendations are given for the improvement of classroom teaching through e-learning.
Introduction technologies a mixed approach is to be and practitioners have given methods

In todays global society, e-learning may adopted. As e-Learning provides the many for implementation. Table 1 below
provide a lot of useful features in a wide opportunities to facilitate and support summarizes the various methods, issues,
range of learning and teaching situations. learning. The creation of an e-Learning and challenges for implementation of
The emergence of Information technology experience has to understand the various e-learning. There are several development
and society has resulted in evaluation of features of the medium, as well as various and e-learning implementation models
e-learning. It has also impacted on socio- ways it can be used effectively to impart are there.
cultural and economic development the learning.
Review of the Literature
globally. Some of the researchers suggest The environment facilitated by The existing literature on e-learning is
that the e-learning is not time tested the e-learning where student takes the reviewed and presented in summary form
and therefore a continuous research is ownership of their own learning.
in the table 1. It can be concluded from the
required in this area and it needs lots of e-Learning: Evaluation and Development literature that although there are various
understanding in this particular area. The technology progression has been led implementation methods for e-learning,
It is a type of learning supported by to the wireless broadband development the organization has to decide which
information communication technology
technologies which are supporting the method is suitable and applicable on their
that improves quality of teaching and
learning with the portable devices. The structure and environment.
learning. e-learning encompasses all
above architecture is further developed Research Objectives and Methodology
computers and internet based activities
including web based features leading
that support teaching and learning both Objectives
to the emergence of intranet/extranet/
on campus and on distance. Main objective is to nd out methods
internet which are supporting the
[1] e-learning can be implemented to implement e-learning for effective
e-learning with web based environment.
in the various ways including the classroom teaching. To achieve main
The network technology evolution is
synchronous, asynchronous and the objective following sub-objectives are set:
evidenced from wireless broadband
computer based. Author denes the To nd out the impact of technical
access technologies to the development
e-Learning as use and acquisition of support and arrangements on the
of client-server networks.
knowledge facilitated and distributed by effectiveness of the teaching.
electronic means. Factors affecting e-Learning To compare the effectiveness of
There are various form of learning Implementation teaching through ICT and e-learning,
and for the e-learning skills and The implementation will depend on the with traditional method of teaching
level of readiness in terms of the this is physical presence of teacher in
budget, infrastructure and human the class.
Authors/Content
Creation
People Learning/Learners resources such as experience, skills,
knowledge and attitude. Methodology
Literature review shows that Universe of the Study
Administrators
there is various works done on the Higher education Technical Institutes in

Authoring Run-time
System System e-learning implementation and Pune region of India are included in the
development and it is presented in study as Pune is the educational hub in
Import/Export
the literature. The comparison of west of the India. Students associated
Learning Management System (LMS)
the studies is done. The topics are with various institutes, forms the universe
Content Storage and Management Interaction/Trainers
the perception, evaluation, and the of the study.
pedagogy and monitoring studies. Sampling Frame
Fig. 1: Generic view of e-learning systems List of higher technical institutes in
In this direction researchers

Table 1: Summary of literature on e-Learning implementation

Pune Region was considered, which forms
the sampling frame.
Sampling Method
The sample technique selected is
random sampling.
Sample Size
As per list there are 12 higher
learning Technical Education Institutes,
offering Post graduate degree in
Business administration and computer
Applications in the JSPM trust. Total
number of the students are about 3000.
From each of these institutes 10 fully lled
questionnaires were collected. In total 120
respondents participated in the study.
Duration of the data collection was May
2013 to July 2013. Table 4: Coecients
Data Collection
Primary data collection was done Conversation ability factors. From the coefficients table 3 it
using two pre-tested questionnaires and Dependent Variable: Effectiveness of can be analyzed that continuity of data,
interviewing method. The efficacy of the teaching vision quality are significant at 0.01
questionnaires (schedules) was tested Predictors: (Constant), clarity of level.
on a small group of respondents and the voice, continuity of data, vision quality, To compare the effectiveness of teaching
necessary modications were made on the Conversation ability through ICT and e-learning, with
basis of the feedback received from these Dependent Variable: Effectiveness of traditional method of teaching this is
respondents. The modied questionnaires teaching physical presence of teacher in the class.
were used for collecting the data. The Dependent Variable: Effectiveness of Students were asked to rate the
questions were framed so as to cover all teaching
the dimensions for the study. The tables above
Empirical Data Analysis represent the regression
model, it can be seen that the
To nd out the impact of technical
value of R square in table 1 is
support, and arrangements on the
.314 which is significant too.
effectiveness of the teaching.
From table 2 the F value is
Tool Applied: Multiple Regression
7.919 significant at 0.01 level.
Dependent Variable: Effectiveness of
It can be analyzed that the
teaching
impact of the clarity of voice,
Independent Variables: clarity of
continuity of data, vision
voice, continuity of data, vision quality, Figure 2: Teaching Eectiveness
quality, Conversation ability
Conversation ability
on Effectiveness of teaching
Predictors: (Constant), clarity of
is 31 percent. Rest of the
voice, continuity of data, vision quality,
performances affected by the other e-learning lecture as better, same, or
worse in their choices and the data is
analyzed as and presented as in Fig. 2.
It shows that students were satised
with the virtual lectures and are ready
to accept the e-learning along with the
Table 2: Model Summery
traditional teaching method, as 51 percent
have rated the virtual lectures better than
that of actual presence of the teacher,
32 percent did not nd any difference
between the two, and 17 percent nd the
presence of teacher better than the virtual
teaching.
Results and Discussions
It is advisable to have a robust
Table 3: Anova technical support system

implemented for conduction of virtual online Journal of Instructional [12] A Gunasekaran, R D McNeil
classroom lectures for e-learning. Technology, Vol. 1, No.1, pp. 50-59, and D Shaul, e-Learning Research
Continuity of data and the vision 2004. Implementation , Journal of Industrial
quality has an important role to play [4] S Wills, Strategic Planning for and Commercial training, Vol. 32,
as they affect the teaching quality Blended e-Learning, in Proceedings Issue. 2, pp. 44-53, 2002.
signicantly while the lecture is going of the 7th International Conference [14] A S Sife, E T Lwoga and C Sanga, New
on. on Information Technology Based Technologies for Teaching and Learning:
Adoptability of the e-learning Higher Education & Training, Sydney, Challenges for Higher Learning
methods among the student if there July 2006. Institutions in Developing Countries,
and they are ready to accept it in case [5] E Engelbrecht, A look at e-learning International Journal of Education
the implementation is done models: investigating their value for and Development using information
Talking About Future developing an e-learning strategy, and communication Technology, Vol.
It is concluded that e-learning system has Bureau for Learning Development, 3, Issue. 2, pp. 57-67, 2007.
to be aligned at various levels including Unisa, Progressio 2003 25(2):38-47 [15] B Divjak and N Begicevic, Imaginative
state, university, faculty and individuals. [6] MW Brodsky, e-Learning acquisition of Knowledge Strategic
Problems and actions to be taken have to Implementation: Your Roadmap to Planning of e-Learning, Workshop
be identied at all levels. e-learning should Success, Contact Professional, www. on Creating E-Learning Vision And
be considered as an essential element of contactprofessional.com, 2008 Strategy, University Of Zagreb,March
learning and teaching. It can be concluded [7] MG Mason and L Wozniak, 2006.
from the survey that most ranking goal Collaboration andSupport: Two [16] E J ONeill, Implementing International
of e-learning is to improve the learning Key Ingredients to e-Learning Virtuel Elementary Classroom Activities
outcomes and educational processes. Implementation, 73rd IFLA General for Public School Students in the US
The requirement for development Conference and Council, 19-23 and Korea, The electronic Journal of
of strategy, network infrastructure, August 2007. e-Learning, Vol.5, issue 3, pp. 207-
continuous training of faculty members [8] T Govindasamy, Successful 218, 2005.
and specialized e-learning centres is the implementation of e-learning: [17] Scottish Funding Council, Review on
outcome of the study. pedagogical considerations, Internet council strategy on e-Learning. [online],
and Higher Education, Vol. 4, pp. 287- h t t p : //w w w. s f c . a c . u k /a b o u t /
References 299, 2002. new_about_council_papers/about_
[1] E L Meyen, P Tangen and C Lian, [9] Conole, G (2004), e-Learning: papers_25oct07/paper_sfc07159.pdf
Developing online instruction: The hype and the Reality, Journal of [accessed 26th November 2007].
Partnership between instructors and Interactive Media in Education, Special [18] S Marshall and G Mitchell,
technical developers. Journal of Special Issue, www.june.open.ac.uk. An e-Learning maturity model,
Education Technology, Vol.14, No.1, [10] IE Allen and J Seaman, Sizing the Proceedings of ASCILITE 2002,
pp. 1831, 1999. opportunity: The Quality and Extent of Auckland, New Zealand, in press,
[2] F Deepwell Deepwell, Embedding Online education in the Unites States, 2002.
Quality in e-Learning Implementation Retrieved March 10, 2005 from [19] J OHearn, Challenges for service
through Evaluation. Educational http/www.aln.org/resources/sizing- leaders: setting the agenda for the virtual
Technology & Society, 10 (2), 34-43, opportunity.pdf, 2003. learning organization, International
2007. [11] Toh, C Y (2006), e-Learning Journal of Contemporary Hospitality
[3] MRA Karim and Y Hashim, Implementation Preparation in Asia Management, Vol.12, No.2, pp. 97-
The experience of the e-learning Region, http://www.hrdgateway- 106, 2000.
implementation at the University org/hub5/research/E-learning. 10th n
Pendidikam Sultan Idris, Malaysian September 2006.
About the Author
Dr.Sarika Sharma is Director at JSPMs Eniac Institute of Computer Application, Pune, She has done MCA from
Banasthali Vidyapith, Rajasthan and Ph.d. in Data Mining from GGSIP University, New Delhi. She is also life
member of professional bodies like Computer Society of India, Indian Science Congress, ACMs Computer Science
Teachers Association, New York,

Brain Teaser Dr. Durgesh Kumar Mishra
Chairman Division IV Communications, Professor (CSE) and Director Microsoft Innovation Center,
Sri Aurobindo Institute of Technology, Indore
Crossword
Test your knowledge on Cyber Security
Solution to the crossword with name of all correct solution providers(s) will appear in the next issue. Send your answer to CSI
Communications at email address csic@csi-india.org with subject: Crossword Solution CSIC May Issue.
CLUES
ACROSS
1. A mathematical process applied on a set of data to represent that data.
4. A property achieved through cryptographic methods to protect against an
individual or entity falsely denying having performed a particular action
related to data.
5. The protocol which provides security at the network layer
8. A characteristic or specic weakness that renders an organization or
asset open to exploitation by a given threat.
9. An attack which tries to make services and resources unavailable.
12. The device which checks all incoming and outgoing traffic for dened
security
16. A malicious program which does not need a host program.
17. A network point that acts as an entrance to another network.
18. The property that ensures that the information is not modied.
19. The protocol used for email security.
20. A tool installed after a compromise to give an attacker easier access to the
compromised system around any security. mechanisms that are in place.
21. A collection of compromised computers.
22. Any computer that has full two-way access to other computers on the
Internet
23. A message in encrypted form.
24. The information gathering and analysis of assets to ensure such things as
policy compliance and security from vulnerabilities.
25. The mathematical science that deals with cryptanalysis and cryptography.
DOWN
2. Passive wiretapping, usually on a local area network, to gain knowledge of
passwords.
3. A computer connected to the Internet that has been secretly compromised
with malicious logic to perform activities under remote control of a remote
administrator.
6. A digital form of social engineering to deceive individuals into providing
sensitive information.
7. Software that compromises the operation of a system by performing an
unauthorized function or process.
10. Faking the sending address of a transmission to gain illegal entry into a secure
Did you know How to create strong password? system.
Creating strong password is very important 11. An authentication service.
13. An unauthorized act of bypassing the security mechanisms of a network or
while making an account anywhere as the information system.
attacker tries different combinations to hack 14. Listening to a private conversation which may reveal information which can
your account. As a counter measure your provide access to a facility or network.
password must contain as many characters as 15. The process of verifying the user.
possible (typically minimum 8). Your password 19. A small update released by a software manufacturer to x bugs in existing
must be a combination of alphabets, special symbols, and numbers. programs.
It will become more difcult to crack if it is a combination of
upper and lower letters. Do not use names, date of birth or
Solution to April 2015 crossword
mobile number with passwords as they can be easily guessed.
Based on above suggestions if your password is weak, please
change your password right now.
Rashid Sheikh
Associate Professor, Sri Aurobindo Institute of Technology
Indore
We are overwhelmed by the response and solutions received from our

enthusiastic readers
Congratulations!
All Correct answers to April 2015 months crossword received
from the following reader:
Er. Aruna Devi (Surabhi Softwares, Mysore),

A Report from CSI Division IV Communications
Chairman, Dr. Durgesh Kumar Mishra
1.Expert Talk on Quality Research and Plagiarism
Necessity is the mother of invention. Famous quote by Plato Verma, Director, CSIT, Dr. P.Mahesh , Principal, CSIT , Dr. N T
always strikes that, that engineers should do something in right Khobragade, Dean (Academics), Directors and Principals of
place to knock on earth. The methodical investigation into study Engineering Colleges, researchers and faculty members, across
and sources always requires establishing facts and determining the country and representatives of the media. The conference
way to reach conclusions. It can be written as Quality Research. was attended by nearly 175 participants, including more than 25
Department of CSE & IT of Swami Vivekanand College of listener participants from the different colleges. Total 273 papers
Engineering, Indore has successfully organized Expert talk on were received in the conference. The Program started with the
Quality Research and Plagiarism in association with CSI- ceremonial lighting of the lamp and the welcome of the guests by
SVCE Student Chapter on April 15, 2015 and CSI Division IV the presentation of bouquets. In his welcome address the Director
Communications. of CSIT and Organizing Chair, Dr. Anurag Verma welcomed the
guests and highlighted upon the signicance of the conference
Dr. D K Mishra, Chairman, CSI Div. IV Communications
theme. He also said that it is a matter of great honor to have a
was expert of happening. Dr. Mishra, shared his experiences
person of stature of Dr. ING B.V.Rao to have as the Chief Guest.
with different research problems and discussed variety
The rst day Session Chair & keynote speaker Dr. D K
of practical solutions. He also enlightens a light of beam
Mishra, Professor (CSE) and Director, Microsoft Innovation
on importance of Plagiarism and unique quality solutions.
Centre at Shri Aurobindo Institute of Technology, Indore discussed
The event was started with lighting of lamp followed
the way of improving the research capability and way to do the
Prof. Pradeep Rusiya-CSE & Prof. Preetesh Purohit-CSE welcomed
research for research scholars. His lecture provided the guidelines
the chief guest. The occasion was managed by Prof. Surbhi
how to choose the topic, how to write the algorithm and how to
Parnerkar along with Mr. Ashish Hardia & Mr. Neeraj Kushwah.
start the work. In second session, keynote speaker was Dr. Asha
The complete talk was great success with participation of
Ambhaikar, Professor & Dean(R&D), CSE ,Raipur discussed about
more than 60 students and faculty members. Prof. Vijay Birchha,
the role of Cloud computing in the research area. Total 21 papers
Head-CSE facilitated the guest with souvenir of memories and
are presented in rst day.
give
givess vote
gives vote o
off th
than
anks
ks..
thanks.
Second day Dr. H S Hota , Associate professor, Bilaspur
university was the key note speaker. He delivered the lecture on
Data Mining in research area. Total 15 papers were presented in
whole day.
AICON2015 was concluded by Valedictory function
addressed by Dr. N T Khobragade, Dean (Acad.). He addressed all
the dignitaries and research scholars and invited Er. Ajay Prakash
Verma , chairman CSIT and Dr. Anurag Verma , Director ,CSIT to
distribute the certicates , also some dignitaries for collecting
the feedback. The general feedback from the participants was to
conduct many more such CSI events in the college campus.
2.All India Conference on Sustainable Product

Development (AICON2015)
CSIT Engineering College Durg organized AICON2015 on 24th
25th April 2015. The inaugural function of the AICON2015
(All India Conference) with the theme Sustainable Product
Development took place on 24th April 2015.The function
saw the gracious presence of Dr. ING BVA Rao, Chairman,
National Design Forum, Institution of Engineers (IE) as the Chief
Guest, Er. Ajay Prakash Verma, Chairman, CSIT, Dr. Anurag
International Conference on ICT for Healthcare

24-25 July 2015
Papers due : May 30, 2015
www.csi-udaipur.org/icthc-2015
Contact : Dr. Durgesh Mishra, Chairman Div - IV, CSI, drdurgeshmishra@gmail.com, Dr. A. K. Nayak, akn_iibm@yahoo.com, Mr. Amit
Joshi, amitjoshiudr@gmail.com

Computer Society of India Rajkot Chapter
Layer-3 Switching
Computer Society of India Rajkot Chapter, arranged a two The session targeted many PG students, Research Scholars and
hour Knowledge Forum Session on Layer-3 Switching. Total 35 doctorates of Rajkot Chapter. It added a feather in the list of
participants attended this workshop. successes by the CSI Rajkot Chapter.
The session taken by a very renowned personality, Dr. Atul Gonsai, Dr. Atul Gonsai provided different evolutions of networks devices
Associate Professor, MCA Department, Saurashtra University. This and gave insight to Layer-2-3 switching. The Vice-President
seminar was conducted by CSI, Rajkot Chapter, under Knowledge Prof. Nilesh Advani presented vote of thanks. Prof. Jobi Jose,
Forum Session. The session got inaugurated by Dr. R. Sridaran, Chapter secretory has made all the arrangements in connection
Immediate Past Chairman, CSI Rajkot Chapter. He welcomed new with session.
chairman, Prof. Sunil Bajeja, who further talked about CSI Rajkot
All participants were provided with certicates for their
Chapter and its various roles and achieved milestones. He also
participation.
introduced and welcomed the speaker.
Report on CSI Gwalior Chapter Meeting on 12 April 2015

Date: 24-25 July
Chapter Chairman informed about the activities of CSI Gwalior chapter .
A presentation was made by Dr. Vipin Tyagi, RVP- III on the activities of CSI to the gathering.
A discussion was done with MC members and other CSI members. Advised all to increase CSI members and student branches
in the chapter. Also advised to increase the CSI activities under chapter, to keep webpage and other information updated and to
take necessary steps to get database uptodate.

CSI News
From CSI Chapters
Please check detailed news at:
http://www.csi-india.org/web/guest/csic-chapters-sbs-news
SPEAKER(S) TOPIC AND GIST

AHMEDABAD / MATRUSHRI L.J GANDHI BCA COLLEGE (REGION III)
Prof. Ankit S. Patel, BCA College, Modasa Prof. Sanjay Feb 19, 2015: "Computer Awareness Program in the villages Aravalli
G. Patel, BCA College, Modasa Shri Girish Darji, Aniyor District
High School Shri Surendrabhai Shah, Hon. Secretary, Arvalli is a backward district on the border of Gujarat-Rajasthan. The area
M.L Gandhi Higher Education Society, Paldi is hilly and rich with minerals and forest produce. The entire topographical
sight of the district is rich in natural beauty and it has many spots which
can be developed as picnic places. It is surrounded by the Arvalli Hills ,the
oldest mountain ranges in the world. Though the area is rich in natural
wealth, it is populated by the people of this area contributed substantially.
Under the able leadership of Mathuradas Laljidas Gandhi and his team.
The M.L Gandhi Higher Education Society, Modasa is Blessing for Poor
People who can not afford the Higher Education in Ahemdabad, Baroda,
Vidhyanagar ,so our campus is blessing for those people.
The objective for open CSI student branch in modasa is provide skill
for students of the different schools (Primary or secondary ) because the
students of the rural area they dont have technical skill. Our aim will be to
develop technical skill in this district.
SPEAKER(S) TOPIC AND GIST

ANITS CSI STUDENT BRANCH (REGION V)
V Srinivas Raju, Assistant Professor, CSE Event- 2 Day Workshop on Web Design and Development
A 3 day Workshop on Web Design and Development has been organised
by ANITS CSI Student Branch at ANITS from 19th to 21st of December ,
2014 at E- Class Room, Department of CSE. This workshop has been
conducted by V Srinivas Raju, Assistant Professor, Dept of CSE to enable
the students and even the faculty to become familiar with web design and
development. Participants have been introduced with all the news trending
web technologies like php, html 5 etc. Around 50 people have participated
in this workshop.
Workshop on Web design and development
From Student Branches

(REGION - I) (REGION -I )
ITM UNIVERSITY, GURGAON AMITY UNIVERSITY, NOIDA
20 & 21-2-2015 - National Workshop on Big Data Analytics and Data 25-3-2015 during Expert talkon the New Generation Technologies : A
Mining Tools Paradigm Shift

(REGION-III) (REGION-IV)
TRUBA COLLEGE OF ENGINEERING & TECHNOLOGY, INDORE SILICON INSTITUTE OF TECHNOLOGY, BHUBANESWAR
19-3-2015 during Inter College Programming Competition : Code 26 to 28-2-2015 Participants during Annual Inter College Technical
Combat 15 Festival
(REGION-V) (REGION-V)
SRINIVAS INSTITUTE OF TECHNOLOGY, MANGALORE BNM INSTITUTE OF TECHNOLOGY, BANGALORE
4-4-2015 Mr. Kartheek Kangala, Senior Engineer, Cisco during the 20-3-2015 during Seminar on Awareness of secure programming
workshop SDN and Data Center Networking
(REGION-V) (REGION-V)
SRI KRISHNA INSTITUTE OF TECHNOLOGY, BANGALURU BLDEAS ENGINEERING COLLEGE, BIJAPUR
11-3-2015 during one day workshop on Android Applications 18 & 19-3-2015 during Tech Fest on TECHSTORM 2K15
Development
(REGION-V) (REGION-VI)
BVRIT, HYDERABAD PIIT, NEW PANVEL
9-4-2015 - Dr. Shekar Muddana, Google, Hyderabad during Guest Lecture 27-3-2015 during Magazine Launch event
on Computational Complexity and Theory of NP Completeness

(REGION-VII) (REGION-VII)
SONA COLLEGE OF TECHNOLOGY, SALEM VELAMMAL ENGINEERING COLLEGE, CHENNAI
20-1-2015 Dr Vijayaragavan Vishwanathan distributed certicates 20-3-2015 Dr Vijaya Chamundeeswari, Mr Somasundaram Jambunathan,
during the contest on Reverse Coding and Ethical Hacking Dr Duraipandian & Mr Muralidhar during National Conference on
Advanced Computing Technologies
M P NACHIMUTHU M JAGANATHAN ENGINEERING COLLEGE, CHENNIMALAI, ERODE DR. N G P INSTITUTE OF TECHNOLOGY, COIMBATORE
24-3-2015 During National Level Conference on Emerging Trends in 19 & 20-3-2015 During National Level Technical Workshop on Scalable
Information & Computer Science 15 Realtime NoSQL Datastores
NANDHA COLLEGE OF TECHNOLOGY, ERODE EINSTEIN COLLEGE OF ENGINEERING, TIRUNELVELI
1-4-2015 During National Conference Recent Trends in Computing 21-3-2015 Prof. Sivaganesh, Dr. Velayutham, Mr. Karthick Natarajan,
Technologies & Applications Mr. Mathivanan & Dr Ramar during seminar on Advanced Java Programming
SHRI SHANKARLAL SUNDARBAI SHASUN JAIN COLLEGE FOR WOMEN, CHENNAI SRM UNIVERSITY, RAMAPURAM CAMPUS, CHENNAI
20-2-2015 Participants during the event on Research Forum 10-4-2015 During the event on Acquisition or Innovation: Which is
more favoured today
Please send your student branch news to Education Director at director.edu@csi-india.org. News sent to any other email id will not be considered.
Please send only 1 photo per event, not more.

(REGION-III)
BABARIA INSTITUTE OF TECHNOLOGY, VADODARA
Babaria Institute of Technology, CSE department has organized CSI Project Competition cum Exhibition held on 18th April, 2015 under the umbrella
of CSI Vadodara Chapter in which a total of 12 best projects were presented in front of IT Experts from different industries in the esteemed presence
of Mr. A M Nayak, Chairman, Vadodara Chapter.
Projects demonstration to Jury members Felicitation of Mr. A M Nayak by Prof. Saurabh Shah
A Report on Special Lecture Disaster Communication and HAM Radio at Gwalior

A special lecture on use of HAM Radio provided the necessary communication
in Emergencies and Disasters was to mankind and authorities in difficult
conducted by OM Jayant S. Bhide situations where HAMs could not find to
VU2JAU, NC member, CSI Gwalior set up the station at proper place.
Chapter in I.T.M. University, Gwalior, More than 100 University students
on 27 March 2015. The possible attended the program. ITM University
advantages of HAM Radio during Advisor Mr. R.D.Gupta along with HOD-
Disasters. He demonstrated that HAM CSE Mr. Sanjay Jain along with other
Radio has always worked as supporting faculties attended the program. OM Jayu
communication system when nothing VU2JAU was supported by OM Kamal
works. He also pointed out different types Raj VU3RAE and OM Aditya Ashtikar
of disasters faced and how HAMs have VU3LKA during the program.
Activity Report of CSI-Bangalore Chapter

Name of the Chapter: Bangalore
Region-V
Event Date: 19th April, 2015 (9.30 am to 4:30 pm)
Event Name: Programming and Hands on Workshop on Design Patterns
Computer Society of India [CSI], Bangalore Chapter organized a One day
Programming and Hands on workshop on Design Patterns at CSI-BC
premises on 19th April, 2015.
Mrs. Bhanumathi K S, Chairperson (Elect.) and Event co-ordinator

welcomed the participants with a brief introduction of the speaker. She
spoke about the upcoming events of CSI-BC. She proudly mentioned that Introductory Session Photograph
CSI-BC has been the most vibrant Chapter.
Kind Attention: Prospective Contributors of CSI Communications

Please note that Cover Theme for forthcoming issue of June 2015 is planned as follows:
June 2015 Data Science
Articles may be submitted in the categories such as: Cover Story, Research Front, Technical Trends and Article. Please send your contributions before 20th
May 2015. The articles may be long (2500-3000 words maximum) or short (1000-1500 words) and authored in as original text. Plagiarism is strictly
prohibited.
Please note that CSI Communications is a magazine for membership at large and not a research journal for publishing full-edged research papers.
Therefore, we expect articles written at the level of general audience of varied member categories. Equations and mathematical expressions within
articles are not recommended and, if absolutely necessary, should be minimum. Include a brief biography of four to six lines for each author with high
resolution author picture.
Please send your articles in MS-Word and/or PDF format to Dr. R Nadarajan, Guest Editor , via email id nadarajan_psg@yahoo.co.in with a copy
to csic@csi-india.org.
(Issued on the behalf of Editorial Board CSI Communications)

Anirban Basu
CSI Calendar Vice President, CSI & Chairman, Conf. Committee
Email: abasu@pqrsoftware.com
2015
Date Event Details & Organizers Contact Information
May 2015 events
07-09 May 2015 International Workshop on Intelligent Approaches for Object Oriented Modeling in Component Dr. Shishir Kumar
Based Software Engineering (IAOOM-2015) to be organized at Jaypee University of Engineering dr.shishir@yahoo.com
& Technology, Guna (MP)http://www.juet.ac.in
1517 May 2015 International Conference on Emerging Trend in Network and Computer Communication Prof. Dharm Singh
(ETNCC2015) at Department of Computer Science, School of Computing and Informatics dsingh@polytechnic.edu.na
Polytechnic of Namibia in Association with Computer Society of India Division IV.
http://etncc2015.org/
17 May 2015 WTISD 2015 - Telecommunications and ICTs: Drivers of Innovations at CSI Udaipur Chapter, Dr. Y C Bhatt
IE(I) ULC At Udaipur drycbhatt@hotmail.com
Amit Joshi amitjoshiudr@gmail.com
30-31 May 2015 Two Day National Conference on ICT Applications CONICTA-2015 at IIBM Auditorium, Prof. A K Nayak
Patna organized by CSI Patna Chapter in association with Division III ad Division IV of aknayak@iibm,in
Computer Society of India. Dr. Durgesh Kumar Mishra
drdurgeshmishra@gmail.com
July 2015 events
3-4 July 2015 International Conference on ICT for Sustainable Development, organized by CSI Division Amit Joshi amitjoshiudr@gmail.com
IV, Ahmedabad Chapter, ASSOCHAM Gujarat Chapter and Sabar Institute of Technology for Dr. Nisarg Pathaknisarg.pathak@
Girls, Gujarat At Ahmedabad http://www.ict4sd.in gmail.com
24-25 July 2015 International Conference on ICT in Health Care and E-Governance, at Sri Aurobindo Institute Dr. Durgesh Kumar Mishra
of Technology, Indore in association with Computer Society of India Division III, Division IV, drdurgeshmishra@gmail.com
Indore Chapter, ACM Udaipur Chapter. www.csi-udaipur.org/icthc-2015/ Dr. AK Nayak
aknayak@iibm.in
Mr. Amit Josi
amitjoshiudr@gmail.com
Aug 2015 event
7-8 Aug 2015 International Conference on Innovations in Computer Science & Engineering (ICICSE-2015) Dr. H S Saini
Organized by Guru Nanak Institution, Hyderabad in association with Computer Society of md@gniindia.org
India Division IV and Hyderabad Dr. D D Sharma
Chapter. www.icicse2015.org dirmca.gnipg@gniindia.org
Sept 2015 event
10-12 Sep 2015 International Conference on Computer Communication and Control (IC4-2015) at Medicaps Dr. Promod Nair
Group of Institutions, Indore in association with Computer Society of India Division IV, CSI Mitm,csedepartment@yahoo.com
Indore Chapter and IEEE MP subsection. Prof. Pankaj Dahore
Pk_dashore@yahoo.co.in
Oct 2015 events
9-10 Oct 2015 International Congress on Information and Communication Technology (ICICT-2015) at Dr. Y C Bhatt
Udaipur, organized by CSI Udaipur Chapter, CSI Division IV, SIG-WNs, SIG-e-Agriculture and drycbhatt@hotmail.com
ACM Udaipur Chapter. www.csi-udaipur.org/icict-2015 Mr. Amit Josi
amitjoshiudr@gmail.com
16-17 Oct 2015 6th Edition of the International Conference on Transforming Healthcare with IT to be held at Mr. Suresh Kotchatill,Conference
Hotel Lalit Ashok, Bangalore, India. http://transformhealth-it.org/ Coordinator, mail@transformhealth-it.org

Registered with Registrar of News Papers for India - RNI 31668/1978 If undelivered return to :
Regd. No. MCN/222/20l5-2017 Samruddhi Venture Park, Unit No.3,
Posting Date: 10 & 11 every month. Posted at Patrika Channel Mumbai-I 4th oor, MIDC, Marol, Andheri (E). Mumbai-400 093
Date of Publication:10th of every month
submission

CSIC Cyber Security

Uploaded by

Copyright:

Available Formats

CSIC Cyber Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSIC Cyber Security

Uploaded by

Copyright:

Available Formats

What are the main roles and responsibilities of CSI?

What are the main roles and responsibilities of CSI?

What are some of the upcoming events mentioned by CSI?

What are some of the upcoming events mentioned by CSI?

ISSN 0970-647X | Volume No. 39 | Issue No.

Nomination Committee (2015-2016)

Important links on CSI website

Important Contact Details

CSI Communications | May 2015 | 2 www.csi-india.org

Design, Print and

19 Comparative Evidence of Cryptographic

26 Privacy Security Settings Challenges of Sarika Sharma

CSI Communications | May 2015 | 3

Dear Fellow CSI Members,

CSI Communications | May 2015 | 4 www.csi-india.org

I am happy to inform you that CSI Communications, April 2015 issue

CSI Communications | May 2015 | 5

CSI Communications | May 2015 | 6 www.csi-india.org

Guest Editor - Dr. Vipin Tyagi

CSI Communications | May 2015 | 7

Cloud Security Challenges at a Glance

CSI Communications | May 2015 | 8 www.csi-india.org

CSI Communications | May 2015 | 9

National Cyber Security Policy 2013

CSI Communications | May 2015 | 10 www.csi-india.org

Story General Manager, Information Security at Syntel

Improving Cybersecurity using NIST Framework

CSI Communications | May 2015 | 11

PR .AT Awareness and Training

PR .DS Data Security

Detect DE .AE Anomalies and Events

DE DE .CM Security Continuous Monitoring

DE .DP Detection Processes

Respond RS .RP Response Planning

CSI Communications | May 2015 | 12 www.csi-india.org

Cyber Security : Issues and Challenges

CSI Communications | May 2015 | 13

Story *Senior Associate, Cognizant Technology Solutions

Security, Privacy and Trust in Social Networking Sites

CSI Communications | May 2015 | 14 www.csi-india.org

CSI Communications | May 2015 | 15

CSI Communications | May 2015 | 16 www.csi-india.org

CSI Communications | May 2015 | 17

CSI Communications | May 2015 | 18 www.csi-india.org

Comparative Evidence of Cryptographic

CSI Communications | May 2015 | 19

CSI Communications | May 2015 | 20 www.csi-india.org

Symmetric Encryption Factor Block Cipher Stream Cipher

CSI Communications | May 2015 | 21

Table 2: Comparison of Block Cipher Algorithms

CSI Communications | May 2015 | 22 www.csi-india.org

RC4 (Rivest Ronal L. Rivest 1987 Vary from - 256 bits 1

Chacha D. J. Bernstein 2008 256 64-bit Nonce 8/12/20 8/12/20

Table 3: Comparison of Stream Cipher Algorithms

Factor Designer(s) Founded Year Usage

Table 4: Comparison of Asymmetric Encryption Algorithms

CSI Communications | May 2015 | 23

MD-2 1989 128 128 32 864 64

MD-4 1990 128 512 32 48 64

160/224/256/ 80/96/104/ 80/112/128/