Call for Paper - July 2019 Edition
IJCA solicits original research papers for the July 2019 Edition. Last date of manuscript submission is June 20, 2019. Read More

Approaches to Curbing Data Breaches in Internet Banking based on Cloud computing

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Okiyai Otieng, George Okeyo, Wilson Cheruiyot
10.5120/ijca2018917411

Okiyai Otieng, George Okeyo and Wilson Cheruiyot. Approaches to Curbing Data Breaches in Internet Banking based on Cloud computing. International Journal of Computer Applications 181(2):11-16, July 2018. BibTeX

@article{10.5120/ijca2018917411,
	author = {Okiyai Otieng and George Okeyo and Wilson Cheruiyot},
	title = {Approaches to Curbing Data Breaches in Internet Banking based on Cloud computing},
	journal = {International Journal of Computer Applications},
	issue_date = {July 2018},
	volume = {181},
	number = {2},
	month = {Jul},
	year = {2018},
	issn = {0975-8887},
	pages = {11-16},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume181/number2/29687-2018917411},
	doi = {10.5120/ijca2018917411},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Cloud computing is a popular theme of research in information systems. It has revolutionized the perspective of distributed computing from existing methods. Although cloud offers great benefits, it does introduce security threats to the information and data which is currently moved from on-premises to off-premises. Due to the openness of data, cloud computing has been experiencing security threats that must be overcome for this service to be fully utilised. One such threat is data breach, this is because data is stored in different places across the globe hence difficult for security to be monitored. Therefore, security and privacy of data are the two major concerns of users in the cloud technology. Internet banking applications have become popular within banks and almost each bank has got its own service. The login and signature security vary from user/static password authentication method (it is alleged as the weakest way to manage one’s accounts) to certificates and tokens. Considering the confidentiality of this information, for instance passwords and bank accounts, banks need to identify, evaluate and solve distinct risks to security in regard to cloud computing in their management information security system. This paper sought to establish the available security measures employed in curbing data breaches, their shortcomings and suggest possible solutions. The paper employed a descriptive survey research design; a pre-tested questionnaire was used to collect data from the 46 banks that use internet banking in Kenya. The study found that the banks had employees who were certified in security matters but none was certified in cloud computing security and recommended Staff Training and certification on Cloud Computing Security, cloud computing and resource management

References

  1. Bhadauria, R., & Sanyal, S. (2012). Survey on Security Issues in Cloud Computing Associated Mitigation Techniques. International Journal of Computer Applications, IJCA, 47-66Ding, W. and Marchionini, G. 1997 A Study on Video Browsing Strategies. Technical Report. University of Maryland at College Park.
  2. Dahal, Sanyal. (2012). Security Architecture for Cloud Computing Platform.
  3. TechTarget's IT Encyclopaedia. (n.d). What is Data Breach?-Definition from Whatls.com. Retrieved from http://searchsecurity.techtarget.com/definition/data-breach
  4. Orion Blog. (2015). Most Common Causes of Data Breaches. Retrieved March 17, 2016 from. Retrieved from http://www.oriontech.com/most-common-causes-of-data-breaches/
  5. Suresh, S., Huang, H., & Kim, H. J. (2015). Scheduling in compute cloud with multiple data banks using divisible load paradigm. Aerospace and Electronic Systems, IEEE Transactions on, 1288-1296.
  6. Islam, M., Islam, K., & Beg, N. (2015). Paradigm shift towards cloud computing for Banking sector. 2015 International Conference on Computer and Information Engineering (ICCIE), (pp. 126-129). Rajshahi: IEEE.
  7. Goldsmith, J. (2011, 05 23). Barclays partners with IBM for private cloud project. Retrieved from CIO: http://www.cio.co.uk/insight/it-strategy/barclays-partners-with-ibm-for-private-cloud-project-3431613/
  8. Finnegan, m. (2015, November 17). Computer World UK. Retrieved from How Tesco Bank moved to AWS cloud in eight months: http://www.computerworlduk.com/cloud-computing/how-tesco-bank-has-adopted-aws-cloud-as-business-as-usual-in-eight-months-3629767/
  9. Gordon, W. (2012, June 20). how your passwords are stored on the internet and when your password stregth doesnt matter.
  10. Kessler, G. C. (2007). Passwords — Stregths and Weaknesses. Internet and Internetworking Security.
  11. Ben Soh, A. J. (2003). A novel Web security evaluation model for a one-time-password system. Web Intelligence, 2003. WI 2003. Proceedings. IEEE/WIC International Conference on, (pp. 413-416). Halifax, NS, Canada.
  12. Huiyi, L., & Yuegong, Z. (2013). An improved one-time password authentication scheme. Communication Technology (ICCT), 2013 15th IEEE International Conference on (pp. 1-5). Guilin: IEEE.
  13. Lamport, L. (1981). Password Authentication with Insecure Communication", In: Comm. ACM, . Communication and Security, 770-772.
  14. Shang, T., & Gui, L. Y. (2015). Identification and prevention of impersonation attack based on a new flag byte. 2015 4th International Conference on Computer Science and Network Technology (ICCSNT) (pp. 972-976). Harbin, China: IEEE.
  15. Bond, M. (2012, 09 10). Chip and Skim: cloning EMV cards with the pre-play attack. Retrieved from Light Blue Touch Paper: https://www.lightbluetouchpaper.org/2012/09/10/chip-and-skim-cloning-emv-cards-with-the-pre-play-attack/
  16. Kautsar, S., Akbar, S., & Azizah, F. N. (2014). An application framework for evaluating methods in biometrics systems. Data and Software Engineering (ICODSE), 2014 International Conference (pp. 1-6). Bandung: IEEE.
  17. Maty´aˇs, V., & ˇR´ıha, Z. (n.d). Biometric Authetication, Security and Userbility.
  18. Defence, D. o. (2005). Trusted Computer System Evaluation Criteria.
  19. Nasirinejad, M., & Alireza, A. Y. (2012). SASy Username and Password Management. Proceedings 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic, CyberSec 2012, 242-246.
  20. Raymond. (2014). 5 Virtual Keyboards Tested to Determine their Effectiveness Against Keyloggers. Retrieved from Raymond cc. Computers Made Easy: https://www.raymond.cc/blog/how-to-beat-keyloggers-to-protect-your-identity/
  21. Cryptzone. Cryptzone. http://www.cryptzone.com, February 2018.
  22. Schmidt, M., Fahl, S., Schwarzkopf, R., & Freisleben, B. (2011). TrustBox : A Security Architecture for Preventing Data Breaches. https://doi.org/10.1109/PDP.2011.44
  23. Kumar, A., Lee, B.G., & Lee, H.(2012). Secure Storage and Access of Data in Cloud Computing, 336-339.

Keywords

Curbing, Cloud computing, Cloud security, internet banking, data breaches