With the rapid development of Internet, many personalized services also rise and bring many business opportunities. In addition to leveraging personalized service recommendation in e-commerce, the demand of personalized services also appear in personalized e-learning applications. Though there are many academic literatures and mechanisms about how do we access and identify user's action behaviors, still this information is not enough to give the details of user's operating behavior to be used to provide personalized services. To overcome this shortcoming, in this paper, we present a method to capture the users operating behaviors in Windows environments. We name it the Experimental Status Feedback Mechanism (ESFM). We apply the ECSM in the Cloud Security Experimental Platform (CSEP) which is an e-learning platform for exercising network security attacks and defenses and supports interactive teaching. As ESFM could capture user's action when they do either mouse or keyboard operations on the virtual machine, it will send the captured information to the CSEP server which in turn will presents appropriate steps for users to continue the security exercise. Our experiments showed that the overhead of ESFM is acceptable in the CSEP interactive learning environment and better than the traditional user state capture mechanisms, like Sikuli.
Based on the policy to narrow the digital divide between urban and rural areas, Taiwan's Ministry of Education (MOE) launched “The Project of Online Tutoring for After School's Learning”, which recruits college students to tutor elementary and junior high school students in remote area by using the distant learning system. The project hopes to improve learning quality of students in rural, as well as balance the rural and urban digital resources and opportunities. After several-year operation of distant learning system, MOE wanted to provide students better studying environment in Internet and thus asked HGiga Inc. to redesign and reconstruct “The MOE Digital Portal of Study Partner”. Compared with old system, the new Portal had been moved in the MOE cloud adopts multi-tenant architecture, single sign-on system, and automatically duplicated/backup database system to provide cloudy applications and services. The web application system with the new portal system can provide scalability, fault tolerance, high availability with recover ability.
Mobile literacy is essential to learning effectively, working efficiently and participating fully in a world increasingly mediated by smart mobile devices. It is a macroliteracy, composed of a range of more particularized literacies: it gives long-established literacies, such as information literacy and multimodal literacy, new inflections, and it gives more newly established literacies, such as network literacy and code literacy, added importance. Depending on the types of mobile learning employed in educational contexts, different constellations of these literacies may be fostered. It is time for educators at all levels to consider how best to support the development of students' mobile literacy, including their critical mobile literacy. Mobile learning which foregrounds mobile literacy opens up the opportunity for educators to engage students in active, collaborative, situated learning, and simultaneously fulfils our obligation to develop students' 21st century skills, including their digital literacies. In this way we can prepare them for and support them in their roles as lifelong learners, employees, and citizens in a mobile society.
The aim of this study is to assess the effectiveness of credited information literacy program of constructing information literacy knowledge. The author took qualitative research approach with case study strategy. Document analysis, observing and interviewing students were applied for data collection. Content analysis strategy was taken to reveal the meaning of information literacy knowledge acquiring process. The results showed that credited information literacy program did bring positive influence on constructing knowledge in information retrieval and use. Both learning outcome and anonymous post-class survey provide evidence that supports the effectiveness of credited program, including the instructor had better understanding about students' performance and the students also found it would be easier to interact with the instructor.
With advances in information communication technology, a growing number of studies now use computer-assisted instruction to support traditional museum instruction. However, due to limited budgets and manpower, most museums in Taiwan do not plan or provide digital guided services for students. Although students can use museums, they usually do not learn sufficient information without expert assistance, and they are easily distracted during museum instruction.
For these reasons, developing augmented reality (AR) technologies for learning have gained considerable attention in educational application. Many researchers integrated teaching and AR technologies to enhance students' learning performance. Therefore, this study proposes an Augmented Reality Supported Mobile Self-Guided System (AR-MSGS), and applies innovative AR technologies to a museum's learning environment. The proposed AR-MSGS will use AR technologies to display virtual information superimposed on top of real life objects. The virtual information can only be viewed through the screen of the mobile device, and is invisible to others in the real-world. In addition, we will use QR codes and the digital content server to develop interactive 3D virtual materials, for students to learn information intuitively and easily. We hope this research project is able to provide a strong case for promoting the use of AR technology in educational tasks, especially those related to learning activities based around museums instruction. The ultimate goal of this study is to encourage the widespread use of AR technologies in promoting Taiwanese digital education.
Influenced by the development of wireless networks, mobile learning has gradually entered the lives of everyone. Research related to mobile learning shows that mobile learning can indeed enhance the learning effects for learners, and inspire the active desire for knowledge in the learning process. This study attempts to construct a Chinese learning system using English language interface, combining the Chinese language and context-aware technology, with QR Code and GPS as the main learning mediaproviding for functions of learning Chinese vocabulary pronunciation of Chinese vocabulary Chinese dialogue, in order to develop an innovative mobile learning model for learning Chinese. Learners are interested in the methods of the system, and discussions with them showed that the learning content involved objects with which they frequently come into contact in daily life. Learners are satisfied with the learning content, and feel that it is very helpful.
As Information and Communication Technologies (ICT) become more popular, business benefits from the unique features of the ICT. However, it is interesting to explore what the impacts are from ICT to the higher education? This study examines the implementation of quality assurance of academic publication at Feng Chia University (FCU), Taiwan, using Internet software, Turnitin. The statistics shows that the implementation is effective. The numbers of papers with heavy plagiarism have been reduced. The number of Originality Reports generated based on the reports submitted to Turnitin in an academic year is higher than the median. In addition, Turnitin is adopted much quicker than average.
In IOT environments, the device joining of a service group is flexible and quick and a device usually does not has a powerful computation and storage capacity. In this paper, in order to provide a secure service framework in the IOT environments, we propose an efficient authentication and service key agreement scheme. Our proposed scheme can satisfy the nice properties including (1) flexible shared group service keys agreement, (2) low communication and computation cost, (3) mutual authentication, (4) session key agreement, (5) dynamic participation, and (6) no time synchronization problem. Also our scheme can achieve the security requirements including mutual authentication and preventing all various well-known attacks.
Protecting private data becomes very important in communication with the widespread adoption of the cloud storage system; for example, Dropbox, SkyDrive and iCloud. A user should be able to access his private data from cloud, and efficiently retrieves data which he wants. In fact, a straightforward solution to protecting user's private data is encryption. Relying on keyword search over the encrypted data is very useful and efficient to retrieve from the untrusted cloud storage. In this scenario, a sender can send encrypted data, and the receiver can generate trapdoors from keywords to retrieve those data which include the keywords. Recently, Zhang and Zhang proposed a field-free public key encryption with user-friendly keywords search. In this paper, we present a searchable public key encryption with user-friendly keywords search. The proposed scheme is secure based on secret sharing and the hardness of discrete logarithm problem. It is more efficient than Zhang and Zhang's scheme on computation. Moreover, we also analyze that this scheme satisfies some properties, which is suitable to data deliver/retrieval in cloud storage.
In this paper, we propose a new reversible data hiding method based on canonical signed-digit (CSD) data representation. To increase the data hiding quality, the embedded data is represented by CSD. To embed data efficiently, the original image is divided into smaller blocks and transformed by an invertible integer transform, and then the CSD data are embedded by histogram modification. The invertible integer transform which calculates the mean and difference values of the adjacent pixels exploits the correlations among adjacent pixels in an image region. Based on the histogram of the difference values, we modify the difference values slightly to embed CSD data into the image. The CSD data representation has a minimum number of nonzero digits, thus it can decrease alteration of the pixels after data hiding. It is shown that the proposed reversible data hiding method not only can recover the original image without any distortion from the marked image after the hidden data have been extracted but also can achieve higher data hiding capacity compared with conventional methods.
Visual secret sharing scheme with access structure based on graph has been proposed and this can be considered as an extension of (2,n)-threshold VSS scheme. Ateniese et al. showed a decomposition method that we decompose star graphs from a given graph which edges are specified by qualified sets, that is two participants (vertices in a given graph) has a common edge if and only if participants can reconstruct the secret image by stacking the shares each other. This paper classifies graph-based VSS schemes and show several optimal examples and also proposes optimal construction about graph-based VSS scheme for (multiple) q secrets which pixel expansion is less than 3*q.
Watermarking has been applied to protect relational databases from illegal copying and manipulation by attackers. Many watermarking schemes for relational database have been proposed, and these schemes both rely on the actual primary key. Therefore, the watermark cannot be embedded into relational database, if there is not existence of actual primary key. In this paper, we present a new reversible watermarking scheme for textual relational database without depending on the actual primary key. The proposed scheme constructs a virtual primary key from the content of some selected textual attributes. Based on the generated virtual primary key, the watermark is embedded into the textual relational database. Experimental results showed that the proposed scheme achieves strong robustness under a variety of possible attacks, e.g., sorting, deletion, modification, and addition attacks. In addition, in comparisons with three previous schemes, the proposed scheme was more secure and robust, as evidenced by our experimental results and robustness analysis.
In this paper, we propose a transformed knapsack cryptosystem by using three knapsacks with plaintext encoding to enhance the security of Knapsack cryptosystem. In our approach we try to encode a plaintext before encrypting. The benefits are that using plaintext encoding method can not only increase the density of the knapsack, but also reduce decrypt time substantially. The ciphertext is composed by multiplying two non-superincreasing knapsacks and then add to a superincreasing knapsack. Our propose scheme can be secure against the low density attack because the plaintext encoding the density can be made as large as our desire.
In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that his scheme could overcome all of security issues in Chuang-Chen's scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Although Choi's scheme solves the impersonation and denial of service attack, we discover that his scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail.
A hidden vector encryption (HVE) scheme, one type of predicate encryption schemes, can support comparison predicates on encrypted keywords through encrypted predicates by pairing transformed keyword vectors with predicate vectors. However, the length of these vectors grows in proportion to the size of the keyword space and so does the system complexity. In this paper, we provide a privacy-preserving encoding for efficient comparison queries, where the length of the vectors and the system complexity is only logarithmically proportional to the size of the keyword space. In addition, our encoding integrates a HVE scheme and a ciphertext-policy attribute based encryption (CPABE) scheme. This integration provides not only the access control based on the searchable keywords but also balanced overheads among encryption, key generation and query for both computation and storage overheads.
Wen-Chen Wu, Chu-Hsing Lin, Jung-Chun Liu, Ssu-Ying Lin
801 - 810
QR Code (Quick Response Code), one of the widely used two-dimensional matrix barcode developed in 1994 by Denso Wave Japan, was adopted in automotive industries in the early days. In additional to the use in industries, QR Codes are also suitable for commercial usages, since mobile devices, which can act as QR Codes readers, are more and more popular these days. However, there are many potential risks while scanning a specially designed malicious QR Code without users' knowledge. This may compromise the mobile device or the user may face Phishing attacks using social engineering tricks. QR Codes are fault tolerant by adopting Reed-Solomon error correction, i.e., QR Codes with minor damages (7%~30%) should be still readable. It is possible to use this particular characteristic to embed watermarks for validation purpose. With the proposed method, the system can validate if the QR Code is from a trusted source by retrieving the watermark embedded in the scanned QR Code, and thus the risk of scanning malicious QR Codes without knowledge is greatly reduced. However, one challenge is that the embedded watermark should be able to survive under the possible damages due to printing and scanning processes.
Ting-Yao Chang, Wei-Yu Lai, Tien-Ruey Hsiang, Ching-Hao Mao
821 - 830
Since computers are universalized in every aspect of modern applications, detecting malware embedded in computer systems is essential in protecting user privacy, robustness of services, and data integrity. With the rapidly growing popularity of cloud computing technologies, although the underlying system virtualization enhances the protection of service systems, it also brings new security challenges. For example, it can be less cost-effective, both to the cloud vendor and the cloud service tenants, to independently execute security services within every virtualized system based on common cloud pricing schemes. Also, malicious tenants may disrupt other tenants' service operations by means such as exhausting shared computing resources. In this paper, we focus on detecting malware running in virtual machines using the virtual machine introspection framework. The malware behaviors, in particular, the sequential system calls translated by the hypervisor of malware-infected virtual machines, are analyzed by tensor factorization techniques. By segmenting the system logs according to execution time or accumulated system call transition counts, our experiments shows that the proposed tensor-based detection approach can detect most types of malware with good accuracy using relatively short log segments.
Increasing complexity and inter-dependency of information systems (IS), and the lack of transparency regarding system components and policies, have rendered traditional security mechanisms (applied at different OSI levels) inadequate to provide convincing confidentiality-integrity-availability (CIA) assurances regarding any IS. We present an architecture for a generic, trustworthy assurance-as-a-service IS, which can actively monitor the integrity of any IS, and provide convincing system-specific CIA assurances to users of the IS. More importantly no component of the monitored IS itself is trusted in order to provide assurances regarding the monitored IS.
With the rapid development of software systems, exploiting software vulnerabilities to invade the system has largely increased. As a result, software security becomes vitally important. Since it is impossible to develop programs without bugs and it is inefficient to test program manually, we need a systematic software testing methods to verify if the software is with good quality. Black-box testing is a technique that can find bugs without the target program's source code, and normally copes with mutation fuzz testing. There are numerous fuzz testing tools freely available, but to find the maximum amount of unique bugs in limited interval of time is still a problem remained to be solved. In this paper we have used several scheduling algorithms to improve the fuzzer called FOE (Failure Observation Engine) to better improve the original fuzzing efficiency and produce maximum unique bugs in a given period of time.
In this paper, we proposed an investigation approach to trace the source IP address hiding which use proxy servers, and reduce the steps of the classical investigation method. Furthermore, it does not need to execute search and seizure to perpetrators, but it still obtains the key digital evidences from a third party. The obtained key digital evidences have the same probative force with the classical investigation, and it can used to discover the perpetrator whether he hides his IP address and the criminal acts. In this paper, first, we proposed an approach that makes the case related people not be examined, searched and seized; second, the true criminal cannot evade punishments and trial by hiding his IP address, so the investigation procedure is hard to execute; third, the investigation approach we proposed will reduce wasting judicial resources and protect human rights effectively.
The New Personal Information Protection Act of 2012 of Taiwan (the PIPA) went into effect on October 1st, 2012. After almost 2 years it is still open to many questions and comments concerning the incorporation of information security in it. However, the regulatory framework for information security in the PIPA is in many aspects very promising for a solid development. This article purports to give a sketch of the legal basis, to make an introduction to the newest development, and to call for a rapider pace for the dialogue between jurists and information security engineers.