Refine your search
Collections
Co-Authors
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Saha, Amal
- Review of Considerations for Mobile Device Based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs
Abstract Views :142 |
PDF Views:2
Authors
Amal Saha
1,
Sugata Sanyal
2
Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN
Source
International Journal of Advanced Networking and Applications, Vol 6, No 4 (2015), Pagination: 2427-2434Abstract
The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are often asked to identify the risks with mobile computing channel for financial services that they support. They are also asked to come up with approaches for handling risks, define risk acceptance level and mitigate them. This requires them to articulate strategy for supporting a huge variety of mobile devices from various vendors with different operating systems and hardware platforms and at the same time stay within the accepted risk level. These articulations should be captured in information security policy document or other suitable document of financial services organization like banks, payment service provider, etc. While risks and mitigation approaches are available from multiple sources, the senior stakeholders may find it challenging to articulate the issues in a comprehensive manner for sharing with business owners and other technology stakeholders. This paper reviews the current research that addresses the issues mentioned above and articulates a strategy that the senior stakeholders may use in their organization. It is assumed that this type of comprehensive strategy guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs would find this paper to be very useful.Keywords
Root-Of-Trust, Device Fingerprinting, Web Application Firewall, Application Ipds, Information Security Policy Document, Secure Mobile Computing, Virtualization, Sandboxing.Full Text
- Application Layer Intrusion Detection with Combination of Explicit-rule-based and Machine Learning Algorithms and Deployment in Cyber-Defence Program
Abstract Views :121 |
PDF Views:0
Authors
Amal Saha
1,
Sugata Sanyal
2
Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN
Source
International Journal of Advanced Networking and Applications, Vol 6, No 2 (2014), Pagination: 2202-2208Abstract
There have been numerous works on network intrusion detection and prevention systems, but work on application layer intrusion detection and prevention is rare and not very mature. Intrusion detection and prevention at both network and application layers are important for cyber-security and enterprise system security. Since application layer intrusion is increasing day by day, it is imperative to give adequate attention to it and use state-of-the-art algorithms for effective detection and prevention. This paper talks about current state of application layer intrusion detection and prevention capabilities in commercial and open-source space and provides a path for evolution to more mature state that will address not only enterprise system security, but also national cyber-defence. Scalability and cost-effectiveness were important factors which shaped the proposed solution.Keywords
OWASP, Application Layer Intrusion Detection and Prevention, Cyber-Security, Machine Learning.Full Text
- Analysis of Applicability of ISO 9564 Pin Based Authentication to Closed-Loop Mobile Payment Systems
Abstract Views :111 |
PDF Views:5
Authors
Amal Saha
1,
Sugata Sanyal
2
Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN
Source
International Journal of Advanced Networking and Applications, Vol 6, No 2 (2014), Pagination: 2285-2290Abstract
Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches.Keywords
ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Protection Profile, Device Fingerprinting, m-PIN (Mobile PIN), One Time Password (OTP), Android Application component called Service, Backend Service.Full Text