The Critical Need For Information Security

The Critical Need for Information Security

Author

Institution

The Critical Need for Information Security

Cyber-attack is a kind of attack that tends to destroy, alter, steal, expose, disable or gain unauthorized access to computers or computer networks. Besides, one purpose for launching a cyber-attack could be; to hack into a susceptible system or use any organization’s asset with unauthorized access. Computer geeks are of the view; in order to protect any organization, computer, or a computer network from a cyber-attacker/hacker a network designer should act and think like the hacker. Cybersecurity management is no less than a military exercise. So, for that purpose new proactive processes and techniques, for countering cyber-attacks, have been introduced within this corporate battlefield. One of the proactive techniques that organizations use to counter cyber-attacks is a cyber-attack simulator system.

Cyber-Attack Simulator System and its Advantages

One of the many news people come across in contemporary digital era is a cyber-attack. It disturbs the business, damage the reputation and panic end users. The days are long gone when cybersecurity management had to rely on an annual or quarterly penetration test results. In the current era, there is a need for an automated breach attack simulation (BAS), continuous assets scanning and of course protection. Cyber-attack simulator system is a sequence of steps leading to vulnerability identification on an information system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"lZoRopYp","properties":{"formattedCitation":"(Kuhl, Kistner, Costantini, & Sudit, 2007)","plainCitation":"(Kuhl, Kistner, Costantini, & Sudit, 2007)","noteIndex":0},"citationItems":[{"id":1296,"uris":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"itemData":{"id":1296,"type":"paper-conference","title":"Cyber attack modeling and simulation for network security analysis","container-title":"Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come","publisher":"IEEE Press","page":"1180–1188","source":"Google Scholar","author":[{"family":"Kuhl","given":"Michael E."},{"family":"Kistner","given":"Jason"},{"family":"Costantini","given":"Kevin"},{"family":"Sudit","given":"Moises"}],"issued":{"date-parts":[["2007"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kuhl, Kistner, Costantini, & Sudit, 2007). Cyber-attack simulator system reviews known vulnerability, and any known vulnerabilities are a potential path to cyber-attack.

As far as the advantages of cyber-attack simulator system are concerned; following are some advantages that would help organizations to secure their networking perimeter effectively and efficiently.

Cyber-attack simulator system identifies all the security gaps in the computer network or IT infrastructure of any organization. Besides, it is more or less similar to the penetration testing or, more precisely, the red team operation.

The basic purpose of red team operation or penetrating testing is to identify all the vulnerabilities in a specified time. However, with a cyber-attack simulator system, critical exposures in a network or IT infrastructure will be identified continuously by coupling red team operation with automated simulation testing ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Nll7BlJe","properties":{"formattedCitation":"(Kuhl et al., 2007)","plainCitation":"(Kuhl et al., 2007)","noteIndex":0},"citationItems":[{"id":1296,"uris":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"itemData":{"id":1296,"type":"paper-conference","title":"Cyber attack modeling and simulation for network security analysis","container-title":"Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come","publisher":"IEEE Press","page":"1180–1188","source":"Google Scholar","author":[{"family":"Kuhl","given":"Michael E."},{"family":"Kistner","given":"Jason"},{"family":"Costantini","given":"Kevin"},{"family":"Sudit","given":"Moises"}],"issued":{"date-parts":[["2007"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kuhl et al., 2007). Cyber-attack simulator system ensures that there is no occurrence of time-lapses during the testing.

Following the identification of security gaps and vulnerabilities attached to a network, cyber-attack simulator provides cyber-security management with actionable and prioritize remediation ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"WAnNo9Aw","properties":{"formattedCitation":"(Kuhl et al., 2007)","plainCitation":"(Kuhl et al., 2007)","noteIndex":0},"citationItems":[{"id":1296,"uris":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/UTL8J2C4"],"itemData":{"id":1296,"type":"paper-conference","title":"Cyber attack modeling and simulation for network security analysis","container-title":"Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come","publisher":"IEEE Press","page":"1180–1188","source":"Google Scholar","author":[{"family":"Kuhl","given":"Michael E."},{"family":"Kistner","given":"Jason"},{"family":"Costantini","given":"Kevin"},{"family":"Sudit","given":"Moises"}],"issued":{"date-parts":[["2007"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kuhl et al., 2007). The remediation process identifies and addresses the weaknesses in the IT infrastructure.

Sectors that have Greater Insight on the Potential of Cyber-Attacks

Insight on the potential of cyber-attacks greatly depends on the sectors such as criminals, government-funded (whether black or transparent), and/or commercial. In terms of criminals, there is a lot of illicit activity going around in the U.S., Eastern Europe (Ukraine, Russia), the Middle East (Saudi Arabia, UAE, Israel, and Iran) and Eastern Asia (China, Both Koreas, and Japan). And 90% of the attacks that happen every day, most them are phishing scams and simple malware distributions ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"MzUUQTxG","properties":{"formattedCitation":"(Sandoval, Sapankevych, Santos, & Hassell, 2013)","plainCitation":"(Sandoval, Sapankevych, Santos, & Hassell, 2013)","noteIndex":0},"citationItems":[{"id":1298,"uris":["http://zotero.org/users/local/jsvqEXt1/items/JDXIJV6Q"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/JDXIJV6Q"],"itemData":{"id":1298,"type":"patent","title":"Cyber attack analysis","author":[{"family":"Sandoval","given":"Juan E."},{"family":"Sapankevych","given":"Nicholas I."},{"family":"Santos","given":"Armando J."},{"family":"Hassell","given":"Suzanne P."}],"issued":{"date-parts":[["2013",8]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sandoval, Sapankevych, Santos, & Hassell, 2013). Each of the countries mentioned is equal in terms of the level of sophistication involved in attacks.

For the government, there are few parts involved but in terms of surveillance/data gathering, the United States has a huge advantage in terms of getting intel. Not only the U.S. has tremendous amount of money and an existing logistics program to deploy massive amounts of software and hardware (whether it's legal or not) for blanket surveillance and data collection, there are also collaborations with commercial companies. It's because if you look into the documents from the Snowden Revelations, the U.S. government (Along with the Five Eyes alliance) has a lot of connections with companies that handle massive amount of global data (Facebook, Google, Microsoft, etc.). The U.S. also has some of the best commercial technologies available (unrestricted in terms of usage because the tech isn't imported/exported) ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"RKvhz6Ad","properties":{"formattedCitation":"(Sandoval et al., 2013)","plainCitation":"(Sandoval et al., 2013)","noteIndex":0},"citationItems":[{"id":1298,"uris":["http://zotero.org/users/local/jsvqEXt1/items/JDXIJV6Q"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/JDXIJV6Q"],"itemData":{"id":1298,"type":"patent","title":"Cyber attack analysis","author":[{"family":"Sandoval","given":"Juan E."},{"family":"Sapankevych","given":"Nicholas I."},{"family":"Santos","given":"Armando J."},{"family":"Hassell","given":"Suzanne P."}],"issued":{"date-parts":[["2013",8]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sandoval et al., 2013). So, combined with the tremendous amount of money, the tech, logistics (Such as the US Postal Service cooperating with the NSA in their TAO), and commercial connections, the U.S. cannot be beaten.

Another aspect of the government contributing to cybersecurity which is being involved in the consumer/commercial/enterprise world, I would still say the U.S. beat everyone else. The N.S.A. can take credit of creating the Security-Enhanced Linux kernel, which is extremely beneficial to anyone that utilizes it. The U.S. Air Force also released Portable Lightweight Security; a lightweight Linux distribution focused in portable security to the public. The U.S. Government also releases open-source encryption methods and algorithms that anyone can dissect, change, and/or utilize directly. I don't know any other country that has influence and contribution in the consumer/commercial/enterprise world than the U.S. I didn't even touch DARPA, The U.S. Armed Forces, or other government branches. For commercial technology, a lot of them are located and based off of the U.S. Other companies involved in security also get purchased by U.S. corporations /conglomerates. There are very good non-U.S. security companies like Kaspersky Labs (Russia), AVG Labs (Czech Republic), Trend Micro (Japan), and some others but again, most of them are in the U.S.

Cyber Security Strategy

The most important elements of any cyber-security strategy are as follows:

Identify an executive sponsor. Without buy-in at the board level, the breach response plan will not be effective.

Identify key personnel that are part of the “Breach Response Team”.

Define clear responsibilities for each team member

Set communication protocols. Who will communicate project status internally? Who is responsible for communicating externally with the media and regulatory authorities?

Document and understand reporting requirements for data breaches in one’s own jurisdiction.

Identification of the type of cyber-attack.

Contain the cyber-attack so it does not spread or get worse.

There is no need to assign all of the incident response team members to the attack. In lieu, holding back a few team members to monitor the entire environment looking for other attacks is one of the best strategies, one should resort while countering the cyber-attack. Cyber-attacks can come in waves, for example, the initial wave would cause the incident response team to divert all resources to focus on the attack - most of the time the initial attack will be “loud” such as a massive DDoS attack designed to be big enough that the entire business and customers are demanding a quick fix, forcing the entire IT team to drop everything and focus on the attack ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"rr2wYhKd","properties":{"unsorted":true,"formattedCitation":"(Rowe & Gallaher, 2006)","plainCitation":"(Rowe & Gallaher, 2006)","noteIndex":0},"citationItems":[{"id":1302,"uris":["http://zotero.org/users/local/jsvqEXt1/items/Q4YLYXW9"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/Q4YLYXW9"],"itemData":{"id":1302,"type":"paper-conference","title":"Private sector cyber security investment strategies: An empirical analysis","container-title":"The fifth workshop on the economics of information security (WEIS06)","source":"Google Scholar","title-short":"Private sector cyber security investment strategies","author":[{"family":"Rowe","given":"Brent R."},{"family":"Gallaher","given":"Michael P."}],"issued":{"date-parts":[["2006"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Rowe & Gallaher, 2006). While the DDoS is being run the baddies will commence another attack that is stealthier and more focused solely on getting into the environment. Assuming no one is watching, the baddies can try several attack vectors that may show up on the monitoring tools but be instantly drowned out by the DDoS alerts or considered by the business to be an issue caused by the DDoS attack.

Cyber Security Plan

A good cybersecurity strategy primarily understands all of the requirements based on which the strategy would be created. Some of the requirements are delineated as:

Business strategy

Legal, regulatory and contractual obligations

Organization’s security risk exposure

Suppliers and partners

Customer needs and expectations

Internal and external contexts

Industry-specific standards

Security culture of the organization.

Once an action plan is determined to address these requirements, a sound security strategy can be created. The strategy could fail, due to these reasons:

Lack of a comprehensive understanding of the internal and external context of the organization.

Misjudging the security culture of the organization.

Poor implementation.

Not engaging the stakeholders early in the game.

Lack of management involvement and commitment to security projects.

A good indication of a good cybersecurity strategy is that the strategy requires minimum rework. Any investment made is always reused in the strategy revisions, and not thrown away ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"hrFE7c68","properties":{"formattedCitation":"(Rees, Deane, Rakes, & Baker, 2011)","plainCitation":"(Rees, Deane, Rakes, & Baker, 2011)","noteIndex":0},"citationItems":[{"id":1304,"uris":["http://zotero.org/users/local/jsvqEXt1/items/CUVV22IN"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/CUVV22IN"],"itemData":{"id":1304,"type":"article-journal","title":"Decision support for Cybersecurity risk planning","container-title":"Decision Support Systems","page":"493–505","volume":"51","issue":"3","source":"Google Scholar","author":[{"family":"Rees","given":"Loren Paul"},{"family":"Deane","given":"Jason K."},{"family":"Rakes","given":"Terry R."},{"family":"Baker","given":"Wade H."}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Rees, Deane, Rakes, & Baker, 2011).

Importance of Public-Private Partnership in Cybersecurity

Public-private partnership is just like the involvement of private guns in public armor shop and then parallelly shooting out the competitor. Cybersecurity threats and risks are inevitable to deal with, in order to strengthen the security of a nation. There is fundamental uncertainty attached to cyber-security risks that not only poses a great threat to governance but also call for new methods of cyber-security. A high level of public-private partnership is required to address the growing cyber-threats. One of the most critical things in public-private partnership is preparation and commitment from both industry leadership and government ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"VYLQrByU","properties":{"formattedCitation":"(Carr, 2016)","plainCitation":"(Carr, 2016)","noteIndex":0},"citationItems":[{"id":1306,"uris":["http://zotero.org/users/local/jsvqEXt1/items/TCHR5Q5I"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/TCHR5Q5I"],"itemData":{"id":1306,"type":"article-journal","title":"Public–private partnerships in national cyber-security strategies","container-title":"International Affairs","page":"43–62","volume":"92","issue":"1","source":"Google Scholar","author":[{"family":"Carr","given":"Madeline"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Carr, 2016). It is inevitable for industry to collaborate with government in order to prepare cybersecurity response plans. The security approach of an industry may vary as per the circumstances, however, when systematic abilities are combined with situational awareness operational management for cybersecurity could become a lot easier ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"h8SMEerZ","properties":{"formattedCitation":"(Carr, 2016)","plainCitation":"(Carr, 2016)","noteIndex":0},"citationItems":[{"id":1306,"uris":["http://zotero.org/users/local/jsvqEXt1/items/TCHR5Q5I"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/TCHR5Q5I"],"itemData":{"id":1306,"type":"article-journal","title":"Public–private partnerships in national cyber-security strategies","container-title":"International Affairs","page":"43–62","volume":"92","issue":"1","source":"Google Scholar","author":[{"family":"Carr","given":"Madeline"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Carr, 2016).

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International Affairs, 92(1), 43–62.

Kuhl, M. E., Kistner, J., Costantini, K., & Sudit, M. (2007). Cyber attack modeling and simulation for network security analysis. Proceedings of the 39th Conference on Winter Simulation: 40 Years! The Best Is yet to Come, 1180–1188. IEEE Press.

Rees, L. P., Deane, J. K., Rakes, T. R., & Baker, W. H. (2011). Decision support for Cybersecurity risk planning. Decision Support Systems, 51(3), 493–505.

Rowe, B. R., & Gallaher, M. P. (2006). Private sector cyber security investment strategies: An empirical analysis. The Fifth Workshop on the Economics of Information Security (WEIS06).

Sandoval, J. E., Sapankevych, N. I., Santos, A. J., & Hassell, S. P. (2013). Cyber attack analysis.

The Data Center Consolidation Paper

Data Center Consolidation

Author’s name

[Institutional Affiliation(s)]

Author Note

Data Center Consolidation

Data center consolidation is the term used for innovative technologies and techniques that allow for better implementation of information technology architecture. This paper will discuss strategies used for data center consolidation in detail and provide a detailed understanding of the issue. The three main factors that will be discussed are the use of bandwidth and high speed communication, cloud computing and mobile data centers for the future of data center consolidation. One thing that needs to be understood is that if the process of data center consolidation is taken out correctly then it can reduce expenditure, improve the efficiency, compliance and security while also negating the need to purchase additional storage ("Data center consolidation", 2019).

In the field of information technology, data centers are the central point of most of the services provided. Most companies employ data centers to solve problems regarding market strategy and data analysis of the costumer base. In the data-center the data leaving and entering is controlled by the bandwidth that is available for this purpose. On data center consolidation, bandwidth continues to be the one of the most-talked about constraints out there. Nowadays, the biggest concern for companies is not the idea of having the maximum amount of bandwidth, but the appropriate amount of bandwidth for the job. The factor of bandwidth and high speed communication becomes the leading factor when the company has multiple data centers. This is because more data needs to be transferred from place to place. Such a case can also be witnessed when the need for shifting of a data center takes place. The transfer of a large amount of data from one location to the next in a short time to avoid down time requires a large bandwidth. Fortunately, in this day and age, these bandwidth requirements can be very easily met as cheap and large-scale bandwidth options are found. Ethernet is becoming more amd more mainstream as it tends to provide an easier and cheaper solution to the bandwidth problem. Traditional T-carrier and SONET services tend to be more expensive then the Ethernet services. The balance between services and finances have to be maintained and thus the best possible solution has to be selected. There are online solutions also available which provide outstanding products in the form of bandwidth bundles at affordable prices. The biggest factor that is considered while trying to solve issues about bandwidth is cost, and multiple solutions are available in the competitive market at good rates.

Another aspect of data center consolidation that has been growing over the years is known as cloud computing. Cloud computing essentially means using the resources of someone else’s machine for storage and processing purposes. It is one of the most upcoming technologies in the field of information technology. It makes developing startups very easy and the deployment of newly built apps as new companies rarely have enough resources. Such consolidation of data can have its own security repercussions but there are some advantages to this at well. The era of cloud has seen the world of data centers transform from individual servers to consolidated cloud data centers. This consolidation helps service providers to utilize services, spreading data between a number of providers with different options and different TOR for each service. Such advancements can make startups depending on such facilities grow manifold as they have access to easy app deployment and maintenance services which can be further used to enhance the user experience. On the other hand, a number of drawbacks are also there for the consolidation onto cloud taking place nowadays. People investing in on-premise servers have better control over the software and payment methods than that of cloud based servers. The user, in case of cloud based servers, sometimes, does not have the option of not-installing new updates etc. This can effect the experience of the users as the users expect best services from a new company. Considering the complexity of incoming hardware and processes, the decision of deploying all the data on the cloud should be taken seriously and with good cause.

Mobile data centers are also being deployed for making the process of data center consolidation more streamlined. With the decrease in physical size of data centers, it sometimes becomes the need of the hour to have a mobile data center, as it can help in the reduction of bandwidth need of shifting data from one data center to the next. The data needs can also appear at unusual places, thus modular data center solutions come to the rescue. Modular data centers provide small scale data services in required places. Such data centers can help in the decentralization of data from a singular place to several small data centers (Kavania, Pouria, 2017). The deployment of small and mobile data centers as a replacement for one big deployment does not only improve the capacity of the company to provide services to its users but also improves the cost benefits for the company. The purpose based solutions as provided by data centers for companies are actually very important for startups as it makes them grow into the market place and provide the services that are promised without putting too much strain on them financially.

Works Cited:

Data center consolidation. (2019). Retrieved 8 December 2019, from https://arxiv.org/pdf/1010.5037.pdf

Kaviani, Pouria. (2017). Virtualization with Data Center. International Journal of Advance Research in Computer Science and Management. 04.

Thesis

_ 6bjbj,E,E 7N/N/u2 ttttt8L,Lhx TE,f)NtqqqttqttqVsvg0L) ))tqqqqqqq 2qqqLqqqq)qqqqqqqqq  RUNNING HEAD IT

Thesis

Name of the writer

Name of the institution

TABLE OF CONTENTS

TOC o 1-3 h z u HYPERLINK l _Toc20637220 Abstract PAGEREF _Toc20637220 h 3

HYPERLINK l _Toc20637221 Introduction PAGEREF _Toc20637221 h 4

HYPERLINK l _Toc20637222 An introduction to cryptocurrency PAGEREF _Toc20637222 h 5

HYPERLINK l _Toc20637223 Why cryptocurrency hold so much value PAGEREF _Toc20637223 h 8

HYPERLINK l _Toc20637224 The vulnerabilities of cryptocurrencies PAGEREF _Toc20637224 h 10

HYPERLINK l _Toc20637225 Using cryptocurrency in the corporate world PAGEREF _Toc20637225 h 11

HYPERLINK l _Toc20637226 Regulating cryptocurrency PAGEREF _Toc20637226 h 13

HYPERLINK l _Toc20637227 The future of cryptocurrency PAGEREF _Toc20637227 h 14

HYPERLINK l _Toc20637228 Conclusion PAGEREF _Toc20637228 h 15

HYPERLINK l _Toc20637229 References PAGEREF _Toc20637229 h 18

Thesis

Abstract

The aim of this paper is to investigate about cryptocurrency. Moreover, it will be investigated why cryptocurrency holds so much value. Additionally, the future of cryptocurrency will also be evaluated. Cryptocurrency holds value because of its decentralized nature and limited supply against a huge demand. However, despite its huge demand, the future of cryptocurrency is questionable due to certain drawbacks. This is because cryptocurrency is always at the mercy of the hackers, has no protection from any banks and very little consumer protection. Hence, cryptocurrency will not be gaining the trust of consumers on a wide scale despite its two biggest strengths anonymity and meagre transactional costs.

Introduction

The most valuable commodity in the entire world is money. Whether an individual is going to a hairdresser or buying clothes, they will need it no matter what the situation is. In the modern economy, money is imperative to carry out transactions of goods of any sort. Citizens of modern society will need money in every situation of their lives in which they intend to complete a transaction (Stark, 2013). There have been numerous forms of money in human history. The oldest known form of money is bartering. In the old times when there was no concept of money, people used to exchange objects in order to pay for something. For instance, one would pay for a horse using a cow. Certainly, this form of money was highly inefficient. The inefficiency of the earlier system of money gave rise to the need for a more efficient system of exchange (Bradbury, 2013). Trading is made more efficient with intermediary instrument acting in between the exchange of goods. When bartering was used as a form of money, human traded goods using weapons or skins of different animals that would act as an intermediary (Christin, 2013). The traces of first minted currency are found in and around 600 B.C.

The minted currency was made from the combination of silver and gold. A picture was stamped with the aim to identify the value of any coin. King Alyattes of Lydia, modern-day Turkey, minted coins for initially for the first time. The stamped coins resulted in increasing the trade of the empire manifold and the empire became one of the affluent empires in the entire world (Dwyer, 2015). Some hundred years fast forward, paper money was developed for the first time by Chinese. The Chinese invention moved the currency system away from the coins. Europeans were quite late in adapting to the usage of paper money. Today, banks print notes for people to use and roam around carrying it in their pockets. The money in the banks has value backed in gold most of the times. The paper money that everyone uses today became the norm little by little.

This is a way in which bartering has been eliminated due to the problems it possessed and was replaced with paper money. When every person in a society accepts a uniform form of money, trading, pricing, and servicing become easier and convenient. Fiat money is the primary source of money in todays economy. Fiat money is granted protection by the governments using laws and regulations which subsequently foster peoples trust in money. The central bank of a country supplies the fiat money that ensures stability and a steady supply of currency using monetary policies. With so much technological advancements, the money of various kinds has been invented.

Cryptocurrency is the latest form of money that has been created using the latest technologies and innovations. More often than not, Cryptocurrency is referred to as digital money or cyber currency in the digital space. The most striking attribute of the cryptocurrency is that no bank issues it (ElBahrawy et.al, 2017). Moreover, it is not granted protection using laws and regulations of any sorts. This feature of cryptocurrency makes it immensely difficult for governments to intervene or interfere. There have been numerous forms of cryptocurrency that have been developed, Bitcoin is considered to be the most famous cryptocurrency around.

An introduction to cryptocurrency

With so many technological advancements, it has been made possible to carry out a transaction using digital currency, in which there is little interference from banks and governments and is not regulated or protected by any sorts of laws (Stark, 2013). The digital currency or cryptocurrency is redistributed using peer to peer networks and software that are readily available. An individual can edit the source of the software as per their liking and redistribute the digital currency.

Although the digital currency is almost identical to the regular debit card accounts stored electronically. However, the paramount dissimilarity is that cryptocurrency can be distributed with no interference from banks and other official authorities. Due to this dissimilarity, the digital currency is completely decentralized. Fiat money can be controlled and regulated by the government but cryptocurrency is free from any sort of control and regulation.

The first-ever digital currency that was created is Bitcoin. This digital currency was created by a team named Satoshi Nakamoto. US National Security Agency created a cryptographic system named SHA-256, which was used by this team. Bitcoin is the most widely known variant of cryptocurrency that has been created so far. Each digital coin of cryptocurrency is linked to a special key that makes it unique (Dwyer, 2015). The transaction of cryptocurrency takes place when one digital coin of cryptocurrency is moved from one address to another address. The records of every transaction are held in a database which is public. The database which holds the records of transactions is called blockchain. Every coin of cryptocurrency is stored in the database with not a single coin of cryptocurrency existing outside of it. The supply of any digital currency is dependent on mining. Using the process called mining, every single coin of a cryptocurrency is uploaded into the database which is public.

A cryptocurrency is developed using the process of mining and it is measured in hashed per second. Whenever a block is solved and a coined is mined successfully, a new hash gets created. Cryptocurrency is completely dependent on hash functions. Computers that mine cryptocurrency are significantly powerful in order to mine effectively (Thomas, 2013). However, due to the complex nature of algorithms involved in mining, the CPU of the computers consumes a lot of resources. With the passage of time, the algorithm gets more and more complex, bringing down the creation of digital coins significantly (Bradbury, 2013). The mining process will become increasingly troublesome with the data stored getting large in size. Since the data gets large in size, the processing capability of the computers is reduced and they start to use more resources. When cryptocurrency was launched initially, one could mine 50 digital coins using mining (Christin, 2013). However, it has been reduced to 25 digital coins of cryptocurrency today. The supply of most cryptocurrencies has been made constant with reward cutting to half after every four years using programming. Therefore, the process of mining used to create digital coins of cryptocurrency is getting less profitable and the available supply of digital coins is becoming less each day. Unless an individual has a computer that has been designed specifically for the purpose of mining, the average cost incurred in mining a hash will more than the price of a single digital coin of the cryptocurrency (ElBahrawy et.al, 2017). To put simply, mining is a contest. Numerous miners are working day and night simultaneously to find a hash. Miners that have efficiently mined a block of cryptocurrency is a testament to the fact that many people have solved computational problems with ease that resulted in them finding a hash. The total supply of cryptocurrency has been contained by putting a limit on it. For instance, the limit imposed on the most famous cryptocurrency- Bitcoin- is 21 million digital coins. A digital coin of cryptocurrency is added to the blockchain using the process of mining (Wu and Pandey, 2014). Therefore, blockchain can easily identify the owner of a cryptocurrency, as it is the database in which data about the cryptocurrencies are added. The owners of cryptocurrency keep their digital coins in a digital wallet. These digital wallets enable the owners of digital currency or cryptocurrency to track their remaining balance and carry out transactions (Thomas, 2013). An excel sheet can be linked to the digital wallet which records every single transaction of the person owning the digital currency. The digital coins are not placed in the excel spreadsheets. As previously described, every digital coin is linked with a unique address. This address is encrypted and decrypted to verify the transaction. Digital coins of a cryptocurrency are sent using the public address of an individual and they are stored in the private address of the owner. If a hacker ever gets its hands on to the public keys associated with the digital coins, he/she then can transfer digital coins to their private address without any trouble (Wu and Pandey, 2014). Since the person who lost their digital coins had the only link to the public address cannot recover the coins as they are now in the private address of the hacker. Therefore, it is recommended to keep the private key of digital coins encrypted which will restrict intruders from getting their hands on to the key.

Why cryptocurrency hold so much value

The primary problem that confronts the digital currency is that the bits that make up the digital currency can be replicated easily on computers with little difficulty. Any currency intended to be accepted by the public and authorities must be reproduced easily (Stark, 2013). Furthermore, a currency must have the protection of some sorts that prevents its multiple spending. Such as one person spending a single note of currency again and against meaning the currency shall be always in the flow. Digital currency gets created easily contrarily to the paper currency (Bradbury, 2013). This problem can be solved by creating a large central authority that holds a record of all the transactions that have taken place using the same currency apart from certifying each transaction. The largest and most famous cryptocurrency Bitcoin found a solution to this problem that is why cryptocurrency holds so much value.

Any transaction of Bitcoins is completed only through peer to peer networks of owners and sellers in which no authority controls and regulates the exchanges taking place (Christin, 2013). The owners and sellers in this peer to peer network are the personal computers which can easily interact with each other to carry out a transaction without every connecting to any third party server computer (Wu and Pandey, 2014). As it has been mentioned above, like all cryptocurrencies, Bitcoin also uses open-source software. Open-source software is the software which is readily available for everyone to change and use them according to their needs. Open-source software is essentially virtually equal to peer-to-peer networks as the change in it is carried out by the owners of cryptocurrencies, not a central figure or an authority. By employing the open-source software and peer to peer networks, Bitcoin successfully enforced authentication measures to put a curb on the issues of the reproduction of the digital currency. Other cryptocurrencies took the lead of Bitcoin and used the same methods (Dwyer, 2015). This is why cryptocurrencies hold so much value. As has been described above, every transaction of cryptocurrencies is stored in a database known as the blockchain. Different websites keep numerous copies of the block chain database which they continuously update. Since Bitcoin has successfully countered the reproduction problem it is able to create value. However, for a currency to have a specific value, it must have a certain amount of demand in the market.

For anyone finding a reason to use cryptocurrency is that it has very little cost of money transfer. Transferring money digitally can be completed in an instance with the involvement of physical money. Moreover, it is also difficult for owners of cryptocurrencies to bring in their wallets any other country and exchange local currency by trading digital currency. Thus, it gives rise to certain demand which arises from the possibility of avoiding controls or government interference over the currency. Any transaction done using this would have benefit higher than the cost incurred. Another possible reason behind the demand of cryptocurrency is that it is based on anonymity.

Therefore, cryptocurrencies have so much value because they deal in peer to peer networks with little interference from governments and regulating bodies that authenticate and validate the transactions and exchanges taking place. Moreover, cryptocurrencies have successfully tackled the issue of reproduction of digital currency which gives rise to its demand. Additionally, transferring cryptocurrency is cost-efficient and quick. Due to the volatile nature of the price of cryptocurrencies, it has caught the eyes of numerous investors (Thomas, 2013). Moreover, another reason for the cryptocurrencies to have so much value is that people intending to indulge in illicit trades can anonymously perform the transactions.

The vulnerabilities of cryptocurrencies

Cryptocurrencies are safe from attacks because of their decentralized nature. Although a decentralized currency system can fight remarkably with intruders and attacker, it is not completely safe (Stark, 2013). There are so many vulnerabilities of cryptocurrencies which can be easily exploited. According to different statistics, the miners of the cryptocurrencies have spent so much time, effort, and resources in the mining of the Bitcoins that the costs that go into the mining of the digital currency are significantly higher than the earnings made through it (Bradbury, 2013). The mining of digital currency is becoming less profitable with every passing day as it is becoming increasingly difficult to mine newer coins of digital currency. To tackle this, miners have put their heads together to come up with an idea. After much consideration, miners agreed upon the concept of pooling (Christin, 2013). Pooling is an idea of bringing the resources together to increase the power of computation significantly. To put it simply, bringing together resources would result in a centralized authority controlling most of the mining. AS a result, this authority takes control of the entire network and manipulate the blockchain afterwards easily, this is called a 51 attack. This will result in reversing transactions easily and spending the same digital coins several times. Bitcoin here took the lead as well and came up with a solution (Dwyer, 2015). The mining that has been done to create Bitcoins is done in a way it frequently switches between pools that prevents a single person to attain the 51 power. The network of the Bitcoin forces its owners to go through six-step verification requiring confirmation on a single transaction in one block. Therefore, reversing a transaction becomes more difficult and confirming the transaction is even more difficult. This problem has been faced by all other producers of cryptocurrencies and all of them have followed Bitcoin to provide their users with a safer environment (rnason, 2015). Although Bitcoin was successfully able to plug its vulnerabilities, the rapid pace at which technological advancements are taking place worries all the producers of the cryptocurrencies.

Using cryptocurrency in the corporate world

Many have been using different forms of virtual currencies for quite some time. Therefore, it would be naive to say that the concept of cryptocurrencies is entirely new for people (Stark, 2013). The examples of virtual currencies are credit card reward points, online currencies in video games, and miles given to an individual by an airline. The nature of decentralization peer to peer network of cryptocurrencies is what makes it stand out (Bradbury, 2013). Corporations are always in search of new and innovative ways to increase their sales in this cut-throat era of competition. Using cryptocurrency in the digital world has both benefits as well as drawbacks. For instance, cryptocurrencies are safe from the economic turbulence a country experiences (Christin, 2013). Although it is evident that cryptocurrencies are safe from political turmoil and economic instability, the price of cryptocurrencies is volatile due to the speculation, media coverage, uncertainties revolving around it. Business and corporations cannot afford this much volatility as it will affect their businesses significantly (Dwyer, 2015). Due to the fact that cryptocurrencies lack liquidity, businesses would always be reluctant to use cryptocurrency as an alternative to the fiat currency. Moreover, if the businesses and corporation ever decide to incorporate cryptocurrency in the corporate world, it would result in creating a significant imbalance in the supply and demand of the cryptocurrency (rnason, 2015). As a result, the price volatility of a cryptocurrency would increase further. However, this fact can draw the attention of those who are discontent with hiked inflation due to poor regulating policies enforced by central banks. Moreover, the supply which the miners of the cryptocurrency can add into the stream of cryptocurrency is not enough to allow the use of cryptocurrency at a large scale. Moreover, the fact that the cryptocurrency does not have a formal market increases the apprehensions of businesses to incorporate cryptocurrencies into the corporate world. Another reason businesses do not want to integrate the cryptocurrency in the corporate world is that it has decentralized nature. This would result in an increase in the cost incurred on a transaction because a large number of resources would be consumed. Decentralization accompanies a huge risk of lack of security that stops businesses to use cryptocurrency in the corporate world (rnason, 2015). Since cryptocurrencies are decentralized, businesses would not even have any single source of help in case something goes wrong. Moreover, it is a fact that any sort of cryptocurrency has not been adopted by any country all over the world as their primary source of currency. However, investors have complete freedom to purchase cryptocurrency in their domestic currency. Afterwards, the investors can sell their cryptocurrency in any other country against the exchange of domestic currency of that specific country. However, many European countries do not allow this method. Many European countries have banned transactions that involve sale and purchase using cryptocurrency. Moreover, the most famous cryptocurrency, Bitcoin, has been banned in many European states.

Regulating cryptocurrency

As the nature of the cryptocurrency is anonymous, it has the potential to be used in many types of illicit trades. For instance, cryptocurrency can assist criminals with activities involving theft, tax evasion, and money laundering (Stark, 2013). Only a handful of countries have enforced measures that prevent cryptocurrency to be used for illicit activities. Many central banks in many countries have warned their citizens about the risks that are attached to the usage of cryptocurrency (Bradbury, 2013). Moreover, there is a lack of data available on the nature and extent of fraudulent activities associated with the cryptocurrency because it has a feature of anonymity which makes it harder for the authorities to obtain accurate data. Moreover, it is even harder to locate traders of the currency because the transactions are completed without any banks interfering and any third party regulating body overlooking the operations. Opportunities for tax evasion are significantly high using cryptocurrency (Christin, 2013). However, those with malicious intentions are often kept at bay because of limited circulation and unpredictability in its prices. Many security agencies fear that drug cartels have been using cryptocurrency to launder profits made through the sales of illicit drugs (Dwyer, 2015). In 2014, strict guidelines were enforced in the US to put a curb on increased incidents of money laundering. In the same, an arrest was made and this arrest is known as the first arrest made after the enactment of laws that prevent money laundering using cryptocurrency (ElBahrawy et.al, 2017). The primary issue that arises with the regulation of cryptocurrency is that it can never be categorized as a legal financial commodity. Notably, Japan is one country which has categorized it as a financial commodity. The US and Germany treat cryptocurrency as property and private money respectively. The only countries that have strict restrictions against the use of cryptocurrency are China and Iceland. Moreover, the Chinese government has allowed its citizen to trade cryptocurrency freely but restricted its bank to be involved in transactions which involve cryptocurrency. The countries which allow trade of cryptocurrencies have imposed a tax on the profits made through the mining of cryptocurrencies. Moreover, profits made from the increase in the value of a cryptocurrency are also subjected to tax in those countries.

The future of cryptocurrency

The future of cryptocurrency has been widely debated on numerous platforms. In a time when people make transactions using credit and debit cards, the future of digital currency cannot be overshadowed (Stark, 2013). It is very convenient, rapid, and cost-effective to transfer money by employing digital means. However, cryptocurrency, sometimes prove to be way more complicated to be used by the mass population. The average consumer has rarely demanded a currency system that is decentralized (Bradbury, 2013). For the cryptocurrency to be used widely as a primary source of currency, it must come under strict regulation and monetary policies. Moreover, by coming under strict policies, the low costs of transaction and a high degree of anonymity must be changed (Christin, 2013). As a result, cryptocurrency will lose its two biggest appealing factors. The corporate world does not encourage the use of cryptocurrency as well. Moreover, if cryptocurrency gets decentralized, the risk of bankruptcy will increase manifold. Considering all these mentioned factors, it can be concluded that the demand for the cryptocurrency would not be increasing anytime soon (Dwyer, 2015). The only categories of people from where demand can come are the investors looking to increase their portfolio, people having strong interest to explore cryptocurrency, criminals with malicious intents to complete transactions on the dark web (ElBahrawy et.al, 2017). The lack of demand will only result in a decrease in the price of cryptocurrencies. However, there is a lot of room for the cryptocurrency to grow as a promising technology because of the underlying algorithms.

If the cryptocurrency is studied as merely a technological field, it can be very promising. For instance, if an individual is looking to attain the ownership of any asset to be represented by cryptocurrency, it can be achieved using the cryptographic technology that is central to the concept of cryptocurrency (Thomas, 2013). Cryptographic technology and cryptocurrencies would pave the way of people to easily attain ownership of any physical asset because everything would then be digital. Moreover, tokens of cryptocurrencies can be rented or sold by people. This kind of technological application of cryptocurrencies would transform the blockchain into a kind of registry that would contain information about the ownership of any kind of tangible asset. The technology, algorithms, and techniques that underlie the concept of cryptocurrency and resultant cryptography can have numerous applications. Moreover, central banks of many countries can work together with cryptocurrency producers to learn about the design and techniques that underpin cryptocurrency. As a result, banks would be enabled to move money more securely. Another application can be that the banks can use the leanings to create a cryptocurrency of their own (ElBahrawy et.al, 2017).

Conclusion

The most valuable commodity in the entire world is money. Whether an individual is going to buy a new phone or purchasing groceries, they will need it no matter what the situation is. In the modern economy, money is imperative to carry out transactions of goods of any sort. With so much technological advancements, numerous kinds of money have been created. Cryptocurrency has been the most questionable form of money made so. Cryptocurrency is that money that is not influenced by any regulating body and governmental regulations. The cryptocurrency is based on a completely decentralized system, unlike paper money which is made and issued by central banks. Therefore, the government and authorities have little control over the cryptocurrencies. The very first and most famous cryptocurrency developed is Bitcoin. A database is involved in cryptocurrency which is known as blockchain stores every cryptocurrency transaction that is completed. The records that are stored in the blockchain database keep the information of the users of the cryptocurrencies completely anonymous. The digital coins of cryptocurrency are created using a process called mining. Mining is a process which requires complex computational algorithms whose difficulty gets greater with the passage of time. Therefore, as time goes by, the process of mining becomes inefficient and starts to consume more resources than before. Therefore, the process of mining is increasingly becoming less profitable. There are certain factors that contribute to the demand for cryptocurrencies. The decentralized and anonymous nature of cryptocurrencies makes it appealing for some consumers. Moreover, low transactional cost of cryptocurrency draws significant attention from criminal quarters with malicious intentions to indulge in illicit trades. Although there are many appealing factors for some categories of consumers, there are ample disadvantages of cryptocurrencies as well. Due to the decentralized nature of cryptocurrency, it has no consumer protection. Any amounts of digital coins of any cryptocurrency which are lost or stolen are never recovered. Moreover, cryptocurrencies are always at the mercy of hackers because they are highly prone to cyber-attacks. Additionally, the cryptocurrencies are devoid of the liquidity feature that paper money has. The price of cryptocurrencies is always unpredictable and volatile, making it harder to hold on to large digital coins of a cryptocurrency. Many countries have placed measures to curb the transactions of cryptocurrencies. Moreover, numerous countries have imposed huge taxes on the profits made through mining, selling, and purchasing of cryptocurrency. Notably, China has recognized cryptocurrencies but placed restrictions on banks that intended to deal in cryptocurrency.

Taking into account the discussion above, it will take longer for cryptocurrency to earn the trust of the public due to the risks involved in it. For cryptocurrency to replace debit and credit cards, it must offer the consumers something that debit and credit cards have failed to provide so far. Cryptocurrency must become convenient and safer for people to use it all across the world without any qualms.

References

rnason, S.L., 2015.Cryptocurrency and Bitcoin. A possible foundation of future currency why it has value, what is its history and its future outlook(Doctoral dissertation).

Bradbury, D., 2013. The problem with Bitcoin.Computer Fraud Security,2013(11), pp.5-8.

Christin, N., 2013, May. Traveling the Silk Road A measurement analysis of a large anonymous online marketplace. InProceedings of the 22nd international conference on World Wide Web(pp. 213-224). ACM.

Dwyer, G.P., 2015. The economics of Bitcoin and similar private digital currencies.Journal of Financial Stability,17, pp.81-91.

ElBahrawy, A., Alessandretti, L., Kandler, A., Pastor-Satorras, R. and Baronchelli, A., 2017. Evolutionary dynamics of the cryptocurrency market.Royal Society open science,4(11), p.170623.

Stark, B., 2013. Is the corporate world ready for bitcoin.Risk Management,60(7), pp.6-9.

Thomas, B., 2013. Massive Bitcoin thefts and seizures leave many users nervous and poorer.Computer Fraud Security,12(3).

Wu, C.Y. and Pandey, V.K., 2014. The value of Bitcoin in enhancing the efficiency of an investors portfolio.Journal of financial planning,27(9), pp.44-52.

IT PAGE MERGEFORMAT 18

UVghijueuI1.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHuhXFhx6CJOJQJaJ(jhXFhx6CJOJQJUaJhjh5CJOJQJaJhx5CJOJQJaJhjhi5CJOJQJaJhjhx5CJOJQJaJhjh CJOJQJaJhjhxCJOJQJaJh CJOJQJaJhjhxCJOJQJaJ 5OPQRSTUhi z I dgddagd mpdgd mpdEdd-.hFhXF6CJOJPJQJaJmHnHujhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu.hXFhXF0J6CJOJQJaJmHnHuhXFhXF6CJOJQJaJmHnHu 5 6 zzzC-hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujqhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu6 7 8 Y Z t u v w x y z yZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujghXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu yZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu ( ) B C D F G H I J K f g yZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujShXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHug h i yZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujIhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHuI o  gddgd agd dagd mpdagd mpdgdmpdgd ./yZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu/01MNOhijlmnopqyZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHuj5hXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHuyZyyB,hXFhXF6CJOJQJaJmHnHu.hFhXF6CJOJPJQJaJmHnHujhXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHuyZyyB-(jhXFhx6CJOJQJUaJ.hFhXF6CJOJPJQJaJmHnHuj hXFhXF6CJOJQJUaJmHnHu6jhXFhXF6CJOJQJUaJmHnHu-hXFhXF6CJOJQJaJmHnHu.hXFhXF0J6CJOJQJaJmHnHu7jhXFhXF0J6CJOJQJUaJmHnHujhXFhXF0J6CJOJQJUaJmHnHu

 xyL@P

jxghx))),,5,tthZhZCJOJQJaJhZCJOJQJaJhHmhHmCJOJQJaJhHmCJOJQJaJh h h CJOJQJaJh h PJhjheCJOJQJaJh CJOJQJaJhjhx5CJOJQJaJhjhxCJOJQJaJ-5,---00Q01111222334556666995@6@D@@AAAAJCKCCDDDFFHIIIJJJKKKLLLINWNOOSSSVVWWhHmBCJOJQJaJphh h BCJOJQJaJphh h PJhHmhHmCJOJQJaJhHmCJOJQJaJh h CJOJQJaJ@11J5r@AIIVVDbfkkvcxdxexdgd d78Hgd

dgd d78Hgd gddgd WWXXXZZZDb)aa7aObPbbc_cocddeefhhhkkkkkkbxcxdxexyiyh h 5CJOJQJaJh h CJOJQJaJ(h h 5BCJOJQJaJphh h PJhZhZBCJOJQJaJphhZBCJOJQJaJphhHmBCJOJQJaJphh h BCJOJQJaJphhHmhHmBCJOJQJaJph)exfxqxrxx yyyQyjylypyyyy5zIzJzzzzzzzkVkkVkVkDhehDCJOJPJQJaJ)hhD6CJOJPJQJaJhhDCJOJPJQJaJ)hPhhD6CJOJPJQJaJhPhhDCJOJPJQJaJhDCJOJPJQJaJ)hhD6CJOJPJQJaJhhDCJOJPJQJaJhjhCJOJQJaJhjhx5aJhjhxaJexqxrxyyJzzd 34gdagdxdgd mp0d0gd mpgdagd mpxzB_cdiTiTiEhjhICJOJQJaJ)h1ShD6CJOJPJQJaJh1ShDCJOJPJQJaJ)h4hD6CJOJPJQJaJh4hDCJOJPJQJaJ)hPhhD6CJOJPJQJaJhPhhDCJOJPJQJaJhDCJOJPJQJaJhehDCJOJPJQJaJ)hehD6CJOJPJQJaJ 

./123456hjhICJOJQJaJhhDCJOJQJaJmHnHuhhxCJOJQJaJjhhxCJOJQJUaJhh)CJOJQJaJh CJOJQJaJhFjhFU456dgd mp5 01hpj/ DyK

_Toc20637220DyK

_Toc20637220DyK

_Toc20637221DyK

_Toc20637221DyK

_Toc20637222DyK

_Toc20637222DyK

_Toc20637223DyK

_Toc20637223DyK

_Toc20637224DyK

_Toc20637224DyK

_Toc20637225DyK

_Toc20637225DyK

_Toc20637226DyK

_Toc20637226DyK

_Toc20637227DyK

_Toc20637227DyK

_Toc20637228DyK

_Toc20637228DyK

_Toc20637229DyK

_Toc20637229j666666666vvvvvvvvv6666666666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@Pp2( 0@Pp 0@Pp 0@Pp 0@Pp 0@Pp 0@Pp8XV OJPJQJ_HmH nH sH tH JJNormaldCJ_HaJmH sH tH dd Heading 1d@56CJKH OJPJQJaJ Z@Zx Heading 3@5CJOJPJQJJaJDADDefault Paragraph FontRiR0Table Normal4 l4a(k (

0No List4@4xHeader

4 4xFooter

RoRxHeader CharCJOJPJQJ_HaJmH sH tH VoVHeading 1 Char56CJKH OJPJQJaJ Ro1RxHeading 3 Char5CJOJPJQJJaJV AVxpTOC Heading@ BCJKHaJph6_@

ipTOC 1

dhmpFF

ipTOC 3

dhmp6Uq6x0 HyperlinkBphD@D

0Normal (Web)CJOJQJaJPKContent_Types.xmlN0EH-J@ULTB l,3rJBG7OVa(7IRpgLr85vuQ8CX6NJCFB..YTe55 _g -Yl6NPK6_rels/.relsj0Qv/C/(hO Chvxp_P1H0ORBdJE4bq_6LR70O,En7Lib/SePKkytheme/theme/themeManager.xmlM @w7c(EbCA7K

Y,

e.,H,lxIsQ ,jGW)E 8PK0C)theme/theme/theme1.xmlYOo6w tocvu-MniP@Iama4lGRX6)OrCy@/yH)UDbqJX)InEp)liV1MOP6rzgbIguSebORDqu gZolAplxpT0jzAV2Fi@qv5NleXdsjcs7f

W7gJjh(KD-

dXiJ(x(I_TS1EZBmU/xYy5g/GMGeD3Vqq8K)fw9 xrxwrTZaGy8IjbRcXI u3KGnD1NIBs RuKV.ELM2fiVvlu8zH (W

JTeOtHGHYKNPT9/A7qZcqUnwNOi43N)cbJ

uV4(Tn 7_m-UBww_8(/0hFL)7iAs),Qg20ppf

DU4p MDBJlC5 2FhsFYn3E6945Z5k8Fmw-dznZxJZp/P,)KQk5qpN8KGbe

Sd17 paSR

3K4rzQ TTIIvtKcKv5DO@w_nNL9KqgVhn RyUn/HrT

t.T S ZP9giC B,X,I2UWV9lkAjAP79sYMChfooY1kyVV5E8Vk80X4D)fv

uxA@T_q64)kuV7ti9s9x,-45xd8d/YtLILJ -Gt/PK

theme/theme/_rels/themeManager.xml.relsM 0woo5

6Q

,.aic21hqm@RNdo7gK(MR(.1rJT8VAHubP8g/QAs(LPK-Content_Types.xmlPK-60_rels/.relsPK-kytheme/theme/themeManager.xmlPK-0C)theme/theme/theme1.xmlPK-

theme/theme/_rels/themeManager.xml.relsPK xml version1.0 encodingUTF-8 standaloneyes

aclrMap xmlnsahttp//schemas.openxmlformats.org/drawingml/2006/main bg1lt1 tx1dk1 bg2lt2 tx2dk2 accent1accent1 accent2accent2 accent3accent3 accent4accent4 accent5accent5 accent6accent6 hlinkhlink folHlinkfolHlink/6u 1111146 g /5,Wex6ABCDEFHIJKLMOPRSI ex46@GNQTi7Zuwxz(CFGIh0Nilmo6u

XXXXXXXXXX.48@0( B S _Toc20637220_Toc20637221_Toc20637222_Toc20637223_Toc20637224_Toc20637225_Toc20637226_Toc20637227_Toc20637228_Toc20637229)8ANDXcfp7u )9ANXcpp7uAIiq(.BLD(J(--..2D2AADDGGKKRRTTh_aiaccBgLgggrpypqqrrrrrrs sssssqtwtuuuu uuuuu4u7u3((.._AAKKTTccpppp7qPqQqqqqqqqDrErIrrrrrr)sssssssssBtcttttuuuuu uuuuu4u7u33333333333333333333333333333i5(Q())J-J-..6658D8NNNNTUbXbXccrprpqqrrssssdtdtuuuuuuuu uuuuuuu4u7ui67gh/05(Q())J-J-..6658D8NNNNTUbXbXccrprpqqrrssssdtdtuuuuuuuuu uuuuuu3u3u4u7ueii-ke1ilx2J5AtjAtJRKetvetfbkketAtQ620 Fb-,4w64XFL1SUiPhJkOtwx DuZ(lRgZm)h5Hm8Xedzxwdmeyj

Iuu@uuuu6u@UnknownGAx Times New Roman5Symbol3.Cx Arial7.@ Calibri7@CambriaABCambria Mathqh3Xryvcvcn24tt3QHP PgZ2xxmuhammadtehreemXYZOh0l (4

@LTdmuhammadtehreemNormalXYZ23Microsoft Office Word@

@@y@svvc.,D.,,hp

tTitlel 8@_PID_HLINKSA18

_Toc2063722912

_Toc206372281,

_Toc206372271

_Toc206372261

_Toc206372251

_Toc206372241

_Toc206372231

_Toc206372221

_Toc206372211

_Toc20637220 

(),-./0123456789@ABCDEFGHIJKLMNOPQRSTUWXYZ_abcdefghijklmnopqrtuvwxyzRoot Entry FYsvData V1Table)WordDocument 7SummaryInformation(sDocumentSummaryInformation8MsoDataStorep.AsvVsvKSQEKB5OZTJQ2p.AsvVsvItem PropertiesUCompObj r bSources SelectedStyleAPA.XSL StyleNameAPA xmlnsbhttp//schemas.openxmlformats.org/officeDocument/2006/bibliography xmlnshttp//schemas.openxmlformats.org/officeDocument/2006/bibliography/bSources

xml version1.0 encodingUTF-8 standaloneno

dsdatastoreItem dsitemIDDDAEA488-2101-4B8A-8A06-F7CEBD94C9A1 xmlnsdshttp//schemas.openxmlformats.org/officeDocument/2006/customXmldsschemaRefsdsschemaRef dsurihttp//schemas.openxmlformats.org/officeDocument/2006/bibliography//dsschemaRefs/dsdatastoreItem F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q

Thesis 2

RUNNING HEAD: SECURITY IN PUBLIC WI-FI HOTSPOTS

Security in Public Wi-Fi Hotspots

Harish

[Name of the institution]

Table of Contents

TOC \o "1-3" \h \z \u Literature Review: PAGEREF _Toc5366355 \h 3

Wired Equivalent Privacy in Wi-Fi Networks: PAGEREF _Toc5366356 \h 3

Flaws in WEP: PAGEREF _Toc5366357 \h 6

Wi-fi Protected Access (WPA): PAGEREF _Toc5366358 \h 8

Flaws in WPA: PAGEREF _Toc5366359 \h 10

Wi-Fi Protected Access Two (WPA2): PAGEREF _Toc5366360 \h 11

Wi-Fi Protected Setup: PAGEREF _Toc5366361 \h 12

Methodology: PAGEREF _Toc5366362 \h 14

Experiments: PAGEREF _Toc5366363 \h 17

Results Analysis: PAGEREF _Toc5366364 \h 19

Recommendations and Conclusion: PAGEREF _Toc5366365 \h 21

References PAGEREF _Toc5366366 \h 23

Security in Public Wi-Fi Hotspots

Literature Review:

Wired Equivalent Privacy in Wi-Fi Networks:

With the exponential increase in the popularity of Wifi networks, researchers are always trying to secure communication between client device and wireless access point in a wifi network. Attacks on wireless networks are not only increasing in number but in complexity as well. As wireless networks are prone to eavesdropping and man in the middle attacks it is inevitable to protect the confidentiality and integrity of the information being shared in such networks. One way of securing information in transit is to encrypt the data before transmission. Data encryption is an important step in securing communication not only in wireless networks but in all types of networks. As a general perspective, it was considered that a wired network is more secure as compared to the wireless network. In a wireless network, anyone can capture the signal and analyse it using specialized tools. Therefore, researchers started to look for different ways of securing wireless communications especially wifi networks using encryption. Encryption techniques have evolved over time.

The simplest example of an encryption algorithm is Caser cipher. In encryption, a cipher is applied to a plaintext message resulting in a ciphertext. In Caesar cipher, each letter of a plain text message is replaced with a corresponding third letter from English alphabets. Such as in a plain text message each "A" will be substituted with a "C". As in this case, the key of encryption is three as the letters are rotated up to three spaces. This is the simplest form of encrypting any message to ensure confidentiality. To retrieve the message exact procedure is need to be reversed resulting in original message form ciphertext. Such encryption schemes using the same key for encrypting and decrypting the data are known as symmetric encryption algorithms. More complex and sophisticated encryption algorithms have been designed and implemented to secure communication in wifi networks. The idea behind the use of encryption in wifi networks is to encrypt the data before sending it to the wireless access point. Researchers identified that mitigation of one security flaw in wireless networks often leads to a new security hole in the system that can be exploited by the attackers in future ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2ntnlsgauc","properties":{"formattedCitation":"(A. Sanatinia et al., 2013)","plainCitation":"(A. Sanatinia et al., 2013)"},"citationItems":[{"id":2231,"uris":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"uri":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"itemData":{"id":2231,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","page":"430-437","source":"IEEE Xplore","event":"2013 IEEE Conference on Communications and Network Security (CNS)","abstract":"WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.","DOI":"10.1109/CNS.2013.6682757","shortTitle":"Wireless spreading of WiFi APs infections using WPS flaws","author":[{"family":"Sanatinia","given":"A."},{"family":"Narain","given":"S."},{"family":"Noubir","given":"G."}],"issued":{"date-parts":[["2013",10]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (A. Sanatinia et al., 2013). The idea of encrypting the information before transmitting it over an insecure wireless channel was considered to be a good step towards making wifi ecosystem more secure. However, any encryption system is as secure as the key associated with it because an attacker cannot extract the original message if the key of encryption is not known.

Implementation of encryption in wifi networks to provide wired equivalent privacy created other challenges of securing the key of encryption used to encrypt the data. Wired equivalent privacy (WEP) protocol was designed by Institute of electrical and electronics engineers (IEEE) as a standard when they discovered that wireless medium is shared between clients in wifi networks and privacy of one client can be easily breached by other clients sharing the medium. WEP was designed to protect the data at the link layer of the open system interconnection model. WEP was based on symmetric stream cipher known as RC4 to encrypt the network traffic in wifi networks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a29gd55ei3h","properties":{"formattedCitation":"(A. Sanatinia et al., 2013)","plainCitation":"(A. Sanatinia et al., 2013)"},"citationItems":[{"id":2231,"uris":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"uri":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"itemData":{"id":2231,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","page":"430-437","source":"IEEE Xplore","event":"2013 IEEE Conference on Communications and Network Security (CNS)","abstract":"WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.","DOI":"10.1109/CNS.2013.6682757","shortTitle":"Wireless spreading of WiFi APs infections using WPS flaws","author":[{"family":"Sanatinia","given":"A."},{"family":"Narain","given":"S."},{"family":"Noubir","given":"G."}],"issued":{"date-parts":[["2013",10]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (A. Sanatinia et al., 2013). WEP system works on the basis of a shared secret key that is transmitted to all of the connecting clients out of the band. Most of the times the preshared key or password of the wireless access point for authentication is manually shared between the participating nodes. Anyone not having the password cannot connect to the wifi network as it is currently applicable in modern day networks as well. Working of RC4 algorithm for wifi networks is explained in the figure below ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1n3887fu92","properties":{"formattedCitation":"(A. Sanatinia et al., 2013)","plainCitation":"(A. Sanatinia et al., 2013)"},"citationItems":[{"id":2231,"uris":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"uri":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"itemData":{"id":2231,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","page":"430-437","source":"IEEE Xplore","event":"2013 IEEE Conference on Communications and Network Security (CNS)","abstract":"WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.","DOI":"10.1109/CNS.2013.6682757","shortTitle":"Wireless spreading of WiFi APs infections using WPS flaws","author":[{"family":"Sanatinia","given":"A."},{"family":"Narain","given":"S."},{"family":"Noubir","given":"G."}],"issued":{"date-parts":[["2013",10]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (A. Sanatinia et al., 2013);

Fig: RC4 in wi-fi networks

RC4 algorithm uses the pre-shared key to generate a stream of pseudorandom characters of equal size and perform a bitwise exclusive OR operation of that stream with the plaintext information producing the ciphertext. Due to the simplicity of implementation of the RC4 stream cipher, it was quickly adopted by the device and access point manufacturers and they started incorporating it into their devices. Almost 90% of modern devices and wireless access points currently deployed at public places still use the WEP protocol to secure the connection. However, as the algorithm is a symmetric algorithm so the sender and receiver must produce the same string of pseudorandom characters to decrypt and encrypt the information. That is considered to be the extreme weakness of the protocol as the same information will generate the same ciphertext for repitive conections as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"adkaq5aoer","properties":{"formattedCitation":"(Watanabe et al., 2017)","plainCitation":"(Watanabe et al., 2017)"},"citationItems":[{"id":2243,"uris":["http://zotero.org/users/local/gITejLE9/items/2VMQ9KZ6"],"uri":["http://zotero.org/users/local/gITejLE9/items/2VMQ9KZ6"],"itemData":{"id":2243,"type":"article-journal","title":"Proposal of WEP Operation with Strong IV and Its Implementation","container-title":"Journal of Information Processing","page":"288-295","volume":"25","author":[{"family":"Watanabe","given":"Yuhei"},{"family":"Iriyama","given":"Takahiro"},{"family":"Morii","given":"Masakatu"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Watanabe et al., 2017). The fact provided an opportunity to the attackers to analyze a certain amount of network packets to figure out the key of encryption leaving the entire implementation of cryptography useless. To overcome the challenge, an initialization vector (IV) value was added in the WEP packet structure. WEP now use a 24-bit IV value along with a 40 to 104-bit shared secret to produce the key of encryption ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2meraoti3c","properties":{"formattedCitation":"(Potter, 2003)","plainCitation":"(Potter, 2003)"},"citationItems":[{"id":2233,"uris":["http://zotero.org/users/local/gITejLE9/items/IQJUHTUU"],"uri":["http://zotero.org/users/local/gITejLE9/items/IQJUHTUU"],"itemData":{"id":2233,"type":"article-journal","title":"Wireless security's future","container-title":"IEEE Security Privacy","page":"68-72","volume":"99","issue":"4","source":"IEEE Xplore","abstract":"Standards bodies and industry organizations are spending a great deal of time and money on developing and deploying next-generation solutions that address growing wireless network security problems. The 802.11i IEEE draft standard provides next-generation authentication, authorization, and encryption capabilities. The WiFi Alliance, a wireless industry organization, has jumped the gun and created the WiFi Protected Access (WPA) standard, a subset of the 802.11i draft. These new standards are more complicated than their predecessors but are more scalable and secure than existing wireless networks. They also dramatically raise the bar for attackers and administrators. The new standards will employ a phased adoption process because of the large installed base of 802.11 devices. Proper migration to 802.11i and mitigating the legacy wireless risks will be a bumpy road. However, the end result will provide users a secure base for mobile computing needs.","DOI":"10.1109/MSECP.2003.1219074","ISSN":"1540-7993","author":[{"family":"Potter","given":"B."}],"issued":{"date-parts":[["2003",7]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Potter, 2003). IV value is transmitted by the sender along with the ciphertext packet so, that the receiver can generate the same key of decryption.

Flaws in WEP:

It was considered at the time of implementation as a breakthrough in providing confidentiality to wifi networks but the attackers proved it wrong with their sophisticated attack methods. Dictionary attacks are considered to be the most common attack technique of hackers to compromise passwords of public wifi networks. However, modern attacks are known as brute-force attacks that are similar to dictionary attacks because the attackers are required to try a different combination of keys but using a vast collection of strings as compared to a simple dictionary attack. Inherent flaws in RC4 algorithm allowed the attackers to compromise any wifi hotspot using WEP encryption to protect the confidentiality of the data being transferred ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ab5oi04oc4","properties":{"formattedCitation":"(Tews and Beck, 2009)","plainCitation":"(Tews and Beck, 2009)"},"citationItems":[{"id":2241,"uris":["http://zotero.org/users/local/gITejLE9/items/G883IBAI"],"uri":["http://zotero.org/users/local/gITejLE9/items/G883IBAI"],"itemData":{"id":2241,"type":"paper-conference","title":"Practical attacks against WEP and WPA","container-title":"Proceedings of the second ACM conference on Wireless network security","publisher":"ACM","page":"79-86","ISBN":"1-60558-460-6","author":[{"family":"Tews","given":"Erik"},{"family":"Beck","given":"Martin"}],"issued":{"date-parts":[["2009"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Tews and Beck, 2009). By design WEP use an IV value of relatively small size that is 24-bits result in a total possible combination of 224 key values. An attacker can build a dictionary of all related keys for a single IV value in a manageable size of 40 Gbytes.

As early as in 2001, researchers explained the flaws in RC4 key scheduling algorithm allowing the attackers to compromise the network in significantly less time. An attacker only requires to intercept 4 million packets in a public wifi network using any wireless packet sniffing device to figure out the encryption key. The attacker will then have complete access to wifi hotspot without even knowing the exact password of the network. A breakthrough advancement in the research was made in 2008 when researchers were able to crack a 104-bits WEP encrypted connection in just three seconds ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2lrm2sipod","properties":{"formattedCitation":"(Reddy et al., 2010)","plainCitation":"(Reddy et al., 2010)"},"citationItems":[{"id":2237,"uris":["http://zotero.org/users/local/gITejLE9/items/JGCY5P5S"],"uri":["http://zotero.org/users/local/gITejLE9/items/JGCY5P5S"],"itemData":{"id":2237,"type":"paper-conference","title":"Wireless hacking-a WiFi hack by cracking WEP","container-title":"2010 2nd International Conference on Education Technology and Computer","publisher":"IEEE","page":"V1-189-V1-193","volume":"1","ISBN":"1-4244-6370-X","author":[{"family":"Reddy","given":"S. Vinjosh"},{"family":"Ramani","given":"K. Sai"},{"family":"Rijutha","given":"K."},{"family":"Ali","given":"Sk Mohammad"},{"family":"Reddy","given":"CH Pradeep"}],"issued":{"date-parts":[["2010"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Reddy et al., 2010). The required number of packets can be captured in less than a second and the analysis can be performed to crack the encryption code in one second using a core i-7 intel processor for mobile devices. The requirement of minimal computing effort to compromise WEP connection has made it possible for attackers to compromise public wifi hotspots in real-time while walking through an area using a mobile phone. A paper was published by the Tews, Ralf-Philipp Weinmann and Andrei Psyhkin demonstrating the attack. They further elaborated that only 40,000 packets are required for a success rate of 50% and 85,000 captured packets can ensure a success rate of 95% ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2o7ogb411q","properties":{"formattedCitation":"(Tews et al., 2007)","plainCitation":"(Tews et al., 2007)"},"citationItems":[{"id":2235,"uris":["http://zotero.org/users/local/gITejLE9/items/XEL9TVKU"],"uri":["http://zotero.org/users/local/gITejLE9/items/XEL9TVKU"],"itemData":{"id":2235,"type":"paper-conference","title":"Breaking 104 bit WEP in less than 60 seconds","container-title":"International Workshop on Information Security Applications","publisher":"Springer","page":"188-202","author":[{"family":"Tews","given":"Erik"},{"family":"Weinmann","given":"Ralf-Philipp"},{"family":"Pyshkin","given":"Andrei"}],"issued":{"date-parts":[["2007"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Tews et al., 2007).

Demonstration of flaws in RC4 implementation in WEP protocol convinced many device manufacturers to mitigate the risk of brute force and dictionary attacks on their access point devices. One method of mitigation was to filter the weak IV values form packets destined to the access point. The filtering operation for each packet subsequently reduced the efficiency of the wireless access point devices. As the vendors have now to choose between eth security and usability of their devices there exist a tradeoff between the security and usability of wifi devices for public hotspots. Some of the vendors decided to block a subset of IV values from being used in the network potentially giving rise to IV reuse and smaller dictionary size for attackers. This way, mitigation of one risk given rise to a more sophisticated risk more quickly as previously possible ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2enogg53a6","properties":{"formattedCitation":"(Realpe et al., 2018)","plainCitation":"(Realpe et al., 2018)"},"citationItems":[{"id":2247,"uris":["http://zotero.org/users/local/gITejLE9/items/KAC9YGJ2"],"uri":["http://zotero.org/users/local/gITejLE9/items/KAC9YGJ2"],"itemData":{"id":2247,"type":"paper-conference","title":"Use of KRACK Attack to Obtain Sensitive Information","container-title":"International Conference on Mobile, Secure, and Programmable Networking","publisher":"Springer","page":"270-276","author":[{"family":"Realpe","given":"Luis Felipe Epia"},{"family":"Parra","given":"Octavio José Salcedo"},{"family":"Velandia","given":"Julio Barón"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Realpe et al., 2018). Given the fact that WEP is not an efficient protocol for providing the confidentiality and integrity of information, its use is not recommended. However, most of the public hotspot devices still use WEP encryption to secure the network, in fact making it vulnerable to a plethora of attacks compromising the confidentiality of data. Severe flaws in WEP forced researchers to design new and improved algorithms to secure public wifi as well as wifi networks in general.

Wi-fi Protected Access (WPA):

Due to the flaws discovered in the initial wifi security protocol known as WEP, researchers spent a lot of time and money to develop new and sophisticated protocols to secure the wifi networks especially public wifi hotspots. Wireless protected access also known as WPA protocol was introduced as a replacement of WEP to overcome security flaws. WPA provides efficient key management as compared to the WEP protocol which does not provide any such facility. WPA was designed and introduced as a standard by wi-fi alliance ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1prhrn62sh","properties":{"formattedCitation":"(Abo-Soliman and Azer, 2018a)","plainCitation":"(Abo-Soliman and Azer, 2018a)"},"citationItems":[{"id":2251,"uris":["http://zotero.org/users/local/gITejLE9/items/CRR4B3VE"],"uri":["http://zotero.org/users/local/gITejLE9/items/CRR4B3VE"],"itemData":{"id":2251,"type":"paper-conference","title":"Enterprise WLAN Security Flaws: Current Attacks and relative Mitigations","container-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security","publisher":"ACM","page":"34","ISBN":"1-4503-6448-9","author":[{"family":"Abo-Soliman","given":"Mohamed A."},{"family":"Azer","given":"Marianne A."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Abo-Soliman and Azer, 2018a). The technology was designed to ensure backward compatibility with existing devices supporting WEP protocol. A new protocol to encrypt the data was introduced known as the temporal key integrity protocol (TKIP). As it is evident by the name the protocol was designed to provide improved integrity along with the confidentiality of the transmitted data. The integrity of encryption keys is provided using hashing technology ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a8iu1h5jpu","properties":{"formattedCitation":"(Agbeboaye et al., 2018)","plainCitation":"(Agbeboaye et al., 2018)"},"citationItems":[{"id":2254,"uris":["http://zotero.org/users/local/gITejLE9/items/7HKX576Y"],"uri":["http://zotero.org/users/local/gITejLE9/items/7HKX576Y"],"itemData":{"id":2254,"type":"article-journal","title":"SECURITY THREATS ANALYSIS OF WIRELESS LOCAL AREA NETWORK","container-title":"Compusoft","page":"2773-2779","volume":"7","issue":"6","author":[{"family":"Agbeboaye","given":"Clement"},{"family":"Akpojedje","given":"France O."},{"family":"Okoekhian","given":"Joshua"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Agbeboaye et al., 2018). A hash function is a function that operates on an arbitrary piece of information and generates a fixed length random value.

The strength of the hashing function lies in the fact that the original key cannot be reconstructed from a hash value of the key. An important quality of a hash function is that it must not compute same has value for two different input strings but must create the same has value for the same input all the time. If any hash function computes the same hash value for two different inputs then the problem is defined as a hash collision. TKIP also adds integrity checking feature to the data packet so, that it can be verified at receiver's end that the encryption key is not tampered with. TKIP is a hashing function widely adopted by the manufacturers of wifi access points as it does not require implementation of specialized hardware into existing designs ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1ai37eekno","properties":{"formattedCitation":"(Wen and Liu, 2018)","plainCitation":"(Wen and Liu, 2018)"},"citationItems":[{"id":2257,"uris":["http://zotero.org/users/local/gITejLE9/items/8F7B3SVB"],"uri":["http://zotero.org/users/local/gITejLE9/items/8F7B3SVB"],"itemData":{"id":2257,"type":"paper-conference","title":"WIFI Security Certification through Device Information","container-title":"2018 International Conference on Sensor Networks and Signal Processing (SNSP)","publisher":"IEEE","page":"302-305","ISBN":"1-5386-7413-0","author":[{"family":"Wen","given":"Yudong"},{"family":"Liu","given":"Tao"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Wen and Liu, 2018). TKIP uses the RC4 algorithm for encryption and decryption but fortifies the process with a 128-bit key and IV value of 48-bits. The key of encryption is known as the temporal key and IV is used as a counter in transmission for packets. Therefore, the participating clients and the access point have to perform a 2-phase key generation that is known as a per-packet key also known as PPK.

WEP was lacking the facility of user authentication on the wifi access point. Whereas WPA provides authentication using extensible authentication protocol (EAP). EAP allowed the wireless access points to authenticate users of the network using the MAC address of the clients. As it was thought at that time that masquerading a MAC address is not an easy job, the implementation of EAP was regarded as a strong security mechanism in public wifi protection. Introduction of EAP and authentication features with the WPA technology allowed the administrators and access point to allow only authenticated devices to connect to the network. Although the feature can increase the security in a home network environment but useless in public wifi hotspots as it will kill the basic purpose of a public wifi hotspot ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2hv0r38lcu","properties":{"formattedCitation":"(Esser and Serrao, 2018)","plainCitation":"(Esser and Serrao, 2018)"},"citationItems":[{"id":2260,"uris":["http://zotero.org/users/local/gITejLE9/items/TIDT27PT"],"uri":["http://zotero.org/users/local/gITejLE9/items/TIDT27PT"],"itemData":{"id":2260,"type":"paper-conference","title":"Wi-Fi network testing using an integrated Evil-Twin framework","container-title":"2018 Fifth International Conference on Internet of Things: Systems, Management and Security","publisher":"IEEE","page":"216-221","ISBN":"1-5386-9585-5","author":[{"family":"Esser","given":"Andre"},{"family":"Serrao","given":"Carlos"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Esser and Serrao, 2018). Most of the time public hotspots are not managed by any system administrator. Even in case of a managed public hotspot controlled access will not be a manageable task regarding user authentication coupled with MAC address filtering.

Flaws in WPA:

WPA was designed and implemented to support devices, previously configured for WEP security. Backward compatibility allows devices such as wireless access points to operate in a mixed mode to provide connectivity to the clients using WEP. However, in actual tests, it was discovered that the mixed mode provides only WEP equivalent protection to all users regardless of the configuration of the client device. Which effectively means that a public wifi hotspot advertised as supporting WPA security may not actually provide an enhanced level of security and privacy protection ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1co79g1d0","properties":{"formattedCitation":"(Dawood et al., 2018)","plainCitation":"(Dawood et al., 2018)"},"citationItems":[{"id":2263,"uris":["http://zotero.org/users/local/gITejLE9/items/2GKUZX47"],"uri":["http://zotero.org/users/local/gITejLE9/items/2GKUZX47"],"itemData":{"id":2263,"type":"paper-conference","title":"Developing a New Secret Symmetric Algorithm for Securing Wireless Applications","container-title":"2018 1st Annual International Conference on Information and Sciences (AiCIS)","publisher":"IEEE","page":"152-158","ISBN":"1-5386-9188-4","author":[{"family":"Dawood","given":"Omar A."},{"family":"Hammadi","given":"Othman I."},{"family":"Asman","given":"Thaar Kh"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Dawood et al., 2018). As TKIP itself is not an encryption protocol it just makes sure that each transmitted packet over the network must have a unique encryption key, the attacks against WPA are also successfully tested. Researchers discovered that breaking WPA encryption provides access to the information contained in the internet packet but it does not provide complete control of the network. It was discovered that an ARP packet captured from the public access network can be opened and decrypted in just 14 minutes. Although WPA provides a good feature set as compared to the WEP as it is difficult to control the entire network but the flaws in the protocol allow man in the middle attacks to be successful ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a9mc9b4uve","properties":{"formattedCitation":"{\\rtf (\\uc0\\u268{}isar and \\uc0\\u268{}isar, 2018)}","plainCitation":"(Čisar and Čisar, 2018)"},"citationItems":[{"id":2266,"uris":["http://zotero.org/users/local/gITejLE9/items/L3RCZ466"],"uri":["http://zotero.org/users/local/gITejLE9/items/L3RCZ466"],"itemData":{"id":2266,"type":"article-journal","title":"ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT","container-title":"Annals of the Faculty of Engineering Hunedoara","page":"181-186","volume":"16","issue":"3","author":[{"family":"Čisar","given":"P."},{"family":"Čisar","given":"S. Maravić"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Čisar and Čisar, 2018). Based on the findings researchers suggested to use the wifi routers for public wifi hotspots with the security level set to WPA-EAP instead of WPA-PSK. As the WPA-PSK mode is only recommended for home users with a preshared key mechanism of security.

Wi-Fi Protected Access Two (WPA2):

To overcome security flaws discovered in the WPA protocol a new protocol based on different encryption algorithm was introduced in 2004, known as WPA2. In 2001, the national institute of standards in technology accepted advance encryption standard as a standard of encryption even for classified government communication as well. AES was introduced in place of the data encryption standard. With the new encryption standard for general purpose security, researchers decided to implement it into wifi networks for increased security and privacy. AES encryption was built into WPA2 in place of TKIP as found in WPA ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1qgs3q4nt1","properties":{"formattedCitation":"(Terkawi and Innab, 2018)","plainCitation":"(Terkawi and Innab, 2018)"},"citationItems":[{"id":2280,"uris":["http://zotero.org/users/local/gITejLE9/items/G2RFB5UH"],"uri":["http://zotero.org/users/local/gITejLE9/items/G2RFB5UH"],"itemData":{"id":2280,"type":"paper-conference","title":"Major Impacts of Key Reinstallation Attack on Internet of Things System","container-title":"2018 21st Saudi Computer Society National Computer Conference (NCC)","publisher":"IEEE","page":"1-6","ISBN":"1-5386-4110-0","author":[{"family":"Terkawi","given":"Asma"},{"family":"Innab","given":"Nisreen"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Terkawi and Innab, 2018). AES encryption is much stronger as compared to the TKIP and DES encryption algorithms. It provides authentication of users based on transport layer security based on the extensible authentication protocol intended for enterprise and public wifi hotspots. It provides data integrity verification using counter mode cipher block chaining message authentication code protocol. It also operates in two modes WPA2-PSK mode is intended for home users because it requires a pre-shared key as it was the case with WEP and WPA previously ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2hres0rlm1","properties":{"formattedCitation":"(Azeez and Chinazo, 2018)","plainCitation":"(Azeez and Chinazo, 2018)"},"citationItems":[{"id":2283,"uris":["http://zotero.org/users/local/gITejLE9/items/HYJ5HQMC"],"uri":["http://zotero.org/users/local/gITejLE9/items/HYJ5HQMC"],"itemData":{"id":2283,"type":"article-journal","title":"ACHIEVING DATA AUTHENTICATION WITH HMAC-SHA256 ALGORITHM.","container-title":"Computer Science & Telecommunications","volume":"54","issue":"2","author":[{"family":"Azeez","given":"Nureni Ayofe"},{"family":"Chinazo","given":"Onyema Juliet"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Azeez and Chinazo, 2018). WPA2 allowed the use of preshared keys with up to 64 ASCII characters. However, use of such a long passphrase is not feasible even in home networks because users will prefer usability instead of security if they are required to remember fairly long passwords for their network.

As with the case of public wifi hotspot security WPA2 offers server-side authentication using a RADIUS server. The security is based on an 802.1x industry standard that is introduced by the Institute of electrical and electronics engineers. WPA2 with AES encryption is considered to be the best security measure to ensure confidentiality and integrity of wifi networks not only in corporate environments but in public wifi hotspots as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2oocave6nc","properties":{"formattedCitation":"(Dey et al., 2018)","plainCitation":"(Dey et al., 2018)"},"citationItems":[{"id":2277,"uris":["http://zotero.org/users/local/gITejLE9/items/TXXJTRGP"],"uri":["http://zotero.org/users/local/gITejLE9/items/TXXJTRGP"],"itemData":{"id":2277,"type":"paper-conference","title":"An efficient dynamic key based EAP authentication framework for future IEEE 802.1 x Wireless LANs","container-title":"Proceedings of the 2nd International Conference on Digital Signal Processing","publisher":"ACM","page":"125-131","ISBN":"1-4503-6402-0","author":[{"family":"Dey","given":"Biswanath"},{"family":"Vishnu","given":"S. S."},{"family":"Swarnkar","given":"Om Satyam"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Dey et al., 2018). It provides 128-bit strong encryption that is not purely immune to attacks but requires a considerable amount of computing resources to break the encryption. The computing resources required to break WPA2-AES key are not currently feasible in real-world scenarios. There are no direct attacks reported by the researchers directly targeting WPA2-AES encryption key. However, insider attacks are possible even in a WPA2-AES secured network because a group transient key is broadcasted to each client connected to the network.

Therefore, a client already connected to the public wifi hotspot can compromise the security of other devices on the network but an intruder cannot directly have access to the network. Due to the possibility of having the same group key for one or more clients the network can provide an opportunity to an insider for ARP spoofing. ARP spoofing is a type of attack in which a device connected to the network send fake address resolution requests. Attacks can authenticate multiple IP addresses with a single target's MAC address. A successful ARP spoofing attack can bring the overall network down as well. In public wifi hotspots, an attacker can use ARP spoofing to initiate a denial of service attack ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a162jma1uuu","properties":{"formattedCitation":"(Abo-Soliman and Azer, 2018b)","plainCitation":"(Abo-Soliman and Azer, 2018b)"},"citationItems":[{"id":2271,"uris":["http://zotero.org/users/local/gITejLE9/items/XPHHKFLN"],"uri":["http://zotero.org/users/local/gITejLE9/items/XPHHKFLN"],"itemData":{"id":2271,"type":"paper-conference","title":"Tunnel-Based EAP Effective Security Attacks WPA2 Enterprise Evaluation and Proposed Amendments","container-title":"2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN)","publisher":"IEEE","page":"268-273","ISBN":"1-5386-4646-3","author":[{"family":"Abo-Soliman","given":"Mohamed A."},{"family":"Azer","given":"Marianne A."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Abo-Soliman and Azer, 2018b). In which the access of legitimate users to the wifi router will be blocked due to the congestion on the network links created by the attacker ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a25d1k6bsr5","properties":{"formattedCitation":"(Gunawan et al., 2018)","plainCitation":"(Gunawan et al., 2018)"},"citationItems":[{"id":2274,"uris":["http://zotero.org/users/local/gITejLE9/items/WZL2TRQ4"],"uri":["http://zotero.org/users/local/gITejLE9/items/WZL2TRQ4"],"itemData":{"id":2274,"type":"article-journal","title":"Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks","container-title":"Indonesian Journal of Electrical Engineering and Computer Science","page":"729-737","volume":"12","issue":"2","author":[{"family":"Gunawan","given":"Teddy Surya"},{"family":"Lim","given":"Muhammad Kasim"},{"family":"Kartiwi","given":"Mira"},{"family":"Malik","given":"Noreha Abdul"},{"family":"Ismail","given":"Nanang"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Gunawan et al., 2018). Despite having flaws in the security protocol implementation of WPA2, it is still considered as the most secure mechanism for public wifi hotspots.

Wi-Fi Protected Setup:

Wi-fi protected setup is another security protocol designed to make wifi communications in enterprise and public hotspot environments more secure. It was also designed by the Wifi alliance in 2007. The standard defines two methods of authenticating devices with a wireless access point supporting the WPS protocol. The first method requires the use of a PIN code for device authentication and second requires a physical push button to be pressed on the access point to authenticate the device on the network ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ajf1bs1mn7","properties":{"formattedCitation":"(Zisiadis et al., 2012)","plainCitation":"(Zisiadis et al., 2012)"},"citationItems":[{"id":2288,"uris":["http://zotero.org/users/local/gITejLE9/items/3T2VL62I"],"uri":["http://zotero.org/users/local/gITejLE9/items/3T2VL62I"],"itemData":{"id":2288,"type":"paper-conference","title":"Enhancing WPS security","container-title":"2012 IFIP Wireless Days","publisher":"IEEE","page":"1-3","ISBN":"1-4673-4404-4","author":[{"family":"Zisiadis","given":"Dimitris"},{"family":"Kopsidas","given":"Spyros"},{"family":"Varalis","given":"Argyris"},{"family":"Tassiulas","given":"Leandros"}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Zisiadis et al., 2012). Push button setup method is not provided in all of the devices supporting the WPS protocol. It also defines two out of the band authentication methods known as the use of universal serial bus devices and NFC tags. But these authentication methods are not used in common access point devices. Stefan Viehbock was a researcher who discovered severe vulnerabilities in the WPS protocol. The vulnerabilities make the brute force attacks a real problem in access points configured for WPS protocol.

Design flaws present in the WPS protocol allows an attacker to compromise the PIN code of the public wifi network. As it is the most suitable method for setting up a public hotspot using a wireless access point router. Push button standard cannot be used in public wifi hotspots. PIN code authentication mechanism of the WPS can be hijacked using social engineering tactics. In most of the practical scenarios, the PIN code will be publicly available and the attacker will not have to design a social engineering attack to obtain the PIN code ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2e304f5f1l","properties":{"formattedCitation":"(Petiz et al., 2013)","plainCitation":"(Petiz et al., 2013)"},"citationItems":[{"id":2291,"uris":["http://zotero.org/users/local/gITejLE9/items/A679XEPY"],"uri":["http://zotero.org/users/local/gITejLE9/items/A679XEPY"],"itemData":{"id":2291,"type":"article-journal","title":"Detection of WPS attacks based on multiscale traffic analysis","container-title":"Recent Advances in Communications and Networking Technology (Formerly Recent Patents on Telecommunication)","page":"127-139","volume":"2","issue":"2","author":[{"family":"Petiz","given":"Ivo"},{"family":"Rocha","given":"Eduardo"},{"family":"Salvador","given":"Paulo"},{"family":"Nogueira","given":"António"}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Petiz et al., 2013). As per the scenario, the PIN code is readily available to the attacker and the attacker can connect to the public hotspot. After successfully connecting to the network, the attacker may gain full control of the network and in the worst case scenario can re-flash the firmware of the wifi router. Re-flashing the public wifi hotspot router with a custom Linux kernel firmware will allow the attacker to intercept all of the traffic being routed through the access point. All of the logical measures will be useless in the prevention of these attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"at07nf4geu","properties":{"formattedCitation":"(Orukpe et al., 2013)","plainCitation":"(Orukpe et al., 2013)"},"citationItems":[{"id":2294,"uris":["http://zotero.org/users/local/gITejLE9/items/35CWFR5X"],"uri":["http://zotero.org/users/local/gITejLE9/items/35CWFR5X"],"itemData":{"id":2294,"type":"paper-conference","title":"Computer Security and Privacy in Wireless Local Area Network in Nigeria","container-title":"International Journal of Engineering Research in Africa","publisher":"Trans Tech Publ","page":"23-33","volume":"9","ISBN":"3-03835-857-6","author":[{"family":"Orukpe","given":"P. E."},{"family":"Erhiaguna","given":"T. O."},{"family":"Agbontaen","given":"F. O."}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Orukpe et al., 2013). Any router with a malicious firmware installed allows the attackers to intercept voice over internet protocol calls as well, significantly breaching individual privacy. The primary motive of cyber-attacks in public wifi hotspots is to compromise the security and privacy of connected devices ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1sfu5cjikf","properties":{"formattedCitation":"(A. Sanatinia et al., 2013)","plainCitation":"(A. Sanatinia et al., 2013)"},"citationItems":[{"id":2231,"uris":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"uri":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"itemData":{"id":2231,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","page":"430-437","source":"IEEE Xplore","event":"2013 IEEE Conference on Communications and Network Security (CNS)","abstract":"WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.","DOI":"10.1109/CNS.2013.6682757","shortTitle":"Wireless spreading of WiFi APs infections using WPS flaws","author":[{"family":"Sanatinia","given":"A."},{"family":"Narain","given":"S."},{"family":"Noubir","given":"G."}],"issued":{"date-parts":[["2013",10]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (A. Sanatinia et al., 2013). Attackers steal banking credentials and authentication credentials for various online platforms such as social media networks and then trade compromised credentials in dark web markets for monetary benefits.

Methodology:

Cyber-attacks are turning into a profitable industry. The primary motive of cyber-criminals is to use information technologies for monetary benefits by employing illegal, often dangerous methods. Exponential penetration of mobile devices in human lives and reliance on social media have made it compulsory to have an active internet connection. The advent of wi-fi networks solved the connectivity problem of these mobile gadgets. Cloud computing era has created an enormous pressure on wifi networks and network service providers to ensure connectivity and minimize the service downtimes. Quality of service to maintain the requirement of high availability is managed through the introduction of public wifi hotspots. Originally the purpose of deployment of the public wifi hotspots was to facilitate the end users and to meet their connectivity requirements. As the internet itself was not designed with much security in mind, any service offered at the top of an existing infrastructure of the internet will be inherently insecure such as public wifi hotspots. As discussed in the literature review, public wifi hotspots pose a serious risk to the security and privacy of users while they are using the network.

Freemium model of public wifi hotspot service and the temptation of the public to use the service has made it a paradise of cyber-criminals. They are always on their toes to compromise public wifi networks as the valuable information that can be extracted by compromising a public hotspot is worth the effort for criminals. Moreover, it is not as much difficult to hack a public wifi router due to security design flaws as compared to hack a server having strict security controls. Public wifi hotspots provide a direct link of interaction with the public. Therefore, qualitative research methodology is best suitable to analyze the behaviour of people using public wifi hotspots and threats encountered by them. The methodology employed in the research study involves the analysis of published case studies and qualitative reviews of published qualitative reports providing insight into the threats experienced by the public hotspot users. Qualitative method is chosen for research as it provides granular visibility and maximum details of an event. It provides independence to the researcher analyzing a data source. If valuable information is not available via one source the researcher can freely choose another source of data providing valuable information about the issues. Experimental results are analyzed by various researchers from their qualitative publications to understand the broad range of targeted threats to public wifi hotspots and recommendations are made to make the public wifi ecosystem more secure in general.

A case study of public wifi network secured using WPS security by the researchers Amirali, Sashank, and Guevara revealed many flaws and their possible exploitation techniques. They conducted tests on public wifi networks in an urban area compromising of at least twenty public wifi hotspots ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"aq4aj6qun7","properties":{"formattedCitation":"(A. Sanatinia et al., 2013)","plainCitation":"(A. Sanatinia et al., 2013)"},"citationItems":[{"id":2231,"uris":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"uri":["http://zotero.org/users/local/gITejLE9/items/A22X3PMM"],"itemData":{"id":2231,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","page":"430-437","source":"IEEE Xplore","event":"2013 IEEE Conference on Communications and Network Security (CNS)","abstract":"WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.","DOI":"10.1109/CNS.2013.6682757","shortTitle":"Wireless spreading of WiFi APs infections using WPS flaws","author":[{"family":"Sanatinia","given":"A."},{"family":"Narain","given":"S."},{"family":"Noubir","given":"G."}],"issued":{"date-parts":[["2013",10]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (A. Sanatinia et al., 2013). All of the routers installed in public hotspots being studied were configured to use PIN code authentication with WPS security protocol. As per the previously discovered flaws in WPS security design such routers can be used in various forms of attacks such as the man in the middle attacks, phishing, DNS pharming etc. All of such attacks are possible due to the compromised firmware flashing vulnerability present in WPS protocol. During their study, they successfully flashed custom firmware in routers present in public wifi hotspots. Custom flash allowed them to analyze traffic being forwarded through the network. Majority of people connecting to such wi-fi networks use handheld devices such as mobile phones. Android is the most popular mobile device operating system was found to be installed in almost 85% devices connecting to the compromised access points.

Capturing all of the network traffic revealed that 8% of applications installed on android phones connected to the compromised access points were prone to man-in-the-middle attacks. Applications using transport layer security can be tricked into sending malicious traffic to other users even outside of the compromised network. They discovered that even an antivirus application installed on the mobile device can be tricked into accepting false security updates. They intercepted the communication of antivirus applications installed on the mobile devices and manipulated the received packets at the compromised router ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"aru5b1ui8s","properties":{"formattedCitation":"(Amirali Sanatinia et al., 2013)","plainCitation":"(Amirali Sanatinia et al., 2013)"},"citationItems":[{"id":2297,"uris":["http://zotero.org/users/local/gITejLE9/items/MWHTQD2P"],"uri":["http://zotero.org/users/local/gITejLE9/items/MWHTQD2P"],"itemData":{"id":2297,"type":"paper-conference","title":"Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study","container-title":"2013 IEEE Conference on Communications and Network Security (CNS)","publisher":"IEEE","page":"430-437","ISBN":"1-4799-0895-9","author":[{"family":"Sanatinia","given":"Amirali"},{"family":"Narain","given":"Sashank"},{"family":"Noubir","given":"Guevara"}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Amirali Sanatinia et al., 2013). They forwarded the antivirus definition packets to the mobile antivirus applications and applications were fooled into accepting the packets as legitimate updates. The user ended up infecting their device with malicious code that can allow remote control of handheld devices as well while having a false sense of security ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"add9ee9oua","properties":{"formattedCitation":"(Leroy et al., 2011)","plainCitation":"(Leroy et al., 2011)"},"citationItems":[{"id":2308,"uris":["http://zotero.org/users/local/gITejLE9/items/4F35Z9SX"],"uri":["http://zotero.org/users/local/gITejLE9/items/4F35Z9SX"],"itemData":{"id":2308,"type":"article-journal","title":"SWISH: secure WiFi sharing","container-title":"Computer Networks","page":"1614-1630","volume":"55","issue":"7","author":[{"family":"Leroy","given":"Damien"},{"family":"Detal","given":"Gregory"},{"family":"Cathalo","given":"Julien"},{"family":"Manulis","given":"Mark"},{"family":"Koeune","given":"François"},{"family":"Bonaventure","given":"Olivier"}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Leroy et al., 2011). The security application reported the user as their device is secure. The design flaw of WPS can be manipulated in many ways and allow direct control of not only the access point but the client devices as well.

In another study, researchers discovered many severe flaws in public hotspots. Most of the analyzed public wifi routers and access points were not configured for user authentication to provide simplicity and usability. As discussed in the literature, there exists a strong tradeoff between security and usability of any device. A device that is not connected to anything including the power source can be considered as more secure in comparison to a network connected device. On the other hand, the same device will be limited in functionality that it can provide to the user and will turn into a useless piece of the machine ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a28t13okifs","properties":{"formattedCitation":"(Cheng et al., 2013)","plainCitation":"(Cheng et al., 2013)"},"citationItems":[{"id":2302,"uris":["http://zotero.org/users/local/gITejLE9/items/9LXC65TT"],"uri":["http://zotero.org/users/local/gITejLE9/items/9LXC65TT"],"itemData":{"id":2302,"type":"paper-conference","title":"Characterizing privacy leakage of public wifi networks for users on travel","container-title":"2013 Proceedings IEEE INFOCOM","publisher":"IEEE","page":"2769-2777","ISBN":"1-4673-5946-7","author":[{"family":"Cheng","given":"Ningning"},{"family":"Wang","given":"Xinlei Oscar"},{"family":"Cheng","given":"Wei"},{"family":"Mohapatra","given":"Prasant"},{"family":"Seneviratne","given":"Aruna"}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cheng et al., 2013). Therefore, security is about finding a unique trade-off between reasonable security without significantly compromising on the usability of the system. Security researchers deployed a wifi access point at a public place with port mirroring to their command and control server. All of the traffic from client devices was routed through their command and control server analyzing the traffic. They discovered that none of the connected clients was configured to use any type of encryption for data security. Packet contents were easily decrypted and analysed exposing vulnerabilities in connected mobile devices applications. It was hard for the attackers to decrypt packets transmitted from the laptop as they were encrypted using transport layer security ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a8qjvp8269","properties":{"formattedCitation":"(M. Li et al., 2016)","plainCitation":"(M. Li et al., 2016)"},"citationItems":[{"id":2305,"uris":["http://zotero.org/users/local/gITejLE9/items/2KHBB87T"],"uri":["http://zotero.org/users/local/gITejLE9/items/2KHBB87T"],"itemData":{"id":2305,"type":"paper-conference","title":"When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals","container-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","publisher":"ACM","page":"1068-1079","ISBN":"1-4503-4139-X","author":[{"family":"Li","given":"Mengyuan"},{"family":"Meng","given":"Yan"},{"family":"Liu","given":"Junyi"},{"family":"Zhu","given":"Haojin"},{"family":"Liang","given":"Xiaohui"},{"family":"Liu","given":"Yao"},{"family":"Ruan","given":"Na"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (M. Li et al., 2016). There exists a unified opinion that public wifi networks no matter how secure they are claimed to contain severe vulnerabilities compromising privacy and security of connected clients.

Experiments:

Experiments are an ideal way of understanding the situation in any particular scientific problem. During the research study to verify the claims of security vulnerabilities and threats to public wifi networks three limited experiments were performed. In one of the experiments, an open wifi connection was made available to the public without any requirement of user authentication. For simplicity purpose, all of the wifi access points were configured in the same public place with different SSID's broadcasted to nearby devices and with different security protocols of authentication. The goals were to identify what is the behaviour of the general public regarding the use of public wifi hotspot networks. All of the network through the access points was monitored using packet sniffers and a dedicated computer for software packet analysis. The first access point was configured for open connection and was configured to allow a maximum number of stations to be linked with the router ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ao0hatj2po","properties":{"formattedCitation":"(Santoso and Vun, 2015)","plainCitation":"(Santoso and Vun, 2015)"},"citationItems":[{"id":2312,"uris":["http://zotero.org/users/local/gITejLE9/items/QR5WXCMK"],"uri":["http://zotero.org/users/local/gITejLE9/items/QR5WXCMK"],"itemData":{"id":2312,"type":"paper-conference","title":"Securing IoT for smart home system","container-title":"2015 International Symposium on Consumer Electronics (ISCE)","publisher":"IEEE","page":"1-2","ISBN":"1-4673-7365-6","author":[{"family":"Santoso","given":"Freddy K."},{"family":"Vun","given":"Nicholas CH"}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Santoso and Vun, 2015). The traffic was forwarded to a software configured router that was performing traffic analysis.

A controlled instance of the machine running the analysis program was also used to deliver a malicious payload to connected devices. It was a step taken towards measuring the security implementation of mobile devices using different operating systems. The method helped in identification of operating system vulnerabilities as well but most of the vulnerabilities were platform dependent. The largest number of connections were made to the open public wifi hotspot device leaving the other two devices. Ransomware payload was successfully delivered to the connected devices using man in the middle packet analysis and modification attack. Packet contents were changed and optimized for malicious attacks independent of the host application. In the case of the second wifi hotspot device WPA2-PSK encryption was used ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"atmrsbvl6r","properties":{"formattedCitation":"(Sathiaseelan et al., 2013)","plainCitation":"(Sathiaseelan et al., 2013)"},"citationItems":[{"id":2315,"uris":["http://zotero.org/users/local/gITejLE9/items/FVREIG45"],"uri":["http://zotero.org/users/local/gITejLE9/items/FVREIG45"],"itemData":{"id":2315,"type":"paper-conference","title":"Virtual public networks","container-title":"2013 Second European Workshop on Software Defined Networks","publisher":"IEEE","page":"1-6","ISBN":"1-4799-2433-4","author":[{"family":"Sathiaseelan","given":"Arjuna"},{"family":"Rotsos","given":"Charalampos"},{"family":"Sriram","given":"C. S."},{"family":"Trossen","given":"Dirk"},{"family":"Papadimitriou","given":"Panagiotis"},{"family":"Crowcroft","given":"Jon"}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sathiaseelan et al., 2013). The key to connect with the wifi connection was also made public so, that people can configure their connections. Phishing, man in the middle traffic analysis, and malware spreading attacks were carried out using this network as well.

In the case of a third wifi hotspot, the access point was configured to use WPA2-AES encryption with extensible user authentication protocol. The access point was configured to warn the connected devices if they are not using the virtual private network. The goal was achieved by inspecting the received packets from the client device connecting to the network. The connection to the access point was not terminated even if the client device does not have the virtual private network available. The experimental setup was configured in this way to understand the behaviour of the general public regarding the use of free internet available to them in the form of public hotspots. User behaviour is an important factor in the security of any system either a public wifi network or a corporate network having strict security controls ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a21aq88phi6","properties":{"formattedCitation":"(Y. Li et al., 2016)","plainCitation":"(Y. Li et al., 2016)"},"citationItems":[{"id":2318,"uris":["http://zotero.org/users/local/gITejLE9/items/H5P2ULJV"],"uri":["http://zotero.org/users/local/gITejLE9/items/H5P2ULJV"],"itemData":{"id":2318,"type":"article-journal","title":"Privacy-preserving location proof for securing large-scale database-driven cognitive radio networks","container-title":"IEEE Internet of Things Journal","page":"563-571","volume":"3","issue":"4","author":[{"family":"Li","given":"Yi"},{"family":"Zhou","given":"Lu"},{"family":"Zhu","given":"Haojin"},{"family":"Sun","given":"Limin"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Y. Li et al., 2016). Most of the time dangerous activity is initiated with the permission of user as the devices are not able to authenticate any forged request. The possibility of malicious activity cannot be completely ruled out as there are various techniques actively used by the criminals to make this happen. However, an informed decision will subsequently reduce the risk of compromised information even in public wifi networks.

Results Analysis:

During the experimental stage of study three different types of access points were configured for the general public. The results of the experiments were completely in accordance with the reports studied in the literature review. As per the general public behaviour of using public wifi hotspots, there were many factors affecting the user decision. Most of the handheld devices of today such as mobile phones and tablet computers have high-speed cellular connections having third and fourth generation of network connectivity. However, people tend to connect to public wifi hotspots due to high speed and low price of free connectivity. Regarding laptops, there is a trend being popular between the device manufacturers that they have gradually removed the possibility of wired connections on laptops. Therefore, there is no other option for people than using a wireless connection such as freely available public wifi hotspot.

As in the case of the experiment, most of the clients were connected to the open network not protected with any type of authentication as similar is the case with almost 48%public wifi hotspots. It was due to the fact that most of the people do not bother to turn off their wifi connections on their devices even if they are not actively using the connection. Users of such devices are more prone to cyber-attacks associated with public wifi hotspots as compared to other users. During network analysis, all of the users having an automatic connection to the open access point were infected with adware ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"acndunj6ju","properties":{"formattedCitation":"(Hooper et al., 2016)","plainCitation":"(Hooper et al., 2016)"},"citationItems":[{"id":2321,"uris":["http://zotero.org/users/local/gITejLE9/items/9RPEJXH8"],"uri":["http://zotero.org/users/local/gITejLE9/items/9RPEJXH8"],"itemData":{"id":2321,"type":"paper-conference","title":"Securing commercial wifi-based uavs from common security attacks","container-title":"MILCOM 2016-2016 IEEE Military Communications Conference","publisher":"IEEE","page":"1213-1218","ISBN":"1-5090-3781-0","author":[{"family":"Hooper","given":"Michael"},{"family":"Tian","given":"Yifan"},{"family":"Zhou","given":"Runxuan"},{"family":"Cao","given":"Bin"},{"family":"Lauf","given":"Adrian P."},{"family":"Watkins","given":"Lanier"},{"family":"Robinson","given":"William H."},{"family":"Alexis","given":"Wlajimir"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hooper et al., 2016). Adware is a type of malicious software that tricks users into the installation of fake products and compromises the privacy of the user. Many users were using or checking their bank account details without even noticing that they are connected to an unknown network automatically. Banking credentials of the majority of users along with their personal messages sent from applications not supporting an end to end encryption were obtained.

Even if the devices were not configured to auto-connect to the available network all the time people preferred to connect to the open network. In comparison, almost 76% of devices were connected to the open wifi hotspot potentially allowing attackers to compromise their data. A low percentage of only 22% of users opted for the password protected network. Thus making their connections more secure as compared to the people using the open network. Their network communication was encrypted using transport layer security but the man in the middle attacks was still possible. As the initial authentication messages between the access point and the client device were intercepted by the attacker ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2pj1dpaqi9","properties":{"formattedCitation":"(Dalton et al., 2014)","plainCitation":"(Dalton et al., 2014)"},"citationItems":[{"id":2324,"uris":["http://zotero.org/users/local/gITejLE9/items/7A8KGGQG"],"uri":["http://zotero.org/users/local/gITejLE9/items/7A8KGGQG"],"itemData":{"id":2324,"type":"paper-conference","title":"Exploiting the network for securing personal devices","container-title":"Cyber Security and Privacy Forum","publisher":"Springer","page":"16-27","author":[{"family":"Dalton","given":"Chris"},{"family":"Lioy","given":"Antonio"},{"family":"Lopez","given":"Diego"},{"family":"Risso","given":"Fulvio"},{"family":"Sassu","given":"Roberto"}],"issued":{"date-parts":[["2014"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Dalton et al., 2014). An attacker having such information can spoof the MAC address of the device and even breach the security of WPA network as well. Potential vulnerabilities of the protocol identified in literature were found to be completely exploitable with no fix or patch available to users.

Only a fraction of two per cent people connected to a secure network using WPA2 with AES encryption enabled. However, when they received warning that their connection is not secure and their information can be compromised by an attacker they immediately switched to open network. Therefore, the security and usability tradeoff altered the decision of the user in this particular case. User switched to a less secure network due to a poorly designed warning. Moreover, most of the mobile devices support software-defined access points. Any malicious actor can turn his device into a secondary or rogue access point for a wifi network in an attempt to harvest user credentials ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2la4ecksh4","properties":{"formattedCitation":"(Durbin, 2016)","plainCitation":"(Durbin, 2016)"},"citationItems":[{"id":2327,"uris":["http://zotero.org/users/local/gITejLE9/items/G4JBUDN5"],"uri":["http://zotero.org/users/local/gITejLE9/items/G4JBUDN5"],"itemData":{"id":2327,"type":"book","title":"Apparatus, method, and system for securing a public wireless network","publisher":"Google Patents","author":[{"family":"Durbin","given":"Mark"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Durbin, 2016). All these vulnerabilities and attacks combined to make the wifi infrastructure more insecure. As most of the common gadgets are being connected to the internet forming an internet of things without considering usable security we will be building an internet of threats instead of the internet of things.

Recommendations and Conclusion:

The features that make a public wifi hotspot attractive to the users also make it paradise for cyber-criminals. Despite having a data plan for cellular broadband network connections, users still tend to use public wifi hotspots as they are usually provided free of cost. However, as per the research findings, a free public wifi hotspot is not entirely free. It is certainly free as there are no monetary fees associated with it, but the users have to pay through their security and privacy while using a public wifi hotspot. Public wifi hotspots devices often disable recommended security features to increase the usability for end users compromising the security and confidentiality of private data. Public wifi networks are prone to phishing, malware attacks, hacker attacks, DNS spoofing, phishing and spamming ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1r0h9cqlgf","properties":{"formattedCitation":"(Taha and Shen, 2012)","plainCitation":"(Taha and Shen, 2012)"},"citationItems":[{"id":2331,"uris":["http://zotero.org/users/local/gITejLE9/items/IC56K9Z9"],"uri":["http://zotero.org/users/local/gITejLE9/items/IC56K9Z9"],"itemData":{"id":2331,"type":"paper-conference","title":"A link-layer authentication and key agreement scheme for mobile public hotspots in NEMO based VANET","container-title":"2012 IEEE Global Communications Conference (GLOBECOM)","publisher":"IEEE","page":"1004-1009","ISBN":"1-4673-0921-4","author":[{"family":"Taha","given":"Sanaa"},{"family":"Shen","given":"Xuemin"}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Taha and Shen, 2012). All these threats and their corresponding tools are used by criminals to harvest personally identifiable information of users.

The only way of making public wifi hotspots safe to use is through following precaution and safe browsing habits. User education is inevitable to make public wifi hotspots secure enough to be used for the financial transaction. All of the public wifi hotspot routers must be configured for WPA2 with AES encryption to protect the confidentiality, integrity, availability, and non-repudiation of data. Although there are flaws in the WPA2 security protocol as well those flaws cannot be exploited by hackers with ease as compared to other security protocols. A simple way of securing a public wifi hotspot is to disable WPS on the access point ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2ob2hieu9o","properties":{"formattedCitation":"(Srinivasan and Wu, 2018)","plainCitation":"(Srinivasan and Wu, 2018)"},"citationItems":[{"id":2334,"uris":["http://zotero.org/users/local/gITejLE9/items/KST6LXD7"],"uri":["http://zotero.org/users/local/gITejLE9/items/KST6LXD7"],"itemData":{"id":2334,"type":"article-journal","title":"VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins","container-title":"International Journal of Security and Networks","page":"153-168","volume":"13","issue":"3","author":[{"family":"Srinivasan","given":"Avinash"},{"family":"Wu","given":"Jie"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Srinivasan and Wu, 2018). Most of the modern devices are preconfigured to use WPS for ease of use. Unfortunately, some devices do not even provide a configuration option to turn it off. While deploying a public wifi hotspot device it must be disabled for WPS. Users must be advised to use virtual private networks while they are using public wifi hotspots. It must be ensured that information is being transmitted on a public wifi network using a secure sockets layer connection that makes it difficult for hackers to intercept the communication.

It has been observed that people keep there wifi connection active even if they are not using it. The problem with such configuration as it is explained in the experiments that it will connect to available networks regardless of their security condition. The security on public wifi networks is interrelated for the deploying person and for the users of the service as well. The person deploying a public wifi hotspot must make sure that it is configured for WPA2 with AES to ensure the security. On the other hand, the user must ensure the security of their device and must avoid the use of financial services while on public wifi networks. Those are the only recommended measures that can help in securing public wifi networks. Otherwise, public wifi hotspots are security and privacy hazards and must be avoided at all costs.

References

ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Abo-Soliman, M.A., Azer, M.A., 2018a. Enterprise WLAN Security Flaws: Current Attacks and relative Mitigations, in: Proceedings of the 13th International Conference on Availability, Reliability and Security. ACM, p. 34.

Abo-Soliman, M.A., Azer, M.A., 2018b. Tunnel-Based EAP Effective Security Attacks WPA2 Enterprise Evaluation and Proposed Amendments, in: 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). IEEE, pp. 268–273.

Agbeboaye, C., Akpojedje, F.O., Okoekhian, J., 2018. SECURITY THREATS ANALYSIS OF WIRELESS LOCAL AREA NETWORK. Compusoft 7, 2773–2779.

Azeez, N.A., Chinazo, O.J., 2018. ACHIEVING DATA AUTHENTICATION WITH HMAC-SHA256 ALGORITHM. Comput. Sci. Telecommun. 54.

Cheng, N., Wang, X.O., Cheng, W., Mohapatra, P., Seneviratne, A., 2013. Characterizing privacy leakage of public wifi networks for users on travel, in: 2013 Proceedings IEEE INFOCOM. IEEE, pp. 2769–2777.

Čisar, P., Čisar, S.M., 2018. ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT. Ann. Fac. Eng. Hunedoara 16, 181–186.

Dalton, C., Lioy, A., Lopez, D., Risso, F., Sassu, R., 2014. Exploiting the network for securing personal devices, in: Cyber Security and Privacy Forum. Springer, pp. 16–27.

Dawood, O.A., Hammadi, O.I., Asman, T.K., 2018. Developing a New Secret Symmetric Algorithm for Securing Wireless Applications, in: 2018 1st Annual International Conference on Information and Sciences (AiCIS). IEEE, pp. 152–158.

Dey, B., Vishnu, S.S., Swarnkar, O.S., 2018. An efficient dynamic key based EAP authentication framework for future IEEE 802.1 x Wireless LANs, in: Proceedings of the 2nd International Conference on Digital Signal Processing. ACM, pp. 125–131.

Durbin, M., 2016. Apparatus, method, and system for securing a public wireless network. Google Patents.

Esser, A., Serrao, C., 2018. Wi-Fi network testing using an integrated Evil-Twin framework, in: 2018 Fifth International Conference on Internet of Things: Systems, Management and Security. IEEE, pp. 216–221.

Gunawan, T.S., Lim, M.K., Kartiwi, M., Malik, N.A., Ismail, N., 2018. Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks. Indones. J. Electr. Eng. Comput. Sci. 12, 729–737.

Hooper, M., Tian, Y., Zhou, R., Cao, B., Lauf, A.P., Watkins, L., Robinson, W.H., Alexis, W., 2016. Securing commercial wifi-based uavs from common security attacks, in: MILCOM 2016-2016 IEEE Military Communications Conference. IEEE, pp. 1213–1218.

Leroy, D., Detal, G., Cathalo, J., Manulis, M., Koeune, F., Bonaventure, O., 2011. SWISH: secure WiFi sharing. Comput. Netw. 55, 1614–1630.

Li, M., Meng, Y., Liu, J., Zhu, H., Liang, X., Liu, Y., Ruan, N., 2016. When CSI meets public WiFi: Inferring your mobile phone password via WiFi signals, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp. 1068–1079.

Li, Y., Zhou, L., Zhu, H., Sun, L., 2016. Privacy-preserving location proof for securing large-scale database-driven cognitive radio networks. IEEE Internet Things J. 3, 563–571.

Orukpe, P.E., Erhiaguna, T.O., Agbontaen, F.O., 2013. Computer Security and Privacy in Wireless Local Area Network in Nigeria, in: International Journal of Engineering Research in Africa. Trans Tech Publ, pp. 23–33.

Petiz, I., Rocha, E., Salvador, P., Nogueira, A., 2013. Detection of WPS attacks based on multiscale traffic analysis. Recent Adv. Commun. Netw. Technol. Former. Recent Pat. Telecommun. 2, 127–139.

Potter, B., 2003. Wireless security’s future. IEEE Secur. Priv. 99, 68–72. https://doi.org/10.1109/MSECP.2003.1219074

Realpe, L.F.E., Parra, O.J.S., Velandia, J.B., 2018. Use of KRACK Attack to Obtain Sensitive Information, in: International Conference on Mobile, Secure, and Programmable Networking. Springer, pp. 270–276.

Reddy, S.V., Ramani, K.S., Rijutha, K., Ali, S.M., Reddy, C.P., 2010. Wireless hacking-a WiFi hack by cracking WEP, in: 2010 2nd International Conference on Education Technology and Computer. IEEE, pp. V1-189-V1-193.

Sanatinia, A., Narain, S., Noubir, G., 2013. Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study, in: 2013 IEEE Conference on Communications and Network Security (CNS). Presented at the 2013 IEEE Conference on Communications and Network Security (CNS), pp. 430–437. https://doi.org/10.1109/CNS.2013.6682757

Sanatinia, A., Narain, S., Noubir, G., 2013. Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study, in: 2013 IEEE Conference on Communications and Network Security (CNS). IEEE, pp. 430–437.

Santoso, F.K., Vun, N.C., 2015. Securing IoT for smart home system, in: 2015 International Symposium on Consumer Electronics (ISCE). IEEE, pp. 1–2.

Sathiaseelan, A., Rotsos, C., Sriram, C.S., Trossen, D., Papadimitriou, P., Crowcroft, J., 2013. Virtual public networks, in: 2013 Second European Workshop on Software Defined Networks. IEEE, pp. 1–6.

Srinivasan, A., Wu, J., 2018. VOUCH-AP: privacy preserving open-access 802.11 public hotspot AP authentication mechanism with co-located evil-twins. Int. J. Secur. Netw. 13, 153–168.

Taha, S., Shen, X., 2012. A link-layer authentication and key agreement scheme for mobile public hotspots in NEMO based VANET, in: 2012 IEEE Global Communications Conference (GLOBECOM). IEEE, pp. 1004–1009.

Terkawi, A., Innab, N., 2018. Major Impacts of Key Reinstallation Attack on Internet of Things System, in: 2018 21st Saudi Computer Society National Computer Conference (NCC). IEEE, pp. 1–6.

Tews, E., Beck, M., 2009. Practical attacks against WEP and WPA, in: Proceedings of the Second ACM Conference on Wireless Network Security. ACM, pp. 79–86.

Tews, E., Weinmann, R.-P., Pyshkin, A., 2007. Breaking 104 bit WEP in less than 60 seconds, in: International Workshop on Information Security Applications. Springer, pp. 188–202.

Watanabe, Y., Iriyama, T., Morii, M., 2017. Proposal of WEP Operation with Strong IV and Its Implementation. J. Inf. Process. 25, 288–295.

Wen, Y., Liu, T., 2018. WIFI Security Certification through Device Information, in: 2018 International Conference on Sensor Networks and Signal Processing (SNSP). IEEE, pp. 302–305.

Zisiadis, D., Kopsidas, S., Varalis, A., Tassiulas, L., 2012. Enhancing WPS security, in: 2012 IFIP Wireless Days. IEEE, pp. 1–3.

TOPIC: How Computer Science Is Playing A Crucial Role To Diagnose ( One Specific Medical Issue You Can Chose, And Write Technical Report On That ) In Human Body?

[Your Name]

[Instructor Name]

[Course Number]

[Date]

PROSTHETIC ARM

Abstract: This project focuses on the design of a myogenic prosthetic arm to mimic the movement of human arm. A huge increase has occurred in the prostheses for patients with upper limb amputations in recent years. Current prosthetic hands have minimal usability and are costly. Our goal was to design a cost-effective prosthetic hand model. This paper provides the source for a prosthetic limb by examining alternative mechanisms for acquiring and transmitting data.

The prosthetic arm is designed to provide the tactile perceptions experienced by the human body by integrating a network of sensors into the nervous system and operating the arm on the basis of feedback received from these sensors. Coordinate reference systems are used for the transformation of input signals into the desired output. Our proposed model works using electromyogenic (EMG) signals generated by muscle contractions. Our design has increased degree of freedom and the number of grip patterns. In addition to driven thumb roll articulation, which is not seen in commercial products, the novel model includes five independently actuated fingers. Besides that, it exhibits the full range of motion required to grab an object.

INTRODUCTION

Prosthesis is a medical device that structurally and functionally replaces an arm. The human hand is a complex piece of biological equipment. There are many people who have lost limbs through accidents or by birth and have to face a lot of problems in performing the normal activities of life. Due to advances in engineering and computer science technology, prosthetic limbs are designed as a substitute so that amputees can perform the normal activities easily. Researchers are trying to improve them but despite these technological advances, they are still limited in terms of their amount of sensory feedback received, degrees of freedom and methods of distinguishing various grip patterns of human hands. Most amputees expressed a desire for improved mobility, higher grasping speeds and powers, natural movement and object contact and enhanced cosmetic appearance. Some improvements have been made to increase the number of degrees of freedom and reduce the weight of the prosthetic arm such as the use of under actuated mechanisms and shape memory alloy actuators. The high degree of flexibility and mobility of the hand and more robust control schemes are needed. The upper limb prostheses still have sufficient room for improvement. [1]

LITERATURE REVIEW

A large number of institutions have done research on the design and construction of robotic arm. The main focus of the previously designed robotic hand designs was on the mechanical problems that is functioning and designing. Different methods of actuation were used. The Novel Dexterous Hand uses motors to operate the finger joints. These motors are attached through cables much like the tendons in the human hand. With the help of a series of cables, the movement of motors is transmitted to the fingers. Some designs for example Anthroform Arm have actuators that directly transmit the power to the joint. It uses pneumatic 'muscles' to imitate the human arm's muscles that are directly connected to the ' bones' . They have also used wires made up of SMA alloys to provide strength and to transmit motion. When heated, these wires contract and return when cooled to their initial shape. Most prostheses are controlled using non-intuitive methods. No research has been found investigating prothesis control directly from the neural network of the body. This project is trying to lay the foundation for an arm with an intuitive control method that can imitate the human arm.(Cloutier and Yang)

OUR DESIGNED MODEL

STRUCTURE

The prototype of our model consists of a network of four fingers and a thumb attached to palm of a hand. The hand holds a micro-controller and a battery. A servo motors are used to provide actuation through a series of pulleys. They are basically used to actuate the fingers. These motors have built in encoders that helps motor can to rotate to a specific angle using pulse width modulation. Many options are provided for signal input and control algorithms. The prototype model is designed in AutoCAD and is 3D printed. (Harvey and Longstaff)

WORKING

We have designed a prosthetic arm that works on the basis of Myoelectric signals. In this technology, muscles in your residual limb drive the body. These muscles can be contracted to produce electrical signals to move the arm. Electrodes are put on the skin. These electrodes are used to read the muscle contractions and on the basis of these readings, the arms move.

After acquiring EMG data, it is amplified through amplifier which is connected to a PC for data storage. On a computer screen, auditory and visual animated signals are displayed and used to synchronize with the information. The obtained signal is sampled and bandpass filtered. The filtered signal is then passed to the microcontroller which then maps the value of the signal with the range of gesture value already stored in the microcontroller. The final signal obtained is then passed to the servo motors and on the basis of this signal, the servo motors perform the desired gesture. (Harvey and Longstaff)

FUTURE WORK

Many areas require more research and development in order to enable the prosthetic to act as part of the neural network of the human body. It is important to investigate the rates of appropriate neuron stimulation without cell damage. It is also necessary to determine the technique of adding the prosthetic to the human nervous system. The acquired data through EMG signals in to produce the desired movement must be defined on the basis of the selected data point. Besides that, you can also incorporate machine learning algorithms to improve its functionality and behavior.

CONCLUSIONS

The project has shown effectively the value of hand design as well as design improvements. By placing electrodes on the skin, we have acquired EMG signals of finger gripping movements. After this, raw EMG signals obtained were amplified and rectified using an EMG acquisition circuit. Then, we designed our own prototype of arm using Solidworks and AutoCAD. Different finger movements are controlled using servo motors. Hence, amputees can install this myoelectric arm which is very affordable in price as compared to other commercially available prosthetics.

REFERENCES

[1] https://web.wpi.edu/Pubs/E-project/Available/Eproject042612145912/unrestricted/MQP_PaulV_Complete_Final_3.pdf

[2] Harvey, David, and Benjamin Longstaff. "THE DEVELOPMENT OF A PROSTHETIC ARM." IEEE n. pag. Print.

[3] Cloutier, Aimee, and James Yang. "CONTROL OF HAND PROSTHESES- A LITERATURE REVIEW." IEEE n. pag. Print.

Transition And Transformation

Transition and Transformation

[Name of the Writer]

[Name of the Institution]

Transition and Transformation

Main Post

CSS transitions and transformation are used in web pages to create simple animations. Transitions allow a user to transform an element from one state to another. It helps to make the element more smooth and gradual. It can also be used on web pages where an element changes from one style to another. There are two properties which are required for the transition which include transition property and transition duration. Transformation is the property which is used to make an element change from one state to another. In other words, it is the property which allows a user to convert an element to two dimensional or three-dimensional space.

Transforms changes of an element can be viewed on the web page when an element changes its states i-e, mouse click or mouse-hover. Both CSS transitions and transformations have different meanings and functionality. However, both are very effective for creating simple animations within just a few lines of code. The syntax of CSS transitions and transformations is very easy, and most of the work is done by browsers. These both features can be integrated onto a website for a downtown restaurant for displaying images using transition timing function property. With this property first, we will set the speed of transition for a specific duration and then we will use the transform translate function to move the images (Joy-Lyn Blake, 2001).

Follow up 1

There are two properties which are used for the transition function which include transition property and transition duration. Transition property is used to specify the CSS property that where we want to apply the transition in the web page. While Transition duration property identifies the time duration of the transition.

Follow up 2

There are certain properties which can be used to apply CSS transformation. A scale is one of the properties that allow to increase or decrease the size of an element. Rotate is another property of CSS transformation that allows rotating the element clockwise or counterclockwise. Moreover, the most important property of CSS transformation is the translate property which moves an element on the basis of x-axis and y-axis.

References

Joy-Lyn Blake. (2001). Cascading style sheets. Computerworld, 35(20), 61. Retrieved from https://search.proquest.com/docview/216076135?accountid=41759

TTF Support Project

TTF support project

[Name of the Writer]

[Name of the Institution]

TTF support project

Service level agreement for ongoing support

Service level agreements are between a service provider and end user. Skillage I.T has made an agreement with a network manager that he is responsible for the maintenance of new network implementation. It is the responsibility of a network engineer in Skillage I.T to create a network maintenance strategy which will help in facilitating a risk-free environment to the company. In SLA, Network engineers duty is to diagnose the problems in the current network design, perform troubleshooting and create a maintenance strategy which will define how to resolve problems in a network1.

Ongoing maintenance support schedule

The maintenance strategy is very important when implementing a network in an organization. It is important to understand the maintenance requirement of the organization before creating a strategy. Maintenance will be performed by Network engineer to prevent errors, diagnose problems, repair errors and update the network with the growth in the organization. Maintenance support schedule includes repairing and replacing defective components, updating network hardware and software according to the current requirements of Skillage I.T, removal of equipment which is unnecessary and monitoring the networks & equipment including their testing.

Change management process

Information technology and technology innovation are responsible for changes in management. Network requirements change with the growth in the organization, so it is essential to monitor the impact of changes in the organization. It is also very important to confirm the feasibility of different changes and control the way that change is undertaken. Building awareness is also very important in managing change. Network engineer must know the size of the network before making any changes. Employee feedbacks are very important in managing change because they can describe their network usage requirements which can help network engineer in improving the current network by understanding the needs of the employees.

End Notes

Hartley, K. L. (2005). Defining effective service level agreements for network operation and maintenance. Bell labs technical journal, 9(4), 139-143.

UML Class Diagram

Domain Diagram of RQC using UML notations to represent the basic structure of Computer Rental Store, data storage and customer details.

Unit 1 Seminar

Unit 1 Seminar

Your Name

School or Institution Name

Unit 1 Seminar

The operating system is the brain of the computer. It controls all the operations of the computer along with its hardware and software. Every function that computer performs by itself or on the command of the user is due to the operating system.

All the computerized devices have some sort of an OS installed in them, from laptop, computers to the smart phones and smart watches, they all function through their operating systems. Windows XP, Windows 7, Windows 8, MAC and Linux all are the examples of the computer operating systems. Whereas Apple, android and windows are the OS for smart phones.

At basic architectural level, operating systems are 32- bit and 64-bit. Before buying a new system or upgrading already existing system, it is essential to know the operating system requirements. Laptops usually run on 64-bit OS. All the OS, from Microsoft to Mac are available in 32- bit and 64-bit versions. If you are considering installing new windows you need to know what kind of OS architecture you have on your PC. For finding the information about the OS, go to “control panel” and then “system and security” and then select “security” option. A page will open that will provide all the information regarding system operation and installed RAM in the computer. After checking the bit requirement of the system, you can download new windows or any other software that is compatible to your system. For example, 64-bit programs require 64-bit OS in the computer. Similarly, you can’t install the 32-bit version of any software on a 64-bit computer or laptop ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"RpDgelVR","properties":{"formattedCitation":"(content & Lifewire, n.d.)","plainCitation":"(content & Lifewire, n.d.)","noteIndex":0},"citationItems":[{"id":1262,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/7SB969ND"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/7SB969ND"],"itemData":{"id":1262,"type":"webpage","title":"32-Bit vs. 64-Bit: What's the Difference?","container-title":"Lifewire","abstract":"What does 64-bit mean? A CPU or an OS that is 32-bit vs 64-bit refers to the whether it uses data in 32-bit or 64-bit pieces.","URL":"https://www.lifewire.com/32-bit-64-bit-2624554","shortTitle":"32-Bit vs. 64-Bit","language":"en","author":[{"family":"content","given":"Tim Fisher Tim Fisher has 30+ years' professional technology support experience He","dropping-particle":"writes troubleshooting"},{"family":"Lifewire","given":"is the General Manager","dropping-particle":"of"}],"accessed":{"date-parts":[["2019",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (content & Lifewire, n.d.).

Similarly, for installing the drivers of the peripheral devices, you need to know if your system is 64-bit or 32-bit. For example, for a 64-bit computer you will need 64-bit driver otherwise the peripheral device won’t work. This information is also necessary if you are considering buying new computer that has more RAM. It is important to know that 32-bit OS don’t have RAM more than 4 GB while 64-bit systems can have RAM more than 4 GB. Also, 64-bit systems are faster and better in performance.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY content, T. F. T. F. has 30+ years’ professional technology support experience H. writes troubleshooting, & Lifewire, is the G. M. of. (n.d.). 32-Bit vs. 64-Bit: What’s the Difference? Retrieved February 5, 2019, from https://www.lifewire.com/32-bit-64-bit-2624554

Unit 10 Assignment

The click-through generation.[Name of the Writer][Name of the Institution]

The current generation is now being called the click-through generation because they had different means of technology and they have grown up having consoles, computers, tablets, smartphones, etc. This generation is more facilitated as compared to the previous generations. However, they have not utilized technology for what it was being introduced for them, and they blame others instead of blaming themselves for the problems which technology has created in their lives.

"The illiterate of the 21st Century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn." – (Alvin Toffler, n.d)

We believe it is time to present a new generation to the world, we have seen the Silent Generation, Baby Boomers, Gen X, Gen Y, and the Millennial Generation. What we believe the generation teachers are beginning to see now is the Click-Through Generation.

A generation is based on the range of birth years of a group of people. Generations can span many years; since people are individuals, not all members of a generation exhibit the same traits CITATION JJo \l 1033 (Jopling, n.d). It is important that we understand the generations and also embrace their uniqueness. Jopling suggests, by examining the values of different generations, we can better understand interpersonal relations and learn to cooperate with others CITATION JJo \l 1033 (Jopling, n.d).

As a Professor I believe we are currently being faced with this new generation of students that are challenging the traditional teaching methods. “Today’s students are no longer the people our educational system was designed to teach” CITATION MPr01 \l 1033 (Prensky, 2001). This generation was born with technology in their hands and they have absolutely no idea of what life was like without the ever present cell phone, laptop, or iPad. These click-through students’ technology expectations surpass any previous generational expectations in that everything can be accomplished on a computer; it is not uncommon to hear – there is an app for that or check out YouTube. If you ask a click-through how long they have been using the internet and a computer, their reply more likely will be “my whole life”. They embrace and use technology efficiently and effectively and they know what they want CITATION JGr14 \l 1033 (Grudin, 2014).

Today’s students are the generation of instant everything from pudding to news. In a nutshell, they want it all and they want it now! This generation is by far the most confident generation and they want to be loved and valued by everyone. They have never had to wait for anything, they have always had what they needed to get by and often they had much more. Thus, their expectations are almost to the entitlement level; I want it, I get it.

Today’s students – K through college – represent the first generations to grow up with this new technology. They have spent their entire lives surrounded by and using computers, videogames, digital music players, video cams, cell phones, and all the other toys and tools of the digital age. Today’s average college grads have spent less than 5,000 hours of their lives reading, but over 10,000 hours playing video games (not to mention 20,000 hours watching TV). Computer games, email, the Internet, cell phones and instant messaging are integral parts of their lives CITATION MPr01 \l 1033 (Prensky, 2001).

The result of this mentality is that they believe they can do no wrong; the rules apply to others and not to them. They have always had someone to pick them up and dust them off so they have little sense of accountability; it is always someone else’s fault when something does not work.

In school, and in particular in an online college or high school course, these click-through students no longer read instructions and they are not willing to take the time to go through a tutorial on how to use an online Learning Management System or Homework System. Rather the click-through generation simply attempts to click-through the homework and then they don’t understand when they get less of a grade than they expected. The excuses are many and they typically focus on how their technology failed them rather than the fact that they simply did not read the directions.

Even though this click-through generation is very well educated, like all young members of every generation they are quite naïve. They don’t think anyone will question their actions and when they are questioned or the evidence trail shows that they did not do as they said they did, they tend to turn a bit hostile and even blame the very technology that they demand. When, at the end of the term, they get a lower grade than they feel they deserve (of course it is an ‘A’) they naturally want to know why. When it is pointed out that they missed an assignment or exam which was listed in the course syllabus they claim that they never knew about it even though they clicked on the ‘I understand’ button on the syllabus, or sent an email stating they read and understood the syllabus. The click-through students are so used to seeing license agreements, terms and conditions, and other acknowledgements (that few people read), they just click the box and move on to the next page.

This new click-through generation will learn differently and we, as educators, will need to learn to teach differently. The authors of this article believe, although a challenge, this new generation will also enhance the way education will change to meet their needs. The need for textbook and lectures may become a thing of the past. The click-through generation will be the motivators of change over the next lustrum. Alvin Toffler was not so far off.

References

BIBLIOGRAPHY Grudin, J. (2014). True Digital Natives. Interactions, 1 – 1.

Jopling, J. (n.d). Understanding Generations. Extension Service Year: 2004, 36-41.

Prensky, M. (2001). Digital Natives Digital Immigrants. On the Horizon, 12-16.

Unit 10 Discussion

Unit 10 Discussion

Your Name (First M. Last)

School or Institution Name (University at Place or Town, State)

Unit 10 Discussion

For writing and type of academic document, it is essential to give credits of all the information that you used in your document, to its author. Citations are ways of crediting the authors for their hard work and research; it is an ethical responsibility and right of the author. Students are required to cite the resources they use for acquiring the information, in their documents. Not citing the sources is considered as plagiarism and it can result in horrible consequences.

Destruction of the credibility

Plagiarism allegation can destroy the reputation of the student and the consequences of which can range from minor punishments to the permanent expulsion from the institution. This stigma stays attached to student's academic record and often becomes the reason for a student to not get admission in other institution. It is a severe offense, and most of the institutions have strict policies against it.

Destruction of professional credibility

Not just the academic humiliation and struggles, but this offense can make a person suffer in his professional life as well. This stigma of a cheater, can destroy one's reputation and make a person look incompetent in the eyes of potential employers. If any such news comes out about the plagiarism, a person's business can also get destroyed, or in case of a job, a person might get fired.

Legal and monetary repercussions

Not citing the resource is a serious offense that can result in legal charges. The original author can sue the plagiarist and send him to jail for years, depending on the degree of cheating. Victim party can even pledge a court to compensate them through monetary penalties. This result occurs typically when a guilty party belongs to some huge media house, magazine or news company. These charges can be in a small amount to the million ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"rR8oPUN0","properties":{"formattedCitation":"(\\uc0\\u8220{}6 Consequences of Plagiarism,\\uc0\\u8221{} n.d.)","plainCitation":"(“6 Consequences of Plagiarism,” n.d.)","noteIndex":0},"citationItems":[{"id":1377,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/NRTZBESU"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/NRTZBESU"],"itemData":{"id":1377,"type":"webpage","title":"6 Consequences of Plagiarism","abstract":"Find out the biggest consequences of plagiarism and how you can avoid plagiarism.","URL":"http://www.ithenticate.com/resources/6-consequences-of-plagiarism","accessed":{"date-parts":[["2019",3,8]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“6 Consequences of Plagiarism,” n.d.).

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY 6 Consequences of Plagiarism. (n.d.). Retrieved March 8, 2019, from http://www.ithenticate.com/resources/6-consequences-of-plagiarism

Unit 10 Seminar

Unit 10 Seminar

[Name of the Writer]

[Name of the Institution]

Unit 10 Seminar

References are most important part of the research papers to explain how with the help of different resources we have conducted our research. They are used to cite sources in the paragraphs and quotes in a research paper to explain from where we copied the content for our research. Sometimes it is important to show cited work with the help of references to avoid plagiarism. There are different citations methods which can be applied to the word document using the refernces tab in the Microsoft word document.

The first step to insert the sources in the references tab is to select the style of citation you want to use in the text. After speifying the style of the citations you will add the sources which can be used in-text citations. In the add sources option, user will specify the type of the source that either it is a book, article, report, etc, and then add the name of the author, year of publishment, page numbers and title of the source. Remember this is for the APA formatting style as different references style have different requirments for adding the information of the source.

The next step is to add in-text citation using the references tab. You will place the cursor after the paragraph or quote where you want to cite the reference and then click the insert citation option from the citation and bibliography to select the source you have added in the sources. After adding the in-text citations, user will create a separate bibliography page with the help of the bibliography option in the references tab and will add the bibliography or references or work cited according to the format of citation. There are different types of documents which include academic documents and literary documents.

Unit 2 Discussion



Unit 2 Discussion

Your Name (First M. Last)

School or Institution Name (University at Place or Town, State)

Unit 2 Discussion

In the modern world, workplaces are turning into digital workstations. Information technology services are an integral part of any business operation. Nowadays it is not feasible in some critical business operations for the administration team to wait for one manager to finish the report. They need to work on a single report collaboratively. Modern information technology tools such as OneDrive has made it possible using the power of cloud computing. It allows nosiness and project managers to work on reports and files from anywhere in the world on any device having internet connectivity.

OneDrive can be used in both personal or professional projects. It allows a number of authors to work on the same report in real time without having the other team members to finish their task. Edits and calculations related to project planning can be done collaboratively due to integrated SharePoint services in OneDrive ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"suh78Ynb","properties":{"formattedCitation":"(Han, 2010)","plainCitation":"(Han, 2010)","noteIndex":0},"citationItems":[{"id":53,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/LDA9C24V"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/LDA9C24V"],"itemData":{"id":53,"type":"article-journal","title":"On the clouds: a new way of computing","container-title":"information technology and libraries","page":"87-93","volume":"29","issue":"2","author":[{"family":"Han","given":"Yah"}],"issued":{"date-parts":[["2010"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Han, 2010). Desktop clients of the service allow the files to be accessed from anywhere on any device. History of file edits can be visible to all of the authors in real time. Cloud-based file management tools have revolutionized the management.

However, along with many mobility and portability benefits of cloud-based file management systems, there are security concerns as well. For example, if multiple authors are sharing a single file for editing and one of the participants is using an infected machine. Such as a computer virus can compromise the confidentiality integrity and availability of the data at any given point in time. Moreover, the service is offered as an over the top service on the internet. Any loss or poor internet connection will limit the functionality of the service. Any confidential file accidentally shared with the colleagues can cause severe issues related to privacy and confidentiality.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Han, Y. (2010). On the clouds: a new way of computing. Information Technology and Libraries, 29(2), 87–93.

Unit 2 Seminar

Unit 2 Seminar

Your Name (First M. Last)

School or Institution Name (University at Place or Town, State)

Unit 2 Seminar

Everyone has some sort of data on their computer, laptop, mobile, and tablets that they need to access multiple times in day. Every form of data from pictures, notes and pdfs to the E-books, need sorting in the right form, so that they are easy to access whenever required. Keeping folders organized is essential to productivity. Unorganized files need more time to access. For this reason we sort data in different files and folders in our computer.

But organizing data can’t solve all the data organization problems. It becomes a huge issue when data reaches particular amount and our devices run out of space. Storing folders in external storage devices is time consuming and expensive. Carrying those storage devices everywhere is another issue, which makes this more complex.

Modern cloud computing systems have sorted out these issues. Microsoft Office 360 and Outlook OneDrive have solved this data organization issues. Installing Microsoft 360, gives their users access to all the Microsoft Office products. That they can install on all of their devices from office computer, to home laptop, tablet and smart phone. User can create documents on Office 360 and store them on one drive that is cloud based system. For using outlook one only requires Hotmail email id. Users can upload all of their data from computers on the OneDrive and then access their data from any mobile or PC from anywhere in the world. This data can also be edited through Microsoft Office 360, from any device. Data on OneDrive can be organized easily in to folders. Renaming folders and sharing the information through outlook is also possible. If given access, other users can also edit a particular document, which increases the user productivity ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"15CGE19c","properties":{"formattedCitation":"(\\uc0\\u8220{}Video,\\uc0\\u8221{} n.d.)","plainCitation":"(“Video,” n.d.)","noteIndex":0},"citationItems":[{"id":1264,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/EVN22MIW"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/EVN22MIW"],"itemData":{"id":1264,"type":"webpage","title":"Video: What is Office 365?","abstract":"Training: With a subscription to Microsoft Office 365, you get the latest apps like Microsoft Excel, Word and Powerpoint, storage, and updates. Watch this online video to see.","URL":"https://support.office.com/en-us/article/video-what-is-office-365-847caf12-2589-452c-8aca-1c009797678b","shortTitle":"Video","language":"en-US","accessed":{"date-parts":[["2019",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Video,” n.d.).

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Video: What is Office 365? (n.d.). Retrieved February 5, 2019, from https://support.office.com/en-us/article/video-what-is-office-365-847caf12-2589-452c-8aca-1c009797678b

Unit 3 Discussion

Unit 3 Discussion

[Name of the Writer]

[Name of the Institution]

Unit 3 Discussion

Paragraph 1

The Design tool in Microsoft Word can be used for various purposes, such as creating a professional document. It enables a person to choose a pre-existing format from various ones that are provided, to fill in what is needed and make the document look professionally eligible. This tool is extremely useful as it allows a person to choose a professional or academic format, whichever is suitable for their desired purpose. It can also be used to add or edit any text and imagery used by the person in their document (Wempen, & Jackson, 2017). It can also be easily composed by combining various geometric shapes, symbols, and objects. The design tool helps, select various titles to input while making a professional document. It also helps separate paragraphs from subheadings so that the document looks qualified and precise. The design tool also helps with correcting prior mistakes which can be confusing when preparing a file.

Paragraph 2

The Spelling & Error tool helps proofread and correct any grammatical errors included in a word document. This editing tool can make a considerable difference when creating a professional document. It is quite useful when finding out grammatical, punctuation errors consisted of a document. Thus, using this tool, it would enable the user to correct any spelling, sentence structure, or punctuation errors that are consisted of the document. It is very important that all documents are spellchecked before submitting them as most of these documents are official and requires professional work. The took also has a dictionary with it which helps users find the most appropriate words to use or replace while making a document. This tool can also be useful for those with certain learning disabilities. It offers sensible alternatives to users with different needs. Moreover, a spellchecker can help the pupil with identifying their mistakes so that they can practice becoming more punctual.

References

Wempen, G., & Jackson, C. (2017). Understanding Microsoft Word 2016.

Unit 3 IP

UNIT 3 IP

Student’s Name

Institution

Introduction

The sorting of algorithms is made of a process that include instructions that take arrays as an input. It is also based on performance of specific operations on the arrays which are sometimes called a list, and outputs a sorted array CITATION Laf03 \l 1033 (Lafore, Stephens, Ackerman, & Purcell, 2003). The mode of choosing algorithms and the types of algorithms are importance in java language programming. However, there are several factors which need to be considered when doing sorting of algorithms and some of the factors are how much data is expected to be sorted, the memory time, the memory requirement and the stability. As stated by Lafore, Stephens, Ackerman, & Purcell (2003) it is also important to consider the size of the list to be sorted, the distribution value, and the resources which are needed insorting out the algorithm. The algorithm differences are input value, yield on the output value, infinte number of steps and a list and outpout sorted arrays. These factors are essential in sorting out the algorithm when doing programming.

However, knowing the number of data neded to be sorted out. This is would help in understanding the procedures and the space required for efficient sorting out of algorithm. With efficeint understanding of the data needed to be sorted out, the Big O critique would make it easy to sort out the algorithm CITATION Cha12 \l 1033 (Clapp, 2012). The Big O is used to describe the performance of algorithm under worst scanerio. It is also described the time which is required for the execuation of the algorithm. It is also measure how well algorithm can be scaled and it focusses on the worst case scanerio CITATION Roh15 \l 1033 (Rohan, 2015). Therefore, in algorithm it is better to discuss about the best, evarage and the worst in sorting algorithm. With understanding of the Big O, it is easier to sort out data and build java and sort out the algorithm to ensure that a proper implentation is achieved.

References

BIBLIOGRAPHY Clapp, C. (2012). Data Structures & Algorithms in Java. Journal of programing and data

analysis , 2-35.

Lafore, R., Stephens, M., Ackerman, C., & Purcell, M. (2003). Data Structure and algorithm in

Java. New York: Pearson Publisher.

Rohan, R. (2015). Data management and Java programming language. International Journal of

computer Science , 2-35.

Unit 5 Seminar

Unit 5 Seminar

Your Name (First M. Last)

School or Institution Name (University at Place or Town, State)

Unit 5 Seminar

Excel is the spreadsheet that is developed by Microsoft for computer and mobile phones. Sorting data systematically is the most difficult task. Using excel o arrange data, makes it easy to access. Find the logic and story behind data is the most difficult task and excel has solved this problem ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"pu9MLJ3S","properties":{"formattedCitation":"(\\uc0\\u8220{}Video,\\uc0\\u8221{} n.d.)","plainCitation":"(“Video,” n.d.)","noteIndex":0},"citationItems":[{"id":1260,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/QHBKLI9X"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/QHBKLI9X"],"itemData":{"id":1260,"type":"webpage","title":"Video: What is Excel?","abstract":"With Excel on your PC, Mac, or mobile device, you can:","URL":"https://support.office.com/en-us/article/video-what-is-excel-842fb550-07cb-42d1-9a9f-c55789efed57","shortTitle":"Video","language":"en-US","accessed":{"date-parts":[["2019",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Video,” n.d.).

Excel spread sheets are divided into rows and columns. One can create multiple workbooks in the Excel for different forms of tasks and data. We can put and sort the information of similar kind regarding same project in different sheets of the same workbook. Each box in the spread sheet is called cell and it the point of intersection of row and column. The current cell in use is referred to as active cell. Spreadsheet programs are also available online so that we can use them anywhere from our browser. All the work done in in a workbook should be saved through save button. Best feature of the excel is that we can get share all the work done in spread sheet with multiple users through uploading it on cloud, and those users can also edit it all at one. Final sheet can be printed on the paper using print option. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"EIHGs5UZ","properties":{"formattedCitation":"(\\uc0\\u8220{}Create a workbook in Excel,\\uc0\\u8221{} n.d.)","plainCitation":"(“Create a workbook in Excel,” n.d.)","noteIndex":0},"citationItems":[{"id":1258,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/3FXTI3CU"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/3FXTI3CU"],"itemData":{"id":1258,"type":"webpage","title":"Create a workbook in Excel","abstract":"Training: Get up and running quickly with our Excel Quick Start. Get started learning how to enter data and create a chart.","URL":"https://support.office.com/en-us/article/create-a-workbook-in-excel-94b00f50-5896-479c-b0c5-ff74603b35a3","language":"en-US","accessed":{"date-parts":[["2019",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Create a workbook in Excel,” n.d.)

Excel also has Name box for locating the location of the cell and formula bar, in which user can develop formula to apply on all rows and columns, which saves a lot of time and energy. While working on bigger projects it gets difficult to select one row and columns one by one, Select All option in the Excel enables user to sleet all the data at once with ease. We can also choose the selected range of the cells and apply the formula on those cells. Formulas consist of Numbers, letters and mathematical symbols. We can also write date and time automatically in any selected particular column. Naming each row and column is also easy ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"i4az4ZoC","properties":{"formattedCitation":"(\\uc0\\u8220{}Basic tasks in Excel,\\uc0\\u8221{} n.d.)","plainCitation":"(“Basic tasks in Excel,” n.d.)","noteIndex":0},"citationItems":[{"id":1256,"uris":["http://zotero.org/users/local/KZl8ZL3A/items/MQGIJ5FL"],"uri":["http://zotero.org/users/local/KZl8ZL3A/items/MQGIJ5FL"],"itemData":{"id":1256,"type":"webpage","title":"Basic tasks in Excel","abstract":"Get started with basic tasks in Excel such as opening a workbook, entering and formatting data, calculating data, and trying some quick analysis features..","URL":"https://support.office.com/en-us/article/basic-tasks-in-excel-dc775dd1-fa52-430f-9c3c-d998d1735fca","language":"en-US","accessed":{"date-parts":[["2019",2,5]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Basic tasks in Excel,” n.d.).

In middle of work if we forget to add any particular row or column, instead of removing all the working and editing it one by one we can simply insert new row and column according to requirement. We can also edit or delete any cell of range of row or column. Auto fill feature is the feature that enables user to contents of the cell in the other adjacent cell by dragging them. Excel helps users to understand the data trends through color codes, data bars and icon. We can find these features in File handle option that appears as blue box on the right side of cell, when two or more cells are selected.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Basic tasks in Excel. (n.d.). Retrieved February 5, 2019, from https://support.office.com/en-us/article/basic-tasks-in-excel-dc775dd1-fa52-430f-9c3c-d998d1735fca

Create a workbook in Excel. (n.d.). Retrieved February 5, 2019, from https://support.office.com/en-us/article/create-a-workbook-in-excel-94b00f50-5896-479c-b0c5-ff74603b35a3

Video: What is Excel? (n.d.). Retrieved February 5, 2019, from https://support.office.com/en-us/article/video-what-is-excel-842fb550-07cb-42d1-9a9f-c55789efed57