Cyber Security and Applications最新文献

{"title":"Quantum communication with RLP quantum resistant cryptography in industrial manufacturing","authors":"Biswaranjan Senapati ,&nbsp;Bharat S. Rawal","doi":"10.1016/j.csa.2023.100019","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100019","url":null,"abstract":"<div><p>This paper presents the best outcome of the Quantum communication use case of industrial manufacturing, using quantum theory to achieve secure data transfer between industrial production facilities and production units, especially in the most restricted industrial manufacturing facilities (i.e., Air and Defense production units). Quantum computing has several features to support manufacturing and production units within defense industrial products. Users must validate their user credentials and other essential information to access critical data from the source to the target system. We introduce Rawal Liang and Peter's (RLP) sequence for quantum key distribution to support the security and privacy of industrial manufacturing businesses.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100019"},"PeriodicalIF":0.0,"publicationDate":"2023-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sanitizable signature scheme with privacy protection for electronic medical data sharing","authors":"Zhiyan Xu ,&nbsp;Min Luo ,&nbsp;Cong Peng ,&nbsp;Qi Feng","doi":"10.1016/j.csa.2023.100018","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100018","url":null,"abstract":"<div><p>Electronic medicine has received more and more attention because of its ability to provide more efficient and better medical services. However, the characteristics of electronic medical networks make them more vulnerable to security threats such as data integrity and user privacy leakage. Traditional digital signatures cannot meet the diversity and privacy requirements of medical data applications. Sanitizable signatures incorporate sanitization capabilities into signatures to allow designated sanitizers to modify variable parts of a message in a controlled manner without the cooperation of the original signer. This paper uses the key-exposure free chameleon hash function to convert the data sanitization operation into using trapdoor keys to find collisions in the key-exposure free chameleon hash function, and builds a privacy-preserving sanitizable signature scheme. Security analysis and performance evaluation demonstrate that our new scheme achieves public verifiability, which greatly reduces computing costs while effectively ensuring data security and user privacy, and is especially suitable for electronic medical data sharing scenarios.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100018"},"PeriodicalIF":0.0,"publicationDate":"2023-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-powered distributed data auditing scheme for cloud-edge healthcare system","authors":"Yi Li ,&nbsp;Meiqin Tang","doi":"10.1016/j.csa.2023.100017","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100017","url":null,"abstract":"<div><p>Cloud-edge healthcare system provides storage and computing functions at the hospital servers, bringing low latency for doctors and patients. However, hospital servers cannot be trusted and have limited computing resources. Data integrity verification for the cloud-edge healthcare system is an urgent concern. To this end, we proposed a data integrity auditing scheme based on blockchain. First, a distributed data integrity verification method without a third-party auditor is designed. The data are divided into smaller parts and hashed into a hash table. The verification tag is constructed according to the column of the hash table and secret string generated by a pseudo-random function. Then, a detailed blockchain-based data integrity auditing scheme is proposed, including Proof of Auditing Frequency and block structure. Besides, a security analysis for the common attacks is given. Finally, the proposed scheme is evaluated against two start-of-the-art schemes in a simulated cloud-edge healthcare system. The results demonstrate that the proposed scheme can verify data integrity without losing efficiency.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100017"},"PeriodicalIF":0.0,"publicationDate":"2023-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN","authors":"Lewis Golightly ,&nbsp;Paolo Modesti ,&nbsp;Rémi Garcia ,&nbsp;Victor Chang","doi":"10.1016/j.csa.2023.100015","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100015","url":null,"abstract":"<div><p>Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100015"},"PeriodicalIF":0.0,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends","authors":"Mohd Javaid ,&nbsp;Abid Haleem ,&nbsp;Ravi Pratap Singh ,&nbsp;Rajiv Suman","doi":"10.1016/j.csa.2023.100016","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100016","url":null,"abstract":"<div><p>Healthcare information security is becoming a significant responsibility for all healthcare organisations and individuals. Innovative medical equipment and healthcare apps are vital to patient care, yet they are often the target of hackers. Moreover, attackers are silently working against healthcare data. Once a hacker has gained access to a network, they might install ransomware to lock down essential services or encrypt files until a specified ransom is paid. Businesses are frequently compelled to pay the ransom, hoping the money is eventually recovered since the healthcare sector is time-sensitive. Although less common, network-connected devices can be taken over and used to distribute incorrect medications or alter a machine's functionality. So, there is a need to implement cyber security in healthcare to protect all information. In comparison to other industries, security duties in the healthcare industry are particularly broad and new. This is especially true given that data is accumulated and accessed from various destinations. Data on a specific patient is gathered from various sources, including hospital and lab records, insurance records, fitness apps, trackers and gadgets, health portals, and many more. It can be easily protected by using cybersecurity technology. This paper briefs about cybersecurity and its need in healthcare. Several tools, traits and roles of cybersecurity in the Healthcare Sector are studied. Finally, we identified and studied the applications of cybersecurity in healthcare. For hackers, a patient's aggregated data might be regarded as a goldmine, providing them with a detailed biography of an individual, including basic information, health trends, family history, and financial details. The importance of Data access in the healthcare sector emerges from numerous endpoints, which can be regarded as the weak spots of the healthcare data management system and can also open up an infringement in the medical data management infrastructure.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100016"},"PeriodicalIF":0.0,"publicationDate":"2023-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A review of deep learning models to detect malware in Android applications","authors":"Elliot Mbunge ,&nbsp;Benhildah Muchemwa ,&nbsp;John Batani ,&nbsp;Nobuhle Mbuyisa","doi":"10.1016/j.csa.2023.100014","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100014","url":null,"abstract":"<div><p>Android applications are indispensable resources that facilitate communication, health monitoring, planning, data sharing and synchronization, social interaction, business and financial transactions. However, the rapid increase in the smartphone penetration rate has consequently led to an increase in cyberattacks. Smartphone applications use permissions to allow users to utilize different functionalities, making them susceptible to malicious software (malware). Despite the rise in Android applications’ usage and cyberattacks, the use of deep learning (DL) models to detect emerging malware in Android applications is still nascent. Therefore, this review sought to explain DL models that are applied to detect malware in Android applications, explore their performance as well as identify emerging research gaps and present recommendations for future work. This study adopted the preferred reporting items for systematic reviews and meta-analyses (PRISMA) guidelines to guide the review. The study revealed that convolutional neural networks, gated recurrent neural networks, deep neural networks, bidirectional long short-term memory, long short-term memory (LSTM) and cubic-LSTM are the most prominent deep learning-based malicious software detection models in Android applications. The findings show that deep learning models are increasingly becoming an effective technique for malicious software detection in Android applications in real-time. However, monitoring and tracking information flow and malware behavior is a daunting task because of the evolving nature of malware and human behavior. Therefore, training mobile application users and sharing updated malware datasets is paramount in developing detection models. There is also a need to detect malicious software before downloading mobile applications to improve the security of Android smartphones.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100014"},"PeriodicalIF":0.0,"publicationDate":"2023-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cryptanalysis of Secure ECC-Based Three Factor Mutual Authentication Protocol for Telecare Medical Information System","authors":"C. Madan Kumar ,&nbsp;Ruhul Amin ,&nbsp;M. Brindha","doi":"10.1016/j.csa.2023.100013","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100013","url":null,"abstract":"<div><p>Telecare Medical Information System (TMIS) is gaining importance in the present COVID-19 crisis. TMIS as a technology, offers patients a range of remote medical services, incorporated into Wireless Body Area Network (WBAN). The patient’s medical report is confidentially transmitted over an open channel in TMIS environments. An attacker may attempt to compromise the security, such as forgery, replay, and impersonation attacks. To ensure secure communication, various authentication solutions have been introduced for TMIS. Biometrics and Elliptic Curve Cryptography-based mutual authentication protocol was recommended by Sahoo et al. (2020) and is proved to have some loopholes in the protocol. We discovered, however, Sahoo et al. method is unable to prevent privileged insider attacks and insider attacks along with patient anonymity. Jongseok Ryu et al. recommended a ECC based three-factor mutual authentication protocol and ensures patient’s confidentiality for TMIS with proof of informal analysis. They have also performed formal security studies utilizing the Automated Validation of Internet Security Protocols and Applications (AVISPA), the Burrows–Abadi–Needham (BAN) logic and Real-Or-Random (ROR) model. However, we have reviewed the Jongseok Ryu et al.’s proposal. Based on his attacker model, we have examined that this scheme is unsafe against Message Substitution Attacks, Man-in-the-Middle attacks, Session Key Disclosure attacks, Privileged Insider attacks, and Stolen verifier attacks. we suggest a technique to be safe from the above security threats.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100013"},"PeriodicalIF":0.0,"publicationDate":"2023-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure session key pairing and a lightweight key authentication scheme for liable drone services","authors":"Rajkumar ．S．C ,&nbsp;Jegatha Deborah ．L ,&nbsp;Vijayakumar ．P ,&nbsp;Karthick ．KR","doi":"10.1016/j.csa.2022.100012","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100012","url":null,"abstract":"<div><p>Recent advancements in drone technology have created new application opportunities, particularly for small drones. However, these advancements raise concerns about security, adaptability, and consistency. Data security is jeopardized by flying intelligent devices. The distributed nature of drones, their accessibility, mobility, adaptability, and autonomy will all have an effect on how security vulnerabilities and threats are identified and controlled. However, attackers and cybercriminals have begun to employ drones for malevolent reasons in recent years. These attacks are frequent and can be fatal. There is also the matter of prevention to consider. The communication entities of the drone network can communicate securely via authentication procedures. Such solutions, however, must strike a balance between security and portability. However, the proposed technique is implemented to improve security to avoid attacks and provides a secure, lightweight, and proven solution to a key agreement for drone communication. A novel certificate-less Drone integration approach that depends on trusted authorities centres to help communication entities establish their key pairs while keeping those same trusted authorities centers from knowing about them has been devised. The proposed scheme results achieved higher security of 94 percent than existing schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100012"},"PeriodicalIF":0.0,"publicationDate":"2022-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid defense mechanism against malicious packet dropping attack for MANET using game theory","authors":"S Vijayalakshmi ,&nbsp;S Bose ,&nbsp;G Logeswari ,&nbsp;T Anitha","doi":"10.1016/j.csa.2022.100011","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100011","url":null,"abstract":"<div><p>Ad hoc networks are a new perspective of wireless communication for versatile hosts. Security is a colossal worry for ad hoc networks, especially for those security-touchy applications. The huge highlights of ad hoc networks cause both difficulties and openings in accomplishing security objectives. One such aim is to consider the assaults from within the system by compromised nodes correspondingly as to consider harmful assaults propelled from outside the system. Designing an Intrusion Detection System (IDS) that suits the security needs and characteristics of ad hoc networks for viable and proficient performance against intrusions is one potential solution to vanquish vulnerabilities. This paper examines a genuine and hurtful attack called, “Malicious Packet Dropping Attack” in the network layer. To secure against this attack, a novel methodology utilizing game theory is proposed. The proposed system monitors the conduct of the neighbor nodes and conquers the demerits such as false positives present in traditional IDS, thereby providing secure correspondence between nodes that communicate with one another to course the traffic from source to destination. With the existence of malicious nodes, the proposed system has accomplished a 42% increase in the packet delivery ratio.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100011"},"PeriodicalIF":0.0,"publicationDate":"2022-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Edge intelligent collaborative privacy protection solution for smart medical","authors":"Jinshan Lai ,&nbsp;Xiaotong Song ,&nbsp;Ruijin Wang ,&nbsp;Xiong Li","doi":"10.1016/j.csa.2022.100010","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100010","url":null,"abstract":"<div><p>In the era of big data, competent medical care has entered people’s lives. However, the existing intelligent diagnosis models have low accuracy and poor universality. At the same time, there is a risk of privacy leakage in the process of health monitoring and auxiliary diagnosis. This paper combines edge computing and federated learning ensure model accuracy and protect patient privacy by proposing an Edge intelligent collaborative privacy protection solution for smart medical (EICPP). First, we offer a lightweight edge intellectual collaborative federated learning framework named KubeFL to support health monitoring and auxiliary diagnosis; secondly, we design a federated learning training model based on device-edge-cloud layering, with complete accuracy of up to 95.8<span><math><mo>%</mo></math></span>; Finally, a differential privacy algorithm for edge-cloud model transmission is proposed, which can exchange a lower accuracy loss for solid privacy protection.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100010"},"PeriodicalIF":0.0,"publicationDate":"2022-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}