Cyber Security and Applications最新文献

{"title":"Cryptanalysis on “a secure three-factor user authentication and key agreement protocol for TMIS with user anonymity ”","authors":"Anjali Singh,&nbsp;Marimuthu Karuppiah,&nbsp;Rajendra Prasad Mahapatra","doi":"10.1016/j.csa.2022.100008","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100008","url":null,"abstract":"<div><p>The health-care delivery services were made possible by telecare medicine information systems (TMIS). These systems are paving the way for a world where computerised telecare facilities and automated patient medical records are the norm. Authentication schemes are common mechanisms for preventing unauthorised access to medical records via insecure networks. Amin and Biswas recently proposed an authentication scheme for TMIS, asserting that their scheme can withstand various attacks. Despite this, their scheme still has significant security weaknesses. In this paper, we present a cryptanalysis of Amin and Biswas’ scheme and show that it is subject to a variety of attacks.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100008"},"PeriodicalIF":0.0,"publicationDate":"2022-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A decentralised KYC based approach for microfinance using blockchain technology","authors":"Bodicherla Digvijay Sri Sai,&nbsp;Ramisetty Nikhil,&nbsp;Shivangini Prasad,&nbsp;Nenavath Srinivas Naik","doi":"10.1016/j.csa.2022.100009","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100009","url":null,"abstract":"<div><p>Financial inclusion is seen as a dynamic tool for achieving multifaceted microeconomic stability, (and) sustainable economic growth, job creation, poverty reduction, and income equality for both developed and developing nations. The needy segments of the population must be provided with financial services to accomplish this inclusion. Still, the traditional financial market is unavailable due to its lack of collateral and shallow income. Thus, they go to local moneylenders, also known as \"loan sharks,\" who charge exorbitant interest rates. Introduction to microfinance came as a new and refreshing light to these needy segments of the population as it provides small valued loans (micro-credit) to support their micro-scale businesses and engage in productive activities. As emerging technology started to be incorporated into every aspect of society, thus microfinance also needed to be incorporated into the technology. An application is required to protect data integrity and smoothly influence the microfinance sector. As the databases are vulnerable to data manipulation, this can affect the transaction history of the loan. Blockchain technology can be used to solve this problem, as data in the Blockchain is stored immutably. So, we designed a microfinance application that uses blockchain technology with decentralised KYC architecture to reduce multiple KYC verification and easy access to micro-credit.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100009"},"PeriodicalIF":0.0,"publicationDate":"2022-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A secure and efficient DSSE scheme with constant storage costs in smart devices","authors":"Weiwei Yan ,&nbsp;Sai Ji","doi":"10.1016/j.csa.2022.100006","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100006","url":null,"abstract":"<div><p>With the continuous development of the Internet of Things (IOT) and cloud computing, smart devices are playing an increasingly important role in users’ daily life. Dynamic searchable symmetric encryption (DSSE) schemes are popular on smart devices because of their efficient retrieval performance and low computational overhead. Traditional DSSE with forward update privacy and backward security can resist file injection attack and statistical inference attack. However, it is high cost and not suitable for smart devices due to large local storage and low storage capacity. To achieve forward update privacy, we design a novel index structure called RC-II (Inverted Index with Retrieve Control) for search control which improves the security of DSSE. Besides, we combine on and off-chain to decrease client’s local storage to a constant. Specifically, we transfer a significant amount of local overhead to the service peers off blockchain. We solve the trust problem between the client and the service by putting authentication data on blockchain. Compared with the state-of-the-art schemes, our scheme has a constant client storage overhead and an excellent retrieval performance which provides guarantee for smart devices under IOT environment.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100006"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PPT-LBS: Privacy-preserving top-k query scheme for outsourced data of location-based services","authors":"Yousheng Zhou ,&nbsp;Xia Li ,&nbsp;Ming Wang ,&nbsp;Yuanni Liu","doi":"10.1016/j.csa.2022.100007","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100007","url":null,"abstract":"<div><p>Location-based service (LBS) is enjoying a great popularity with the fast growth of mobile Internet. As the volume of data increases dramatically, an increasing number of location service providers (LSPs) are moving LBS data to cloud platforms for benefit of affordability and stability. However, while cloud server provides convenience and stability, it also leads to data security and user privacy leakage. Aiming at the problems of insufficient privacy protection and inefficient query in the existing LBS data outsourcing schemes, this paper presents a novel privacy-preserving top-k query for outsourcing situations. Firstly, to ensure data security of LSP and privacy of the user, the enhanced asymmetric scalar-product preserving encryption and public key searchable encryption have been adopted to encrypt outsourced data and LBS query, which can effectively lower the computational cost and realize the privacy protection search. Secondly, an efficient and secure index structure is constructed by using a coded quadtree and the bloom filter, so that the cloud server can quickly locate the user’s query region to improve retrieval efficiency. Finally, the formal security analysis is given under the random oracle model, and the performance is evaluated by experiments which demonstrates that our scheme is preferable to existing schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100007"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An advanced and secure framework for conducting online examination using blockchain method","authors":"Md Rahat Ibne Sattar ,&nbsp;Md. Thowhid Bin Hossain Efty ,&nbsp;Taiyaba Shadaka Rafa ,&nbsp;Tusar Das ,&nbsp;Md Sharif Samad ,&nbsp;Abhijit Pathak ,&nbsp;Mayeen Uddin Khandaker ,&nbsp;Md. Habib Ullah","doi":"10.1016/j.csa.2022.100005","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100005","url":null,"abstract":"<div><p>Nowadays, the online platform has been used by many educational institutions, to conduct tests, especially for secondary to tertiary level students. The most popular online test program is run by providing a user id and password to the candidates, and subsequently, they log in to the given web page to answer the questions. However, this system has a lot of bugs, the password can be misused followed by cheating in the test. This shows the importance of a secure system being implemented to avoid such a problem. This paper presents a blockchain framework that secures the online examination system. The proposed framework has been used to secure a data management system that connects to existing educational data. Institutions can simply compile their data history without requiring a copy from the central servers. The proposed blockchain framework improves data security and removes any potential cheating between users or third-party institutions that access applications and services. In this regard, this study provides a secured framework for conducting and evaluating subject tests to ensure consistency between student and server, and secure delivery of questionnaire from the server.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100005"},"PeriodicalIF":0.0,"publicationDate":"2022-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure distributed data integrity auditing with high efficiency in 5G-enabled software-defined edge computing","authors":"Dengzhi Liu ,&nbsp;Zhimin Li ,&nbsp;Dongbao Jia","doi":"10.1016/j.csa.2022.100004","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100004","url":null,"abstract":"<div><p>In edge computing, the idle resources of the devices in the network can be virtualized into a platform that provides clients with storage resource and computing capability. Note that the service response of edge computing is faster than that of cloud computing. The service provision speed and the distributed resources utilization rate of edge computing will be further improved when integrated with 5 G and software definition paradigm in the design of the network system. However, the issues of data storage security and edge devices’ trustworthiness seriously restrict the development of edge computing. To enhance the security of the data storage in edge computing, a secure distributed data integrity auditing is proposed. The proposed auditing scheme in this paper can be used to guarantee the correctness and the completeness of the stored data in 5G-enabled software-defined edge computing. The auditing results of the distributed data in the proposed scheme can be used as an important basis for evaluating the trustworthiness of the edge devices. Due to the utilization of certificateless cryptography in the design of the proposed scheme, the computational cost of the terminal side can be highly reduced. Security analysis of the proposed scheme demonstrates that the properties of key exposure resistance and privacy-preserving are provided in data auditing. Simulation results of the time cost of the server side and the terminal side show that the proposed scheme is highly efficient compared to previous schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100004"},"PeriodicalIF":0.0,"publicationDate":"2022-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bilinear pairing-based access control and key agreement scheme for smart transportation","authors":"Palak Bagga ,&nbsp;Ashok Kumar Das ,&nbsp;Joel J.P.C. Rodrigues","doi":"10.1016/j.csa.2022.100001","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100001","url":null,"abstract":"<div><p>Internet of Vehicles (IoV) enabled Intelligent Transportation System (ITS) allows smart vehicles to communicate with other vehicles on road, humans (customers or pedestrians), infrastructure (parking areas, traffic lights etc), Internet, Cloud etc. The vehicles communicate with other entities over wireless open channels directly or indirectly through messages or beacons. Open channel allows various attacks, like replay, man-in-the-middle, impersonation, fabrication etc., during communication. Also, malicious vehicles can be deployed in the network to misuse or have an unauthorized access to the services. To mitigate these issues, we propose a new remote access control scheme that ensures the secure communication among the vehicles. The vehicles are dynamic in nature in an IoV paradigm, that is, they are not under fixed domains. Therefore, whenever a vehicle changes its location it has to register to the nearest trusted authority (<span><math><mrow><mi>T</mi><mi>A</mi></mrow></math></span>) in offline or secured channel mode. To make it applicable, we propose <em>remote registration</em> of the vehicles via the <span><math><mrow><mi>T</mi><mi>A</mi></mrow></math></span>. Access control mechanism occurs in two phases: 1) node authentication phase, where vehicles are remotely authenticated by <span><math><mrow><mi>T</mi><mi>A</mi></mrow></math></span> and 2) key agreement phase, where after successful mutual authentication they compute a session key by using cryptographic techniques and pre-loaded information. The computed secret session keys are used for ensuring secure communications in future between two vehicles in a cluster as well. Informal security analysis along with formal security verification using the broadly-used Automated Validation of Internet Security Protocols and Applications (AVISPA) show that our access control scheme is secured against various potential attacks. We also show the competency of our scheme by comparing it with other existing schemes in terms of computation and communication costs.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100001"},"PeriodicalIF":0.0,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An efficient IoT group association and data sharing mechanism in edge computing paradigm","authors":"Haowen Tan","doi":"10.1016/j.csa.2022.100003","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100003","url":null,"abstract":"<div><p>Despite its benefits and promising future, security and privacy challenges for the IoT wireless communication of edge computing environment remain unaddressed. As a result, proper authentication mechanisms are critical, especially in the extreme scenario where some edge facilities are not functional. For the above consideration, in this paper we develop an efficient IoT group association and updating mechanism in edge computing paradigm. The proposed scheme can provide data transmission and communication guarantees for special practical scenarios. The group key updating process in our architecture only necessitates minor changes on the EI side, whereas the decryption information of some IoT devices remains constant if the devices have not been revoked. The proposed strategy can accomplish the desired security features, according to the security analysis.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100003"},"PeriodicalIF":0.0,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure authentication schemes in cloud computing with glimpse of artificial neural networks: A review","authors":"Syed Amma Sheik,&nbsp;Amutha Prabakar Muniyandi","doi":"10.1016/j.csa.2022.100002","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100002","url":null,"abstract":"<div><p>The fast growth of the cloud computing technology has led to immense development in the public and private sectors. Cloud computing provides a high level of virtualization, massive scalability, multitenancy and elasticity. This has enabled organizations, academia, government departments and the public to move forward with this technology. However, they are unable to assuredly place their information over the clouds due to many security threats. Cloud security plays a vital role to establish a confidence between the cloud service providers, consumers and the multi-users to maintain the security levels of their data. This paper focuses the survey for cloud security issues, existing authentication schemes, data storage technologies and offers a glimpse of Artificial Neural Networks (ANNs) applied to the cloud security.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100002"},"PeriodicalIF":0.0,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber Security: Critical Infrastructure Protection","authors":"","doi":"10.1007/978-3-030-91293-2","DOIUrl":"https://doi.org/10.1007/978-3-030-91293-2","url":null,"abstract":"","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"76 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86510204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}