Cyber Security and Applications最新文献

{"title":"Increasing embedding capacity of stego images by exploiting edge pixels in prediction error space","authors":"Habiba Sultana ,&nbsp;A.H.M. Kamal ,&nbsp;Tasnim Sakib Apon ,&nbsp;Md. Golam Rabiul Alam","doi":"10.1016/j.csa.2023.100028","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100028","url":null,"abstract":"<div><p>In the field of data concealing, edge detection techniques are frequently employed, particularly for improving image quality and data security. These methods, however, have a lower embedding capacity. In order to take advantage of more edge pixels, many strategies are used nowadays. These schemes either combine the output from multiple edge detectors or enlarge the edges of an edge image by dilating. Even so, if the amount of data is vast, the techniques might not be able to conceal all of it. Therefore, a novel strategy for edge exploitation is still needed to regulate the effectiveness of edge detection-based data-hiding strategies. By using edge detectors in the prediction error space, we utilized more edge pixels in this study (PES). Applying a predictor on the cover image and then calculating the prediction errors, we prepared the PES. The edges in PES were then marked using the edge detector. The edge-error corresponding pixels received more information than the relevant pixels that did not create an edge-error. Additionally, we combined the results from different edge detectors to produce more edges, which does help to achieve a higher embedding capacity. We implanted <span><math><mi>x</mi></math></span> number of secret bits in edge pixels and <span><math><mi>y</mi></math></span> number of bits in non-edge pixels where <span><math><mrow><mi>x</mi><mo>&gt;</mo><mi>y</mi></mrow></math></span>. The simulation results show that the proposed scheme outperforms its rivals on all performance-measuring criteria, including payload, stego image quality, and resistance to attack.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"2 ","pages":"Article 100028"},"PeriodicalIF":0.0,"publicationDate":"2023-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient time-oriented latency-based secure data encryption for cloud storage","authors":"Shahnawaz Ahmad,&nbsp;Shabana Mehfuz","doi":"10.1016/j.csa.2023.100027","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100027","url":null,"abstract":"<div><p>To ensure data security in the cloud, there exist several techniques proposed by various researchers. The most common method is the usage of data encryption techniques like profile, rule, and attribute-based encryption techniques. However, they struggle in achieving higher data security performance due to insufficient resistance to tampering. Also, the existing techniques are not good enough for achieving a higher quality of service performance. To handle this issue, an efficient time-oriented latency approximation-based data encryption technique (TLADE) has been presented in this article. The method focuses on the selection of optimal encryption techniques at different time stamps according to the latency approximation. Accordingly, the method would select an optimal technique for data encryption based on the QoS values. To perform this, different encryption schemes have been implemented and each of them is measured for their QoS support values (QoSV) based on latency. Based on the values of QoSV, an efficient approach for the current duty cycle has been selected and applied to the cloud service data. The proposed approach improves the performance of different QoS factors and also has reduced the latency factor.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"2 ","pages":"Article 100027"},"PeriodicalIF":0.0,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Design of blockchain-enabled secure smart health monitoring system and its testbed implementation","authors":"Siddhant Thapliyal ,&nbsp;Shubham Singh ,&nbsp;Mohammad Wazid ,&nbsp;D.P. Singh ,&nbsp;Ashok Kumar Das","doi":"10.1016/j.csa.2023.100020","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100020","url":null,"abstract":"<div><p>Smart healthcare technology is transforming from the traditional healthcare system in every manner conceivably. Smart healthcare provides several advantages over the existing approaches. However, it suffers from healthcare data security and privacy issues. As the Internet attackers may get access to sensitive healthcare data through the use of various types of cyber attacks. In this paper, an architecture of a blockchain-enabled secure smart health monitoring system has been presented (in short, it is called as BSSHM). BSSHM consists of various health data monitoring sensors, i.e., temperature, heartbeat, etc., which monitor the real time health data of the different patients. The healthcare data of the patients can be transmitted to the connected health servers in a secure way, where this data can be stored securely for its various uses. The formal security verification of the proposed BSSHM is also done through the widely-accepted Scyther tool. It has been proved that BSSHM is able to defend various potential attacks.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100020"},"PeriodicalIF":0.0,"publicationDate":"2023-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"E-Brightpass: A Secure way to access social networks on smartphones","authors":"Chaitanyateja Thotadi ,&nbsp;Monith Debbala ,&nbsp;Subba Rao ,&nbsp;Ajay Eeralla ,&nbsp;Basker Palaniswamy ,&nbsp;Srijanee Mookherji ,&nbsp;Vanga Odelu ,&nbsp;Alavalapati Goutham Reddy","doi":"10.1016/j.csa.2023.100021","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100021","url":null,"abstract":"<div><p>Social network providers offer a variety of entertainment services in exchange for end users’ personal information, such as their identity. The majority of users access social networking sites via their smartphones, which they utilize in conjunction with a traditional authenticator like a password. On the other hand, aggregators, which pull content from multiple social networks, are often used to get into smartphone apps that may involve mobile ticketing, identification, and access control. They are a potential target for malware and spyware injections due to their powerful position. Malware is capable of circumventing authentication mechanisms in order to get access to social networking services, which may result in stealing the personal information of users. To deflect any type of attack from malicious software, BrightPass [22], a malware-resistant method based on screen brightness, was introduced. Conversely, we have demonstrated that the BrightPass user’s personally identifiable information, such as PIN numbers, may be recovered by evaluating the variations between the recorded input from many authentication sessions. We have then offered various enhanced BrightPass versions to address the observed vulnerability. Our enhanced BrightPass versions are both simple and secure to use when it comes to accessing social networks via mobiles.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"2 ","pages":"Article 100021"},"PeriodicalIF":0.0,"publicationDate":"2023-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Quantum communication with RLP quantum resistant cryptography in industrial manufacturing","authors":"Biswaranjan Senapati ,&nbsp;Bharat S. Rawal","doi":"10.1016/j.csa.2023.100019","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100019","url":null,"abstract":"<div><p>This paper presents the best outcome of the Quantum communication use case of industrial manufacturing, using quantum theory to achieve secure data transfer between industrial production facilities and production units, especially in the most restricted industrial manufacturing facilities (i.e., Air and Defense production units). Quantum computing has several features to support manufacturing and production units within defense industrial products. Users must validate their user credentials and other essential information to access critical data from the source to the target system. We introduce Rawal Liang and Peter's (RLP) sequence for quantum key distribution to support the security and privacy of industrial manufacturing businesses.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100019"},"PeriodicalIF":0.0,"publicationDate":"2023-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sanitizable signature scheme with privacy protection for electronic medical data sharing","authors":"Zhiyan Xu ,&nbsp;Min Luo ,&nbsp;Cong Peng ,&nbsp;Qi Feng","doi":"10.1016/j.csa.2023.100018","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100018","url":null,"abstract":"<div><p>Electronic medicine has received more and more attention because of its ability to provide more efficient and better medical services. However, the characteristics of electronic medical networks make them more vulnerable to security threats such as data integrity and user privacy leakage. Traditional digital signatures cannot meet the diversity and privacy requirements of medical data applications. Sanitizable signatures incorporate sanitization capabilities into signatures to allow designated sanitizers to modify variable parts of a message in a controlled manner without the cooperation of the original signer. This paper uses the key-exposure free chameleon hash function to convert the data sanitization operation into using trapdoor keys to find collisions in the key-exposure free chameleon hash function, and builds a privacy-preserving sanitizable signature scheme. Security analysis and performance evaluation demonstrate that our new scheme achieves public verifiability, which greatly reduces computing costs while effectively ensuring data security and user privacy, and is especially suitable for electronic medical data sharing scenarios.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100018"},"PeriodicalIF":0.0,"publicationDate":"2023-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-powered distributed data auditing scheme for cloud-edge healthcare system","authors":"Yi Li ,&nbsp;Meiqin Tang","doi":"10.1016/j.csa.2023.100017","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100017","url":null,"abstract":"<div><p>Cloud-edge healthcare system provides storage and computing functions at the hospital servers, bringing low latency for doctors and patients. However, hospital servers cannot be trusted and have limited computing resources. Data integrity verification for the cloud-edge healthcare system is an urgent concern. To this end, we proposed a data integrity auditing scheme based on blockchain. First, a distributed data integrity verification method without a third-party auditor is designed. The data are divided into smaller parts and hashed into a hash table. The verification tag is constructed according to the column of the hash table and secret string generated by a pseudo-random function. Then, a detailed blockchain-based data integrity auditing scheme is proposed, including Proof of Auditing Frequency and block structure. Besides, a security analysis for the common attacks is given. Finally, the proposed scheme is evaluated against two start-of-the-art schemes in a simulated cloud-edge healthcare system. The results demonstrate that the proposed scheme can verify data integrity without losing efficiency.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100017"},"PeriodicalIF":0.0,"publicationDate":"2023-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN","authors":"Lewis Golightly ,&nbsp;Paolo Modesti ,&nbsp;Rémi Garcia ,&nbsp;Victor Chang","doi":"10.1016/j.csa.2023.100015","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100015","url":null,"abstract":"<div><p>Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100015"},"PeriodicalIF":0.0,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends","authors":"Mohd Javaid ,&nbsp;Abid Haleem ,&nbsp;Ravi Pratap Singh ,&nbsp;Rajiv Suman","doi":"10.1016/j.csa.2023.100016","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100016","url":null,"abstract":"<div><p>Healthcare information security is becoming a significant responsibility for all healthcare organisations and individuals. Innovative medical equipment and healthcare apps are vital to patient care, yet they are often the target of hackers. Moreover, attackers are silently working against healthcare data. Once a hacker has gained access to a network, they might install ransomware to lock down essential services or encrypt files until a specified ransom is paid. Businesses are frequently compelled to pay the ransom, hoping the money is eventually recovered since the healthcare sector is time-sensitive. Although less common, network-connected devices can be taken over and used to distribute incorrect medications or alter a machine's functionality. So, there is a need to implement cyber security in healthcare to protect all information. In comparison to other industries, security duties in the healthcare industry are particularly broad and new. This is especially true given that data is accumulated and accessed from various destinations. Data on a specific patient is gathered from various sources, including hospital and lab records, insurance records, fitness apps, trackers and gadgets, health portals, and many more. It can be easily protected by using cybersecurity technology. This paper briefs about cybersecurity and its need in healthcare. Several tools, traits and roles of cybersecurity in the Healthcare Sector are studied. Finally, we identified and studied the applications of cybersecurity in healthcare. For hackers, a patient's aggregated data might be regarded as a goldmine, providing them with a detailed biography of an individual, including basic information, health trends, family history, and financial details. The importance of Data access in the healthcare sector emerges from numerous endpoints, which can be regarded as the weak spots of the healthcare data management system and can also open up an infringement in the medical data management infrastructure.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100016"},"PeriodicalIF":0.0,"publicationDate":"2023-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A review of deep learning models to detect malware in Android applications","authors":"Elliot Mbunge ,&nbsp;Benhildah Muchemwa ,&nbsp;John Batani ,&nbsp;Nobuhle Mbuyisa","doi":"10.1016/j.csa.2023.100014","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100014","url":null,"abstract":"<div><p>Android applications are indispensable resources that facilitate communication, health monitoring, planning, data sharing and synchronization, social interaction, business and financial transactions. However, the rapid increase in the smartphone penetration rate has consequently led to an increase in cyberattacks. Smartphone applications use permissions to allow users to utilize different functionalities, making them susceptible to malicious software (malware). Despite the rise in Android applications’ usage and cyberattacks, the use of deep learning (DL) models to detect emerging malware in Android applications is still nascent. Therefore, this review sought to explain DL models that are applied to detect malware in Android applications, explore their performance as well as identify emerging research gaps and present recommendations for future work. This study adopted the preferred reporting items for systematic reviews and meta-analyses (PRISMA) guidelines to guide the review. The study revealed that convolutional neural networks, gated recurrent neural networks, deep neural networks, bidirectional long short-term memory, long short-term memory (LSTM) and cubic-LSTM are the most prominent deep learning-based malicious software detection models in Android applications. The findings show that deep learning models are increasingly becoming an effective technique for malicious software detection in Android applications in real-time. However, monitoring and tracking information flow and malware behavior is a daunting task because of the evolving nature of malware and human behavior. Therefore, training mobile application users and sharing updated malware datasets is paramount in developing detection models. There is also a need to detect malicious software before downloading mobile applications to improve the security of Android smartphones.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100014"},"PeriodicalIF":0.0,"publicationDate":"2023-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}