Information Security Journal: A Global Perspective最新文献

{"title":"“The pull to do nothing would be strong”: limitations & opportunities in reporting insider threats","authors":"Heather Holden, Victor Munro, Lina Tsakiris, Alex Wilner","doi":"10.1080/19393555.2024.2387347","DOIUrl":"https://doi.org/10.1080/19393555.2024.2387347","url":null,"abstract":"","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"17 9","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141920990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Prevention of DDoS attacks: a comprehensive review and future directions","authors":"Shail Saharan, Vishal Gupta","doi":"10.1080/19393555.2024.2347243","DOIUrl":"https://doi.org/10.1080/19393555.2024.2347243","url":null,"abstract":"","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"28 9","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140974230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards improving the security of wireless networks using secured session keys","authors":"N.G. Nageswari Amma, T. Jayaraj, N. G. B. Amma","doi":"10.1080/19393555.2024.2347682","DOIUrl":"https://doi.org/10.1080/19393555.2024.2347682","url":null,"abstract":"","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"360 20","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141006668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating the status of information security management in faculty libraries: a case study of Allameh Tabatabai University","authors":"Mila Malekolkalami, Leila Jabbari, Hassan Mantegh","doi":"10.1080/19393555.2024.2347255","DOIUrl":"https://doi.org/10.1080/19393555.2024.2347255","url":null,"abstract":"","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"240 2","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141056168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Privacy preservation of inventory management using adaptive key generation with Hyperledger blockchain technology","authors":"Chinnaraj Govindasamy, Arokiasamy Antonidoss","doi":"10.1080/19393555.2023.2292996","DOIUrl":"https://doi.org/10.1080/19393555.2023.2292996","url":null,"abstract":"","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":" 10","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139138256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An AI Based IDS Framework For Detecting DDoS Attacks In Cloud Environment","authors":"S. Asha Varma, K. Ganesh Reddy","doi":"10.1080/19393555.2023.2279535","DOIUrl":"https://doi.org/10.1080/19393555.2023.2279535","url":null,"abstract":"ABSTRACTCloud computing makes it easier for users to access resources from anywhere at any time. This is for as long as they have access to the internet connectivity by employing a “pay-as-you-use” model. Despite its merits, cloud computing faces shortcomings, notably the escalating security concerns linked with it. Distributed Denial of Service (DDoS) attack is a primary and biggest concert to the availability of the services offered by cloud. DDoS attacks use numerous machines to flood consumers with packets with high data overhead, flooding the network with unwanted traffic. Due to the obsolete datasets, many deep learning (DL) models are processing-intensive or may not successfully address new DDoS threats. This paper seeks to address this issue by proposing FEwDN, an AI-based DDoS detection framework that employs a hybrid approach, integrating machine learning and deep learning algorithms. The framework optimizes feature selection via ensemble techniques, enhancing accuracy by leveraging deep neural networks for traffic classification. The proposed framework is experimented on the CICDDoS2019 dataset and demonstrates superior performance over benchmark techniques across multiple metrics. The FEwDN outperforms well with other models against various performance metrics. This research strengthens cloud security and DDoS detection in modern clouds.KEYWORDS: Cloud computingDDoS attacksdeep learning techniquesmachine learning Disclosure statementNo potential conflict of interest was reported by the authors.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"57 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135092868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis","authors":"M. Suorsa, P. Helo","doi":"10.1080/19393555.2023.2270984","DOIUrl":"https://doi.org/10.1080/19393555.2023.2270984","url":null,"abstract":"This paper identifies the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations.Root cause analysis was conducted on all year 2020 GDPR penalty cases (n = 81) based on misconduct as defined in GDPR article 32: “security of processing.” ISO/IEC 27,001 controls were used as failure identifiers in the analysis. As a result, this study presents both the most frequent and most expensive information security failures and correspondingly ranks and presents the correlation of the controls observed in the analysis. From a theoretical perspective, our study contributes by bridging the gap between regulation and information security and introduces a statistical method to analyze the GDPR penalty cases, and provides previously unreported findings about information security failures and their respective solutions. From a practical perspective, the results of our study are useful for organizations which aspire to manage information security more effectively in order to prevent the most typical and expensive information security failures. Organizations, as well as auditors implementing and assuring the ISO 27001, may use our results as a guideline whereby controls should be applied and verified first in sequential order based on their impact and interdependence","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135883878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Internet governance and cyber-security: a systematic literature review","authors":"Salifu Yusif, Abdul Hafeez-Baig, Charles Anachanser","doi":"10.1080/19393555.2023.2268608","DOIUrl":"https://doi.org/10.1080/19393555.2023.2268608","url":null,"abstract":"ABSTRACTThis study aims to uncover the challenges of Internet governing bodies to inform a trajectory for better cybersecurity governance and policy formulation. Using a systematic literature review approach, we found that the struggle for dominancy/power for the Internet continues to overshadow the calls for multi-stakeholder/multilateralism given 35 (47.3%) of the total (74) reviewed papers focused on varied issues and overlaps. The power-driven nature of the numerous Internet governing bodies against 14 (20%) of the total included studies calling for some form of the global representative body, including public health, if the quest for “.health” was to be successful. Another 23(21) (34%) were concerned over the implications of the problem of Internet governance on cybersecurity in general. The study also found that as the Internet and its governance issues offload the privacy and security burden and supervision concerns characterized the telecommunications are heightened in the context of social awareness in cyberspace, cybersecurity has become necessary with businesses and the government spending much time and resources to combat cyber-attacks, majority of which are inter-jurisdictional.KEYWORDS: CybersecuritycyberspaceInternetInternet governancemulti-stakeholder/multilateral Disclosure statementNo potential conflict of interest was reported by the author(s).Notes1. Repeated papers – papers that had more than one theme.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136143089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lattice attacks on pairing-based signatures","authors":"Thierry Mefenza, Damien Vergnaud","doi":"10.1080/19393555.2023.2251476","DOIUrl":"https://doi.org/10.1080/19393555.2023.2251476","url":null,"abstract":"ABSTRACTPractical implementations of cryptosystems often suffer from critical information leakage through side-channels (such as their power consumption or their electromagnetic emanations). For public-key cryptography on embedded systems, the core operation is usually group exponentiation – or scalar multiplication on elliptic curves – which is a sequence of group operations derived from the private-key that may reveal secret bits to an attacker (on an unprotected implementation). We present lattice-based polynomial-time (heuristic) algorithms that recover the signer’s secret in popular pairing-based signatures when used to sign several messages under the assumption that blocks of consecutive bits of the corresponding exponents are known by the attacker. Our techniques rely upon Coppersmith's method and apply to many signatures in the so-called exponent-inversion framework in the standard security model (i.e. Boneh-Boyen, Gentry and Pontcheval-Sanders signatures) as well as in the random oracle model (i.e. Sakai-Kasahara signatures).KEYWORDS: Coppersmith’s methodCryptanalysisLattice attacksMSC 68P25, 94A60Pairing-based signaturesSide-channel attacks Disclosure statementNo potential conflict of interest was reported by the authors.Notes1. For the ease of exposition, we consider so-called Type-1 bilinear maps (Galbraith et al. Citation2008), but our results apply to all possible instantiations of the considered signature schemes (i.e. using Type-1, Type-2, or Type-3 bilinear maps).2. It is well known that the computational complexity of Gröbner basis algorithm may be exponential or even doubly exponential. In our setting, the number of variables and the total total degree of the input polynomials are fixed and the theoretical complexity is polynomial in the field size (and thus in the security parameter).3. We recall that a combinatorial class is a finite or countable set on which a size function is defined, satisfying the following conditions: (i) the size of an element is a non-negative integer and (ii) the number of elements of any given size is finite.4. In order to reach this asymptotic bound, the constructed matrix is of huge dimension and the resulting polynomial system has a very large number of variables and the computation which is theoretically polynomial-time becomes in practice prohibitive.5. Pointcheval-Sanders signature scheme can be instantiated with Type-3 bilinear maps but for consistency and the ease of exposition, we present it using Type-1 bilinear maps.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"119 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135094981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Certificateless directed signature scheme without bilinear pairing","authors":"Mojtaba Goodarzi, Ziba Eslami, Nasrollah Pakniat","doi":"10.1080/19393555.2023.2260800","DOIUrl":"https://doi.org/10.1080/19393555.2023.2260800","url":null,"abstract":"ABSTRACTIn Eurocrypt’96, the concept of Designated Verifier Signature was proposed. Such signatures can only be verified by a single designated verifier specified during signature creation. However, there exist situations in which the signer, as well as the designated verifier, should be equipped with the ability to check the validity of the signature. At the same time, either of them should be able to help third parties to verify the signature. This is achieved by Directed Signature Schemes. In this paper, we consider directed signatures in the certificateless cryptography setting and propose an efficient pairing-free certificateless directed signature (CLDS) scheme. Then, we prove that the proposed CLDS scheme meets the needed security requirements in the random oracle model and under the assumption of the hardness of discrete logarithm and Gap Diffie-Hellman problems. We also compare the proposed scheme with the related ones to indicate the overall superiority of the proposed CLDS scheme.KEYWORDS: Certificateless cryptographydesignated verifierdigital signaturedirected signaturepairing-free Disclosure statementNo potential conflict of interest was reported by the author(s).","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135351180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}