{"title":"Privacy and Utility-Assisted Data Protection Strategy for Secure Data Sharing and Retrieval in Cloud System","authors":"Yogesh M. Gajmal, R. Udayakumar","doi":"10.1080/19393555.2021.1933270","DOIUrl":"https://doi.org/10.1080/19393555.2021.1933270","url":null,"abstract":"ABSTRACT The outsourcing of Electronic Health Records (EHR) on cloud infrastructures has enabled medical data sharing among several healthcare applications. The blockchain offers security by authenticating users with encryption methods. The collaboration with the cloud provides better management but poses threats to the privacy of the patient. This paper devises a novel blockchain-assisted framework for effective data sharing and retrieval using cloud platforms. Here, the data protection model is devised in EHR application for secure transmission. The entities in the cloud platform include data user, data owner, smart agreement, transactional blockchain, and Inter-Planetary File System (IPFS). Here, the data owner includes a data protection model to secure EHR in which secured EHR is transferred to IPFS before sharing with the data user. The data protection is done by preserving data privacy using Tracy-Singh product and proposed Conditional Autoregressive Value at risk (CAViaR)-based Bird swarm algorithm (CAViaR-based BSA) combination of BSA and CAViaR for generating optimal privacy-preserving coefficients. The objective function is newly devised considering privacy and utility. The proposed CAViaR-based BSA outperformed other methods with minimal responsiveness of 251.339 s, maximal genuine user detection of 32.451%, maximal privacy of 96.5%, and minimal information loss of 3.5%.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"640 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123046662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"LDA-IoT : a level dependent authentication for IoT paradigm","authors":"Chintan Patel, Nishant Doshi","doi":"10.1080/19393555.2021.1931573","DOIUrl":"https://doi.org/10.1080/19393555.2021.1931573","url":null,"abstract":"ABSTRACT The IoT-based services are getting a widespread expansion in all the directions and dimensions of this century. In most IoT-based applications, the sensor collects the data and communicates it to the end-user via gateway device or fog device over a precarious Internet channel. The attacker can use this open channel to capture the sensing device or the gateway device to collect the IoT data or control the IoT system. In this paper, we propose a novel approach of authentication for the IoT paradigm called as a Level Dependent Authentication (LDA). In the LDA protocol, we propose a security reliable and resource efficient key sharing mechanism in which users at level can communicate with the sensor at level if and only if the level of user in the organizational hierarchy is lower or equal to the level of sensor deployment. We provide a security analysis for the proposed LDA protocol using random oracle-based games & widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tools & BAN (Burrows–Abadi–Needham) logic. We also discuss a comparative analysis of the proposed protocol with other existing schemes based on communication cost, computation cost, and security index. We provide an implementation of the proposed scheme using MQTT (Message Queuing Telemetry Transport) protocol.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122760825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Deeba, Fayaz Ali Dharejo, Yuanchun Zhou, Parvez Ahmed Memon, Hira Memon, Saeed Ahmed Khan, Nauman Ali Larik
{"title":"Digital image watermarking in sparse domain","authors":"F. Deeba, Fayaz Ali Dharejo, Yuanchun Zhou, Parvez Ahmed Memon, Hira Memon, Saeed Ahmed Khan, Nauman Ali Larik","doi":"10.1080/19393555.2021.1919250","DOIUrl":"https://doi.org/10.1080/19393555.2021.1919250","url":null,"abstract":"ABSTRACT A watermarking method based on a robust sparse domain is proposed in this paper, which integrates the secret information into the significant sparse elements of the original image. Our algorithm protects the original data by a two-way security process to embed confidential information. First of all, converting the watermark logo into a discrete transform coefficient (DCT) is the protection process. Then, using the dictionary learning method, the transformed coefficient is embedded in the selected effective sparse coefficient in the original image. The embedded logo is extracted from the selected effective sparse coefficient using the sparse orthogonal matching tracking algorithm (OMP) domain. Then, the discrete inverse transformation is performed. To check the algorithm’s efficiency, numerous specific attacks are checked. The experimental results show that the algorithm can recover the embedded watermark with precision without losing any information.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126416516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An improved model for detecting DGA botnets using random forest algorithm","authors":"Xuan Dau Hoang, Xuan-Hanh Vu","doi":"10.1080/19393555.2021.1934198","DOIUrl":"https://doi.org/10.1080/19393555.2021.1934198","url":null,"abstract":"ABSTRACT Recently, detecting botnets and especially DGA botnets has been the research interest of many researchers worldwide because of botnets’ wide spreading, high sophistication and serious consequences to many organizations and users. Several approaches based on statistics and machine learning techniques to detect DGA botnets have been proposed. The key idea of these approaches is to construct detection models to classify legitimate domain names and botnet generated domain names. Although the initial results are promising, the false alarm rates of these approaches are still high. This paper extends the machine learning-based detection model proposed by a previous research by adding new domain classification features in order to reduce the false alarm rates as well as to increase the detection rate. Extensive experiments on a large dataset of domain names used by various DGA botnets confirm that the improved detection model outperforms the original model and some other previous DGA botnet detection models. The proposed model’s false alarm rate is less than 3.02% and its overall detection accuracy and the F1-score are both at 97.03%.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114401225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nazmul Hossain, Taposh Das, Tariqul Islam, Md Alam Hossain
{"title":"Cyber security risk assessment method for SCADA system","authors":"Nazmul Hossain, Taposh Das, Tariqul Islam, Md Alam Hossain","doi":"10.1080/19393555.2021.1934196","DOIUrl":"https://doi.org/10.1080/19393555.2021.1934196","url":null,"abstract":"ABSTRACT Nowadays SCADA is very important for controlling large systems like pipeline, industrial manufacture, power plant as well as in the communication system. For controlling a large system by making human machine interface (HMI) its needs to connect over a network like WAN or internet. So the SCADA system involves an issue called cyber security. Cyber security risk assessment for digital instrumentation and control system has become more crucial in the development of a new system and operation of the existing system. The cyber attack on the SCADA system could compromise the system as well as damage the components and impact the financial on the process or invoke an unwanted command. In this paper, we propose a risk assessment method which includes system analysis, attack modeling and analysis, penetrate the system. This will show the impact on the system. At long last countermeasures are distinguished for the development of digital security.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"29 10","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114074530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"EACS: Expressible Access Control Scheme for Secure Services and Data Delegation in Collaborative E-health System","authors":"O. Olakanmi, K. Odeyemi","doi":"10.1080/19393555.2021.1926603","DOIUrl":"https://doi.org/10.1080/19393555.2021.1926603","url":null,"abstract":"ABSTRACT Recent technological advancements in health care delivery have paved the way for collaborative monitoring, diagnosis, and treatment of patients, which involve real-time monitoring of patients and remote storage of their health information in the cloud. However, controlling access to the stored health information in the cloud is not only difficult but also susceptible to different privacy- and security-related attacks. Besides, existing access control schemes for e-health do not support delegation of responsibilities, a common phenomenon in health care delivery, making complete adoption of e-health impracticable. In this paper, we propose a security scheme that provides fine-grained expressive access control on patients’ health information for secure data and responsibilities delegation among health officers in collaborative e-health systems. The scheme takes care of the key distribution and attribute or user revocation problems of CP-ABE and supports secure delegation of responsibilities. With this scheme, a health officer can treat patients and securely delegate responsibilities to other health officers within the team without jeopardizing the security and privacy of the patients. Security and performance analysis show that our proposed scheme is efficient, secure, and expressive.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128091926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Information security governance metrics: a survey and taxonomy","authors":"Vaibhav Anu","doi":"10.1080/19393555.2021.1922786","DOIUrl":"https://doi.org/10.1080/19393555.2021.1922786","url":null,"abstract":"ABSTRACT Information Security Governance (ISG) is now considered a vital component of any organization’s Information Technology (IT) Governance. ISG consists of the processes, organizational structures, and most importantly, the corporate leadership involved in the safeguarding of organization’s information assets. Hence, the purpose of ISG is to bring information security to the attention of the executives such as CEOs and Boards, so that the executives can address the issues of information security and take security-related decisions that lead to outcomes that better align with organizational goals such as value delivery, better performance measurement, business process assurance, and risk management. In order for the corporate leadership to make data-driven decisions, data related to various security metrics are collected and presented in the form of dashboards. The goal of this article is to identify those security metrics that are particularly important from an ISG standpoint. A survey was performed on security literature to identify and categorize ISG metrics. An ISG metrics taxonomy was developed as a result of this study. Security teams can benefit from the ISG metrics taxonomy as, when creating security dashboards, the taxonomy can focus their attention on those specific security metrics that are of most value to the corporate leadership.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128979584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Neural network-based blockchain decision scheme","authors":"J. B. Abdo, S. Zeadally","doi":"10.1080/19393555.2020.1831658","DOIUrl":"https://doi.org/10.1080/19393555.2020.1831658","url":null,"abstract":"ABSTRACT Blockchain is a game-changer for many applications such as storage, consensus, authentication, and many others. Although blockchain’s contribution is undeniable, but it is not always the best solution. Professionals struggle to decide whether to adopt blockchain and when they do, they are faced with another challenge to choose the suitable type. Decision schemes are developed to help professionals select the best technology. Existing decision schemes are of two types questionnaire forms and flow diagrams. All existing schemes share a main drawback that the user is limited to a predefined set of answers without having the capacity to fine-grain his preferences in addition to per scheme-specific drawbacks. In this paper, we will propose a neural network-based decision scheme that gives the user an advanced decision support feature of specifying proportional weights between characteristics that does not exist in any other blockchain type decision scheme and solve the drawbacks available in existing schemes.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114831678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Performance analysis of SMRT-based color image watermarking in different color spaces","authors":"Febina Ikbal, R. Gopikakumari","doi":"10.1080/19393555.2021.1873465","DOIUrl":"https://doi.org/10.1080/19393555.2021.1873465","url":null,"abstract":"ABSTRACT Watermarking is a generic strategy for overcoming numerous issues associated with multimedia security and digital rights management. The color image digital watermarking has not been given considerable attention, and there exists many applications that require them for copyright protection. An image-watermarking scheme based on Sequency based MRT (SMRT) for color image is proposed in this paper to achieve this goal. Choosing a color space for watermarking has always been a big question, as there are a number of color spaces. Primary objective is to find a better color space under the same method from among the frequently used color spaces. In the embedding phase, grayscale image watermark is embedded in the SMRT of R component of the cover image. Scaling factor is varied from 0.01 to 0.5 for evaluating performance of the methodology using PSNR, MSE, SSIM, IEM and NC. Performance of color image watermarking technique using SMRT in nine color spaces is analyzed. It is observed that embedding watermark in Cb channel of YCbCr color space is more imperceptible and robust compared to other color spaces considered. Simulation results show significant improvement in terms of imperceptibility. The robustness is high against GN attack as compared to other attacks.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132651822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An enhanced mutual authentication and security protocol for IoT and cloud server","authors":"P. Panda, S. Chattopadhyay","doi":"10.1080/19393555.2020.1871534","DOIUrl":"https://doi.org/10.1080/19393555.2020.1871534","url":null,"abstract":"ABSTRACT Rapid growth in the Internet of Things (IoT) technologies increases the uses of several embedded devices. But for the communication and information sharing between these devices, an integration of these devices with the cloud which is having large pool of resources is required. This integration of technology is expected to provide an extraordinary development in the applications of IoT. However, security is the major issue of concern at the time ofexchanging the information’s between these devices. To overcome the security issues, many secure authentication protocols have been proposed. Still, there are some shortcomings required to address. Motivated by the existing research work, an Elliptic Curve Cryptography (ECC) based enhanced secure mutual authentication protocol for IoT and cloud server has been proposed. Here, Automated Validation of Internet Security Protocols and Applications (AVISPA) tool has been used for formal verification of the proposed protocol. Moreover, the informal security analysis has been performed with respect to several security attributes and compared with existing protocols. Furthermore, the effectiveness of the proposed protocol has been performed in terms of several performance parameters such as communication, computational, and storage overhead. The security and performance analyses show that the proposed protocol outperforms the existing protocols.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117237162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}