Security and Privacy最新文献

{"title":"A secure framework for <scp>IoT</scp>‐based healthcare using blockchain and <scp>IPFS</scp>","authors":"Deepa Rani, Rajeev Kumar, Naveen Chauhan","doi":"10.1002/spy2.348","DOIUrl":"https://doi.org/10.1002/spy2.348","url":null,"abstract":"Abstract Smart healthcare, also known as IoT (Internet of Things) based healthcare, utilizes IoT technology to enhance the healthcare industry. The use of IoT‐enabled medical equipment enables remote monitoring of patients, allowing for in‐home care and alerting healthcare providers of any changes. This can lead to improved patient outcomes and better disease management. However, it is important to implement robust security measures to protect patient data when using IoT in healthcare. One potential solution is to use blockchain technology to secure data storage and sharing with medical providers. Blockchain's decentralized structure and cryptographic techniques make it difficult for hackers to access or tamper with patient information. Additionally, IPFS (InterPlanetary file system) can be used for efficient data storage and sharing with authorized medical professionals, while smart contract functionality can automate the process of granting and revoking access to patient data. This article proposes a blockchain‐based secure remote patient monitoring system, specifically for chronic disease patients. The system utilizes distributed blockchain for data security, IPFS for data storage and sharing, and DApp for data collection and connection to the blockchain, along with encryption for added security. The proposed approach is compared to existing solutions and found to be a superior option for IoT‐based healthcare.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136142511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"<scp>DeepMDFC</scp>: A deep learning based android malware detection and family classification method","authors":"Sandeep Sharma, Prachi Ahlawat, Kavita Khanna","doi":"10.1002/spy2.347","DOIUrl":"https://doi.org/10.1002/spy2.347","url":null,"abstract":"Abstract Unprecedented growth and prevalent adoption of the Android Operating System (OS) have triggered a substantial transformation, not only within the smartphone industry but across various categories of intelligent devices. These intelligent devices store a wealth of sensitive data, making them enticing targets for malicious individuals who create harmful Android applications to steal this data for malicious purposes. While numerous Android malware detection methods have been proposed, the exponential growth in sophisticated and malicious Android apps presents an unprecedented challenge to existing detection techniques. Some of the researchers have attempted to classify malicious Android applications into families through static analysis of applications but most of them are evaluated on applications of previous API levels. This paper introduces a novel dataset compromising of 2019 to 2021 applications and proposes a Deep Learning based Malware Detection and Family Classification method (DeepMDFC) to detect and classify emerging malicious Android applications through static analysis and deep Artificial Neural Networks. Experimental findings indicate that DeepMDFC surpasses standard machine learning algorithms, achieving accuracy rates of 99.3% and 96.7% for Android malware detection and classification, respectively, with a limited size feature set. The performance of DeepMDFC is also assessed using the benchmark dataset (DREBIN) and results showed that DeepMDFC surpasses these methods in terms of performance. Furthermore, it leverages the proposed dataset to construct a prediction model that adeptly identifies malicious Android applications from both the years 2022 and 2023. This process the potency and resilience of DeepMDFC against emerging Android applications.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136142107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"EEG‐based biometric authentication system using convolutional neural network for military applications","authors":"Himanshu Vadher, Pal Patel, Anuja Nair, Tarjni Vyas, Shivani Desai, Lata Gohil, Sudeep Tanwar, Deepak Garg, Anupam Singh","doi":"10.1002/spy2.345","DOIUrl":"https://doi.org/10.1002/spy2.345","url":null,"abstract":"Abstract In this technological era, as the need for security arises, the use of biometrics is increasing in authentication systems as a secure and convenient method of human identification and verification. Electroencephalogram (EEG) signals have gained significant attention among the various biometric modalities available because of their unique and unforgeable characteristics. In this study, we have proposed an EEG‐based multi‐subject and multi‐task biometric authentication system for the military applications that address the challenges associated with multi‐task variation in EEG signals. The proposed work considers the use of respective EEG signals for the access of artillery, entrance to highly confidential places for the military and so forth by authenticated personnel only. We have used a multi‐subject, multi‐session, and multi‐task () dataset. The dataset was partially preprocessed with basic signal processing techniques such as bad channel repairing, independent component analysis for artifact removal, downsampling to 250 Hz, and an audio filter of 0.01–200 Hz for signal improvisation. This partially preprocessed dataset was further processed and was used in our deep learning model (DL) architectures. For EEG‐based biometric authentication, convolutional neural network (CNN) outperforms many of the state‐of‐the‐art DL architectures with a validation accuracy of approximately 99.86%, training accuracy of 98.49% and precision, recall and F1‐score with values of 99.91% that makes this EEG‐based approach for authentication more reliable. The DL models were also compared based on training and inference time, where CNN used the most training time but took the least time to predict the output. We compared the performance of the CNN model for three preprocessing techniques by feeding mel spectrograms, chromagrams and mel frequency cepstral coefficients, out of which mel spectrograms provided better results. This proposed architecture proves to be robust and efficient for military applications.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134944485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Survey on security and privacy in <scp>Internet of Things</scp>‐based <scp>eHealth</scp> applications: Challenges, architectures, and future directions","authors":"Hela Makina, Asma Ben Letaifa, Abderrezak Rachedi","doi":"10.1002/spy2.346","DOIUrl":"https://doi.org/10.1002/spy2.346","url":null,"abstract":"Abstract The integration of Internet of Things (IoT) technology into electronic health (eHealth) applications has revolutionized the healthcare landscape, enabling real‐time patient monitoring, personalized care, and improved patient outcomes. However, this convergence of IoT and healthcare also introduces critical security and privacy challenges, needing careful consideration. This survey comprehensively explores the multifaceted realm of security and privacy issues in IoT‐based eHealth applications. First, we taxonomize the diverse security threats that arise due to the interconnected nature of IoT medical devices. Additionally, we highlight privacy concerns stemming from the collection and sharing of personal health information, while reconciling them with the need for accessible and collaborative healthcare ecosystems. Second, we synthesize functional, ethical, and regulatory perspectives to pick up the major requirements needed in the context of eHealth data during their whole lifecycle, from creation to destruction. Third, we identify emerging research strategies employed to address security and privacy concerns, such as cloud‐based solutions, decentralized technologies such as blockchain technology and InterPlanetary File System (IPFS), cryptographic approaches, fine‐grained access control strategies, and so forth. Additionally, we examine the impact of these approaches on computational efficiency, latency, and energy consumption, critically evaluating their suitability in the healthcare context. Building upon this comprehensive assessment, we outline potential future research directions aimed at advancing security and privacy measures in IoT‐based eHealth applications.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135645602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Nodes selection review for federated learning in the blockchain‐based internet of things","authors":"Mohammed Riyadh Abdmeziem, Hiba Akli, Rima Zourane","doi":"10.1002/spy2.344","DOIUrl":"https://doi.org/10.1002/spy2.344","url":null,"abstract":"Abstract Internet of Things (IoT) gained momentum these last few years pushed by the emergence of fast and reliable communication networks such as 5G and beyond. IoT depends on collecting information from the environment, leading to a significant increase in the amount of data generated that needs to be transmitted, saved, and analyzed. It is clear that classical deterministic approaches might not be suitable to this complex and fast evolving environment. Hence, machine learning techniques with their ability to handle such a dynamic context, are rising in popularity. In particular, Federated Learning architectures which are better suited to the distributed nature of IoT and its privacy concerns. Besides, to address security risks such as model poisoning, device compromise, and network interception, Blockchain (BC) is seen as the secure and distributed underlying communication infrastructure of choice. This integration of IoT, FL, and BC remains in its early stages and several challenges arise. Indeed, nodes selection to perform resource intensive and critical operations like model learning and transactions validation is a crucial issue considering the strong heterogeneity of the involved devices in terms of resources. In this paper, we propose an original literature review including a taxonomy, a thorough analysis, a comparison of the proposed approaches, along with some open research directions.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135344276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A blockchain‐based smart contract model for secured energy trading management in smart microgrids","authors":"Xiaole Su, Yuanchao Hu, Wei Liu, Zhipeng Jiang, Chan Qiu, Jie Xiong, Ju Sun","doi":"10.1002/spy2.341","DOIUrl":"https://doi.org/10.1002/spy2.341","url":null,"abstract":"Abstract The extension of emerging renewable energy sources such as wind and water turbines, solar panels, and the increasing usage of electric vehicles requires the supply and distribution of energy in a small device on local scale and it has created new methods of supplying and selling electricity. Middle buyers and end users can obtain the local energy with the peer‐to‐peer trading method in this large and hierarchical market. This method enables market to manage and exchange the electricity between major suppliers and medium and local levels. Blockchain technology is developing in peer‐to‐peer exchange of electricity and acts as a reliable, efficient, and safe technology in the electricity trading market. In this method, while preserving the privacy of electricity users, by using smart contracts and by removing intermediaries in the energy supply and demand market, direct commercial interactions between energy suppliers and consumers are done. The blockchain technology, while creating trust between the parties in the energy market, reduces the cost of electricity trading and increases its scalability with using the intermediate energy aggregators. In this research, the blockchain‐based model, is presented for distribution and peer‐to‐peer transactions in the energy market. The suggested model provides the possibility of registration low‐cost instant transactions at the power grid in any specific period of time. The above method, unlike periodic payments, provides immediate access to bills and small payments. Since the transactions outside the blockchain chain are not recorded, this system guarantees its honest and independent operation without fraud and failure. The smart contract method based on blockchain, reduces the transaction fees and speeds up electricity trading. Also, the experimental investigation in 20 nodes shows the time required to determine the exchange contract in the blockchain method. The average is improved by 49.7% in this method. Also, the negotiation convergence time has become 47% faster.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135734382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"<i>MetaHate</i>: AI‐based hate speech detection for secured online gaming in metaverse using blockchain","authors":"Harshil Sanghvi, Rushir Bhavsar, Vini Hundlani, Lata Gohil, Tarjni Vyas, Anuja Nair, Shivani Desai, Nilesh Kumar Jadav, Sudeep Tanwar, Ravi Sharma, Nagendar Yamsani","doi":"10.1002/spy2.343","DOIUrl":"https://doi.org/10.1002/spy2.343","url":null,"abstract":"The emergence of Web 3.0, blockchain technology (BC), and artificial intelligence (AI) are transforming multiplayer online gaming in the metaverse. This development has its concerns about safety and inclusivity. Hate speech, in particular, poses a significant threat to the harmony of these online communities. Traditional moderation methods struggle to cope with the immense volume of user‐generated content, necessitating innovative solutions. This article proposes a novel framework, MetaHate, that employs AI and BC to detect and combat hate speech in online gaming environments within the metaverse. Various machine learning (ML) models are applied to analyze Hindi–English code mixed datasets, with gradient boosting proving the most effective, achieving 86.01% accuracy. AI algorithms are instrumental in identifying harmful language patterns, while BC technology ensures transparency and user accountability. Moreover, a BC‐based smart contract is proposed to support the moderation of hate speech in the game chat. Integrating AI and BC can significantly enhance the safety and inclusivity of the metaverse, underscoring the importance of these technologies in the ongoing battle against hate speech and in bolstering user engagement. This research emphasizes the potential of AI and BC synergy in creating a safer metaverse, highlighting the need for continuous refinement and deployment of these technologies.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135783995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cybercrime in India: An analysis of crime against women in ever expanding digital space","authors":"Shweta Sankhwar, Rupali Ahuja, Tanya Choubey, Priyanshi Jain, Tanusha Jain, Muskan Verma","doi":"10.1002/spy2.340","DOIUrl":"https://doi.org/10.1002/spy2.340","url":null,"abstract":"Abstract The ever expanding digital space and government initiatives like Digital India have increased connectivity, digitization, remote employment which empowered us with technology and made our lifestyle easy and fast but as digitization is enhancing, cyberattacks are proportionally growing. In the initial stage of this study, it was observed from the data analysis and it was evident that women are particularly a soft target of many cybercriminals and cyber fraudsters. Women feel insecure in cyberspace, hence there is a need to dive deeper into our understanding and statistics of cybercrimes against women in India. It becomes necessary to determine the factors that have led to the clear surge of such crimes in recent years. In recent studies no such analysis is done focusing on geographical factors and top most cybercrime types committed against women. Therefore, in this article, prediction for cybercrime trends against women was performed using statistical tools and techniques to provide a better insight into the current scenario revolving around cybercrimes and women. A regressive statistical analysis of cybercrime data of all states of India to understand the current trend of cybercrimes, identification of the most vulnerable states of India and specific cybercrime with their percentage in whole, also where cybercrime afflicted women stand in those numbers. Further, for preventive measures a robust guidelines is proposed to combat cybercrimes for a better future.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135689733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey on secure metadata of agile software development process using blockchain technology","authors":"Parikshith Nayaka Sheetakallu Krishnaiah, Dayanand Lal Narayan, Kartick Sutradhar","doi":"10.1002/spy2.342","DOIUrl":"https://doi.org/10.1002/spy2.342","url":null,"abstract":"Scrum is an important and essential technique for developing software. Scrum framework is a project management technique that can emphasize software development teamwork. If you are starting, consider scrum as a method for accomplishing tasks as a team in manageable chunks simultaneously, with ongoing experimentation and feedback loops to learn and improve as you go. Scrum enables individuals and groups to collaboratively and gradually generate value. Being an agile framework, scrum gives people and teams the perfect structure to fit into their workflows while still including the best practices to cater to their requirements. There are some important considerations for security in the agile software development process such as threat modeling, secure coding practices, continuous security testing, authentication, and authorization. In this work, we reviewed various scrum developing techniques to find out the research gaps. This article consider the scrum technique with blockchain technologies for review because it is preferred by most of the software industries.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42783899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Toward design a secure protocol for updating remotely stored credentials of a crypto‐biometric framework for multi‐server environment","authors":"Subhas Barman, Samiran Chattopadhyay, D. Samanta","doi":"10.1002/spy2.339","DOIUrl":"https://doi.org/10.1002/spy2.339","url":null,"abstract":"Integration of biometric data with cryptography is gaining importance to develop a secure distributed communication system. The main issue with this strategy is updating a biometric template and other credentials (like a cryptographic key) and sharing the same in a secure manner. This paper proposes a novel approach to protect a credential under the security of biometric data using fuzzy commitment so that it can be securely stored on a remote server. Furthermore, a protocol has been proposed to update the cryptographic key and biometric data online and share the same among communicating parties through a network channel. A rigorous security analysis of the scheme establishes the robustness of the scheme against many known attacks. In addition to this, to substantiate that the protocol is provably secure, it has been critically verified with two protocol verification tools, namely, the RO (Random Oracle) Model and the AVISPA (automated validation of Internet Security Protocols and Applications) tool. The proposed protocol is useful to design a multiparty system having a multi‐user and multi‐server environment.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43108709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}