Security and Privacy最新文献_第5页

Fog computing security: A review 雾计算安全：综述

IF 1.9

Security and Privacy Pub Date : 2023-03-22 DOI: 10.1002/spy2.313

A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian

{"title":"Fog computing security: A review","authors":"A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian","doi":"10.1002/spy2.313","DOIUrl":"https://doi.org/10.1002/spy2.313","url":null,"abstract":"Fog computing, also known as edge computing, is a decentralized computing architecture that brings computing and data storage closer to the users and devices that need it. It offers several advantages over traditional cloud computing, such as lower latency, improved reliability, and enhanced security. As the Internet of Things continues to grow, the demand for fog computing is also increasing, making it an important topic for research and development. However, the deployment of fog computing also brings new technical challenges and security risks. For example, fog nodes are often deployed in resource‐constrained environments and are exposed to potential security threats, such as malware and attacks on devices connected to the network. In addition, the decentralized nature of fog computing creates new challenges in terms of privacy, security, and data management. This survey aims to address these technical challenges and research gaps in the field of fog computing security. It provides an overview of the current state of fog computing and its security challenges, and identifies key areas for future research. The survey also highlights the importance of fog computing security and the need for continued investment in this area in order to fully realize the potential of this promising technology.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48233013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Efficient implementation of image representation, visual geometry group with 19 layers and residual network with 152 layers for intrusion detection from UNSW‐NB15 dataset 从UNSW‐NB15数据集高效实现图像表示、19层视觉几何组和152层残差网络，用于入侵检测

IF 1.9

Security and Privacy Pub Date : 2023-03-22 DOI: 10.1002/spy2.300

Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie

{"title":"Efficient implementation of image representation, visual geometry group with 19 layers and residual network with 152 layers for intrusion detection from UNSW‐NB15 dataset","authors":"Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie","doi":"10.1002/spy2.300","DOIUrl":"https://doi.org/10.1002/spy2.300","url":null,"abstract":"The Internet offers humanity many distinctive and indispensable services, whether for individuals or for institutions and companies. This great role has attracted the Internet attackers to develop their mechanisms to capture and obtain the data by illegal methods. This growth in the number of cyber‐attacks made scientists in a real challenge, to find advanced methods to face this danger. Due to the shortcomings of traditional data security means such as firewalls, encryption, and so forth, the motivation became to develop alternative systems to detect smart attacks. Intrusion detection systems (IDSs) have made remarkable progress in cyber‐security. They monitor the traffic in real time and continuously to detect the network attacks, giving alerts to the network administrator. In this article, two IDSs are introduced based on principles of transfer learning (TL) with convolutional neural networks. Our systems are built using the visual geometry group (VGG19) and residual network with 152 layers (ResNet152). UNSW‐NB15 intrusion detection dataset is used to evaluate the models. The proposals achieve high levels of precision, recall, and F1_score as 99%, 99%, and 99%, respectively. These achievements prove the efficiency of the proposed models in capturing cyber‐attacks with low alert rates.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49220190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Explainable artificial intelligence envisioned security mechanism for cyber threat hunting 可解释的人工智能设想的网络威胁搜索安全机制

IF 1.9

Security and Privacy Pub Date : 2023-03-16 DOI: 10.1002/spy2.312

Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues

{"title":"Explainable artificial intelligence envisioned security mechanism for cyber threat hunting","authors":"Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues","doi":"10.1002/spy2.312","DOIUrl":"https://doi.org/10.1002/spy2.312","url":null,"abstract":"Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44134785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A cryptographic security framework for hybrid Cloud‐Internet of Things network 混合云-物联网网络的加密安全框架

IF 1.9

Security and Privacy Pub Date : 2023-03-15 DOI: 10.1002/spy2.309

Sameer Farooq, Priyanka Chawla, Neeraj Kumar

{"title":"A cryptographic security framework for hybrid Cloud‐Internet of Things network","authors":"Sameer Farooq, Priyanka Chawla, Neeraj Kumar","doi":"10.1002/spy2.309","DOIUrl":"https://doi.org/10.1002/spy2.309","url":null,"abstract":"The most cutting‐edge innovation in recent times, cloud technology, changed the whole computer paradigm from less capable, specific, user‐isolated offline systems to potent multi‐server interactive systems. Despite being a huge benefit, controlling the security and accessibility of data stored in the cloud is a difficult task. Hence, this article presents a four‐phased security paradigm for securing data generated by internet of things (IoT) devices and transmitted to fog servers. In the article, we outline a comprehensive, cutting‐edge architecture for safeguarding and protecting the information that IoT devices produce and transmit to the cloud. The suggested architecture blends the advantages of an innovative mutual authentication algorithm, a novel key distribution algorithm, and a novel encryption hybrid algorithm for maximum effectiveness and increased security. The findings demonstrate that the suggested protocol outperforms previous techniques in terms of time and resource consumption and throughput. In contrast to previous protocols, the suggested approach reduces encrypting time by 28% and decryption time by about 32%, while the volume of encrypted messages produced stays consistent. There has also been a 28% increase in encryption throughput. Proposed work demonstrates minimal resource utilization, good performance and a higher level of security robustness.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42348068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the security of ring learning with error‐based key exchange protocol against signal leakage attack 基于错误的密钥交换协议环学习抵御信号泄漏攻击的安全性研究

IF 1.9

Security and Privacy Pub Date : 2023-03-14 DOI: 10.1002/spy2.310

Komal Pursharthi, D. Mishra

{"title":"On the security of ring learning with error‐based key exchange protocol against signal leakage attack","authors":"Komal Pursharthi, D. Mishra","doi":"10.1002/spy2.310","DOIUrl":"https://doi.org/10.1002/spy2.310","url":null,"abstract":"Due to the rapid development of mobile communication and hardware technologies, several mobile‐based web applications have gained popularity among mobile users. Mobile users can utilize these devices to access numerous services over the Internet. To ensure secure communication, different key exchange and authentication (KEA) protocols are proposed and frequently used. However, due to the advent of quantum computers, numerous quantum‐safe KEA protocols are also developed using various complex mathematical problems in ideal lattices. As it is an emerging and developing area, we analyze the security of recently suggested ring learning with error based KEA protocols. The goal of this study is to gain a comprehensive understanding of quantum‐safe KEA mechanisms. For our study, we have considered Dharminder's LWE‐based KEA mechanism and Dharminder and Chandran's LWE‐based KEA mechanism. These protocols enable effective communication and provide a better means for safely transmitting messages between user and server. However, we have discovered that a fundamental security weakness in these methods makes them vulnerable to signal leakage attacks (SLA). Based on our analysis, we demonstrated security weakness against SLA and provide the road‐map for secure construction.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44589855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A transformative shift toward blockchain‐based IoT environments: Consensus, smart contracts, and future directions 向基于区块链的物联网环境转型:共识、智能合约和未来方向

IF 1.9

Security and Privacy Pub Date : 2023-03-10 DOI: 10.1002/spy2.308

Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma

{"title":"A transformative shift toward blockchain‐based IoT environments: Consensus, smart contracts, and future directions","authors":"Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma","doi":"10.1002/spy2.308","DOIUrl":"https://doi.org/10.1002/spy2.308","url":null,"abstract":"Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47548915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Toward the internet of things forensics: A data analytics perspective 走向物联网取证:数据分析视角

IF 1.9

Security and Privacy Pub Date : 2023-03-05 DOI: 10.1002/spy2.306

Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma

{"title":"Toward the internet of things forensics: A data analytics perspective","authors":"Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma","doi":"10.1002/spy2.306","DOIUrl":"https://doi.org/10.1002/spy2.306","url":null,"abstract":"The widespread use of networked, intelligent, and adaptable devices in various domains, such as smart cities and home automation, climate control, manufacturing and logistics, healthcare, education, and agriculture, has been hastened by recent developments in hardware and software technologies. In all these application domains, the concept of the Internet of Things helps to achieve process automation and decrease labor costs. While IoT has been an established domain for quite a while, it has seen a lot of advances and challenges in different subdomains over the years. One such subdomain is IoT Forensics which involves digital forensics concerning IoT devices, networks, or clouds. In this process of obtaining substantial evidence from the devices, networks, or cloud, a large amount of data and operations on said data are involved. Hence, looking through IoT Forensics through the methodology dealing with data, known as data analytics, is essential. This paper presents an interpretation of IoT Forensics from the standpoint of data analytics. To explain the same in detail, the paper focuses on IoT Forensics, its methodologies, and how they relate to data analytics stages. Toward the end, the paper discusses current developments in IoT Forensics from the data analytics perspective, limitations observed in the existing technologies, adoption challenges, and possible future advancements.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42496111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A protocol to establish trust on biometric authentication devices 一种在生物识别认证设备上建立信任的协议

IF 1.9

Security and Privacy Pub Date : 2023-03-02 DOI: 10.1002/spy2.305

U. Kiran, R. Moona, S. Biswas

{"title":"A protocol to establish trust on biometric authentication devices","authors":"U. Kiran, R. Moona, S. Biswas","doi":"10.1002/spy2.305","DOIUrl":"https://doi.org/10.1002/spy2.305","url":null,"abstract":"One of the most extensively utilized mechanisms for person authentication is a system built using biometric‐based authentication. However, many applications use biometric authentication devices that do not support any device authentication mechanisms. As a result, a counterfeit scanning device may be substituted for the genuine one. Non‐authentic biometric authentication devices may perform some additive / subtractive or malicious functions. This paper proposes a technique for establishing trust in biometric authentication devices. The device authentication procedure is essential to build trust in biometric authentication devices such that non‐genuine biometric authentication devices are not used, which may compromise the loss of authentication factor and its replay when the genuine user is not getting authenticated. The protocol uses strong cryptographic mechanisms to authenticate the biometric authentication device with the application server and includes mechanisms for protection against the tampering of biometric templates and to prevent replay attacks. We also perform a formal verification using BAN logic to demonstrate that the proposed protocol meets the defined objectives. The proposed protocol can be used with any biometric authentication device to achieve the same objectives.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45228255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Issue Information 问题信息

IF 1.9

Security and Privacy Pub Date : 2023-03-01 DOI: 10.1111/phpr.12889

引用次数: 0

Issue Information 问题信息

IF 1.9

Security and Privacy Pub Date : 2023-03-01 DOI: 10.1002/spy2.242

引用次数: 0