Computer Standards & Interfaces最新文献

{"title":"MARISMA: A modern and context-aware framework for assessing and managing information cybersecurity risks","authors":"","doi":"10.1016/j.csi.2024.103935","DOIUrl":"10.1016/j.csi.2024.103935","url":null,"abstract":"<div><div>In a globalised world dependent on information technology, ensuring adequate protection of an organisation’s information assets has become a decisive factor for the longevity of the organisation’s operation. This is especially important when these organisations are critical infrastructures that provide essential services to nations and their citizens. However, to protect these assets, we must first be able to understand the risks to which they are subject and how to manage them properly. To understand and manage such the risks, we need first to acknowledge that organisations have changed, and they now have an increasing reliance on information assets, which in many cases are shared with other organisations. Such reliance and interconnectivity means that risks are constantly changing, they are dynamic, and potential mitigation does not just rely on the organisation’s own controls, but also on the controls put in place by the organisations with which it shares those assets. Taking the above requirements as essential, we have reviewed the state of the art, and we have concluded that current risk analysis and management systems are unable to meet all the needs inherent in this dynamic and evolving risk environment. This gap in the state of the art requires novel approaches that draw on the foundations of risk management, but they are adapted to the new challenges.</div><div>This article fulfils this gap in the literature with the introduction of MARISMA, a novel security risk analysis and management framework. MARISMA is oriented towards dynamic and adaptive risk management, considering external factors such as associative risks between organisations. MARISMA also contributes to the state of the art through newly developed mechanisms for knowledge reuse and dynamic learning. An important advantage of MARISMA is the connections between its elements that make it possible to reduce the subjectivity inherent in classical risk analysis systems, thereby generating suggestions that allow the translation of perceived security risks into real security risks. The framework comprises a reusable meta-pattern comprising different elements and their interdependencies, a supporting method that guides the entire process, and a cloud-based tool that automates data management and risk methods. MARISMA has been applied to many companies from different countries and sectors (government, maritime, energy, and pharmaceutical). In this paper, we demonstrate its applicability through its application to a real world case study involving a company in the technology sector.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142446082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance analysis of multiple-input multiple-output orthogonal frequency division multiplexing system using arithmetic optimization algorithm","authors":"","doi":"10.1016/j.csi.2024.103934","DOIUrl":"10.1016/j.csi.2024.103934","url":null,"abstract":"<div><div>This research aims to optimize the interference mitigation and improve system performance metrics, such as bit error rates, inter-carrier interference (ICI), and inter-symbol interference (ISI), by integrating the Redundant Discrete Wavelet Transform (RDWT) with the Arithmetic Optimization Algorithm (AOA). This will increase the spectral efficiency of MIMO<img>OFDM systems for ultra-high data rate (UHDR) transmission in 5 G networks. The most important contribution of this study is the innovative combination of RDWT and AOA, which effectively addresses the down sampling issues in DWT-OFDM systems and significantly improves both error rates and data rates in high-speed wireless communication. Fifth-generation wireless networks require transmission at ultra-high data rates, which necessitates reducing ISI and ICI. Multiple-input multiple-output orthogonal frequency division multiplexing (MIMO<img>OFDM) is employed to achieve the UHDR. The bandwidth and orthogonality of DWT-OFDM (discrete wavelet transform-based OFDM) are increased; however system performance is degraded due to down sampling. The redundant discrete wavelet transform (RDWT) is proposed for eliminating down sampling complexities. Simulation results demonstrate that RDWT effectively lowers bit error rates, ICI, and ISI by increasing the carrier-to-interference power ratio (CIR). The Arithmetic Optimization Algorithm is used to optimize ICI cancellation weights, further enhancing spectrum efficiency. The proposed method is executed in MATLAB and achieves notable performance gains: up to 82.95 % lower error rates and 39.88 % higher data rates compared to the existing methods.</div></div><div><h3>Conclusion</h3><div>The integration of RDWT with AOA represents a significant advancement in enhancing the spectral efficiency of MIMO<img>OFDM systems for UHDR transmission in 5 G networks. The proposed method not only enhances system performance but also lays a foundation for future developments in high-speed wireless communication by addressing down sampling issues and optimizing interference mitigation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel secure privacy-preserving data sharing model with deep-based key generation on the blockchain network in the cloud","authors":"","doi":"10.1016/j.csi.2024.103932","DOIUrl":"10.1016/j.csi.2024.103932","url":null,"abstract":"<div><div>Cloud computing is currently emerging as a developing technology in which a Cloud Service Provider (CSP) is a third-party organization that provides effective storage of data and facilities to a large client base. Saving information in a cloud offers users the satisfaction of accessing it without the need for direct knowledge of the distribution and management of an infrastructure. The primary objective is to develop a novel, secure, and privacy-preserving data-sharing model that utilizes deep-based key generation on blockchain in the cloud. Data communication is done using multiple entities. The research aims to develop a collaborative data-sharing method in the cloud for the authentication scheme for cloud security on blockchain and smart contracts. Initialization, registration, key generation, authentication of data sharing, and validation are carried out here. The proposed data-sharing model involves a revenue distribution model that depends on Multiple Services (MS) models to improve multiple cloud services. The security parameters namely passwords, hashing functions, key interpolation, and encryption are used for preserving the Data privacy and here the SpinalNet is used for generating keys. Furthermore, the devised SpinalNet_Genkey obtained a value of 45.001 MB, 0.002, and 0.003 sec for memory usage, revenue, and computation cost.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142422181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrating deep learning and data fusion for advanced keystroke dynamics authentication","authors":"","doi":"10.1016/j.csi.2024.103931","DOIUrl":"10.1016/j.csi.2024.103931","url":null,"abstract":"<div><div>By enhancing user authentication protocols, especially in critical infrastructures vulnerable to complex cyberthreats, we present an advanced approach that integrates a deep learning-based model and data fusion techniques applied to analyze keystroke dynamics. With the growing need for robust security measures, especially in critical infrastructure environments, traditional authentication mechanisms often fail to cope with advanced threats. Our approach focuses on the unique behavioral biometric characteristics of keystrokes, which offers promising opportunities to improve user authentication processes. We have developed a data fusion-based methodology that utilizes the unique features of keystroke dynamics combined with deep learning techniques to improve user authentication systems. Using the capabilities of data fusion and deep learning, the proposed methodology not only captures the complex behavioral biometrics inherent in keystroke dynamics but also addresses the challenges posed by varying password lengths and typing styles. We conducted extensive experiments on several fixed-text datasets, including the Carnegie Mellon University dataset, the KeyRecs dataset, and the GREYC-NISLAB dataset, with a total of approximately 54,000 password records. Comprehensive experiments on various datasets with different password lengths have shown that our approach is scalable and accurate for user authentication, which significantly improves the security of critical infrastructure. By using interpolation-based data fusion techniques to standardize the keystroke data to a uniform length and employing a Siamese neural network with a triplet loss function, the best equal error rate of 0.13281 was achieved for the unseen fused data. The integration of deep learning and data fusion effectively generalizes to different user profiles, demonstrating its adaptability and accuracy in authenticating users in different scenarios. The findings are crucial for improving security in sensitive applications, ranging from accessing personal devices to protecting critical infrastructure.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A privacy-preserving traceability system for self-sovereign identity-based inter-organizational business processes","authors":"","doi":"10.1016/j.csi.2024.103930","DOIUrl":"10.1016/j.csi.2024.103930","url":null,"abstract":"<div><div>Blockchain is a potential technology for collaborating organizations, notably for executing their Inter-Organizational Business Processes (IOBPs). While Blockchain’s transparency and decentralized characteristics address the lack-of-trust issue in IOBPs, many existing Blockchain solutions share this data on the ledger, often at the expense of serious privacy concerns. Alternatively, Self-Sovereign Identity (SSI) systems are revolutionary Blockchain-based solutions that provide complete data control. Unlike traditional Blockchain solutions, many SSI systems do not record the exchange of transactional data between entities on the ledger in order to comply with privacy regulations. However, this can imply a gap in cases where legal traceability is required for audit purposes. To address traceability issues in SSI-based IOBP, this paper leverages Zero-Knowledge Proof (ZKP) and Fully Homomorphic Encryption (FHE) to provide an efficient privacy-preserving traceability solution. The purpose of this paper is to achieve traceability that strikes a balance between privacy and transparency. This paper also provides a proof-of-concept implementation and a comparative evaluation. The evaluation shows that the proposed ZKP approach provides better financial cost and performance results compared to traditional Blockchain-based traceability solutions.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142422180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DBAC-DSR-BT: A secure and reliable deep speech recognition based-distributed biometric access control scheme over blockchain technology","authors":"","doi":"10.1016/j.csi.2024.103929","DOIUrl":"10.1016/j.csi.2024.103929","url":null,"abstract":"<div><div>Speech recognition systems have been widely employed in several fields including biometric access control. In such systems, handling sensitive data represents a real threat and risk to security and privacy, namely in the central environment. This paper proposes an innovative solution that integrates speech recognition power as a biometric modality with the decentralized and tamper-resistant nature of blockchain technology aims at designing, implementing, and evaluating an access control system that not only leverages the unique characteristics of speech recognition through the AutoEncoding Generative Adversarial Network (AE-GAN) model for user authentication but also ensures the enforcement of access policies and voice templates storage through two distinct Smart Contracts. The first smart contract aims at storing the ID of encrypted templates matched to the hash of the public address and encrypted attributes. While the second smart contract incorporates the security policy and takes charge of generating an access token if the conditions have been satisfied. Which makes it easier to upgrade specific components without affecting the entire system. Moreover, this architecture delegates the extraction features, conversion into template, encryption, and similarity calculation functions of encrypted templates using homomorphic encryption to an API to provide more security, privacy, scalability and interoperability and reduce the overhead within the blockchain. This API interacts with the smart contract using Oracle services that ensure the interaction between on-chain and off-chain, which provide a reliable, fine-grained, and robust scheme. The simulation of this proposed scheme proves its robustness, efficiency, and performance in terms of security, reliability, and resistance to several attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Practical two-party SM2 signing using multiplicative-to-additive functionality","authors":"","doi":"10.1016/j.csi.2024.103928","DOIUrl":"10.1016/j.csi.2024.103928","url":null,"abstract":"<div><div>Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Real-time privacy-preserved auditing for shared outsourced data","authors":"","doi":"10.1016/j.csi.2024.103927","DOIUrl":"10.1016/j.csi.2024.103927","url":null,"abstract":"<div><p>Health providers need to share patient information across healthcare networks efficiently and securely to improve medical and health services. Timely data synchronization among relevant parties is crucial for effectively containing and preventing the worsening of the condition. However, ensuring rapid information sharing while maintaining the security of sensitive patient data remains a pressing concern. In this paper, we introduce a cloud storage integrity auditing scheme that can protect auditors from procrastinating and preserve the privacy of sensitive information. Our proposed system requires healthcare institutions to encrypt sensitive patient data before uploading it to the cloud. It mandates the use of a data sanitizer for the secure processing of encrypted data blocks. Auditors must verify data integrity and promptly submit their audit results to the blockchain within a predefined time frame. Leveraging the time-sensitive nature of blockchain technology, healthcare institutions can monitor auditor compliance within the allotted validation timeframe. We conducted comprehensive security analysis and performance evaluations to demonstrate the feasibility and effectiveness of our solution in addressing the challenges of secure and timely cloud storage in healthcare settings.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000965/pdfft?md5=415902120bc5d079b282f17d38c9e44f&pid=1-s2.0-S0920548924000965-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142270690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain-based cross-domain query integrity verification mechanism for outsourced database","authors":"","doi":"10.1016/j.csi.2024.103926","DOIUrl":"10.1016/j.csi.2024.103926","url":null,"abstract":"<div><div>With the growth of cloud computing, more and more organizations are outsourcing data to cloud platforms for flexibility and cost-effectiveness. However, this also poses the risk of data tampering or forgery, especially in the case of cross-domain queries, where the integrity of the query results needs to be ensured and cross-domain authentication is performed at the same time. Traditional approaches rely on centralized third-party authentication authorities, which increases complexity and potential security risks. To address these issues, we propose a blockchain-based Cross-domain Query Integrity Verification (CQIV) mechanism for outsourced databases. The mechanism leverages the decentralization and non-tamperability of the blockchain to achieve efficient cross-domain authentication and query integrity verification without the need for a third-party certification authority. By constructing a cuckoo filter on the blockchain, the authentication efficiency is improved and the storage cost is reduced. In addition, Dynamically Adjustable Capacity Cuckoo Filter (DACF) is designed to optimize query efficiency. Finally, the effectiveness and practicality of the mechanism are verified by comprehensive security analysis and performance evaluation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Delta GUI change detection using inferred models","authors":"","doi":"10.1016/j.csi.2024.103925","DOIUrl":"10.1016/j.csi.2024.103925","url":null,"abstract":"<div><p>Recent software development methodologies emphasize iterative and incremental evolution to align with stakeholders’ needs. This perpetual and rapid software evolution demands ongoing research into verification practices and technologies that ensure swift responsiveness and effective management of software delta increments. Strategies such as code review have been widely adopted for development and verification, ensuring readability and consistency in the delta increments of software projects. However, the integration of techniques to detect and visually report delta changes within the Graphical User Interface (GUI) software applications remains an underutilized process. In this paper, we set out to achieve two objectives. First, we aim to conduct a comprehensive review of existing studies concerning GUI change detection in desktop, web, and mobile applications to recognize common practices. Second, we introduce a novel change detection tool capable of highlighting delta GUI changes for this diverse range of applications. To accomplish our first objective, we performed a systematic mapping of the literature using the Scopus database. To address the second objective, we designed and developed a GUI change detection tool. This tool simultaneously transits and compares state models inferred by a scriptless testing tool, enabling the detection and highlighting of GUI changes to detect the widgets or functionalities that have been added, removed, or modified. Our study reveals the existence of a multitude of techniques for change detection in specific GUI systems with different objectives. However, there is no widely adopted technique suitable for the diverse range of existing desktop, web, and mobile applications. Our tool and findings demonstrate the effectiveness of using inferred state models to highlight between 8 and 20 GUI changes in software delta increments containing a large number of changes over months and between 4 and 6 GUI changes in delta increments of small iterations performed over multiple weeks. Moreover, some of these changes were recognized by the software developers as GUI failures that required a fix. Finally, we expose the motivation for using this technique to help developers and testers analyze GUI changes to validate delta increments and detect potential GUI failures, thereby fostering knowledge dissemination and paving the way to standard practices.</p></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":null,"pages":null},"PeriodicalIF":4.1,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0920548924000941/pdfft?md5=27a9fbf4beea136b7a89fef0ed16bc0d&pid=1-s2.0-S0920548924000941-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}