Haula Sani Galadima , Cormac Doherty , Nick McDonald , Junli Liang , Rob Brennan
{"title":"Evaluating Incident Response in CSIRTs using Cube Socio-technical Systems Analysis","authors":"Haula Sani Galadima , Cormac Doherty , Nick McDonald , Junli Liang , Rob Brennan","doi":"10.1016/j.csi.2024.103970","DOIUrl":"10.1016/j.csi.2024.103970","url":null,"abstract":"<div><div>This paper provides a novel method for evaluating Incident Response (IR) teams through the application of the Cube Socio-technical Systems Analysis (STSA) methodology. Cube is a form of structured Human Factors enquiry and has previously been successfully applied in both aviation and healthcare. By utilising STSA, this study aims to understand and evaluate incident knowledge across the IR socio-technical domain. Traditional approaches to IR improvement often focus solely on technical aspects, neglecting social factors that may significantly influence IR effectiveness.</div><div>This research presents the results of extending the ARK platform for a cybersecurity IR Cube STSA of IR activities in a case study involving a large, accredited Computer Security Incident Response Team (CSIRT). It evaluates the IR system and team needs before the development of a technological intervention to improve IR learning and preparation capabilities. We present an extended Cube questionnaire, that defines specialised IR questions, an ontology, and terminology for the cybersecurity domain based on the ISO27000 series of standards. The case study demonstrates the ARK platform's capability to capture and analyse IR systems using a Multi-stage Cube STSA analysis shared in a reusable knowledge graph based on W3C standards. This provides a shared knowledge base based on FAIR (Findable, Accessible, Interoperable, Reusable) linked data, that may support generation of training materials, playbooks, and best practices to enhance IR capabilities and CSIRT operations. We show how this approach provides new insights and reusable artefacts for CSIRTs to enhance organisational cyber resilience and learning.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103970"},"PeriodicalIF":4.1,"publicationDate":"2025-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"HealthDID: An efficient and authorizable multi-party privacy-preserving EMR sharing system based on DID","authors":"Zuodong Wu, Dawei Zhang","doi":"10.1016/j.csi.2024.103967","DOIUrl":"10.1016/j.csi.2024.103967","url":null,"abstract":"<div><div>Electronic medical record (EMR) sharing is widely acknowledged as a crucial approach for enhancing healthcare quality. However, existing EMR sharing systems face some privacy issues when implementing authorization and supervision, leading to the widespread formation of medical data islands. To address these issues, we constructed HealthDID, an efficient and authorizable system for multi-party privacy-preserving EMR sharing. Specifically, we first proposed a global identity management method based on Decentralized Identifier (DID) to address the issues of identity unification and authentication in cross-institutional EMR sharing. Then, we proposed a novel authorization method that enabled verification of the authorization proofs without revealing the patients’ identities. Moreover, we proposed a supervised signature method to meet the diverse privacy requirements of doctors while allowing the supervisor to recover the true identities of those suspected. Finally, we utilized Private Set Intersection with Payload (PSI-Payload) technology to support large-scale batch retrieval of EMR. Formal security proofs prove that HealthDID can achieve specified security goals. Theoretical analysis and experimental results show that our system is more efficient than other related works, with lower running time and reasonable communication costs.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103967"},"PeriodicalIF":4.1,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yamin Wen , Min Wan , Junying Zhao , Zheng Gong , Yuqiao Deng
{"title":"RSH-BU: Revocable secret handshakes with backward unlinkability from VLR group signatures","authors":"Yamin Wen , Min Wan , Junying Zhao , Zheng Gong , Yuqiao Deng","doi":"10.1016/j.csi.2024.103966","DOIUrl":"10.1016/j.csi.2024.103966","url":null,"abstract":"<div><div>Secret handshake scheme is a bi-directional authentication method that enables two participants from the same organization to identify both sides in private. A new generic construction of secret handshakes is proposed in this paper, which is primarily derived from Verifier-Local Revocation Group Signature (<span>VLR-GS</span>). An instance of the secret handshake scheme, drawn from a short <span>VLR-GS</span> with backward unlinkability, is presented. Our scheme incorporates an efficient revocation mechanism that guarantees both traceability and unlinkability. Moreover, the past actions of revoked users remain confidential due to the backward unlinkability mechanism. We have also enhanced the communication protection between the Group Authority (<span>GA</span>) and its members to prevent malicious <span>GA</span> from forging group members. Compared to previous secret handshake schemes, our scheme significantly reduces both communication and computation overhead, making it particularly suitable for mobile environments. Our proposal’s security can be proven under the random oracle model, given the difficulty of Decision Linear (DLIN) and q-Strong Diffie–Hellman (q-SDH) problems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103966"},"PeriodicalIF":4.1,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Agnė Brilingaitė , Linas Bukauskas , Ingrida Domarkienė , Tautvydas Rančelis , Laima Ambrozaitytė , Rūta Pirta , Ricardo G. Lugo , Benjamin J. Knox
{"title":"Towards projection of the individualised risk assessment for the cybersecurity workforce","authors":"Agnė Brilingaitė , Linas Bukauskas , Ingrida Domarkienė , Tautvydas Rančelis , Laima Ambrozaitytė , Rūta Pirta , Ricardo G. Lugo , Benjamin J. Knox","doi":"10.1016/j.csi.2024.103962","DOIUrl":"10.1016/j.csi.2024.103962","url":null,"abstract":"<div><div>In the era of global digitalisation, there is rapid development of services requiring cybersecurity resilience against adversarial actions. The demand for skilled cybersecurity professionals is at an all-time high, with over three million positions yet to be filled worldwide. Employers call for help to recruit and retain specialists as a stressful cybersecurity work environment increases the risk of insecure and non-compliant behaviour. Current training methodologies need to be revised to address this issue, underlining the need for a shift towards more individualised training methods to raise awareness about personal traits that impact professional conduct. This paper introduces a multi-disciplinary model that enables the personal trait triangulation of the cybersecurity specialist from three different perspectives: human genetics, psychology, and information and communication technology. The model offers a novel approach by incorporating a self-regulation feature, exemplified through impulsivity measured by the Barratt Impulsiveness Scale, and leveraging a web-based system for both psychological assessment and cybersecurity task completion. Pilot experimental data (n=48) was used for model building and proof of concept. The example demonstrates model potential in individual behaviour prognosis. It suggests its utility in tailoring training strategies that not only enhance cybersecurity performance but also aid in workforce retention by acknowledging and addressing the complex interplay of factors influencing daily cyber routines.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103962"},"PeriodicalIF":4.1,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fucai Zhou , Jintong Sun , Qiang Wang , Yun Zhang , Ruiwei Hou , Chongyang Wang
{"title":"Efficient private information retrievals for single-server based on verifiable homomorphic encryption","authors":"Fucai Zhou , Jintong Sun , Qiang Wang , Yun Zhang , Ruiwei Hou , Chongyang Wang","doi":"10.1016/j.csi.2024.103961","DOIUrl":"10.1016/j.csi.2024.103961","url":null,"abstract":"<div><div>Private Information Retrieval (PIR) enables users to search data from public databases without revealing their queries to the database owner. However, current PIR protocols often ignore data integrity protection and suffer from high retrieval overhead. To address these challenges, we propose a new PIR protocol, called VHE-PIR. In VHE-PIR, we utilize a concrete implementation of verifiable homomorphic encryption (VHE) to ensure data integrity. VHE allows us to generate verifiable proofs by encrypting and evaluating ciphertexts. Furthermore, we introduce an acceleration module (AM) to improve retrieval efficiency. AM decomposes matrix multiplication into multiple threads, realizes simultaneous execution, and improves the speed of data encryption and information retrieval. By combining VHE and AM, we provide an efficient PIR solution that protects data privacy and integrity. Experimental results show that VHE-PIR outperforms similar protocols in terms of retrieval efficiency.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103961"},"PeriodicalIF":4.1,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Falak khan , Gabriela Pajtinková Bartáková , Ahmad Almadhor , Amna Qayyum , Kainaat Abeer , Aman Durrani
{"title":"Evaluating the capacity and limitations of generative AI in financial decision making","authors":"Falak khan , Gabriela Pajtinková Bartáková , Ahmad Almadhor , Amna Qayyum , Kainaat Abeer , Aman Durrani","doi":"10.1016/j.csi.2024.103965","DOIUrl":"10.1016/j.csi.2024.103965","url":null,"abstract":"<div><div>Financial services industry has experienced enormous changes, as a result innovations are constantly taking place to cater to new financial needs of individuals, globally. Though innovative and complex financial products present consumers with a variety of investment options, yet at the same time, this variety tends to complicate the decision-making process, when faced with too many options to choose from, especially ones that may be artificial intelligence based and too technologically advanced for consumers to understand, hence consumers find it challenging to reach a decision. The primary concept behind conducting this study is to analyse the phases at which consumers are more vulnerable in the developing countries by walking through their decision-making process of acquiring technologically advanced financial products. This qualitative study is based on 50 interviews and themes are formed using qualitive SQL software. The findings reveal that consumers are quite vulnerable due to the lack of; financial and digital literacy, bank cooperation, trust issues and regulative discrepancies. The study also makes recommendations for the practitioners and the policy makers for a better and sustainable financial inclusion.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103965"},"PeriodicalIF":4.1,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Noor Al-Qaysi , Mostafa Al-Emran , Mohammed A. Al-Sharafi , Zaher Mundher Yaseen , Moamin A. Mahmoud , Azhana Ahmad
{"title":"Generative AI and educational sustainability: Examining the role of knowledge management factors and AI attributes using a deep learning-based hybrid SEM-ANN approach","authors":"Noor Al-Qaysi , Mostafa Al-Emran , Mohammed A. Al-Sharafi , Zaher Mundher Yaseen , Moamin A. Mahmoud , Azhana Ahmad","doi":"10.1016/j.csi.2024.103964","DOIUrl":"10.1016/j.csi.2024.103964","url":null,"abstract":"<div><div>Integrating Generative AI into educational settings holds transformative potential by personalizing learning, enhancing accessibility, and reducing resource usage, thereby promoting educational sustainability. However, understanding the drivers influencing Generative AI use and its subsequent impact on educational sustainability is still in short supply. Therefore, we developed an integrated model of knowledge management (KM) factors and AI attributes to examine their impact on Generative AI use and its consequent effect on educational sustainability. The model was then evaluated using a deep learning-based hybrid SEM-ANN approach based on data collected from 464 students. The PLS-SEM findings supported the role of knowledge acquisition, knowledge application, perceived anthropomorphism, perceived animacy, and perceived intelligence in positively affecting Generative AI use. In contrast, knowledge sharing showed no notable effect. The findings also showed that using Generative AI significantly promotes educational sustainability. The ANN results indicated that perceived anthropomorphism is the most critical factor impacting Generative AI use, with a normalized importance of 91.10 %. Theoretically, the findings offer empirical evidence on how KM factors and AI attributes influence Generative AI use and its role in enhancing educational sustainability. Practically, this research provides implications for various stakeholders interested in applying Generative AI for educational purposes.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103964"},"PeriodicalIF":4.1,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zainab Javed , Muhammad Zohaib Iqbal , Muhammad Uzair Khan , Muhammad Usman , Atif Aftab Ahmed Jilani
{"title":"A hybrid search and model-based approach for testing the self-adaptive unmanned aircraft system software","authors":"Zainab Javed , Muhammad Zohaib Iqbal , Muhammad Uzair Khan , Muhammad Usman , Atif Aftab Ahmed Jilani","doi":"10.1016/j.csi.2024.103959","DOIUrl":"10.1016/j.csi.2024.103959","url":null,"abstract":"<div><div>In recent years, there has been a significant increase in the deployment of unmanned aircraft systems (UAS) in critical missions like search and rescue, surveillance, and environmental monitoring. During a mission, the UAS experiences changes, referred to as <em>interruptions</em>, requiring self-adaptation, i.e., an adjustment in its behavior at run-time. This adaptation is crucial due to the mission’s inherent critical nature involving engagement with humans, structures, and neighboring unmanned aerial vehicles (UAVs). Testing the application software that defines its mission and behavior is mandatory to ensure the accurate adaptation of its behavior. For this, the primary challenge involves the flight of a UAS, followed by the identification of test cases ensuring the execution of necessary self-adaptive behaviors during a UAS flight. The current industrial practice of testing self-adaptive behaviors in UAS involves manual testing, a time-consuming method that restricts the execution to a limited set of test cases. To address this problem, we propose a hybrid approach to test the self-adaptive behavior of UAS application software. As part of the approach, we propose a modeling methodology to capture the application requirements for the UAS mission and the self-adaptive behavior. We then use the developed models and a search-based algorithm to automate the generation and execution of test cases. We have created a prototype tool to facilitate the automation of testing activities. The work is conducted in collaboration with an industrial partner and demonstrated through a case study of UAS formation flight application software. We have effectively modeled the case study concepts with the proposed modeling methodology. Employing our testing approach, we have detected ten unique faults within the formation flight application software. Additionally, statistical analysis indicates that the proposed approach outperforms the baseline random search in fault detection using a genetic algorithm.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103959"},"PeriodicalIF":4.1,"publicationDate":"2024-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Post-quantum secure ID-based encryption with equality test against insider attacks from isogeny","authors":"Yi-Fan Tseng","doi":"10.1016/j.csi.2024.103958","DOIUrl":"10.1016/j.csi.2024.103958","url":null,"abstract":"<div><div>With the rise of AI and smart computing, encryption with equality test has been shown useful in such applications. Compared to the standard ID-based encryption with equality test (IBEET), IBEET against insider attacks (<span><math><mi>IBEETIA</mi></math></span>) allows one to check whether two ciphertexts encrypt the same message without using her private keys, and provides ciphertext indistinguishability against trapdoor holders. As a trade-off, a user needs to adopt a user-specific trapdoor to encryption messages. Unfortunately, we found that in the existing <span><math><mi>IBEETIA</mi></math></span> schemes actually fail to protect the information of the encrypted message, which should be the basic requirement for encryption. In this manuscript, therefore, an attack to the existing <span><math><mi>IBEETIA</mi></math></span> scheme is first demonstrated, and a potential solution by slightly modifying the definition of <span><math><mi>IBEETIA</mi></math></span> is given. Besides, a new generic construction for <span><math><mi>IBEETIA</mi></math></span> is also presented in this manuscript. To the best of our knowledge, the proposed construction is the only one achieving ciphertext indistinguishability and one-wayness simultaneously. Furthermore, by adopting Emura’s transformation, an ID-based encryption (IBE) from isogeny is further obtained, which may be the first quantum-resistant isogeny-based IBE scheme.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103958"},"PeriodicalIF":4.1,"publicationDate":"2024-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143170142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Signer revocability for threshold ring signatures","authors":"Da Teng, Yanqing Yao","doi":"10.1016/j.csi.2024.103960","DOIUrl":"10.1016/j.csi.2024.103960","url":null,"abstract":"<div><div><span><math><mi>t</mi></math></span>-out-of-<span><math><mi>n</mi></math></span> threshold ring signature (TRS) is a type of anonymous signature designed for <span><math><mi>t</mi></math></span> signers to jointly sign a message while hiding their identities among <span><math><mi>n</mi></math></span> parties that include themselves. However, can TRS address those needs if one of the signers wants to revoke his signature? Can non-signers be clipped without compromising anonymity? Current research has only addressed the functionally opposite property, namely, extendability. In this paper, we introduce the revocability of TRS, addressing the need for improved flexibility and privacy security. Specifically, we innovatively define two properties: revocability, allowing signers to revoke their identities non-interactively and update the signature from <span><math><mi>t</mi></math></span>-out-of-<span><math><mi>n</mi></math></span> to <span><math><mrow><mi>t</mi><mo>−</mo><mn>1</mn></mrow></math></span>-out-of-<span><math><mi>n</mi></math></span>; and clippability, enabling removal of non-signers from the ring. The synergy of these two properties enables dynamic revocation while keeping the signature size minimal. We analyze and define the boundaries of these operations, provide the DL-based constructions, and prove the security of the schemes. The asymptotic complexity of our approach reaches the same level as that of existing solutions, and especially when using larger ring sizes, experimental results demonstrate that it can effectively reduce the signature size.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103960"},"PeriodicalIF":4.1,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143169376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}