Computer Standards & Interfaces最新文献

{"title":"Developing a behavioural cybersecurity strategy: A five-step approach for organisations","authors":"Tommy van Steen","doi":"10.1016/j.csi.2024.103939","DOIUrl":"10.1016/j.csi.2024.103939","url":null,"abstract":"<div><div>With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103939"},"PeriodicalIF":4.1,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142593392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A traceable and revocable decentralized attribute-based encryption scheme with fully hidden access policy for cloud-based smart healthcare","authors":"Yue Dai ,&nbsp;Lulu Xue ,&nbsp;Bo Yang ,&nbsp;Tao Wang ,&nbsp;Kejia Zhang","doi":"10.1016/j.csi.2024.103936","DOIUrl":"10.1016/j.csi.2024.103936","url":null,"abstract":"<div><div>Smart healthcare is an emerging technology for enabling interaction between patients and medical personnel, medical institutions, and medical devices utilizing advanced Internet of Things (IoT) technologies. It has attracted significant attention from researchers because of the convenience of storing and sharing electronic medical records (EMRs) in the cloud. Given that a patient’s EMR contains sensitive individual information, it must be encrypted before uploading it to the cloud. As a solution for data confidentiality and fine-grained access control, the Ciphertext Policy Attribute-Based Encryption (CP-ABE) technique is proposed, which helps manipulate private personal data without explicit authorization. However, most CP-ABE schemes use a centralized mechanism which may lead to performance bottlenecks and single-point-of-failure issues. They will also be at risk of key abuse and privacy breaches in smart healthcare applications. To this end, in this paper, we investigate a traceable and revocable decentralized attribute-based encryption scheme with a fully hidden access policy (TR-HP-DABE). Firstly, to overcome the issues of user privacy leakage and single-point-of-failure, a fully hidden access policy is established for multiple attribute authorities. Secondly, to prevent key abuse, the proposed TR-HP-DABE can achieve the tracking and revocation of malicious users by using Key Encryption Key (KEK) trees and updating the partial ciphertext. Furthermore, the online/offline encryption and verifiable outsourced decryption are applied to improve its efficiency in practical smart healthcare. According to our analysis, the security and traceability of TR-HP-DABE can be proved. Finally, the performance evaluation of TR-HP-DABE is more effective than some existing typical ones.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103936"},"PeriodicalIF":4.1,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142552134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MARISMA: A modern and context-aware framework for assessing and managing information cybersecurity risks","authors":"Luis E. Sánchez ,&nbsp;Antonio Santos-Olmo ,&nbsp;David G. Rosado ,&nbsp;Carlos Blanco ,&nbsp;Manuel A. Serrano ,&nbsp;Haralambos Mouratidis ,&nbsp;Eduardo Fernández-Medina","doi":"10.1016/j.csi.2024.103935","DOIUrl":"10.1016/j.csi.2024.103935","url":null,"abstract":"<div><div>In a globalised world dependent on information technology, ensuring adequate protection of an organisation’s information assets has become a decisive factor for the longevity of the organisation’s operation. This is especially important when these organisations are critical infrastructures that provide essential services to nations and their citizens. However, to protect these assets, we must first be able to understand the risks to which they are subject and how to manage them properly. To understand and manage such the risks, we need first to acknowledge that organisations have changed, and they now have an increasing reliance on information assets, which in many cases are shared with other organisations. Such reliance and interconnectivity means that risks are constantly changing, they are dynamic, and potential mitigation does not just rely on the organisation’s own controls, but also on the controls put in place by the organisations with which it shares those assets. Taking the above requirements as essential, we have reviewed the state of the art, and we have concluded that current risk analysis and management systems are unable to meet all the needs inherent in this dynamic and evolving risk environment. This gap in the state of the art requires novel approaches that draw on the foundations of risk management, but they are adapted to the new challenges.</div><div>This article fulfils this gap in the literature with the introduction of MARISMA, a novel security risk analysis and management framework. MARISMA is oriented towards dynamic and adaptive risk management, considering external factors such as associative risks between organisations. MARISMA also contributes to the state of the art through newly developed mechanisms for knowledge reuse and dynamic learning. An important advantage of MARISMA is the connections between its elements that make it possible to reduce the subjectivity inherent in classical risk analysis systems, thereby generating suggestions that allow the translation of perceived security risks into real security risks. The framework comprises a reusable meta-pattern comprising different elements and their interdependencies, a supporting method that guides the entire process, and a cloud-based tool that automates data management and risk methods. MARISMA has been applied to many companies from different countries and sectors (government, maritime, energy, and pharmaceutical). In this paper, we demonstrate its applicability through its application to a real world case study involving a company in the technology sector.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103935"},"PeriodicalIF":4.1,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142446082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Designing usability/user experience heuristics to evaluate e-assessments administered to children","authors":"Florence Lehnert ,&nbsp;Sophie Doublet ,&nbsp;Gavin Sim","doi":"10.1016/j.csi.2024.103933","DOIUrl":"10.1016/j.csi.2024.103933","url":null,"abstract":"<div><div>The application of electronic assessments (e-assessments) has increased, particularly among elementary-school-aged children. Paper-based assessments are frequently converted into digital formats for efficiency gains, with little thought given to their user experience (UX) and usability. Individual differences, particularly among young children, can inhibit test-takers from completing the assessment tasks that are not designed to match their needs and abilities. Consequently, studies have raised concerns about the generalizability and fairness of e-assessments. Whereas heuristic evaluation is a standard method for evaluating and enhancing the efficacy of a product with respect to a set of guidelines, more information is needed about its added value when designing e-assessments for children. This paper synthesizes heuristics on the basis of the literature and expert judgments to accommodate children's abilities for interacting with e-assessment platforms. We present a final set of 10 heuristics, validated and refined by applying a heuristic evaluation workshop and collecting 24 expert surveys. The results indicate that the derived heuristics can help evaluate the UX and usability-related aspects of e-assessments with 6- to 12-year-old children. Moreover, the present paper proposes recommendations for a framework for developing usability/UX heuristics that can be used to help researchers develop domain-specific heuristics in the future.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103933"},"PeriodicalIF":4.1,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance analysis of multiple-input multiple-output orthogonal frequency division multiplexing system using arithmetic optimization algorithm","authors":"Deepa R ,&nbsp;Karthick R ,&nbsp;Jayaraj Velusamy ,&nbsp;Senthilkumar R","doi":"10.1016/j.csi.2024.103934","DOIUrl":"10.1016/j.csi.2024.103934","url":null,"abstract":"<div><div>This research aims to optimize the interference mitigation and improve system performance metrics, such as bit error rates, inter-carrier interference (ICI), and inter-symbol interference (ISI), by integrating the Redundant Discrete Wavelet Transform (RDWT) with the Arithmetic Optimization Algorithm (AOA). This will increase the spectral efficiency of MIMO<img>OFDM systems for ultra-high data rate (UHDR) transmission in 5 G networks. The most important contribution of this study is the innovative combination of RDWT and AOA, which effectively addresses the down sampling issues in DWT-OFDM systems and significantly improves both error rates and data rates in high-speed wireless communication. Fifth-generation wireless networks require transmission at ultra-high data rates, which necessitates reducing ISI and ICI. Multiple-input multiple-output orthogonal frequency division multiplexing (MIMO<img>OFDM) is employed to achieve the UHDR. The bandwidth and orthogonality of DWT-OFDM (discrete wavelet transform-based OFDM) are increased; however system performance is degraded due to down sampling. The redundant discrete wavelet transform (RDWT) is proposed for eliminating down sampling complexities. Simulation results demonstrate that RDWT effectively lowers bit error rates, ICI, and ISI by increasing the carrier-to-interference power ratio (CIR). The Arithmetic Optimization Algorithm is used to optimize ICI cancellation weights, further enhancing spectrum efficiency. The proposed method is executed in MATLAB and achieves notable performance gains: up to 82.95 % lower error rates and 39.88 % higher data rates compared to the existing methods.</div></div><div><h3>Conclusion</h3><div>The integration of RDWT with AOA represents a significant advancement in enhancing the spectral efficiency of MIMO<img>OFDM systems for UHDR transmission in 5 G networks. The proposed method not only enhances system performance but also lays a foundation for future developments in high-speed wireless communication by addressing down sampling issues and optimizing interference mitigation.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103934"},"PeriodicalIF":4.1,"publicationDate":"2024-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel secure privacy-preserving data sharing model with deep-based key generation on the blockchain network in the cloud","authors":"Samuel B ,&nbsp;Kasturi K","doi":"10.1016/j.csi.2024.103932","DOIUrl":"10.1016/j.csi.2024.103932","url":null,"abstract":"<div><div>Cloud computing is currently emerging as a developing technology in which a Cloud Service Provider (CSP) is a third-party organization that provides effective storage of data and facilities to a large client base. Saving information in a cloud offers users the satisfaction of accessing it without the need for direct knowledge of the distribution and management of an infrastructure. The primary objective is to develop a novel, secure, and privacy-preserving data-sharing model that utilizes deep-based key generation on blockchain in the cloud. Data communication is done using multiple entities. The research aims to develop a collaborative data-sharing method in the cloud for the authentication scheme for cloud security on blockchain and smart contracts. Initialization, registration, key generation, authentication of data sharing, and validation are carried out here. The proposed data-sharing model involves a revenue distribution model that depends on Multiple Services (MS) models to improve multiple cloud services. The security parameters namely passwords, hashing functions, key interpolation, and encryption are used for preserving the Data privacy and here the SpinalNet is used for generating keys. Furthermore, the devised SpinalNet_Genkey obtained a value of 45.001 MB, 0.002, and 0.003 sec for memory usage, revenue, and computation cost.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103932"},"PeriodicalIF":4.1,"publicationDate":"2024-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142422181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrating deep learning and data fusion for advanced keystroke dynamics authentication","authors":"Arnoldas Budžys,&nbsp;Olga Kurasova,&nbsp;Viktor Medvedev","doi":"10.1016/j.csi.2024.103931","DOIUrl":"10.1016/j.csi.2024.103931","url":null,"abstract":"<div><div>By enhancing user authentication protocols, especially in critical infrastructures vulnerable to complex cyberthreats, we present an advanced approach that integrates a deep learning-based model and data fusion techniques applied to analyze keystroke dynamics. With the growing need for robust security measures, especially in critical infrastructure environments, traditional authentication mechanisms often fail to cope with advanced threats. Our approach focuses on the unique behavioral biometric characteristics of keystrokes, which offers promising opportunities to improve user authentication processes. We have developed a data fusion-based methodology that utilizes the unique features of keystroke dynamics combined with deep learning techniques to improve user authentication systems. Using the capabilities of data fusion and deep learning, the proposed methodology not only captures the complex behavioral biometrics inherent in keystroke dynamics but also addresses the challenges posed by varying password lengths and typing styles. We conducted extensive experiments on several fixed-text datasets, including the Carnegie Mellon University dataset, the KeyRecs dataset, and the GREYC-NISLAB dataset, with a total of approximately 54,000 password records. Comprehensive experiments on various datasets with different password lengths have shown that our approach is scalable and accurate for user authentication, which significantly improves the security of critical infrastructure. By using interpolation-based data fusion techniques to standardize the keystroke data to a uniform length and employing a Siamese neural network with a triplet loss function, the best equal error rate of 0.13281 was achieved for the unseen fused data. The integration of deep learning and data fusion effectively generalizes to different user profiles, demonstrating its adaptability and accuracy in authenticating users in different scenarios. The findings are crucial for improving security in sensitive applications, ranging from accessing personal devices to protecting critical infrastructure.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103931"},"PeriodicalIF":4.1,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A privacy-preserving traceability system for self-sovereign identity-based inter-organizational business processes","authors":"Amal Abid ,&nbsp;Saoussen Cheikhrouhou ,&nbsp;Slim Kallel ,&nbsp;Mohamed Jmaiel","doi":"10.1016/j.csi.2024.103930","DOIUrl":"10.1016/j.csi.2024.103930","url":null,"abstract":"<div><div>Blockchain is a potential technology for collaborating organizations, notably for executing their Inter-Organizational Business Processes (IOBPs). While Blockchain’s transparency and decentralized characteristics address the lack-of-trust issue in IOBPs, many existing Blockchain solutions share this data on the ledger, often at the expense of serious privacy concerns. Alternatively, Self-Sovereign Identity (SSI) systems are revolutionary Blockchain-based solutions that provide complete data control. Unlike traditional Blockchain solutions, many SSI systems do not record the exchange of transactional data between entities on the ledger in order to comply with privacy regulations. However, this can imply a gap in cases where legal traceability is required for audit purposes. To address traceability issues in SSI-based IOBP, this paper leverages Zero-Knowledge Proof (ZKP) and Fully Homomorphic Encryption (FHE) to provide an efficient privacy-preserving traceability solution. The purpose of this paper is to achieve traceability that strikes a balance between privacy and transparency. This paper also provides a proof-of-concept implementation and a comparative evaluation. The evaluation shows that the proposed ZKP approach provides better financial cost and performance results compared to traditional Blockchain-based traceability solutions.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103930"},"PeriodicalIF":4.1,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142422180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DBAC-DSR-BT: A secure and reliable deep speech recognition based-distributed biometric access control scheme over blockchain technology","authors":"Oussama Mounnan ,&nbsp;Larbi Boubchir ,&nbsp;Otman Manad ,&nbsp;Abdelkrim El Mouatasim ,&nbsp;Boubaker Daachi","doi":"10.1016/j.csi.2024.103929","DOIUrl":"10.1016/j.csi.2024.103929","url":null,"abstract":"<div><div>Speech recognition systems have been widely employed in several fields including biometric access control. In such systems, handling sensitive data represents a real threat and risk to security and privacy, namely in the central environment. This paper proposes an innovative solution that integrates speech recognition power as a biometric modality with the decentralized and tamper-resistant nature of blockchain technology aims at designing, implementing, and evaluating an access control system that not only leverages the unique characteristics of speech recognition through the AutoEncoding Generative Adversarial Network (AE-GAN) model for user authentication but also ensures the enforcement of access policies and voice templates storage through two distinct Smart Contracts. The first smart contract aims at storing the ID of encrypted templates matched to the hash of the public address and encrypted attributes. While the second smart contract incorporates the security policy and takes charge of generating an access token if the conditions have been satisfied. Which makes it easier to upgrade specific components without affecting the entire system. Moreover, this architecture delegates the extraction features, conversion into template, encryption, and similarity calculation functions of encrypted templates using homomorphic encryption to an API to provide more security, privacy, scalability and interoperability and reduce the overhead within the blockchain. This API interacts with the smart contract using Oracle services that ensure the interaction between on-chain and off-chain, which provide a reliable, fine-grained, and robust scheme. The simulation of this proposed scheme proves its robustness, efficiency, and performance in terms of security, reliability, and resistance to several attacks.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103929"},"PeriodicalIF":4.1,"publicationDate":"2024-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Practical two-party SM2 signing using multiplicative-to-additive functionality","authors":"Shiyang Li ,&nbsp;Wenjie Yang ,&nbsp;Futai Zhang ,&nbsp;Xinyi Huang ,&nbsp;Rongmao Chen","doi":"10.1016/j.csi.2024.103928","DOIUrl":"10.1016/j.csi.2024.103928","url":null,"abstract":"<div><div>Threshold signatures are important tools for addressing issues related to key management, certificate management, and cryptocurrencies. Among them, two-party SM2 signatures have received considerable interest recently. In this paper, we propose a fast and secure online/offline two-party SM2. By employing the re-sharing technique, we have successfully made the online phase of the signing process non-interactive while achieving nearly optimal computational efficiency. Additionally, in the offline phase, there is just a single call to the multiplicative-to-additive functionality based on Paillier encryption. Our protocol is existentially unforgeable under adaptive chosen message attacks in the random oracle model in the presence of a static adversary. Experimental results demonstrate that our proposed scheme outperforms previous similar schemes by approximately a factor of 2 in online computation and a factor of 3 in online communication. Our scheme can be applied in scenarios such as Certificate Authority (CA) and the signing of blockchain transactions to provide them with a more secure and flexible implementation method, enhancing the security and reliability of the systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"92 ","pages":"Article 103928"},"PeriodicalIF":4.1,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142314788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}