Purpose: This research aims to evaluate the potential threats to patient privacy and confidentiality posed by mHealth applications on mobile devices. Methodology: A comprehensive literature review was conducted, selec...Purpose: This research aims to evaluate the potential threats to patient privacy and confidentiality posed by mHealth applications on mobile devices. Methodology: A comprehensive literature review was conducted, selecting eighty-eight articles published over the past fifteen years. The study assessed data gathering and storage practices, regulatory adherence, legal structures, consent procedures, user education, and strategies to mitigate risks. Results: The findings reveal significant advancements in technologies designed to safeguard privacy and facilitate the widespread use of mHealth apps. However, persistent ethical issues related to privacy remain largely unchanged despite these technological strides.展开更多
In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality lo...In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.展开更多
Video games have been around for several decades and have had many advancements from the original start of video games. Video games started as virtual games that were advertised towards children, and these virtual gam...Video games have been around for several decades and have had many advancements from the original start of video games. Video games started as virtual games that were advertised towards children, and these virtual games created a virtual reality of a variety of genres. These genres included sports games, such as tennis, football, baseball, war games, fantasy, puzzles, etc. The start of these games was derived from a sports genre and now has a popularity in multiplayer-online-shooting games. The purpose of this paper is to investigate different types of tools available for cheating in virtual world making players have undue advantage over other players in a competition. With the advancement in technology, these video games have become more expanded in the development aspects of gaming. Video game developers have created long lines of codes to create a new look of video games. As video games have progressed, the coding, bugs, bots, and errors of video games have changed throughout the years. The coding of video games has branched out from the original video games, which have given many benefits to this virtual world, while simultaneously creating more problems such as bots. Analysis of tools available for cheating in a game has disadvantaged normal gamer in a fair contest.展开更多
Opportunistic networks(OppNets)are usually a set of smart,wearable,and portable devices or entities with mobility that connect wirelessly without requiring infrastructure.Such a network is of great importance in data ...Opportunistic networks(OppNets)are usually a set of smart,wearable,and portable devices or entities with mobility that connect wirelessly without requiring infrastructure.Such a network is of great importance in data transmission,particularly in incidents and disasters,whether man-made or natural.However,message integrity and confidentiality are of concern when dealing with vital and physiological data transmission under strict privacy regulations.In this work,we propose a structure to classify messages based on their priority in different queues.Furthermore,due to the decentralized architecture of OppNets,we propose a blockchain-based structure for providing security for high-priority messages.It contains three sequences of functional blocks with a light and simplified implementation that make it suitable for battery-powered wearable devices that are limited in energy consumption and computational units.The simulation results show that by increasing the number of nodes in the network,the average of the changes in block sizes is neglectable,which addresses the computation bottleneck.Furthermore,we analyze the performance of the proposed structure in terms of message delivery and network overhead compared with the Epidemic and Prophet routing algorithms.These results indicate advancing the overall performance of the proposed algorithm.展开更多
This study aims to explore the application of SysTrust Theory in Accounting Information Systems(AIS)through a systematic literature review.SysTrust Theory,developed by the AICPA(2017),focuses on the reliability of inf...This study aims to explore the application of SysTrust Theory in Accounting Information Systems(AIS)through a systematic literature review.SysTrust Theory,developed by the AICPA(2017),focuses on the reliability of information systems by assessing aspects such as availability,integrity,security,confidentiality,and privacy.This study analyzed several related articles published between 2012 and 2025,identifying the positive impacts of implementing SysTrust Theory on AIS effectiveness,business performance,financial reporting quality,and organizational commitment.The results showed that integrity was the most dominant factor in improving AIS reliability,followed by security and privacy.The implementation of SysTrust has also been shown to reduce the risk of fraud,improve the accuracy of financial data,and support strategic decision making.However,challenges such as user uncertainty about electronic payment systems and technology adaptation continue to be obstacles.This study recommends the need to improve system quality,educate users,and strengthen internal controls to optimize the benefits of SysTrust Theory in business practices.展开更多
This study presents a comprehensive and secure architectural framework for the Internet of Medical Things(IoMT),integrating the foundational principles of the Confidentiality,Integrity,and Availability(CIA)triad along...This study presents a comprehensive and secure architectural framework for the Internet of Medical Things(IoMT),integrating the foundational principles of the Confidentiality,Integrity,and Availability(CIA)triad along with authentication mechanisms.Leveraging advanced Machine Learning(ML)and Deep Learning(DL)techniques,the proposed system is designed to safeguard Patient-Generated Health Data(PGHD)across interconnected medical devices.Given the increasing complexity and scale of cyber threats in IoMT environments,the integration of Intrusion Detection and Prevention Systems(IDPS)with intelligent analytics is critical.Our methodology employs both standalone and hybrid ML&DL models to automate threat detection and enable real-time analysis,while ensuring rapid and accurate responses to a diverse array of attacks.Emphasis is placed on systematic model evaluation using detection metrics such as accuracy,False Alarm Rate(FAR),and False Discovery Rate(FDR),with performance validation through cross-validation and statistical significance testing.Experimental results based on the Edge-IIoTset dataset demonstrate the superior performance of ensemble-based ML models such as Extreme Gradient Boosting(XGB)and hybrid DL models such as Convolutional Neural Networks with Autoencoders(CNN+AE),which achieved detection accuracies of 96%and 98%,respectively,with notably low FARs.These findings underscore the effectiveness of combining traditional security principles with advanced AI-driven methodologies to ensure secure,resilient,and trustworthy healthcare systems within the IoMT ecosystem.展开更多
Ensuring confidentiality of sensitive data is of paramount importance,since data leakage may not only endanger data owners’privacy,but also ruin reputation of businesses as well as violate various regulations like HI...Ensuring confidentiality of sensitive data is of paramount importance,since data leakage may not only endanger data owners’privacy,but also ruin reputation of businesses as well as violate various regulations like HIPPA and Sarbanes-Oxley Act.To provide confidentiality guarantee,the data should be protected when they are preserved in the personal computing devices(i.e.,confidentiality during their lifetime);and also,they should be rendered irrecoverable after they are removed from the devices(i.e.,confidentiality after their lifetime).Encryption and secure deletion are used to ensure data confidentiality during and after their lifetime,respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of the data in personal computing devices,including both encryption and secure deletion.Especially for encryption,we mainly focus on the novel plausibly deniable encryption(PDE),which can ensure data confidentiality against both a coercive(i.e.,the attacker can coerce the data owner for the decryption key)and a non-coercive attacker.展开更多
We propose a novel technique to increase the confidentiality of an optical code division multiple access (OCDMA) system. A virtual user technique is analyzed and implemented to make an OCDMA system secure. Using thi...We propose a novel technique to increase the confidentiality of an optical code division multiple access (OCDMA) system. A virtual user technique is analyzed and implemented to make an OCDMA system secure. Using this technique, an eavesdropper will never find an isolated authorized user's signal. When authorized users and virtual users transmit data synchronously and asynehronously, network security increases by 25% and 37.5%, respectively.展开更多
Publish/subscribe(pub/sub)systems are widely used in large-scale messaging systems due to their asynchronous and decoupled nature.With the population of pub/sub cloud services,the privacy protection problem of pub/sub...Publish/subscribe(pub/sub)systems are widely used in large-scale messaging systems due to their asynchronous and decoupled nature.With the population of pub/sub cloud services,the privacy protection problem of pub/sub systems has started to emerge,and events and subscriptions are exposed when executing event matching on untrustworthy cloud brokers.However,as the number of subscriptions increases,the effectiveness of the previous confidentiality protection approaches declines drastically.In this paper,we propose SBM(scalable blind matching),an effective confidentiality protection scheme for pub/sub systems.To the best of our knowledge,SBM is the first scheme that applies order-preserving encryption algorithm to protect the system’s confidentiality and ensure its scalability.In this scheme,SBM-I is highly effective in subscription matching but is unable to achieve ideal security IND-OCPA,whereas SBM-II is suggested to ensure system security and SGX is used to reduce interaction and boost ciphertext matching performance.The experiment demonstrates that this method has better matching performance compared to others:the average matching time of SBM-I is 3–4 orders of magnitude faster than the matching algorithm MP and SGX-based algorithm SCBR when the number of subscriptions is 500,000,and the average matching time of SBM-II is 40 times faster than MP and 24 times than SCBR.展开更多
The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Tel...The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Telemetry Transport(MQTT)protocol,which,while efficient in bandwidth consumption,lacks inherent security features,making it vulnerable to various cyber threats.This research addresses these challenges by presenting a secure,lightweight communication proxy that enhances the scalability and security of MQTT-based Internet of Things(IoT)networks.The proposed solution builds upon the Dang-Scheme,a mutual authentication protocol designed explicitly for resource-constrained environments and enhances it using Elliptic Curve Cryptography(ECC).This integration significantly improves device authentication,data confidentiality,and energy efficiency,achieving an 87.68%increase in data confidentiality and up to 77.04%energy savings during publish/subscribe communications in smart homes.The Middleware Broker System dynamically manages transaction keys and session IDs,offering robust defences against common cyber threats like impersonation and brute-force attacks.Penetration testing with tools such as Hydra and Nmap further validated the system’s security,demonstrating its potential to significantly improve the security and efficiency of IoT networks while underscoring the need for ongoing research to combat emerging threats.展开更多
In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dy...In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.展开更多
With the rapid development of the Internet of Things(IoT),Location-Based Services(LBS)are becoming more and more popular.However,for the users being served,how to protect their location privacy has become a growing co...With the rapid development of the Internet of Things(IoT),Location-Based Services(LBS)are becoming more and more popular.However,for the users being served,how to protect their location privacy has become a growing concern.This has led to great difficulty in establishing trust between the users and the service providers,hindering the development of LBS for more comprehensive functions.In this paper,we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem.This mechanism not only guarantees the confidentiality of the user s information during the subsequent information interaction and dynamic data transmission,but also meets the service provider's requirements for related data.展开更多
The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data ...The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.展开更多
Transmission pipelines are vulnerable to various accidents and acts of vandalism.Therefore,a reliable monitoring system is needed to secure the transmission pipelines.A wireless sensor network is a wireless network co...Transmission pipelines are vulnerable to various accidents and acts of vandalism.Therefore,a reliable monitoring system is needed to secure the transmission pipelines.A wireless sensor network is a wireless network consisting of distributed devices distributed at various distances,which monitors the physical and environmental conditions using sensors.Wireless sensor networks have many uses,including the built-in sensor on the outside of the pipeline or installed to support bridge structures,robotics,healthcare,environmental monitoring,etc.Wireless Sensor networks could be used to monitor the temperature,pressure,leak detection and sabotage of transmission lines.Wireless sensor networks are vulnerable to various attacks.Cryptographic algorithms have a good role in information security for wireless sensor networks.Now,various types of cryptographic algorithms provide security in networks,but there are still some problems.In this research,to improve the power of these algorithms,a new hybrid encryption algorithm for monitoring energy transmission lines and increasing the security of wireless sensor networks is proposed.The proposed hybrid encryption algorithm provides the security and timely transmission of data in wireless sensor networks to monitor the transmission pipelines.The proposed algorithm fulfills three principles of cryptography:integrity,confidentiality and authentication.The details of the algorithm and basic concepts are presented in such a way that the algorithm can be operational.展开更多
Ransomware is considered one of the most threatening cyberattacks.Existing solutions have focused mainly on discriminating ransomware by analyzing the apps themselves,but they have overlooked possible ways of hiding r...Ransomware is considered one of the most threatening cyberattacks.Existing solutions have focused mainly on discriminating ransomware by analyzing the apps themselves,but they have overlooked possible ways of hiding ransomware apps and making them difficult to be detected and then analyzed.Therefore,this paper proposes a novel ransomware hiding model by utilizing a block-based High-Efficiency Video Coding(HEVC)steganography approach.The main idea of the proposed steganography approach is the division of the secret ransomware data and cover HEVC frames into different blocks.After that,the Least Significant Bit(LSB)based Hamming Distance(HD)calculation is performed amongst the secret data’s divided blocks and cover frames.Finally,the secret data bits are hidden into the marked bits of the cover HEVC frame-blocks based on the calculated HD value.The main advantage of the suggested steganography approach is the minor impact on the cover HEVC frames after embedding the ransomware while preserving the histogram attributes of the cover video frame with a high imperceptibility.This is due to the utilization of an adaptive steganography cost function during the embedding process.The proposed ransomware hiding approach was heavily examined using subjective and objective tests and applying different HEVC streams with diverse resolutions and different secret ransomware apps of various sizes.The obtained results prove the efficiency of the proposed steganography approach by achieving high capacity and successful embedding process while ensuring the hidden ransomware’s undetectability within the video frames.For example,in terms of embedding quality,the proposed model achieved a high peak signal-to-noise ratio that reached 59.3 dB and a low mean-square-error of 0.07 for the examined HEVC streams.Also,out of 65 antivirus engines,no engine could detect the existence of the embedded ransomware app.展开更多
With the rapid miniaturization in sensor technology,Internet-ofDrones(IoD)has delighted researchers towards information transmission security among drones with the control station server(CSS).In IoD,the drone is diffe...With the rapid miniaturization in sensor technology,Internet-ofDrones(IoD)has delighted researchers towards information transmission security among drones with the control station server(CSS).In IoD,the drone is different in shapes,sizes,characteristics,and configurations.It can be classified on the purpose of its deployment,either in the civilian or military domain.Drone’s manufacturing,equipment installation,power supply,multi-rotor system,and embedded sensors are not issues for researchers.The main thing is to utilize a drone for a complex and sensitive task using an infrastructureless/self-organization/resource-less network type called Flying Ad Hoc Network(FANET).Monitoring data transmission traffic,emergency and rescue operations,border surveillance,search and physical phenomenon sensing,and so on can be achieved by developing a robust mutual authentication and cross-verification scheme for IoD deployment civilian drones.Although several protocols are available in the literature,they are either design issues or suffering from other vulnerabilities;still,no one claims with conviction about foolproof security mechanisms.Therefore,in this paper,the researchers highlighted the major deficits in prior protocols of the domain,i.e.,these protocols are either vulnerable to forgery,side channel,stolen-verifier attacks,or raised the outdated data transmission flaw.In order to overcome these loopholes and provide a solution to the existing vulnerabilities,this paper proposed an improved and robust public key infrastructure(PKI)based authentication scheme for the IoD environment.The proposed protocol’s security analysis section has been conducted formally using BAN(Burrows-Abadi-Needham)logic,ProVerif2.03 simulation,and informally using discussion/pragmatic illustration.While the performance analysis section of the paper has been assessed by considering storage,computation,and communication cost.Upon comparing the proposed protocol with prior works,it has been demonstrated that it is efficient and effective and recommended for practical implementation in the IoD environment.展开更多
Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).T...Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.展开更多
Privacy protection for big data linking is discussed here in relation to the Central Statistics Office (CSO), Ireland's, big data linking project titled the 'Structure of Earnings Survey - Administrative Data Proj...Privacy protection for big data linking is discussed here in relation to the Central Statistics Office (CSO), Ireland's, big data linking project titled the 'Structure of Earnings Survey - Administrative Data Project' (SESADP). The result of the project was the creation of datasets and statistical outputs for the years 2011 to 2014 to meet Eurostat's annual earnings statistics requirements and the Structure of Earnings Survey (SES) Regulation. Record linking across the Census and various public sector datasets enabled the necessary information to be acquired to meet the Eurostat earnings requirements. However, the risk of statistical disclosure (i.e. identifying an individual on the dataset) is high unless privacy and confidentiality safe-guards are built into the data matching process. This paper looks at the three methods of linking records on big datasets employed on the SESADP, and how to anonymise the data to protect the identity of the individuals, where potentially disclosive variables exist.展开更多
Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that,...Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.展开更多
文摘Purpose: This research aims to evaluate the potential threats to patient privacy and confidentiality posed by mHealth applications on mobile devices. Methodology: A comprehensive literature review was conducted, selecting eighty-eight articles published over the past fifteen years. The study assessed data gathering and storage practices, regulatory adherence, legal structures, consent procedures, user education, and strategies to mitigate risks. Results: The findings reveal significant advancements in technologies designed to safeguard privacy and facilitate the widespread use of mHealth apps. However, persistent ethical issues related to privacy remain largely unchanged despite these technological strides.
基金supported by the National Natural Science Foundation of China under Grants No.61172085,No.61272536,No.11061130539,No.61103221,No.61271118,No.61021004
文摘In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.
文摘Video games have been around for several decades and have had many advancements from the original start of video games. Video games started as virtual games that were advertised towards children, and these virtual games created a virtual reality of a variety of genres. These genres included sports games, such as tennis, football, baseball, war games, fantasy, puzzles, etc. The start of these games was derived from a sports genre and now has a popularity in multiplayer-online-shooting games. The purpose of this paper is to investigate different types of tools available for cheating in virtual world making players have undue advantage over other players in a competition. With the advancement in technology, these video games have become more expanded in the development aspects of gaming. Video game developers have created long lines of codes to create a new look of video games. As video games have progressed, the coding, bugs, bots, and errors of video games have changed throughout the years. The coding of video games has branched out from the original video games, which have given many benefits to this virtual world, while simultaneously creating more problems such as bots. Analysis of tools available for cheating in a game has disadvantaged normal gamer in a fair contest.
文摘Opportunistic networks(OppNets)are usually a set of smart,wearable,and portable devices or entities with mobility that connect wirelessly without requiring infrastructure.Such a network is of great importance in data transmission,particularly in incidents and disasters,whether man-made or natural.However,message integrity and confidentiality are of concern when dealing with vital and physiological data transmission under strict privacy regulations.In this work,we propose a structure to classify messages based on their priority in different queues.Furthermore,due to the decentralized architecture of OppNets,we propose a blockchain-based structure for providing security for high-priority messages.It contains three sequences of functional blocks with a light and simplified implementation that make it suitable for battery-powered wearable devices that are limited in energy consumption and computational units.The simulation results show that by increasing the number of nodes in the network,the average of the changes in block sizes is neglectable,which addresses the computation bottleneck.Furthermore,we analyze the performance of the proposed structure in terms of message delivery and network overhead compared with the Epidemic and Prophet routing algorithms.These results indicate advancing the overall performance of the proposed algorithm.
文摘This study aims to explore the application of SysTrust Theory in Accounting Information Systems(AIS)through a systematic literature review.SysTrust Theory,developed by the AICPA(2017),focuses on the reliability of information systems by assessing aspects such as availability,integrity,security,confidentiality,and privacy.This study analyzed several related articles published between 2012 and 2025,identifying the positive impacts of implementing SysTrust Theory on AIS effectiveness,business performance,financial reporting quality,and organizational commitment.The results showed that integrity was the most dominant factor in improving AIS reliability,followed by security and privacy.The implementation of SysTrust has also been shown to reduce the risk of fraud,improve the accuracy of financial data,and support strategic decision making.However,challenges such as user uncertainty about electronic payment systems and technology adaptation continue to be obstacles.This study recommends the need to improve system quality,educate users,and strengthen internal controls to optimize the benefits of SysTrust Theory in business practices.
基金funded by the Deanship of Graduate Studies and Scientific Research at Jouf University under Grant Number(DGSSR-2023-02-02516).
文摘This study presents a comprehensive and secure architectural framework for the Internet of Medical Things(IoMT),integrating the foundational principles of the Confidentiality,Integrity,and Availability(CIA)triad along with authentication mechanisms.Leveraging advanced Machine Learning(ML)and Deep Learning(DL)techniques,the proposed system is designed to safeguard Patient-Generated Health Data(PGHD)across interconnected medical devices.Given the increasing complexity and scale of cyber threats in IoMT environments,the integration of Intrusion Detection and Prevention Systems(IDPS)with intelligent analytics is critical.Our methodology employs both standalone and hybrid ML&DL models to automate threat detection and enable real-time analysis,while ensuring rapid and accurate responses to a diverse array of attacks.Emphasis is placed on systematic model evaluation using detection metrics such as accuracy,False Alarm Rate(FAR),and False Discovery Rate(FDR),with performance validation through cross-validation and statistical significance testing.Experimental results based on the Edge-IIoTset dataset demonstrate the superior performance of ensemble-based ML models such as Extreme Gradient Boosting(XGB)and hybrid DL models such as Convolutional Neural Networks with Autoencoders(CNN+AE),which achieved detection accuracies of 96%and 98%,respectively,with notably low FARs.These findings underscore the effectiveness of combining traditional security principles with advanced AI-driven methodologies to ensure secure,resilient,and trustworthy healthcare systems within the IoMT ecosystem.
基金partially supported by the National Key Research&Development Program of China(Grant No.2017YFC0822704)National Natural Science Foundation of China(No.61602476,No.61772518 and No.61602475).
文摘Ensuring confidentiality of sensitive data is of paramount importance,since data leakage may not only endanger data owners’privacy,but also ruin reputation of businesses as well as violate various regulations like HIPPA and Sarbanes-Oxley Act.To provide confidentiality guarantee,the data should be protected when they are preserved in the personal computing devices(i.e.,confidentiality during their lifetime);and also,they should be rendered irrecoverable after they are removed from the devices(i.e.,confidentiality after their lifetime).Encryption and secure deletion are used to ensure data confidentiality during and after their lifetime,respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of the data in personal computing devices,including both encryption and secure deletion.Especially for encryption,we mainly focus on the novel plausibly deniable encryption(PDE),which can ensure data confidentiality against both a coercive(i.e.,the attacker can coerce the data owner for the decryption key)and a non-coercive attacker.
文摘We propose a novel technique to increase the confidentiality of an optical code division multiple access (OCDMA) system. A virtual user technique is analyzed and implemented to make an OCDMA system secure. Using this technique, an eavesdropper will never find an isolated authorized user's signal. When authorized users and virtual users transmit data synchronously and asynehronously, network security increases by 25% and 37.5%, respectively.
基金This work was supported by the Natural Science Foundation of Beijing Municipality(M21037)Key Technologies Research and Development Program(2022YFF0902701)2022 Industrial Internet Public Service Platform-Industrial Internet Oriented Virtual Currency Mining Governance Public Service Platform Project by the Ministry of Industry and Information Technology of PRC,Major Research and Application Project for the Supervision Platform of Virtual Currency Mining Behavior by the Ministry of Education of PRC,and the 111 Project(Grant No.B21049).
文摘Publish/subscribe(pub/sub)systems are widely used in large-scale messaging systems due to their asynchronous and decoupled nature.With the population of pub/sub cloud services,the privacy protection problem of pub/sub systems has started to emerge,and events and subscriptions are exposed when executing event matching on untrustworthy cloud brokers.However,as the number of subscriptions increases,the effectiveness of the previous confidentiality protection approaches declines drastically.In this paper,we propose SBM(scalable blind matching),an effective confidentiality protection scheme for pub/sub systems.To the best of our knowledge,SBM is the first scheme that applies order-preserving encryption algorithm to protect the system’s confidentiality and ensure its scalability.In this scheme,SBM-I is highly effective in subscription matching but is unable to achieve ideal security IND-OCPA,whereas SBM-II is suggested to ensure system security and SGX is used to reduce interaction and boost ciphertext matching performance.The experiment demonstrates that this method has better matching performance compared to others:the average matching time of SBM-I is 3–4 orders of magnitude faster than the matching algorithm MP and SGX-based algorithm SCBR when the number of subscriptions is 500,000,and the average matching time of SBM-II is 40 times faster than MP and 24 times than SCBR.
基金supported through Universiti Sains Malaysia(USM)and the Ministry of Higher Education Malaysia providing the research grant,Fundamental Research Grant Scheme(FRGS-Grant No.FRGS/1/2020/TK0/USM/02/1).
文摘The rapid adoption of Internet of Things(IoT)technologies has introduced significant security challenges across the physical,network,and application layers,particularly with the widespread use of the Message Queue Telemetry Transport(MQTT)protocol,which,while efficient in bandwidth consumption,lacks inherent security features,making it vulnerable to various cyber threats.This research addresses these challenges by presenting a secure,lightweight communication proxy that enhances the scalability and security of MQTT-based Internet of Things(IoT)networks.The proposed solution builds upon the Dang-Scheme,a mutual authentication protocol designed explicitly for resource-constrained environments and enhances it using Elliptic Curve Cryptography(ECC).This integration significantly improves device authentication,data confidentiality,and energy efficiency,achieving an 87.68%increase in data confidentiality and up to 77.04%energy savings during publish/subscribe communications in smart homes.The Middleware Broker System dynamically manages transaction keys and session IDs,offering robust defences against common cyber threats like impersonation and brute-force attacks.Penetration testing with tools such as Hydra and Nmap further validated the system’s security,demonstrating its potential to significantly improve the security and efficiency of IoT networks while underscoring the need for ongoing research to combat emerging threats.
基金supported by the National Key Basic Research Program of China(973 program) under Grant No.2012CB315901
文摘In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.
基金This work has been partly supported by the National Natural Science Foundation of China under Grant No.61702212the Fundamental Research Funds for the Central Universities under Grand NO.CCNU19TS017.
文摘With the rapid development of the Internet of Things(IoT),Location-Based Services(LBS)are becoming more and more popular.However,for the users being served,how to protect their location privacy has become a growing concern.This has led to great difficulty in establishing trust between the users and the service providers,hindering the development of LBS for more comprehensive functions.In this paper,we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem.This mechanism not only guarantees the confidentiality of the user s information during the subsequent information interaction and dynamic data transmission,but also meets the service provider's requirements for related data.
基金supported by National Key Research and Development Program of China (2020YFB1005404)National Natural Science Foundation of China (62172010)Henan Province Higher Education Key Research Project (22A520048)。
文摘The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.
文摘Transmission pipelines are vulnerable to various accidents and acts of vandalism.Therefore,a reliable monitoring system is needed to secure the transmission pipelines.A wireless sensor network is a wireless network consisting of distributed devices distributed at various distances,which monitors the physical and environmental conditions using sensors.Wireless sensor networks have many uses,including the built-in sensor on the outside of the pipeline or installed to support bridge structures,robotics,healthcare,environmental monitoring,etc.Wireless Sensor networks could be used to monitor the temperature,pressure,leak detection and sabotage of transmission lines.Wireless sensor networks are vulnerable to various attacks.Cryptographic algorithms have a good role in information security for wireless sensor networks.Now,various types of cryptographic algorithms provide security in networks,but there are still some problems.In this research,to improve the power of these algorithms,a new hybrid encryption algorithm for monitoring energy transmission lines and increasing the security of wireless sensor networks is proposed.The proposed hybrid encryption algorithm provides the security and timely transmission of data in wireless sensor networks to monitor the transmission pipelines.The proposed algorithm fulfills three principles of cryptography:integrity,confidentiality and authentication.The details of the algorithm and basic concepts are presented in such a way that the algorithm can be operational.
文摘Ransomware is considered one of the most threatening cyberattacks.Existing solutions have focused mainly on discriminating ransomware by analyzing the apps themselves,but they have overlooked possible ways of hiding ransomware apps and making them difficult to be detected and then analyzed.Therefore,this paper proposes a novel ransomware hiding model by utilizing a block-based High-Efficiency Video Coding(HEVC)steganography approach.The main idea of the proposed steganography approach is the division of the secret ransomware data and cover HEVC frames into different blocks.After that,the Least Significant Bit(LSB)based Hamming Distance(HD)calculation is performed amongst the secret data’s divided blocks and cover frames.Finally,the secret data bits are hidden into the marked bits of the cover HEVC frame-blocks based on the calculated HD value.The main advantage of the suggested steganography approach is the minor impact on the cover HEVC frames after embedding the ransomware while preserving the histogram attributes of the cover video frame with a high imperceptibility.This is due to the utilization of an adaptive steganography cost function during the embedding process.The proposed ransomware hiding approach was heavily examined using subjective and objective tests and applying different HEVC streams with diverse resolutions and different secret ransomware apps of various sizes.The obtained results prove the efficiency of the proposed steganography approach by achieving high capacity and successful embedding process while ensuring the hidden ransomware’s undetectability within the video frames.For example,in terms of embedding quality,the proposed model achieved a high peak signal-to-noise ratio that reached 59.3 dB and a low mean-square-error of 0.07 for the examined HEVC streams.Also,out of 65 antivirus engines,no engine could detect the existence of the embedded ransomware app.
文摘With the rapid miniaturization in sensor technology,Internet-ofDrones(IoD)has delighted researchers towards information transmission security among drones with the control station server(CSS).In IoD,the drone is different in shapes,sizes,characteristics,and configurations.It can be classified on the purpose of its deployment,either in the civilian or military domain.Drone’s manufacturing,equipment installation,power supply,multi-rotor system,and embedded sensors are not issues for researchers.The main thing is to utilize a drone for a complex and sensitive task using an infrastructureless/self-organization/resource-less network type called Flying Ad Hoc Network(FANET).Monitoring data transmission traffic,emergency and rescue operations,border surveillance,search and physical phenomenon sensing,and so on can be achieved by developing a robust mutual authentication and cross-verification scheme for IoD deployment civilian drones.Although several protocols are available in the literature,they are either design issues or suffering from other vulnerabilities;still,no one claims with conviction about foolproof security mechanisms.Therefore,in this paper,the researchers highlighted the major deficits in prior protocols of the domain,i.e.,these protocols are either vulnerable to forgery,side channel,stolen-verifier attacks,or raised the outdated data transmission flaw.In order to overcome these loopholes and provide a solution to the existing vulnerabilities,this paper proposed an improved and robust public key infrastructure(PKI)based authentication scheme for the IoD environment.The proposed protocol’s security analysis section has been conducted formally using BAN(Burrows-Abadi-Needham)logic,ProVerif2.03 simulation,and informally using discussion/pragmatic illustration.While the performance analysis section of the paper has been assessed by considering storage,computation,and communication cost.Upon comparing the proposed protocol with prior works,it has been demonstrated that it is efficient and effective and recommended for practical implementation in the IoD environment.
文摘Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.
文摘Privacy protection for big data linking is discussed here in relation to the Central Statistics Office (CSO), Ireland's, big data linking project titled the 'Structure of Earnings Survey - Administrative Data Project' (SESADP). The result of the project was the creation of datasets and statistical outputs for the years 2011 to 2014 to meet Eurostat's annual earnings statistics requirements and the Structure of Earnings Survey (SES) Regulation. Record linking across the Census and various public sector datasets enabled the necessary information to be acquired to meet the Eurostat earnings requirements. However, the risk of statistical disclosure (i.e. identifying an individual on the dataset) is high unless privacy and confidentiality safe-guards are built into the data matching process. This paper looks at the three methods of linking records on big datasets employed on the SESADP, and how to anonymise the data to protect the identity of the individuals, where potentially disclosive variables exist.
基金supported by Fundamental Research Funds for the Central Universities of China (No.N100323001)Scientific Research Foundation of the Higher Education Institutions of Hebei Province of China (No.Z2010215)
文摘Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.
