Unmanned Aerial Vehicles(UAVs)are increasingly recognized for their pivotal role in military and civilian applications,serving as essential technology for transmitting,evaluating,and gathering information.Unfortunatel...Unmanned Aerial Vehicles(UAVs)are increasingly recognized for their pivotal role in military and civilian applications,serving as essential technology for transmitting,evaluating,and gathering information.Unfortunately,this crucial process often occurs through unsecured wireless connections,exposing it to numerous cyber-physical attacks.Furthermore,UAVs’limited onboard computing resources make it challenging to perform complex cryptographic operations.The main aim of constructing a cryptographic scheme is to provide substantial security while reducing the computation and communication costs.This article introduces an efficient and secure cross-domain Authenticated Key Agreement(AKA)scheme that uses Hyperelliptic Curve Cryptography(HECC).The HECC,a modified version of ECC with a smaller key size of 80 bits,is well-suited for use in UAVs.In addition,the proposed scheme is employed in a cross-domain environment that integrates a Public Key Infrastructure(PKI)at the receiving end and a Certificateless Cryptosystem(CLC)at the sending end.Integrating CLC with PKI improves network security by restricting the exposure of encryption keys only to the message’s sender and subsequent receiver.A security study employing ROM and ROR models,together with a comparative performance analysis,shows that the proposed scheme outperforms comparable existing schemes in terms of both efficiency and security.展开更多
The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’healt...The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.展开更多
Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,...Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,virtual similarity detection,black and white lists,and machine learning(ML).However,phishing attempts remain a problem,and establishing an effective anti-phishing strategy is a work in progress.Furthermore,while most antiphishing solutions achieve the highest levels of accuracy on a given dataset,their methods suffer from an increased number of false positives.These methods are ineffective against zero-hour attacks.Phishing sites with a high False Positive Rate(FPR)are considered genuine because they can cause people to lose a lot ofmoney by visiting them.Feature selection is critical when developing phishing detection strategies.Good feature selection helps improve accuracy;however,duplicate features can also increase noise in the dataset and reduce the accuracy of the algorithm.Therefore,a combination of filter-based feature selection methods is proposed to detect phishing attacks,including constant feature removal,duplicate feature removal,quasi-feature removal,correlated feature removal,mutual information extraction,and Analysis of Variance(ANOVA)testing.The technique has been tested with differentMachine Learning classifiers:Random Forest,Artificial Neural Network(ANN),Ada-Boost,Extreme Gradient Boosting(XGBoost),Logistic Regression,Decision Trees,Gradient Boosting Classifiers,Support Vector Machine(SVM),and two types of ensemble models,stacking and majority voting to gain A low false positive rate is achieved.Stacked ensemble classifiers(gradient boosting,randomforest,support vector machine)achieve 1.31%FPR and 98.17%accuracy on Dataset 1,2.81%FPR and Dataset 3 shows 2.81%FPR and 97.61%accuracy,while Dataset 2 shows 3.47%FPR and 96.47%accuracy.展开更多
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and ev...The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.展开更多
文摘Unmanned Aerial Vehicles(UAVs)are increasingly recognized for their pivotal role in military and civilian applications,serving as essential technology for transmitting,evaluating,and gathering information.Unfortunately,this crucial process often occurs through unsecured wireless connections,exposing it to numerous cyber-physical attacks.Furthermore,UAVs’limited onboard computing resources make it challenging to perform complex cryptographic operations.The main aim of constructing a cryptographic scheme is to provide substantial security while reducing the computation and communication costs.This article introduces an efficient and secure cross-domain Authenticated Key Agreement(AKA)scheme that uses Hyperelliptic Curve Cryptography(HECC).The HECC,a modified version of ECC with a smaller key size of 80 bits,is well-suited for use in UAVs.In addition,the proposed scheme is employed in a cross-domain environment that integrates a Public Key Infrastructure(PKI)at the receiving end and a Certificateless Cryptosystem(CLC)at the sending end.Integrating CLC with PKI improves network security by restricting the exposure of encryption keys only to the message’s sender and subsequent receiver.A security study employing ROM and ROR models,together with a comparative performance analysis,shows that the proposed scheme outperforms comparable existing schemes in terms of both efficiency and security.
文摘The Internet of Healthcare Things(IoHT)marks a significant breakthrough in modern medicine by enabling a new era of healthcare services.IoHT supports real-time,continuous,and personalized monitoring of patients’health conditions.However,the security of sensitive data exchanged within IoHT remains a major concern,as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities.Potential threats include unauthorized access,device compromise,data breaches,and data alteration,all of which may compromise the confidentiality and integrity of patient information.In this paper,we provide an in-depth security analysis of LAP-IoHT,an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments.This analysis reveals several vulnerabilities in the LAP-IoHT protocol,namely its inability to resist various attacks,including user impersonation and privileged insider threats.To address these issues,we introduce LSAP-IoHT,a secure and lightweight authentication protocol for the Internet of Healthcare Things(IoHT).This protocol leverages Elliptic Curve Cryptography(ECC),Physical Unclonable Functions(PUFs),and Three-Factor Authentication(3FA).Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random(ROR)model.The results demonstrate strong resistance against man-in-the-middle(MITM)attacks,replay attacks,identity spoofing,stolen smart device attacks,and insider threats,while maintaining low computational and communication costs.
基金financially supported by the Deanship of Scientific Research and Graduate Studies at King Khalid University under research grant number(R.G.P.2/21/46)in part by the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia,under Grant KFU253116.
文摘Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,virtual similarity detection,black and white lists,and machine learning(ML).However,phishing attempts remain a problem,and establishing an effective anti-phishing strategy is a work in progress.Furthermore,while most antiphishing solutions achieve the highest levels of accuracy on a given dataset,their methods suffer from an increased number of false positives.These methods are ineffective against zero-hour attacks.Phishing sites with a high False Positive Rate(FPR)are considered genuine because they can cause people to lose a lot ofmoney by visiting them.Feature selection is critical when developing phishing detection strategies.Good feature selection helps improve accuracy;however,duplicate features can also increase noise in the dataset and reduce the accuracy of the algorithm.Therefore,a combination of filter-based feature selection methods is proposed to detect phishing attacks,including constant feature removal,duplicate feature removal,quasi-feature removal,correlated feature removal,mutual information extraction,and Analysis of Variance(ANOVA)testing.The technique has been tested with differentMachine Learning classifiers:Random Forest,Artificial Neural Network(ANN),Ada-Boost,Extreme Gradient Boosting(XGBoost),Logistic Regression,Decision Trees,Gradient Boosting Classifiers,Support Vector Machine(SVM),and two types of ensemble models,stacking and majority voting to gain A low false positive rate is achieved.Stacked ensemble classifiers(gradient boosting,randomforest,support vector machine)achieve 1.31%FPR and 98.17%accuracy on Dataset 1,2.81%FPR and Dataset 3 shows 2.81%FPR and 97.61%accuracy,while Dataset 2 shows 3.47%FPR and 96.47%accuracy.
基金the AETHERUCLM(PID2020-112540RB-C42)funded by MCIN/AEI/10.13039/501100011033,SpainALBA-UCLM(TED2021-130355B-C31,id.4809130355-130355-28-521)+1 种基金ALBA-UC(TED2021-130355B-C33,id.3611130630-130630-28-521)funded by the“Ministerio de Ciencia e Innovacion”,Spainsupported by the European Union’s Horizon 2020 Project“CyberSANE”under Grant Agreement No.833683.
文摘The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.
