Pub Date : 2022-07-12DOI: 10.1080/19393555.2022.2100297
Filippos Giannakas, C. Troussas, Akrivi Krouska, I. Voyiatzis, C. Sgouropoulou
ABSTRACT Nowadays, due to the increasing number of cyberattacks, cybersecurity education, training, and awareness are considered crucial for preparing current and future IT professionals. Thus, it is essential for educational institutions to foster well-designed learning strategies in the field of cybersecurity that will not only focus on theory-based learning interventions but also on encapsulating authentic learning practices. In this context, the paper at hand presents a ubiquitous scenario-based learning (SBL) intervention, blended with IoT devices for introducing the topic of the man-in-the-middle attack to 1st-grade students in vocational education. The learning scenario enables two-way plain text communication through a LoRa network. For securing the transmission and assure confidentiality, basic encryption techniques are enabled for the transmitted messages. Meanwhile, an eavesdropper, acting as the man-in-the-middle attacker, tries to intercept the communication, by applying different decryption techniques. For this purpose, a u-Learning app was developed. The app was evaluated by ninety 1st-grade students of an educational institute of vocational training, in terms of effectiveness, efficiency, knowledge acquisition, and learners’ satisfaction. Among others, the results show that the effectiveness and the efficiency of the proposed learning process were 92.03%, and 89.63%, respectively. Finally, learners’ satisfaction was high, and their knowledge acquisition was improved.
{"title":"Blending cybersecurity education with IoT devices: A u-Learning scenario for introducing the man-in-the-middle attack","authors":"Filippos Giannakas, C. Troussas, Akrivi Krouska, I. Voyiatzis, C. Sgouropoulou","doi":"10.1080/19393555.2022.2100297","DOIUrl":"https://doi.org/10.1080/19393555.2022.2100297","url":null,"abstract":"ABSTRACT Nowadays, due to the increasing number of cyberattacks, cybersecurity education, training, and awareness are considered crucial for preparing current and future IT professionals. Thus, it is essential for educational institutions to foster well-designed learning strategies in the field of cybersecurity that will not only focus on theory-based learning interventions but also on encapsulating authentic learning practices. In this context, the paper at hand presents a ubiquitous scenario-based learning (SBL) intervention, blended with IoT devices for introducing the topic of the man-in-the-middle attack to 1st-grade students in vocational education. The learning scenario enables two-way plain text communication through a LoRa network. For securing the transmission and assure confidentiality, basic encryption techniques are enabled for the transmitted messages. Meanwhile, an eavesdropper, acting as the man-in-the-middle attacker, tries to intercept the communication, by applying different decryption techniques. For this purpose, a u-Learning app was developed. The app was evaluated by ninety 1st-grade students of an educational institute of vocational training, in terms of effectiveness, efficiency, knowledge acquisition, and learners’ satisfaction. Among others, the results show that the effectiveness and the efficiency of the proposed learning process were 92.03%, and 89.63%, respectively. Finally, learners’ satisfaction was high, and their knowledge acquisition was improved.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116766315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-07-01DOI: 10.1080/19393555.2022.2088429
Lovi Dhamija, Urvashi Garg
ABSTRACT With the rising trends and use of machine learning algorithms for classification and regression tasks, deep learning has been widely accepted in the Cyber and as well as non-Cyber Domain. Recent researches have shown that machine learning classifiers such as Deep Neural Networks (DNN) can be used to improve the detection against adversarial samples as well as to detect malware in the cyber security domain. However, a recent study in deep learning has found that DNN classifiers are highly vulnerable and can be evaded simply by either performing small modifications in the training model or training data. The work proposed a randomized defensive mechanism with the use of generative adversarial networks to construct more adversaries and then defend against them. Interestingly, we encountered some open challenges highlighting common difficulties faced by defensive mechanisms. We provide a general overview of adversarial attacks and proposed an Adaptive Randomized Algorithm to enhance the robustness of models. Moreover, this work aimed to ensure the security and transferability of deep learning classifiers.
{"title":"An adaptive randomized and secured approach against adversarial attacks","authors":"Lovi Dhamija, Urvashi Garg","doi":"10.1080/19393555.2022.2088429","DOIUrl":"https://doi.org/10.1080/19393555.2022.2088429","url":null,"abstract":"ABSTRACT With the rising trends and use of machine learning algorithms for classification and regression tasks, deep learning has been widely accepted in the Cyber and as well as non-Cyber Domain. Recent researches have shown that machine learning classifiers such as Deep Neural Networks (DNN) can be used to improve the detection against adversarial samples as well as to detect malware in the cyber security domain. However, a recent study in deep learning has found that DNN classifiers are highly vulnerable and can be evaded simply by either performing small modifications in the training model or training data. The work proposed a randomized defensive mechanism with the use of generative adversarial networks to construct more adversaries and then defend against them. Interestingly, we encountered some open challenges highlighting common difficulties faced by defensive mechanisms. We provide a general overview of adversarial attacks and proposed an Adaptive Randomized Algorithm to enhance the robustness of models. Moreover, this work aimed to ensure the security and transferability of deep learning classifiers.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128218539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-28DOI: 10.1080/19393555.2022.2088428
Sabina Baraković, J. Barakovic
ABSTRACT Personal data is valuable and vulnerable to individuals who have wrong intentions as any other possessions. This can be mitigated by good cyber hygiene habits. The main aim of this paper is to evaluate, analyze, and understand the level of cyber hygiene knowledge, awareness, and behavioral practices of university students and their mutual relations. We have conducted a survey study containing 30 cyber hygiene questions. Results show that students have acceptable cyber hygiene behavior, but their awareness is not satisfactory, and their knowledge is quite low. Also, the study shows the existence of some relations between gender and current education level and cyber hygiene knowledge, awareness, and behavior, as well as mutual interplay and relations between those cyber hygiene outcomes. The main contributions of this work are bidirectional: theoretical and practical.
{"title":"Cyber hygiene knowledge, awareness, and behavioral practices of university students","authors":"Sabina Baraković, J. Barakovic","doi":"10.1080/19393555.2022.2088428","DOIUrl":"https://doi.org/10.1080/19393555.2022.2088428","url":null,"abstract":"ABSTRACT Personal data is valuable and vulnerable to individuals who have wrong intentions as any other possessions. This can be mitigated by good cyber hygiene habits. The main aim of this paper is to evaluate, analyze, and understand the level of cyber hygiene knowledge, awareness, and behavioral practices of university students and their mutual relations. We have conducted a survey study containing 30 cyber hygiene questions. Results show that students have acceptable cyber hygiene behavior, but their awareness is not satisfactory, and their knowledge is quite low. Also, the study shows the existence of some relations between gender and current education level and cyber hygiene knowledge, awareness, and behavior, as well as mutual interplay and relations between those cyber hygiene outcomes. The main contributions of this work are bidirectional: theoretical and practical.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131078044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-08DOI: 10.1080/19393555.2022.2081636
Nayana Hegde, S. Manvi, H. Lallie
ABSTRACT Integration of the Vehicular Adhoc Network (VANET) with cloud computing has played an important role in aiding the safety of vehicle drivers and passengers. Due to the dynamic nature of the vehicles and wireless communication, achieving security of outsourced data is still a major challenge in the vehicular cloud. The encryption of sensitive data prior to outsourcing is an elementary approach to achieve data confidentiality. However, it is difficult for users to search over encrypted data using customary search techniques. In this paper, we propose a secure search scheme by empowering the data users to create a random query trapdoor. We make use of the bloom filter and bilinear pairing operation to construct a secure index for keywords of each data file, which enables the vehicular cloud to carry out a search without deriving any helpful information about the query. We use the SIMITS2 simulator to implement the proposed scheme and test the performance in terms of key generation time, secure index construction time, trapdoor generation time and search time. The proposed scheme performs better than existing searchable encryption technologies based on hashing and attribute-based encryption.
{"title":"Secure search scheme for encrypted data in the VANET cloud with random query trapdoor","authors":"Nayana Hegde, S. Manvi, H. Lallie","doi":"10.1080/19393555.2022.2081636","DOIUrl":"https://doi.org/10.1080/19393555.2022.2081636","url":null,"abstract":"ABSTRACT Integration of the Vehicular Adhoc Network (VANET) with cloud computing has played an important role in aiding the safety of vehicle drivers and passengers. Due to the dynamic nature of the vehicles and wireless communication, achieving security of outsourced data is still a major challenge in the vehicular cloud. The encryption of sensitive data prior to outsourcing is an elementary approach to achieve data confidentiality. However, it is difficult for users to search over encrypted data using customary search techniques. In this paper, we propose a secure search scheme by empowering the data users to create a random query trapdoor. We make use of the bloom filter and bilinear pairing operation to construct a secure index for keywords of each data file, which enables the vehicular cloud to carry out a search without deriving any helpful information about the query. We use the SIMITS2 simulator to implement the proposed scheme and test the performance in terms of key generation time, secure index construction time, trapdoor generation time and search time. The proposed scheme performs better than existing searchable encryption technologies based on hashing and attribute-based encryption.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125281304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-03DOI: 10.1080/19393555.2022.2080614
K. Ramesh, Mohanasundaram R
ABSTRACT In this survey, 60 research papers are reviewed based on various web data classification techniques, which are used for effective classification of web data and measuring the semantic relatedness between the two words. The web data classification techniques are classified into three types, such as semantic-based approach, search engine-based approach, and WordNet-based approach, and the research issues and challenges confronted by the existing techniques are reported in this survey. Moreover, the analysis is carried out based on the research works using the categorized web data classification techniques, dataset, and evaluation metrics are carried out. From the analysis, it is clear that semantic-based approach is the widely used techniques in the classification of web data. Similarly, Miller-Charles dataset is the most commonly used dataset in most of the research papers, and the evaluation metrics, like precision, recall, and F-measure are widely utilized in web data classification. The insights from this manuscript can be utilized to understand various research gaps and problems in this area. Those can be considered in the future by developing novel optimization algorithms, which might enhance the performance of web data classifications.
{"title":"Analysis of web data classification methods based on semantic similarity measure","authors":"K. Ramesh, Mohanasundaram R","doi":"10.1080/19393555.2022.2080614","DOIUrl":"https://doi.org/10.1080/19393555.2022.2080614","url":null,"abstract":"ABSTRACT In this survey, 60 research papers are reviewed based on various web data classification techniques, which are used for effective classification of web data and measuring the semantic relatedness between the two words. The web data classification techniques are classified into three types, such as semantic-based approach, search engine-based approach, and WordNet-based approach, and the research issues and challenges confronted by the existing techniques are reported in this survey. Moreover, the analysis is carried out based on the research works using the categorized web data classification techniques, dataset, and evaluation metrics are carried out. From the analysis, it is clear that semantic-based approach is the widely used techniques in the classification of web data. Similarly, Miller-Charles dataset is the most commonly used dataset in most of the research papers, and the evaluation metrics, like precision, recall, and F-measure are widely utilized in web data classification. The insights from this manuscript can be utilized to understand various research gaps and problems in this area. Those can be considered in the future by developing novel optimization algorithms, which might enhance the performance of web data classifications.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"83 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134464106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-05-27DOI: 10.1080/19393555.2022.2077265
E. Kritzinger, A. D. Veiga, W. V. Staden
ABSTRACT Information is a valuable resource that organization may utilize in the current business environment. It is critical to comprehend the importance of information protection, as it safeguards the lifeline of the organization. All employees within organization should be aware of the organizational information security culture. Organizations should promote an information security awareness culture, so as to secure data as part of their critical infrastructure. Organizations should monitor and measure information security awareness levels among employees, with a number of international instruments. However, the validity of those instruments has not yet been determined in the South African context. As a consequence, the aim of this article is to validate one internationally accepted measurement instrument – the Human Aspects of Information Security-Questionnaire (HAIS-Q) in South Africa. The research sought to determine employees’ awareness levels, in order to make recommendations aimed at improving awareness in organizations. A survey was conducted whereby the data from 356 respondents were collected across industries, with a web-based questionnaire. To determine the factor structure of the scale under investigation, an exploratory factor analysis (EFA) and Cronbach’s alpha was used to establish the internal reliability of the HAIS-Q. T-tests and ANOVAs were used to identify significant differences between demographic groups.
{"title":"Measuring organizational information security awareness in South Africa","authors":"E. Kritzinger, A. D. Veiga, W. V. Staden","doi":"10.1080/19393555.2022.2077265","DOIUrl":"https://doi.org/10.1080/19393555.2022.2077265","url":null,"abstract":"ABSTRACT Information is a valuable resource that organization may utilize in the current business environment. It is critical to comprehend the importance of information protection, as it safeguards the lifeline of the organization. All employees within organization should be aware of the organizational information security culture. Organizations should promote an information security awareness culture, so as to secure data as part of their critical infrastructure. Organizations should monitor and measure information security awareness levels among employees, with a number of international instruments. However, the validity of those instruments has not yet been determined in the South African context. As a consequence, the aim of this article is to validate one internationally accepted measurement instrument – the Human Aspects of Information Security-Questionnaire (HAIS-Q) in South Africa. The research sought to determine employees’ awareness levels, in order to make recommendations aimed at improving awareness in organizations. A survey was conducted whereby the data from 356 respondents were collected across industries, with a web-based questionnaire. To determine the factor structure of the scale under investigation, an exploratory factor analysis (EFA) and Cronbach’s alpha was used to establish the internal reliability of the HAIS-Q. T-tests and ANOVAs were used to identify significant differences between demographic groups.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116880931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-04-25DOI: 10.1080/19393555.2022.2053002
Sunita I. Usturge, T. Kumar
ABSTRACT The Internet of Things in smart environments interrelates with Mobile Ad‐hoc Network and Wireless Sensor Network, which becomes more attractive and efficiently flourishing. Moreover, Mobile Ad‐hoc Network is applied in various fields including intelligent transportation, emergency communications after disaster, and Internet of Things. The incorporation of Internet of Things and Mobile Ad‐hoc Network become a rising theory for enabling opportunistic communication in Internet of Things. The security provisioning for secure communication is still the major challenge in Mobile Ad‐hoc Network – Internet of Things. Thus, in this paper, the DEroute algorithm is developed for secure communication Internet of Things structure, where Internet of Things nodes are located in mobile ad-hoc manner. In order to avoid the route list modification, nodes’ address is encrypted based on generated secret keys by Diffie–Hellman key-exchange algorithm. The fuzzy system with trust parameters, like historical, indirect and direct trust factors are considered for the identification of secure nodes. The bi-filtering process is also performed for filtering important nodes. Thus, the developed DEroute model achieved enhanced performance with respect to delay, packet delivery ratio and throughput of 0.1674 sec, 87.23% and 25.19 mbps, respectively.
{"title":"DEroute: trust-aware data routing protocol based on encryption and fuzzy concept for MANET secure communication in Iot","authors":"Sunita I. Usturge, T. Kumar","doi":"10.1080/19393555.2022.2053002","DOIUrl":"https://doi.org/10.1080/19393555.2022.2053002","url":null,"abstract":"ABSTRACT The Internet of Things in smart environments interrelates with Mobile Ad‐hoc Network and Wireless Sensor Network, which becomes more attractive and efficiently flourishing. Moreover, Mobile Ad‐hoc Network is applied in various fields including intelligent transportation, emergency communications after disaster, and Internet of Things. The incorporation of Internet of Things and Mobile Ad‐hoc Network become a rising theory for enabling opportunistic communication in Internet of Things. The security provisioning for secure communication is still the major challenge in Mobile Ad‐hoc Network – Internet of Things. Thus, in this paper, the DEroute algorithm is developed for secure communication Internet of Things structure, where Internet of Things nodes are located in mobile ad-hoc manner. In order to avoid the route list modification, nodes’ address is encrypted based on generated secret keys by Diffie–Hellman key-exchange algorithm. The fuzzy system with trust parameters, like historical, indirect and direct trust factors are considered for the identification of secure nodes. The bi-filtering process is also performed for filtering important nodes. Thus, the developed DEroute model achieved enhanced performance with respect to delay, packet delivery ratio and throughput of 0.1674 sec, 87.23% and 25.19 mbps, respectively.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"198 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133068070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-04-12DOI: 10.1080/19393555.2022.2060879
Akanksha Bisoyi
ABSTRACT While Artificial Intelligence technologies find increasing use in different industries such as transportation, healthcare and other services, it gives rise to legal complexities in respect of ownership and liability of AI, patentability of AI inventions, and creativity & ownership of AI-generated works attributable to various components of AI. The autonomous decision-making ability of AI challenges the existing IP framework. Since AI machines can “think” and “act” without any human effort, if any damage or harm occurs to the properties, does the current model of tort liability (product liability, negligence, strict liability) adequately address the legal concerns? Robust regulatory bodies and institutional mechanisms are required to develop rigorous safety standards and establish safety certification processes for AI. Even though AI inventions can be patented, many jurisdictions recognize only a “human” as an inventor and not the AI. With the increasing capability of AI to generate works without human intervention, there seems to be a strong case for granting copyright protection to AI-generated works. Exploring a separate legal framework for AI to reduce ambiguity and increase accountability would be in order.
{"title":"Ownership, liability, patentability, and creativity issues in artificial intelligence","authors":"Akanksha Bisoyi","doi":"10.1080/19393555.2022.2060879","DOIUrl":"https://doi.org/10.1080/19393555.2022.2060879","url":null,"abstract":"ABSTRACT While Artificial Intelligence technologies find increasing use in different industries such as transportation, healthcare and other services, it gives rise to legal complexities in respect of ownership and liability of AI, patentability of AI inventions, and creativity & ownership of AI-generated works attributable to various components of AI. The autonomous decision-making ability of AI challenges the existing IP framework. Since AI machines can “think” and “act” without any human effort, if any damage or harm occurs to the properties, does the current model of tort liability (product liability, negligence, strict liability) adequately address the legal concerns? Robust regulatory bodies and institutional mechanisms are required to develop rigorous safety standards and establish safety certification processes for AI. Even though AI inventions can be patented, many jurisdictions recognize only a “human” as an inventor and not the AI. With the increasing capability of AI to generate works without human intervention, there seems to be a strong case for granting copyright protection to AI-generated works. Exploring a separate legal framework for AI to reduce ambiguity and increase accountability would be in order.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122326268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-04-03DOI: 10.1080/19393555.2022.2033367
Dhruti Sharma
ABSTRACT We explore the field of searchable encryption (SE) and present a comprehensive survey of relevant literature. Since the existing survey articles are primarily written for the security experts, we present the discussion to assist the general practitioners (not from security background) in identifying an appropriate SE scheme for their application of interest. We initiate with the brief overview of SE along with its application-oriented criteria. By analyzing various SE schemes, we derive five significant characteristics – key structure, search structure, search functionality, support to reader/writers, and reader’s capability. Based on these characteristics, we categorize the existing SE schemes and showcase the significant features offered by each scheme. We explore numerous schemes based on symmetric/asymmetric key structures, simple/inverted search structure, single/multi-keyword search functionality, single/multiple reader/writer support, and verification functionality owned by data reader. A most promising part of the survey is the comparative analysis of the existing schemes under specific category in terms of tables showing efficiency and security. We hope that this survey is indeed beneficial for the general practitioners to pick an appropriate SE scheme better suited to the selected application.
{"title":"Searchable encryption : A survey","authors":"Dhruti Sharma","doi":"10.1080/19393555.2022.2033367","DOIUrl":"https://doi.org/10.1080/19393555.2022.2033367","url":null,"abstract":"ABSTRACT We explore the field of searchable encryption (SE) and present a comprehensive survey of relevant literature. Since the existing survey articles are primarily written for the security experts, we present the discussion to assist the general practitioners (not from security background) in identifying an appropriate SE scheme for their application of interest. We initiate with the brief overview of SE along with its application-oriented criteria. By analyzing various SE schemes, we derive five significant characteristics – key structure, search structure, search functionality, support to reader/writers, and reader’s capability. Based on these characteristics, we categorize the existing SE schemes and showcase the significant features offered by each scheme. We explore numerous schemes based on symmetric/asymmetric key structures, simple/inverted search structure, single/multi-keyword search functionality, single/multiple reader/writer support, and verification functionality owned by data reader. A most promising part of the survey is the comparative analysis of the existing schemes under specific category in terms of tables showing efficiency and security. We hope that this survey is indeed beneficial for the general practitioners to pick an appropriate SE scheme better suited to the selected application.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129178584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
ABSTRACT Remote patient monitoring (RPM) system is an efficient technology that allows reducing healthcare costs and contamination risks, especially in the context of a pandemic. However, security and data privacy are the major challenges that hinder the development of such technology. A secure RPM system should satisfy several security requirements such as authentication, confidentiality, and access control. Public Key Infrastructure (PKI) is one of the main widely-used key management schemes. Unfortunately, in an e-Health system supporting constrained devices, PKI suffers from some issues related to the burden of certificate management (e.g., revocation, storage, and distribution) and the computational cost of certification verification. In this paper, we present our contribution to the development of a secure RPM system. Our security solution is based on Certificate-less Public Key Cryptography (CL-PKC) which ensures a dynamic solution for securing communications between patient devices and the e-Health services core. The proposed solution provides secure authentication and key agreement protocol to establish secret session keys. These keys are used for secure exchanging real-time electronic health records (EHR). To evaluate our approach, we conducted both simulation and real experiments. The security and performance analysis show that our approach is secure and effective while being easy to implement on resource-constrained devices with a low computational cost.
{"title":"Implementing a secure remote patient monitoring system","authors":"Othmane Nait Hamoud, Tayeb Kenaza, Y. Challal, Lina Ben-Abdelatif, Maroua Ouaked","doi":"10.1080/19393555.2022.2047839","DOIUrl":"https://doi.org/10.1080/19393555.2022.2047839","url":null,"abstract":"ABSTRACT Remote patient monitoring (RPM) system is an efficient technology that allows reducing healthcare costs and contamination risks, especially in the context of a pandemic. However, security and data privacy are the major challenges that hinder the development of such technology. A secure RPM system should satisfy several security requirements such as authentication, confidentiality, and access control. Public Key Infrastructure (PKI) is one of the main widely-used key management schemes. Unfortunately, in an e-Health system supporting constrained devices, PKI suffers from some issues related to the burden of certificate management (e.g., revocation, storage, and distribution) and the computational cost of certification verification. In this paper, we present our contribution to the development of a secure RPM system. Our security solution is based on Certificate-less Public Key Cryptography (CL-PKC) which ensures a dynamic solution for securing communications between patient devices and the e-Health services core. The proposed solution provides secure authentication and key agreement protocol to establish secret session keys. These keys are used for secure exchanging real-time electronic health records (EHR). To evaluate our approach, we conducted both simulation and real experiments. The security and performance analysis show that our approach is secure and effective while being easy to implement on resource-constrained devices with a low computational cost.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"28 26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126887800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: