首页 > 最新文献

Security and Privacy最新文献

英文 中文
Fog computing security: A review 雾计算安全:综述
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-22 DOI: 10.1002/spy2.313
A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian
Fog computing, also known as edge computing, is a decentralized computing architecture that brings computing and data storage closer to the users and devices that need it. It offers several advantages over traditional cloud computing, such as lower latency, improved reliability, and enhanced security. As the Internet of Things continues to grow, the demand for fog computing is also increasing, making it an important topic for research and development. However, the deployment of fog computing also brings new technical challenges and security risks. For example, fog nodes are often deployed in resource‐constrained environments and are exposed to potential security threats, such as malware and attacks on devices connected to the network. In addition, the decentralized nature of fog computing creates new challenges in terms of privacy, security, and data management. This survey aims to address these technical challenges and research gaps in the field of fog computing security. It provides an overview of the current state of fog computing and its security challenges, and identifies key areas for future research. The survey also highlights the importance of fog computing security and the need for continued investment in this area in order to fully realize the potential of this promising technology.
{"title":"Fog computing security: A review","authors":"A. Jumani, Jinglun Shi, A. Laghari, Zhihui Hu, Aftab ul Nabi, Huang Qian","doi":"10.1002/spy2.313","DOIUrl":"https://doi.org/10.1002/spy2.313","url":null,"abstract":"Fog computing, also known as edge computing, is a decentralized computing architecture that brings computing and data storage closer to the users and devices that need it. It offers several advantages over traditional cloud computing, such as lower latency, improved reliability, and enhanced security. As the Internet of Things continues to grow, the demand for fog computing is also increasing, making it an important topic for research and development. However, the deployment of fog computing also brings new technical challenges and security risks. For example, fog nodes are often deployed in resource‐constrained environments and are exposed to potential security threats, such as malware and attacks on devices connected to the network. In addition, the decentralized nature of fog computing creates new challenges in terms of privacy, security, and data management. This survey aims to address these technical challenges and research gaps in the field of fog computing security. It provides an overview of the current state of fog computing and its security challenges, and identifies key areas for future research. The survey also highlights the importance of fog computing security and the need for continued investment in this area in order to fully realize the potential of this promising technology.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48233013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Efficient implementation of image representation, visual geometry group with 19 layers and residual network with 152 layers for intrusion detection from UNSW‐NB15 dataset 从UNSW‐NB15数据集高效实现图像表示、19层视觉几何组和152层残差网络,用于入侵检测
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-22 DOI: 10.1002/spy2.300
Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie
The Internet offers humanity many distinctive and indispensable services, whether for individuals or for institutions and companies. This great role has attracted the Internet attackers to develop their mechanisms to capture and obtain the data by illegal methods. This growth in the number of cyber‐attacks made scientists in a real challenge, to find advanced methods to face this danger. Due to the shortcomings of traditional data security means such as firewalls, encryption, and so forth, the motivation became to develop alternative systems to detect smart attacks. Intrusion detection systems (IDSs) have made remarkable progress in cyber‐security. They monitor the traffic in real time and continuously to detect the network attacks, giving alerts to the network administrator. In this article, two IDSs are introduced based on principles of transfer learning (TL) with convolutional neural networks. Our systems are built using the visual geometry group (VGG19) and residual network with 152 layers (ResNet152). UNSW‐NB15 intrusion detection dataset is used to evaluate the models. The proposals achieve high levels of precision, recall, and F1_score as 99%, 99%, and 99%, respectively. These achievements prove the efficiency of the proposed models in capturing cyber‐attacks with low alert rates.
互联网为人类提供了许多独特而不可或缺的服务,无论是为个人还是为机构和公司。这一巨大作用吸引了互联网攻击者开发他们的机制,通过非法方法捕获和获取数据。网络攻击数量的增长使科学家们面临着真正的挑战,要找到应对这种危险的先进方法。由于传统数据安全手段(如防火墙、加密等)的缺点,人们开始开发替代系统来检测智能攻击。入侵检测系统(IDS)在网络安全方面取得了显著进展。他们实时、连续地监控流量,以检测网络攻击,并向网络管理员发出警报。在本文中,基于卷积神经网络的迁移学习(TL)原理,介绍了两个IDS。我们的系统是使用视觉几何组(VGG19)和具有152层的残差网络(ResNet152)构建的。UNSW‐NB15入侵检测数据集用于评估模型。这些提案分别实现了99%、99%和99%的高精度、召回率和F1_score。这些成就证明了所提出的模型在捕捉低警报率的网络攻击方面的效率。
{"title":"Efficient implementation of image representation, visual geometry group with 19 layers and residual network with 152 layers for intrusion detection from UNSW‐NB15 dataset","authors":"Youssef F. Sallam, Samy Abd El-Nabi, W. El-shafai, HossamEl-din H. Ahmed, A. Saleeb, Nirmeen A. El-Bahnasawy, F. A. Abd El-Samie","doi":"10.1002/spy2.300","DOIUrl":"https://doi.org/10.1002/spy2.300","url":null,"abstract":"The Internet offers humanity many distinctive and indispensable services, whether for individuals or for institutions and companies. This great role has attracted the Internet attackers to develop their mechanisms to capture and obtain the data by illegal methods. This growth in the number of cyber‐attacks made scientists in a real challenge, to find advanced methods to face this danger. Due to the shortcomings of traditional data security means such as firewalls, encryption, and so forth, the motivation became to develop alternative systems to detect smart attacks. Intrusion detection systems (IDSs) have made remarkable progress in cyber‐security. They monitor the traffic in real time and continuously to detect the network attacks, giving alerts to the network administrator. In this article, two IDSs are introduced based on principles of transfer learning (TL) with convolutional neural networks. Our systems are built using the visual geometry group (VGG19) and residual network with 152 layers (ResNet152). UNSW‐NB15 intrusion detection dataset is used to evaluate the models. The proposals achieve high levels of precision, recall, and F1_score as 99%, 99%, and 99%, respectively. These achievements prove the efficiency of the proposed models in capturing cyber‐attacks with low alert rates.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49220190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Explainable artificial intelligence envisioned security mechanism for cyber threat hunting 可解释的人工智能设想的网络威胁搜索安全机制
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-16 DOI: 10.1002/spy2.312
Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues
Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.
{"title":"Explainable artificial intelligence envisioned security mechanism for cyber threat hunting","authors":"Pankaj Kumar, M. Wazid, D. P. Singh, Jaskaran Singh, A. Das, Youngho Park, Joel J. P. C. Rodrigues","doi":"10.1002/spy2.312","DOIUrl":"https://doi.org/10.1002/spy2.312","url":null,"abstract":"Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44134785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A cryptographic security framework for hybrid Cloud‐Internet of Things network 混合云-物联网网络的加密安全框架
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-15 DOI: 10.1002/spy2.309
Sameer Farooq, Priyanka Chawla, Neeraj Kumar
The most cutting‐edge innovation in recent times, cloud technology, changed the whole computer paradigm from less capable, specific, user‐isolated offline systems to potent multi‐server interactive systems. Despite being a huge benefit, controlling the security and accessibility of data stored in the cloud is a difficult task. Hence, this article presents a four‐phased security paradigm for securing data generated by internet of things (IoT) devices and transmitted to fog servers. In the article, we outline a comprehensive, cutting‐edge architecture for safeguarding and protecting the information that IoT devices produce and transmit to the cloud. The suggested architecture blends the advantages of an innovative mutual authentication algorithm, a novel key distribution algorithm, and a novel encryption hybrid algorithm for maximum effectiveness and increased security. The findings demonstrate that the suggested protocol outperforms previous techniques in terms of time and resource consumption and throughput. In contrast to previous protocols, the suggested approach reduces encrypting time by 28% and decryption time by about 32%, while the volume of encrypted messages produced stays consistent. There has also been a 28% increase in encryption throughput. Proposed work demonstrates minimal resource utilization, good performance and a higher level of security robustness.
近年来最前沿的创新是云技术,它将整个计算机范式从功能较弱、特定、用户孤立的离线系统改变为强大的多服务器交互系统。尽管这是一个巨大的好处,但控制存储在云中的数据的安全性和可访问性是一项艰巨的任务。因此,本文提出了一种四阶段安全范式,用于保护物联网(IoT)设备生成并传输到雾服务器的数据。在这篇文章中,我们概述了一个全面、前沿的架构,用于保护物联网设备产生并传输到云的信息。所提出的体系结构融合了创新的相互认证算法、新的密钥分发算法和新的加密混合算法的优点,以实现最大的有效性和更高的安全性。研究结果表明,所提出的协议在时间、资源消耗和吞吐量方面优于以前的技术。与以前的协议相比,所提出的方法将加密时间减少了28%,解密时间减少了约32%,同时产生的加密消息量保持一致。加密吞吐量也增加了28%。所提出的工作展示了最小的资源利用率、良好的性能和更高级别的安全稳健性。
{"title":"A cryptographic security framework for hybrid Cloud‐Internet of Things network","authors":"Sameer Farooq, Priyanka Chawla, Neeraj Kumar","doi":"10.1002/spy2.309","DOIUrl":"https://doi.org/10.1002/spy2.309","url":null,"abstract":"The most cutting‐edge innovation in recent times, cloud technology, changed the whole computer paradigm from less capable, specific, user‐isolated offline systems to potent multi‐server interactive systems. Despite being a huge benefit, controlling the security and accessibility of data stored in the cloud is a difficult task. Hence, this article presents a four‐phased security paradigm for securing data generated by internet of things (IoT) devices and transmitted to fog servers. In the article, we outline a comprehensive, cutting‐edge architecture for safeguarding and protecting the information that IoT devices produce and transmit to the cloud. The suggested architecture blends the advantages of an innovative mutual authentication algorithm, a novel key distribution algorithm, and a novel encryption hybrid algorithm for maximum effectiveness and increased security. The findings demonstrate that the suggested protocol outperforms previous techniques in terms of time and resource consumption and throughput. In contrast to previous protocols, the suggested approach reduces encrypting time by 28% and decryption time by about 32%, while the volume of encrypted messages produced stays consistent. There has also been a 28% increase in encryption throughput. Proposed work demonstrates minimal resource utilization, good performance and a higher level of security robustness.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42348068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the security of ring learning with error‐based key exchange protocol against signal leakage attack 基于错误的密钥交换协议环学习抵御信号泄漏攻击的安全性研究
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-14 DOI: 10.1002/spy2.310
Komal Pursharthi, D. Mishra
Due to the rapid development of mobile communication and hardware technologies, several mobile‐based web applications have gained popularity among mobile users. Mobile users can utilize these devices to access numerous services over the Internet. To ensure secure communication, different key exchange and authentication (KEA) protocols are proposed and frequently used. However, due to the advent of quantum computers, numerous quantum‐safe KEA protocols are also developed using various complex mathematical problems in ideal lattices. As it is an emerging and developing area, we analyze the security of recently suggested ring learning with error based KEA protocols. The goal of this study is to gain a comprehensive understanding of quantum‐safe KEA mechanisms. For our study, we have considered Dharminder's LWE‐based KEA mechanism and Dharminder and Chandran's LWE‐based KEA mechanism. These protocols enable effective communication and provide a better means for safely transmitting messages between user and server. However, we have discovered that a fundamental security weakness in these methods makes them vulnerable to signal leakage attacks (SLA). Based on our analysis, we demonstrated security weakness against SLA and provide the road‐map for secure construction.
由于移动通信和硬件技术的快速发展,一些基于移动的web应用程序在移动用户中得到了普及。移动用户可以利用这些设备通过互联网访问许多服务。为了保证通信的安全,不同的密钥交换和认证(KEA)协议被提出并频繁使用。然而,由于量子计算机的出现,许多量子安全的KEA协议也被开发出来,使用各种复杂的数学问题在理想格中。由于这是一个新兴的发展领域,我们分析了最近提出的基于错误的KEA协议的环学习的安全性。本研究的目的是获得对量子安全KEA机制的全面理解。在我们的研究中,我们考虑了Dharminder的基于LWE的KEA机制以及Dharminder和Chandran的基于LWE的KEA机制。这些协议支持有效的通信,并为在用户和服务器之间安全传输消息提供了更好的方法。然而,我们发现这些方法的一个基本安全弱点使它们容易受到信号泄漏攻击(SLA)。基于我们的分析,我们展示了针对SLA的安全弱点,并提供了安全构建的路线图。
{"title":"On the security of ring learning with error‐based key exchange protocol against signal leakage attack","authors":"Komal Pursharthi, D. Mishra","doi":"10.1002/spy2.310","DOIUrl":"https://doi.org/10.1002/spy2.310","url":null,"abstract":"Due to the rapid development of mobile communication and hardware technologies, several mobile‐based web applications have gained popularity among mobile users. Mobile users can utilize these devices to access numerous services over the Internet. To ensure secure communication, different key exchange and authentication (KEA) protocols are proposed and frequently used. However, due to the advent of quantum computers, numerous quantum‐safe KEA protocols are also developed using various complex mathematical problems in ideal lattices. As it is an emerging and developing area, we analyze the security of recently suggested ring learning with error based KEA protocols. The goal of this study is to gain a comprehensive understanding of quantum‐safe KEA mechanisms. For our study, we have considered Dharminder's LWE‐based KEA mechanism and Dharminder and Chandran's LWE‐based KEA mechanism. These protocols enable effective communication and provide a better means for safely transmitting messages between user and server. However, we have discovered that a fundamental security weakness in these methods makes them vulnerable to signal leakage attacks (SLA). Based on our analysis, we demonstrated security weakness against SLA and provide the road‐map for secure construction.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44589855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A transformative shift toward blockchain‐based IoT environments: Consensus, smart contracts, and future directions 向基于区块链的物联网环境转型:共识、智能合约和未来方向
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-10 DOI: 10.1002/spy2.308
Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma
Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.
最近,由于用户数据的安全和隐私限制,基于物联网(IoT)的应用已经从集中式基础设施转向分散的生态系统。这一转变为入侵者在各种物联网场景中发起分布式攻击打开了新的大门,从而危及应用环境。此外,随着异构和自治网络的通信,攻击会加剧,这证明了将信任作为关键策略的必要性。最近,基于区块链的物联网解决方案被提出,通过维护物联网环境中的数据一致性、不变性和时间顺序来解决信任限制。然而,物联网生态系统资源有限,带宽低,传感器节点的计算能力有限。因此,包含区块链需要在异构物联网应用中针对共识和智能合约环境进行有效的策略设计。最近的研究已经提出区块链作为物联网的潜在解决方案,但有效的共识和智能合约设计来满足最终应用需求是一个悬而未决的问题。出于同样的动机,该调查提出了合适的低功率共识协议和智能合约设计的集成,以评估和验证区块链- IoT生态系统。我们提出了区块链- IoT的新兴通信和安全方面的共识协议,互操作性和实现平台的性能问题。提出了基于区块链驱动的智能合约生态系统的案例研究,并对采矿成本和延迟进行了比较分析,这表明了它在现实世界设置中的适用性。我们还重点介绍了区块链物联网的攻击,开放的问题,潜在的发现和未来的方向。该调查旨在推动未来共识和安全智能合约设计的新解决方案,以支持应用物联网生态系统。
{"title":"A transformative shift toward blockchain‐based IoT environments: Consensus, smart contracts, and future directions","authors":"Chandan Trivedi, U. P. Rao, Keyur Parmar, Pronaya Bhattacharya, S. Tanwar, Ravi Sharma","doi":"10.1002/spy2.308","DOIUrl":"https://doi.org/10.1002/spy2.308","url":null,"abstract":"Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47548915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Toward the internet of things forensics: A data analytics perspective 走向物联网取证:数据分析视角
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-05 DOI: 10.1002/spy2.306
Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma
The widespread use of networked, intelligent, and adaptable devices in various domains, such as smart cities and home automation, climate control, manufacturing and logistics, healthcare, education, and agriculture, has been hastened by recent developments in hardware and software technologies. In all these application domains, the concept of the Internet of Things helps to achieve process automation and decrease labor costs. While IoT has been an established domain for quite a while, it has seen a lot of advances and challenges in different subdomains over the years. One such subdomain is IoT Forensics which involves digital forensics concerning IoT devices, networks, or clouds. In this process of obtaining substantial evidence from the devices, networks, or cloud, a large amount of data and operations on said data are involved. Hence, looking through IoT Forensics through the methodology dealing with data, known as data analytics, is essential. This paper presents an interpretation of IoT Forensics from the standpoint of data analytics. To explain the same in detail, the paper focuses on IoT Forensics, its methodologies, and how they relate to data analytics stages. Toward the end, the paper discusses current developments in IoT Forensics from the data analytics perspective, limitations observed in the existing technologies, adoption challenges, and possible future advancements.
最近硬件和软件技术的发展加速了网络、智能和适应性设备在智能城市和家庭自动化、气候控制、制造和物流、医疗保健、教育和农业等各个领域的广泛使用。在所有这些应用领域中,物联网的概念有助于实现流程自动化并降低人工成本。虽然物联网已经建立了很长一段时间,但多年来,它在不同的子领域看到了许多进步和挑战。其中一个子领域是物联网取证,涉及物联网设备、网络或云的数字取证。在从设备、网络或云获取实质性证据的过程中,涉及到大量的数据和对这些数据的操作。因此,通过处理数据的方法(称为数据分析)来查看物联网取证是必不可少的。本文从数据分析的角度对物联网取证进行了解释。为了详细解释这一点,本文重点介绍了物联网取证及其方法,以及它们与数据分析阶段的关系。最后,本文从数据分析的角度讨论了物联网取证的当前发展,现有技术的局限性,采用挑战以及未来可能的进步。
{"title":"Toward the internet of things forensics: A data analytics perspective","authors":"Pimal Khanpara, Ishwa Shah, S. Tanwar, Amit Verma, Ravi Sharma","doi":"10.1002/spy2.306","DOIUrl":"https://doi.org/10.1002/spy2.306","url":null,"abstract":"The widespread use of networked, intelligent, and adaptable devices in various domains, such as smart cities and home automation, climate control, manufacturing and logistics, healthcare, education, and agriculture, has been hastened by recent developments in hardware and software technologies. In all these application domains, the concept of the Internet of Things helps to achieve process automation and decrease labor costs. While IoT has been an established domain for quite a while, it has seen a lot of advances and challenges in different subdomains over the years. One such subdomain is IoT Forensics which involves digital forensics concerning IoT devices, networks, or clouds. In this process of obtaining substantial evidence from the devices, networks, or cloud, a large amount of data and operations on said data are involved. Hence, looking through IoT Forensics through the methodology dealing with data, known as data analytics, is essential. This paper presents an interpretation of IoT Forensics from the standpoint of data analytics. To explain the same in detail, the paper focuses on IoT Forensics, its methodologies, and how they relate to data analytics stages. Toward the end, the paper discusses current developments in IoT Forensics from the data analytics perspective, limitations observed in the existing technologies, adoption challenges, and possible future advancements.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42496111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A protocol to establish trust on biometric authentication devices 一种在生物识别认证设备上建立信任的协议
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-02 DOI: 10.1002/spy2.305
U. Kiran, R. Moona, S. Biswas
One of the most extensively utilized mechanisms for person authentication is a system built using biometric‐based authentication. However, many applications use biometric authentication devices that do not support any device authentication mechanisms. As a result, a counterfeit scanning device may be substituted for the genuine one. Non‐authentic biometric authentication devices may perform some additive / subtractive or malicious functions. This paper proposes a technique for establishing trust in biometric authentication devices. The device authentication procedure is essential to build trust in biometric authentication devices such that non‐genuine biometric authentication devices are not used, which may compromise the loss of authentication factor and its replay when the genuine user is not getting authenticated. The protocol uses strong cryptographic mechanisms to authenticate the biometric authentication device with the application server and includes mechanisms for protection against the tampering of biometric templates and to prevent replay attacks. We also perform a formal verification using BAN logic to demonstrate that the proposed protocol meets the defined objectives. The proposed protocol can be used with any biometric authentication device to achieve the same objectives.
最广泛使用的人员身份验证机制之一是使用基于生物特征的身份验证构建的系统。然而,许多应用程序使用不支持任何设备身份验证机制的生物识别身份验证设备。因此,假冒扫描设备可能会取代正品扫描设备。非真实的生物识别认证设备可能会执行一些附加/减去或恶意功能。提出了一种在生物特征认证设备中建立信任的技术。设备认证过程对于建立对生物识别认证设备的信任至关重要,这样就不会使用非真实的生物识别认证设备,这可能会损害身份验证因素的损失,并在真正的用户未获得身份验证时重播。该协议使用强加密机制与应用服务器对生物识别身份验证设备进行身份验证,并包括防止生物识别模板篡改和防止重放攻击的保护机制。我们还使用BAN逻辑执行正式验证,以证明所提议的协议符合定义的目标。所提出的协议可以与任何生物识别认证设备一起使用,以实现相同的目标。
{"title":"A protocol to establish trust on biometric authentication devices","authors":"U. Kiran, R. Moona, S. Biswas","doi":"10.1002/spy2.305","DOIUrl":"https://doi.org/10.1002/spy2.305","url":null,"abstract":"One of the most extensively utilized mechanisms for person authentication is a system built using biometric‐based authentication. However, many applications use biometric authentication devices that do not support any device authentication mechanisms. As a result, a counterfeit scanning device may be substituted for the genuine one. Non‐authentic biometric authentication devices may perform some additive / subtractive or malicious functions. This paper proposes a technique for establishing trust in biometric authentication devices. The device authentication procedure is essential to build trust in biometric authentication devices such that non‐genuine biometric authentication devices are not used, which may compromise the loss of authentication factor and its replay when the genuine user is not getting authenticated. The protocol uses strong cryptographic mechanisms to authenticate the biometric authentication device with the application server and includes mechanisms for protection against the tampering of biometric templates and to prevent replay attacks. We also perform a formal verification using BAN logic to demonstrate that the proposed protocol meets the defined objectives. The proposed protocol can be used with any biometric authentication device to achieve the same objectives.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45228255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Issue Information 问题信息
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-01 DOI: 10.1111/phpr.12889
{"title":"Issue Information","authors":"","doi":"10.1111/phpr.12889","DOIUrl":"https://doi.org/10.1111/phpr.12889","url":null,"abstract":"","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45624728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Issue Information 问题信息
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-03-01 DOI: 10.1002/spy2.242
{"title":"Issue Information","authors":"","doi":"10.1002/spy2.242","DOIUrl":"https://doi.org/10.1002/spy2.242","url":null,"abstract":"","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47603588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Security and Privacy
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1