首页 > 最新文献

Security and Privacy最新文献

英文 中文
A resource efficient pseudo random number generator based on sawtooth maps for Internet of Things 基于锯齿映射的物联网资源高效伪随机数生成器
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-02-26 DOI: 10.1002/spy2.304
Unsub Zia, M. McCartney, B. Scotney, Jorge Martínez, Ali Sajjad
The strength of cryptographic keys rely on the random number generators (RNGs) to produce random seed values. Unfortunately there are not many RNGs options suitable for Internet of Things (IoTs) scenario, due to limited processing resources and bulk quantity of IoT data that needs to be secured. In this article, we studied sawtooth map which is a chaotic map. However, when implemented on a computer, the sawtooth map results on a non‐chaotic orbit due to the finite precision of computation. This can be avoided if we use the sawtooth map as the local map in a coupled map lattice (CML) system. We explore such coupled map systems for randomness through entropy and statistical analysis. Based on the results, we propose a lightweight hybrid pseudo random number generator (PRNG) based on sawtooth based CML system and SPONGENT hashing. The proposed PRNG is thoroughly tested against statistical attacks, entropy analysis, key space analysis and compared with existing state of the art solutions. The results provide evidence that the proposed PRNG produces random numbers that could produce sufficiently strong cryptographic keys for resource constrained IoT devices.
密钥的强度依赖于随机数生成器(rng)产生随机种子值。不幸的是,由于有限的处理资源和需要保护的大量物联网数据,适合物联网(IoT)场景的rng选项并不多。本文研究的是锯齿图,它是一种混沌图。然而,当在计算机上实现时,由于计算精度有限,锯齿形映射在非混沌轨道上产生。如果我们在耦合映射格(CML)系统中使用锯齿形映射作为局部映射,则可以避免这种情况。我们通过熵和统计分析来探索这种随机耦合映射系统。在此基础上,我们提出了一种基于锯齿状CML系统和海绵哈希的轻量级混合伪随机数生成器(PRNG)。提出的PRNG对统计攻击、熵分析、密钥空间分析进行了彻底的测试,并与现有的最先进的解决方案进行了比较。结果证明,所提出的PRNG产生的随机数可以为资源受限的物联网设备产生足够强的加密密钥。
{"title":"A resource efficient pseudo random number generator based on sawtooth maps for Internet of Things","authors":"Unsub Zia, M. McCartney, B. Scotney, Jorge Martínez, Ali Sajjad","doi":"10.1002/spy2.304","DOIUrl":"https://doi.org/10.1002/spy2.304","url":null,"abstract":"The strength of cryptographic keys rely on the random number generators (RNGs) to produce random seed values. Unfortunately there are not many RNGs options suitable for Internet of Things (IoTs) scenario, due to limited processing resources and bulk quantity of IoT data that needs to be secured. In this article, we studied sawtooth map which is a chaotic map. However, when implemented on a computer, the sawtooth map results on a non‐chaotic orbit due to the finite precision of computation. This can be avoided if we use the sawtooth map as the local map in a coupled map lattice (CML) system. We explore such coupled map systems for randomness through entropy and statistical analysis. Based on the results, we propose a lightweight hybrid pseudo random number generator (PRNG) based on sawtooth based CML system and SPONGENT hashing. The proposed PRNG is thoroughly tested against statistical attacks, entropy analysis, key space analysis and compared with existing state of the art solutions. The results provide evidence that the proposed PRNG produces random numbers that could produce sufficiently strong cryptographic keys for resource constrained IoT devices.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41910894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Study on early accurate diagnosis and treatment of COVID‐19 with smart phone tracking using bionics 基于仿生学的智能手机追踪早期准确诊断和治疗新冠肺炎的研究
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-02-15 DOI: 10.1002/spy2.303
Shweta Gupta, Adesh Kumar
The replication of biological systems by mechanical and electronic devices is referred to as bionics. The bionics industry has grown along four primary application areas, in addition to hearing, vision, orthopedics, and a small, dispersed group of implants that enhance cardiac and neurological functions. The SARS‐CoV‐2 virus is the infectious disease known as coronavirus disease (COVID‐19). The virus‐infected people require assistance to better understand the situation caused by COVID‐19 and to bring some easy, efficient, and effective solutions. One of the solutions mentioned for the early stages involves wearable sensors with temperature sensors for early Covid‐19 identification and photos delivered to an AI‐enabled smartphone, robotic sensor, or robot itself. In severe situations, lung X‐ray images are captured by robotic and remote sensors, and the lungs are given the right medication to finish off the virus. The paper presents the study on the overview, applications of artificial intelligence, and deep learning from the bionics point of view. Deep learning and machine learning will be used for reducing the Covid‐19 outbreak. Wearable sensors provide important data by having temperature‐embedded sensors in several physical devices that reveal details about the environment and body that are connected. Covid‐19 probability prediction is aided by smartphones with artificial intelligence and machine learning capabilities. Case history, doctor notes, chest X‐ray reports, details on the sites of breakouts, and other criteria can help forecast the severity of Covid‐19 when it is in its severe phases and direct the administration of medication to a specific area of the lungs.
通过机械和电子设备复制生物系统被称为仿生学。除了听力、视觉、骨科和一小群增强心脏和神经功能的分散植入物外,仿生学行业还沿着四个主要应用领域发展。严重急性呼吸系统综合征冠状病毒2型是一种被称为冠状病毒病(COVID-19)的传染病。病毒感染者需要帮助,以更好地了解COVID-19造成的情况,并提供一些简单、高效和有效的解决方案。早期阶段提到的解决方案之一包括带温度传感器的可穿戴传感器,用于早期新冠肺炎-19识别,并将照片发送到支持人工智能的智能手机、机器人传感器或机器人本身。在严重情况下,肺部X射线图像由机器人和远程传感器拍摄,肺部得到正确的药物来消灭病毒。本文从仿生学的角度介绍了人工智能的概述、应用和深度学习的研究。深度学习和机器学习将用于减少新冠肺炎-19疫情。可穿戴传感器通过在几个物理设备中嵌入温度传感器来提供重要数据,这些传感器可以揭示连接的环境和身体的细节。新冠肺炎-19概率预测借助具有人工智能和机器学习功能的智能手机。病例史、医生笔记、胸部X光报告、突发部位的详细信息以及其他标准可以帮助预测新冠肺炎-19处于严重阶段时的严重程度,并指导对肺部特定区域的用药。
{"title":"Study on early accurate diagnosis and treatment of COVID‐19 with smart phone tracking using bionics","authors":"Shweta Gupta, Adesh Kumar","doi":"10.1002/spy2.303","DOIUrl":"https://doi.org/10.1002/spy2.303","url":null,"abstract":"The replication of biological systems by mechanical and electronic devices is referred to as bionics. The bionics industry has grown along four primary application areas, in addition to hearing, vision, orthopedics, and a small, dispersed group of implants that enhance cardiac and neurological functions. The SARS‐CoV‐2 virus is the infectious disease known as coronavirus disease (COVID‐19). The virus‐infected people require assistance to better understand the situation caused by COVID‐19 and to bring some easy, efficient, and effective solutions. One of the solutions mentioned for the early stages involves wearable sensors with temperature sensors for early Covid‐19 identification and photos delivered to an AI‐enabled smartphone, robotic sensor, or robot itself. In severe situations, lung X‐ray images are captured by robotic and remote sensors, and the lungs are given the right medication to finish off the virus. The paper presents the study on the overview, applications of artificial intelligence, and deep learning from the bionics point of view. Deep learning and machine learning will be used for reducing the Covid‐19 outbreak. Wearable sensors provide important data by having temperature‐embedded sensors in several physical devices that reveal details about the environment and body that are connected. Covid‐19 probability prediction is aided by smartphones with artificial intelligence and machine learning capabilities. Case history, doctor notes, chest X‐ray reports, details on the sites of breakouts, and other criteria can help forecast the severity of Covid‐19 when it is in its severe phases and direct the administration of medication to a specific area of the lungs.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49317062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting and predicting countermeasures against clickjacking 检测和预测针对点击劫持的对策
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-02-06 DOI: 10.1002/spy2.302
Aryaman Nenavath, Srinivas Naik, Satyanarayana Vollala, Ruhul Amin
Clickjacking is a fast‐growing threat for users online. Here, an attacker program shows a user‐interface (UI) which is entirely out of context, by concealing a very sensitive UI element and rendering it in such a way that it is not visible (transparent) to the end user. The user is then tricked into clicking on the hidden element. By exploiting cameras and publishing unwanted messages, these attacks have the potential to do significant harm. Many websites still lack server‐side minimum security (eg, X‐Frame‐Options header, Content‐Security‐Policy Header, etc) and are hence susceptible to clickjacking. Additionally, client‐side defense methods fare poorly and are ineffective against advanced clickjacking attack types. This paper focuses on dealing with the detection of a possibility of a website being clickjacked. It also predicts the Level of Security of a website against a clickjacking attack and the possible security countermeasures that could be taken to avoid a clickjacking attack on the website. Testing this approach on various websites has proved effective in detecting whether or not a website is vulnerable to clickjacking.
点击劫持是一个快速增长的威胁用户在线。在这里,攻击者程序显示了一个完全脱离上下文的用户界面(UI),通过隐藏一个非常敏感的UI元素并以一种对最终用户不可见(透明)的方式呈现它。然后诱使用户点击隐藏的元素。通过利用摄像头和发布不受欢迎的信息,这些攻击有可能造成重大伤害。许多网站仍然缺乏服务器端最低安全性(例如,X - Frame - Options标头,Content - security - Policy标头等),因此容易受到点击劫持的影响。此外,客户端防御方法表现不佳,对高级点击劫持攻击类型无效。本文的重点是处理网站被点击劫持的可能性的检测。它还预测了网站对点击劫持攻击的安全级别,以及可能采取的安全对策,以避免网站上的点击劫持攻击。在各种网站上测试这种方法已被证明在检测网站是否容易受到点击劫持方面是有效的。
{"title":"Detecting and predicting countermeasures against clickjacking","authors":"Aryaman Nenavath, Srinivas Naik, Satyanarayana Vollala, Ruhul Amin","doi":"10.1002/spy2.302","DOIUrl":"https://doi.org/10.1002/spy2.302","url":null,"abstract":"Clickjacking is a fast‐growing threat for users online. Here, an attacker program shows a user‐interface (UI) which is entirely out of context, by concealing a very sensitive UI element and rendering it in such a way that it is not visible (transparent) to the end user. The user is then tricked into clicking on the hidden element. By exploiting cameras and publishing unwanted messages, these attacks have the potential to do significant harm. Many websites still lack server‐side minimum security (eg, X‐Frame‐Options header, Content‐Security‐Policy Header, etc) and are hence susceptible to clickjacking. Additionally, client‐side defense methods fare poorly and are ineffective against advanced clickjacking attack types. This paper focuses on dealing with the detection of a possibility of a website being clickjacked. It also predicts the Level of Security of a website against a clickjacking attack and the possible security countermeasures that could be taken to avoid a clickjacking attack on the website. Testing this approach on various websites has proved effective in detecting whether or not a website is vulnerable to clickjacking.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"45 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50980586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Design of efficient storage and retrieval of medical records in blockchain based on InterPlanetary File System and modified bloom tree 基于InterPlanetary文件系统和改进bloom树的区块链医疗记录高效存储和检索设计
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-02-05 DOI: 10.1002/spy2.301
S. Sathiya Devi, Arumugam Bhuvaneswari
In the healthcare sector, medical records contain sensitive information about patients, so guaranteeing the confidentiality and integrity of it is essential. To improve the security of it, blockchain technology is being utilized. The blockchain is a type of distributed ledger and it keeps data securely while also generating trust without the need of third party. It has data storage constraint and Merkle tree preserves data integrity but it is inefficient when searching transactions within it. Hence this paper describes InterPlanetary File System (IPFS) based storage and modified bloom tree data structure which is a hybridization of bloom filter and Merkle tree for efficient searching. To protect data privacy, initially it encrypts medical records using ciphertext policy‐attribute based encryption and then the data stored on IPFS returns a hash value. To diminish the false positive rate (FPR), the hash returned by IPFS is stored in two parts of the bloom filter. The first part stores the data by using “k” non‐cryptographic hash function and second part stores the transformed data with the same hash function. The bloom tree is created using Merkle proof for verification of medical record in blockchain. The experiments show that the proposed method reduces the FPR rate and searching complexity is O(log2).
在医疗保健部门,医疗记录包含患者的敏感信息,因此保证其机密性和完整性至关重要。为了提高它的安全性,区块链技术正在被利用。区块链是一种分布式账本,它安全地保存数据,同时在不需要第三方的情况下产生信任。它具有数据存储约束,Merkle树保持了数据的完整性,但在其中搜索事务时效率低下。因此,本文描述了基于行星间文件系统(IPFS)的存储和改进的bloom树数据结构,该结构是bloom filter和Merkle树形的混合,用于高效搜索。为了保护数据隐私,最初它使用基于密文策略属性的加密对医疗记录进行加密,然后存储在IPFS上的数据返回哈希值。为了降低误报率(FPR),IPFS返回的哈希被存储在布隆过滤器的两个部分中。第一部分使用“k”非加密哈希函数存储数据,第二部分使用相同的哈希函数存储转换后的数据。bloom树是使用Merkle证明创建的,用于验证区块链中的医疗记录。实验表明,该方法降低了FPR率,搜索复杂度为O(log2)。
{"title":"Design of efficient storage and retrieval of medical records in blockchain based on InterPlanetary File System and modified bloom tree","authors":"S. Sathiya Devi, Arumugam Bhuvaneswari","doi":"10.1002/spy2.301","DOIUrl":"https://doi.org/10.1002/spy2.301","url":null,"abstract":"In the healthcare sector, medical records contain sensitive information about patients, so guaranteeing the confidentiality and integrity of it is essential. To improve the security of it, blockchain technology is being utilized. The blockchain is a type of distributed ledger and it keeps data securely while also generating trust without the need of third party. It has data storage constraint and Merkle tree preserves data integrity but it is inefficient when searching transactions within it. Hence this paper describes InterPlanetary File System (IPFS) based storage and modified bloom tree data structure which is a hybridization of bloom filter and Merkle tree for efficient searching. To protect data privacy, initially it encrypts medical records using ciphertext policy‐attribute based encryption and then the data stored on IPFS returns a hash value. To diminish the false positive rate (FPR), the hash returned by IPFS is stored in two parts of the bloom filter. The first part stores the data by using “k” non‐cryptographic hash function and second part stores the transformed data with the same hash function. The bloom tree is created using Merkle proof for verification of medical record in blockchain. The experiments show that the proposed method reduces the FPR rate and searching complexity is O(log2).","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48859696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An efficient caching security approach for content‐centric mobile networks in internet of things systems 物联网系统中以内容为中心的移动网络的高效缓存安全方法
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-23 DOI: 10.1002/spy2.294
Zhuang Du, M. Obaidat, Guowei Wu, K. Hsiao
With the expansion of internet of things (IoT), the IP‐based network architecture has been difficult to support the development of IoT. Content‐centric mobile networking (CCMN) models are based on naming the content to get rid of address‐space scarcity, caching the content at intermediate nodes to provide efficient data delivery, which can solve the development bottleneck of IoT. The in‐network caching is a key factor to enable practical deployments of CCMN. And it is also subject to serious security threats of cache pollution attacks (CPA), which can tamper the distribution of content and reduce the advantages of built‐in cache. In addition, the identity and trust mechanism of mobile devices are also important factors hindering the deployment of CCMN. However, existing caching security mechanisms cannot be applied directly, because the features of the built‐in cache, including ubiquity, mobility, and heterogeneity, bring new challenges on designing the caching security mechanism against CPA. In this article, we propose a lightweight CPA detection and defense approach for CCMN. We first model the attack and defense process of CPA as a dynamic game, which can optimize the performance of the attack detection. Then, we adopt popularity analysis to detect CPA, and accurately estimate the current network and attack state by a logical regression algorithm. Our design can also intelligently maintain the identity and trust mechanism. Finally, we design a punishment mechanism to deal with the attackers. Extensive simulations demonstrate that our approach can detect CPA efficiently, mitigate the impact of CPA effectively. Our game model can reduce the impact of locality‐disruption attack and false‐locality attack by 60% and 30%, respectively, compared with the state‐of‐the‐art methods. When the game reaches Nash equilibrium, our model can reduce the impact of CPA on cache hit ratio by 55% on average.
随着物联网的发展,基于IP的网络架构已经难以支撑物联网的发展。以内容为中心的移动网络(CCMN)模型是基于命名内容来摆脱地址空间的稀缺性,在中间节点缓存内容以提供高效的数据传输,可以解决物联网的发展瓶颈。网络内缓存是实现CCMN实际部署的关键因素。此外,它还受到缓存污染攻击(CPA)的严重安全威胁,这种攻击可以篡改内容的分布,降低内置缓存的优势。此外,移动设备的身份和信任机制也是阻碍CCMN部署的重要因素。然而,由于内置缓存的普遍性、移动性和异构性等特点,现有的缓存安全机制不能直接应用,这给设计针对CPA的缓存安全机制带来了新的挑战。在本文中,我们提出了一种针对CCMN的轻量级CPA检测和防御方法。我们首先将CPA的攻击和防御过程建模为一个动态博弈,从而优化攻击检测的性能。然后,采用流行度分析检测CPA,并通过逻辑回归算法准确估计当前网络和攻击状态。我们的设计还可以智能地维护身份和信任机制。最后,我们设计了一个惩罚机制来对付攻击者。大量的仿真结果表明,我们的方法可以有效地检测CPA,有效地减轻CPA的影响。与最先进的方法相比,我们的博弈模型可以将局部中断攻击和虚假局部攻击的影响分别降低60%和30%。当博弈达到纳什均衡时,我们的模型可以将CPA对缓存命中率的影响平均降低55%。
{"title":"An efficient caching security approach for content‐centric mobile networks in internet of things systems","authors":"Zhuang Du, M. Obaidat, Guowei Wu, K. Hsiao","doi":"10.1002/spy2.294","DOIUrl":"https://doi.org/10.1002/spy2.294","url":null,"abstract":"With the expansion of internet of things (IoT), the IP‐based network architecture has been difficult to support the development of IoT. Content‐centric mobile networking (CCMN) models are based on naming the content to get rid of address‐space scarcity, caching the content at intermediate nodes to provide efficient data delivery, which can solve the development bottleneck of IoT. The in‐network caching is a key factor to enable practical deployments of CCMN. And it is also subject to serious security threats of cache pollution attacks (CPA), which can tamper the distribution of content and reduce the advantages of built‐in cache. In addition, the identity and trust mechanism of mobile devices are also important factors hindering the deployment of CCMN. However, existing caching security mechanisms cannot be applied directly, because the features of the built‐in cache, including ubiquity, mobility, and heterogeneity, bring new challenges on designing the caching security mechanism against CPA. In this article, we propose a lightweight CPA detection and defense approach for CCMN. We first model the attack and defense process of CPA as a dynamic game, which can optimize the performance of the attack detection. Then, we adopt popularity analysis to detect CPA, and accurately estimate the current network and attack state by a logical regression algorithm. Our design can also intelligently maintain the identity and trust mechanism. Finally, we design a punishment mechanism to deal with the attackers. Extensive simulations demonstrate that our approach can detect CPA efficiently, mitigate the impact of CPA effectively. Our game model can reduce the impact of locality‐disruption attack and false‐locality attack by 60% and 30%, respectively, compared with the state‐of‐the‐art methods. When the game reaches Nash equilibrium, our model can reduce the impact of CPA on cache hit ratio by 55% on average.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44179277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An attack volume metric 攻击量度量
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-23 DOI: 10.1002/spy2.298
Ibifubara Iganibo, Massimiliano Albanese, M. Mosko, Eric Bier, Alejandro E. Brito
For more than a decade, the notion of attack surface has been used to define the set of vulnerable assets that an adversary may exploit to penetrate a system, and various metrics have been developed to quantify the extent of a system's attack surface. However, most approaches to tackle this problem have failed to consider the complex interdependencies that exist between the many components of a distributed system, its vulnerabilities, and its configuration parameters. In our work, building upon previous research on vulnerability metrics and on graphical models to capture such interdependencies, we propose a novel approach to evaluate the potential risk associated with exposed vulnerabilities by studying how the effect of each vulnerability exploit propagates through chains of dependencies. Our analysis goes beyond the scope of traditional attack surface metrics, and considers the depth and implications of potential attacks, leading to the definition of a new family of metrics, which we refer to as attack volume metrics. We present experimental results illustrating how the proposed metric scales for graphs of realistic sizes, and illustrate its application to real‐world testbeds.
十多年来,攻击面的概念一直被用来定义对手可能用来渗透系统的一组脆弱资产,并且已经开发了各种指标来量化系统攻击面的程度。然而,大多数解决这一问题的方法都没有考虑分布式系统的许多组件之间存在的复杂的相互依赖性、其漏洞和配置参数。在我们的工作中,在之前对漏洞度量和图形模型的研究基础上,我们提出了一种新的方法,通过研究每个漏洞利用的影响如何通过依赖链传播,来评估与暴露的漏洞相关的潜在风险。我们的分析超出了传统攻击面度量的范围,并考虑了潜在攻击的深度和影响,从而定义了一个新的度量家族,我们称之为攻击量度量。我们给出了实验结果,说明了所提出的度量是如何对真实大小的图进行缩放的,并说明了它在现实世界测试台中的应用。
{"title":"An attack volume metric","authors":"Ibifubara Iganibo, Massimiliano Albanese, M. Mosko, Eric Bier, Alejandro E. Brito","doi":"10.1002/spy2.298","DOIUrl":"https://doi.org/10.1002/spy2.298","url":null,"abstract":"For more than a decade, the notion of attack surface has been used to define the set of vulnerable assets that an adversary may exploit to penetrate a system, and various metrics have been developed to quantify the extent of a system's attack surface. However, most approaches to tackle this problem have failed to consider the complex interdependencies that exist between the many components of a distributed system, its vulnerabilities, and its configuration parameters. In our work, building upon previous research on vulnerability metrics and on graphical models to capture such interdependencies, we propose a novel approach to evaluate the potential risk associated with exposed vulnerabilities by studying how the effect of each vulnerability exploit propagates through chains of dependencies. Our analysis goes beyond the scope of traditional attack surface metrics, and considers the depth and implications of potential attacks, leading to the definition of a new family of metrics, which we refer to as attack volume metrics. We present experimental results illustrating how the proposed metric scales for graphs of realistic sizes, and illustrate its application to real‐world testbeds.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42561957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An onion with layers of hope and fear: A cross‐case analysis of the media representation of Tor Network reflecting theoretical perspectives of new technologies 一个充满希望和恐惧的洋葱:反映新技术理论视角的Tor网络媒体表现的跨案例分析
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-22 DOI: 10.1002/spy2.296
Thaís Sardá
The Onion Router (Tor) is a sophisticated web browser accompanied by an encrypted network that enables online anonymity, protecting people's privacy. Adopted by many as a counter‐surveillance mitigation around the world, legitimate users of Tor include the military, journalists, whistle‐blowers, and citizens from authoritarian regimes. This article shows that the data protection offered by Tor is consistently associated to criminal and anti‐social uses by the media. This research looks at the British press representation of Tor conducting a thematic analysis of articles published by six newspapers between 2008 and 2017. This analysis connects the press coverage to three theoretical approaches: moral panics, technological ambivalence, and liberation technology. This research demonstrates through three case studies that the media reproduces theoretical discussions about new technologies on Tor's portrayal, presenting cases with only positive, only negatives and both positive and negative uses. However, examples of optimistic views of Tor are rare, and the press coverage focuses mainly on the criminal uses, especially crypto markets and child pornography. Overall, the British press ignores a culture of surveillance and spreads a discourse of fear through a recurrent connection of Tor to horrifying uses, undermining any potential positive outcomes.
洋葱路由器(Tor)是一种复杂的网络浏览器,配有加密网络,可以实现在线匿名,保护人们的隐私。Tor在世界各地被许多人采用,作为反监视的缓解手段,合法用户包括军队、记者、告密者和专制政权的公民。这篇文章表明,Tor提供的数据保护始终与媒体的犯罪和反社会用途有关。这项研究着眼于英国媒体代表Tor,对2008年至2017年期间六家报纸发表的文章进行了专题分析。这一分析将新闻报道与三种理论方法联系起来:道德恐慌、技术矛盾和解放技术。本研究通过三个案例研究证明,媒体复制了关于Tor描绘的新技术的理论讨论,仅呈现积极,消极以及积极和消极用途的案例。然而,对Tor持乐观态度的例子很少,新闻报道主要集中在犯罪用途上,特别是加密市场和儿童色情。总的来说,英国媒体忽视了一种监控文化,并通过将Tor与恐怖用途反复联系起来,传播了一种恐惧的话语,破坏了任何潜在的积极结果。
{"title":"An onion with layers of hope and fear: A cross‐case analysis of the media representation of Tor Network reflecting theoretical perspectives of new technologies","authors":"Thaís Sardá","doi":"10.1002/spy2.296","DOIUrl":"https://doi.org/10.1002/spy2.296","url":null,"abstract":"The Onion Router (Tor) is a sophisticated web browser accompanied by an encrypted network that enables online anonymity, protecting people's privacy. Adopted by many as a counter‐surveillance mitigation around the world, legitimate users of Tor include the military, journalists, whistle‐blowers, and citizens from authoritarian regimes. This article shows that the data protection offered by Tor is consistently associated to criminal and anti‐social uses by the media. This research looks at the British press representation of Tor conducting a thematic analysis of articles published by six newspapers between 2008 and 2017. This analysis connects the press coverage to three theoretical approaches: moral panics, technological ambivalence, and liberation technology. This research demonstrates through three case studies that the media reproduces theoretical discussions about new technologies on Tor's portrayal, presenting cases with only positive, only negatives and both positive and negative uses. However, examples of optimistic views of Tor are rare, and the press coverage focuses mainly on the criminal uses, especially crypto markets and child pornography. Overall, the British press ignores a culture of surveillance and spreads a discourse of fear through a recurrent connection of Tor to horrifying uses, undermining any potential positive outcomes.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"6 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41639276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Differential analysis of the NBC algorithm based on mixed integer linear programming model 基于混合整数线性规划模型的NBC算法的差分分析
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-20 DOI: 10.1002/spy2.297
Lan Zhang, Bin Yu, Liangsheng He
This paper mainly studies mixed integer linear programming (MILP)‐based cryptanalysis on round‐reduced NBC algorithm with generalized Feistel structure. First, each component of the algorithm is equivalently described by linear inequality equations, and the propagation rules of differential characteristics and linear approximation are described, and an automatic search algorithm model of differential mode and linear mask mode based on MILP is established, and the minimum number of active S‐boxes and the corresponding differential mode and linear mask mode paths are obtained. Second, according to the NBC algorithm's 16‐bit block pull‐wire position permutation characteristics, the optimal full diffusion rounds of NBC‐128 algorithm and NBC‐256 algorithm are obtained by using approximate matrix multiplication theory to be six and eight respectively. Finally, based on the optimal number of full diffusion rounds of the algorithm, an automatic search algorithm model of impossible differential cryptanalysis is established, and the set of input differential patterns is traversed to obtain 11‐round impossible differential distinguishers of NBC‐128 algorithm and 14‐round impossible differential distinguishers of NBC‐256 algorithm respectively.
本文主要研究了基于混合整数线性规划(MILP)的广义Feistel结构的轮约NBC算法的密码分析。首先,用线性不等式方程等效描述了该算法的各个组成部分,描述了差分特性和线性逼近的传播规律,建立了基于MILP的差分模式和线性掩模模式自动搜索算法模型,得到了最小有效S盒数以及相应的差分模式和线性掩模模式路径。其次,根据NBC算法的16位分组拉线位置置换特性,利用近似矩阵乘法理论得到NBC‐128算法和NBC‐256算法的最优全扩散轮数分别为6和8。最后,基于算法的最优满扩散轮数,建立了不可能差分密码分析的自动搜索算法模型,遍历输入的差分模式集,分别得到NBC‐128算法的11轮不可能差分区分符和NBC‐256算法的14轮不可能差分区分符。
{"title":"Differential analysis of the NBC algorithm based on mixed integer linear programming model","authors":"Lan Zhang, Bin Yu, Liangsheng He","doi":"10.1002/spy2.297","DOIUrl":"https://doi.org/10.1002/spy2.297","url":null,"abstract":"This paper mainly studies mixed integer linear programming (MILP)‐based cryptanalysis on round‐reduced NBC algorithm with generalized Feistel structure. First, each component of the algorithm is equivalently described by linear inequality equations, and the propagation rules of differential characteristics and linear approximation are described, and an automatic search algorithm model of differential mode and linear mask mode based on MILP is established, and the minimum number of active S‐boxes and the corresponding differential mode and linear mask mode paths are obtained. Second, according to the NBC algorithm's 16‐bit block pull‐wire position permutation characteristics, the optimal full diffusion rounds of NBC‐128 algorithm and NBC‐256 algorithm are obtained by using approximate matrix multiplication theory to be six and eight respectively. Finally, based on the optimal number of full diffusion rounds of the algorithm, an automatic search algorithm model of impossible differential cryptanalysis is established, and the set of input differential patterns is traversed to obtain 11‐round impossible differential distinguishers of NBC‐128 algorithm and 14‐round impossible differential distinguishers of NBC‐256 algorithm respectively.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48511541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Blockchain architecture and methodologies for internet of things environment 区块链物联网环境的体系结构和方法
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-17 DOI: 10.1002/spy2.299
Alireza Souri, Eyhab Al-Masri, S. Kumari
With the continuous maturity of big data technology and open source community in the internet of things (IoT) environment, the intelligent system architecture and ecosystem are booming and developing, and the commercial supporting tools are increasingly fast. On the other hand, blockchain architecture was primarily designed to facilitate distributed transactions by removing central management in a secured and safe environment. Blockchain technology can share and distribute big data structures that can securely store digital transactions without using a central point of authority. More importantly, blockchain allows for the automated execution of smart contracts in IoT. Therefore, the sensible management of blockchain-based big data techniques is necessary to increase the IoT architecture and network efficiency. The main contribution of this special issue is to highlight the new methods and directions focusing on blockchain-based methodologies to address the IoT environments. This special issue invited researchers to publish selected original articles presenting new solutions to solve hot challenges of this topic. We have received more than 25 submitted manuscripts in this special issue in March 2022. By applying an initial technical check for all manuscripts, peer-review process was applied for all submitted manuscripts. Then, based on the review comments, we have accepted 16 papers.
随着物联网环境下大数据技术和开源社区的不断成熟,智能系统架构和生态系统正在蓬勃发展,商业支持工具也越来越快。另一方面,区块链架构主要旨在通过在安全的环境中取消中央管理来促进分布式交易。区块链技术可以共享和分发大数据结构,这些结构可以安全地存储数字交易,而无需使用中央权威点。更重要的是,区块链允许物联网中智能合约的自动执行。因此,基于区块链的大数据技术的合理管理对于提高物联网架构和网络效率是必要的。本期特刊的主要贡献是强调基于区块链的方法论解决物联网环境的新方法和方向。本期特刊邀请研究人员发表精选原创文章,为解决这一主题的热点挑战提供新的解决方案。我们在2022年3月的这期特刊中收到了超过25份提交的手稿。通过对所有手稿进行初步技术检查,对所有提交的手稿进行了同行评审。然后,根据评审意见,我们已经接受了16篇论文。
{"title":"Blockchain architecture and methodologies for internet of things environment","authors":"Alireza Souri, Eyhab Al-Masri, S. Kumari","doi":"10.1002/spy2.299","DOIUrl":"https://doi.org/10.1002/spy2.299","url":null,"abstract":"With the continuous maturity of big data technology and open source community in the internet of things (IoT) environment, the intelligent system architecture and ecosystem are booming and developing, and the commercial supporting tools are increasingly fast. On the other hand, blockchain architecture was primarily designed to facilitate distributed transactions by removing central management in a secured and safe environment. Blockchain technology can share and distribute big data structures that can securely store digital transactions without using a central point of authority. More importantly, blockchain allows for the automated execution of smart contracts in IoT. Therefore, the sensible management of blockchain-based big data techniques is necessary to increase the IoT architecture and network efficiency. The main contribution of this special issue is to highlight the new methods and directions focusing on blockchain-based methodologies to address the IoT environments. This special issue invited researchers to publish selected original articles presenting new solutions to solve hot challenges of this topic. We have received more than 25 submitted manuscripts in this special issue in March 2022. By applying an initial technical check for all manuscripts, peer-review process was applied for all submitted manuscripts. Then, based on the review comments, we have accepted 16 papers.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43571295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multi‐aspects AI‐based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview 网络安全智能和稳健性的多方面基于人工智能的建模和对抗性学习:全面综述
IF 1.9 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Pub Date : 2023-01-10 DOI: 10.1002/spy2.295
Iqbal H. Sarker
Due to the rising dependency on digital technology, cybersecurity has emerged as a more prominent field of research and application that typically focuses on securing devices, networks, systems, data and other resources from various cyber‐attacks, threats, risks, damages, or unauthorized access. Artificial intelligence (AI), also referred to as a crucial technology of the current Fourth Industrial Revolution (Industry 4.0 or 4IR), could be the key to intelligently dealing with these cyber issues. Various forms of AI methodologies, such as analytical, functional, interactive, textual as well as visual AI can be employed to get the desired cyber solutions according to their computational capabilities. However, the dynamic nature and complexity of real‐world situations and data gathered from various cyber sources make it challenging nowadays to build an effective AI‐based security model. Moreover, defending robustly against adversarial attacks is still an open question in the area. In this article, we provide a comprehensive view on “Cybersecurity Intelligence and Robustness,” emphasizing multi‐aspects AI‐based modeling and adversarial learning that could lead to addressing diverse issues in various cyber applications areas such as detecting malware or intrusions, zero‐day attacks, phishing, data breach, cyberbullying and other cybercrimes. Thus the eventual security modeling process could be automated, intelligent, and robust compared to traditional security systems. We also emphasize and draw attention to the future aspects of cybersecurity intelligence and robustness along with the research direction within the context of our study. Overall, our goal is not only to explore AI‐based modeling and pertinent methodologies but also to focus on the resulting model's applicability for securing our digital systems and society.
由于对数字技术的日益依赖,网络安全已成为一个更突出的研究和应用领域,通常侧重于保护设备、网络、系统、数据和其他资源免受各种网络攻击、威胁、风险、损害或未经授权的访问。人工智能(AI),也被称为当前第四次工业革命(工业4.0或4IR)的关键技术,可能是智能处理这些网络问题的关键。可以采用各种形式的人工智能方法,如分析、功能、交互式、文本和视觉人工智能,根据其计算能力获得所需的网络解决方案。然而,现实世界情况的动态性和复杂性以及从各种网络来源收集的数据,使得如今建立一个有效的基于人工智能的安全模型具有挑战性。此外,在该地区,强有力地防御对抗性攻击仍然是一个悬而未决的问题。在这篇文章中,我们对“网络安全智能和稳健性”进行了全面的阐述,强调了基于人工智能的多方面建模和对抗性学习,这可能会导致解决各种网络应用领域的各种问题,如检测恶意软件或入侵、零日攻击、网络钓鱼、数据泄露、网络欺凌和其他网络犯罪。因此,与传统的安全系统相比,最终的安全建模过程可以是自动化的、智能的和健壮的。我们还强调并提请注意网络安全智能和稳健性的未来方面,以及我们研究背景下的研究方向。总的来说,我们的目标不仅是探索基于人工智能的建模和相关方法,还关注由此产生的模型对保护我们的数字系统和社会的适用性。
{"title":"Multi‐aspects AI‐based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview","authors":"Iqbal H. Sarker","doi":"10.1002/spy2.295","DOIUrl":"https://doi.org/10.1002/spy2.295","url":null,"abstract":"Due to the rising dependency on digital technology, cybersecurity has emerged as a more prominent field of research and application that typically focuses on securing devices, networks, systems, data and other resources from various cyber‐attacks, threats, risks, damages, or unauthorized access. Artificial intelligence (AI), also referred to as a crucial technology of the current Fourth Industrial Revolution (Industry 4.0 or 4IR), could be the key to intelligently dealing with these cyber issues. Various forms of AI methodologies, such as analytical, functional, interactive, textual as well as visual AI can be employed to get the desired cyber solutions according to their computational capabilities. However, the dynamic nature and complexity of real‐world situations and data gathered from various cyber sources make it challenging nowadays to build an effective AI‐based security model. Moreover, defending robustly against adversarial attacks is still an open question in the area. In this article, we provide a comprehensive view on “Cybersecurity Intelligence and Robustness,” emphasizing multi‐aspects AI‐based modeling and adversarial learning that could lead to addressing diverse issues in various cyber applications areas such as detecting malware or intrusions, zero‐day attacks, phishing, data breach, cyberbullying and other cybercrimes. Thus the eventual security modeling process could be automated, intelligent, and robust compared to traditional security systems. We also emphasize and draw attention to the future aspects of cybersecurity intelligence and robustness along with the research direction within the context of our study. Overall, our goal is not only to explore AI‐based modeling and pertinent methodologies but also to focus on the resulting model's applicability for securing our digital systems and society.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2023-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47310786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
期刊
Security and Privacy
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1