International Journal of Information Security最新文献

The increasing use of the Internet of Things (IoT) has driven the demand for enhanced and robust access control methods to protect resources from unauthorized access. A cloud-based access control approach brings significant challenges in terms of communication overhead, high latency, and complete reliance. In this paper, we propose a Fog-Based Adaptive Context-Aware Access Control (FB-ACAAC) framework for IoT devices, dynamically adjusting access policies based on contextual information to prevent unauthorised resource access. The main purpose of FB-ACAAC is to provide adaptability to changing access behaviors and context by bringing decision-making and information about policies closer to the end nodes of the network. FB-ACAAC improves the availability of resources and reduces the amount of time for information to be processed. FB-ACAAC extends the widely used eXtensible Access Control Markup Language (XACML) to manage access control decisions. Traditional XACML-based methods do not take into account changing environments, different contexts, and changing access behaviors and are vulnerable to certain types of attacks. To address these issues, FB-ACAAC proposes an adaptive context-aware XACML scheme for heterogeneous distributed IoT environments using fog computing and is designed to be context-aware, adaptable, and secure in the face of unauthorised access. The effectiveness of this new scheme is verified through experiments, and it has a low processing time overhead while providing extra features and improved security.

The Internet of Vehicles (IoV) promises to revolutionize transportation in smart cities, but its interconnectedness raises critical security and privacy concerns. Limited computational power, diverse network technologies, and many sensors and vehicles challenge data integrity and trust in data exchange. Existing solutions, often dependent on specific environments and protocols, struggle to address these issues across the entire IoV ecosystem. This paper explores the potential of blockchain technology to address these challenges. We argue that blockchain’s immutability and decentralization offer a unique solution for trust management in various IoV environments. We review existing blockchain-based algorithms and models proposed for IoV integration and propose a novel taxonomy to categorize these approaches. This taxonomy will help us analyze effective parameters, implementation methods, and evaluation metrics in the reviewed literature. According to our research, the most critical evaluation parameter for blockchain-based methods is time, including system-level service-related time parameters and solution implementation time, and 38% of existing papers simulated the approach using Hyperledger. Additionally, we will identify key challenges from integrating blockchain into the IoV landscape. By providing a comprehensive review and analysis of blockchain-based trust management solutions for IoV, this paper aims to contribute to the ongoing development of secure and reliable intelligent transportation systems.

The adoption and popularity of mobile devices by end-users is partially driven by the increasing development and availability of mobile applications that can aid solving different problems and provide access to services in a wide range of domains or categories, namely healthcare, education, e-commerce or entertainment. While these applications use and benefit from the combination of a wide panoply of technologies from the Internet of Things, fog and cloud computing, data security and privacy are typically not fully taken into account before the creation of many mobile applications or during the software development phases. This paper presents an in-depth approach to modeling attacks on the specific cloud and mobile ecosystem, given its importance in the process of secure application development. Moreover, aiming at bridging the knowledge gap between developers and security experts, this paper presents an alpha version of the security by design for cloud and mobile ecosystem (secD4CloudMobile) framework. secD4CloudMobile is a set of tools that covers cloud and mobile security requirement elicitation (CMSRE), cloud and mobile security best practices guidelines (CMSBPG), cloud mobile attack modeling elicitation (CMAME), and cloud mobile security test specification and tools (CM2ST). The purpose of the framework is to provide cloud and mobile application developers useful readily applicable information and guidelines, striving to bring security engineering and software engineering closer, in a more accessible and automated manner, aiming at the incorporation of security by construction. Finally, the paper presents some preliminary results and discussion.

The paper addresses the issue of secure distribution of codebooks in the field of information security, particularly in the domain of covert communication. We propose a codebook distribution technique based on secret sharing. Secret sharing is a method of dividing and storing secrets that can withstand certain levels of external intrusion and internal deception. In this technique, the sender encrypts the codebook using a private key and uploads it to the IPNS. Each recipient can then obtain the public key for downloading the codebook through a mechanism based on password-protected secret sharing. Based on experimental results and security analysis, the scheme exhibits high time efficiency and stable memory usage. Furthermore, it can withstand various attacks, ensuring the security of codebook transmission.

Trojan droppers consistently emerge as challenging malware threats, particularly within the Android ecosystem. Traditional malware detection approaches focus on identifying payloads upon execution or intercepting malicious downloads from compromised sources. Despite efforts to harden network defenses against such droppers, malicious threat actors keep exploring unconventional infiltration approaches. This study expands on covert channel attacks, proposing the use of gaming platforms, like the classic Tetris arcade game, as a novel vector for malicious payload delivery. Our methodology diverges from conventional network-based attacks by embedding malicious payloads within the game’s Tetromino pieces. Through a custom-made application that masquerades as a benign Tetris variant, we deliver and execute malicious payloads on target devices within 3 to 7 min. This is achieved by combining the Shikata-Ga-Nai polymorphic encoder, an autosuggestion algorithm, and mapping Tetromino blocks to a Meterpreter payload to innovatively deliver malicious payloads via gameplay suggestions. Our work provides a novel covert channel attack which merges gamification with malicious payload delivery. To the best of our knowledge, this is the first study that introduces gamification and autosuggestion mechanisms for payload delivery. We present an in-depth analysis of the proposed attack, along with a number of countermeasures to mitigate such threats, emphasizing the importance of enhanced user awareness and human oversight during dynamic malware analysis.

Deep Learning-based Side-Channel Analysis (DL-SCA) has emerged as a powerful method in the field of side-channel analysis. Current works on DL-SCA primarily rely on publicly available datasets, which typically consist of well-organized and well-aligned training and attack sets. However, this disregards the challenges faced in real-world attacks, where the attack traces are not well-aligned with the training traces as attackers have different levels of control over profiling and attack devices. A network that is capable of identifying areas of leakage and subsequently predicting the leaked values can bypass such difficulty. Therefore, we proposed Arbitrary Trace Attacks, which are placed under the flexible scenario that provides training traces and attack traces with arbitrary sizes. To implement such attacks, we present the Arbitrary Convolutional Neural Network (ACNN), which scans the input trace of arbitrary sizes for leakage area identification and leakage value prediction using a sliding window. Experimental evaluation is conducted on two datasets DPAv4.2 and ASCAD to verify the effectiveness of our approach on unprotected and masked implementation respectively. As a result, the target leakage areas are detected with a significant frequency and the key recovery performance is on par with state-of-the-art. Moreover, the trained model shows the potential for detecting leakage in a general context, that is, detecting leakage of key bytes other than the target one.

Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.

At present, in addressing security challenges within 5 G-era Vehicular Ad-Hoc Networks (VANET), a new protocol has been designed in this paper, named V2X-GKA (Dynamic Group Authentication and Key Agreement Protocol based on C-V2X). V2X-GKA utilizes cryptographic techniques such as ECDLP and DBDH to effectively mitigate risks associated with certificate forgery and key theft. Through the integration of authentication and group key agreement mechanisms, the protocol facilitates dynamic member management and secure key updates without necessitating complete protocol re-execution. This approach not only ensures both forward and backward security but also optimizes algorithmic processes, rendering it highly suitable for real-time, high-speed mobile environments. Through necessary security analysis, it is confirmed that the V2X-GKA scheme in this paper meets the existing security objectives. Compared with other similar schemes, it exhibits a certain degree of completeness and superiority, particularly in open-channel scenarios.

This paper presents a systematic review to identify research combining artificial intelligence (AI) algorithms with Open source intelligence (OSINT) applications and practices. Currently, there is a lack of compilation of these approaches in the research domain and similar systematic reviews do not include research that post dates the year 2019. This systematic review attempts to fill this gap by identifying recent research. The review used the preferred reporting items for systematic reviews and meta-analyses and identified 163 research articles focusing on OSINT applications leveraging AI algorithms. This systematic review outlines several research questions concerning meta-analysis of the included research and seeks to identify research limitations and future directions in this area. The review identifies that research gaps exist in the following areas: Incorporation of pre-existing OSINT tools with AI, the creation of AI-based OSINT models that apply to penetration testing, underutilisation of alternate data sources and the incorporation of dissemination functionality. The review additionally identifies future research directions in AI-based OSINT research in the following areas: Multi-lingual support, incorporation of additional data sources, improved model robustness against data poisoning, integration with live applications, real-world use, the addition of alert generation for dissemination purposes and incorporation of algorithms for use in planning.

The security of the global Certification Authority (CA) system has recently been compromised as a result of attacks on the Public Key Infrastructure (PKI). Although the CA/Browser (CA/B) Forum publishes compliance requirements for CAs, there are no guarantees that even a commercially successful CA is complying with these recommendations. In this paper, we propose the first systematic CA ranking mechanism that ranks CAs in terms of their adherence to the CA/B Forum and X.509 certificate standards. Unfortunately, there is no consolidated and widely accepted parameter to rank the CAs so we have proposed formula-based rating models and introduced different ranking techniques like Direct, Bayesian, and MarkovChain Ranking. These rankings are applied to a comprehensive dataset of X.509 trust chains gathered during the time period of 2020 to 2023. Our proposed ranking scheme can serve as a criterion for both consumers and enterprises for selecting and prioritizing CAs based on performance as well as adherence to the certificate standards.