International Journal of Information Security最新文献

The 5th generation (5G) and beyond use Internet of Things (IoT) to offer the feature of remote monitoring for different applications such as transportation, healthcare, and energy. There are several advantages of 5G and beyond for IoT applications like high speed and low latency. However, they are prone to cybersecurity threats due to networks softwarization and virtualization, thus raising additional security challenges and complexities. In this paper, we conducted a systematic literature review (SLR) of cybersecurity for 5G and beyond-enabled IoT. By developing a taxonomy to classify and characterize existing research, we identified and analyzed strategies, key patterns, mechanisms, performance evaluation, validation parameters and challenges of cybersecurity and resilience for 5G and beyond-enabled IoT in existing studies. We used “Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA)” recommendations for this SLR. Through our search in scientific databases, 4449 records published between 2017 and 2023 were initially identified, which were then reduced to 558 records after title and abstract screening to be considered for the eligibility check process. After screening the full-text, 79 articles were finalized for thorough analysis. The findings of this study suggest that 35% of the included studies focus on authentication and access control as security aspects, 59% studies are based on combination of both network layer and application layer as main operation layer, and 34% of the included studies use real-time implementation for validation purpose while the remaining studies utilize simulation or theoretical analysis. Our SLR also highlights open research challenges of 5G and beyond-enabled IoT cybersecurity and suggests a tentative solution for each challenge, which can be a focus of future research. Finally, key limitations of our SLR and threats to validity are addressed.

Federated Identity Management offers numerous economic benefits and convenience to Service Providers and users alike. In such federations, the Identity Provider (IdP) is the solitary entity responsible for managing user credentials and generating assertions for the users, who are requesting access to a service provider’s resource. This makes the IdP centralised and exhibits a single point of failure for the federation, making the federation prone to catastrophic damages. The paper presents our effort in designing and implementing a decentralised system in establishing an identity federation. In its attempt to decentralise the IdP in the federation, the proposed system relies on blockchain technology, thereby, mitigating the single point of failure shortcoming of existing identity federations and is designed using a set of requirements. In this article, we explore different aspects of designing and developing the system, present its protocol flow, analyse its performance, and evaluate its security using ProVerif, a state-of-the-art formal protocol verification tool.

Advanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).

The vast majority of online media rely heavily on the revenues generated by their readers’ views, and due to the abundance of such outlets, they must compete for reader attention. It is a common practise for publishers to employ attention-grabbing headlines as a means to entice users to visit their websites. These headlines, commonly referred to as clickbaits, strategically leverage the curiosity gap experienced by users, enticing them to click on hyperlinks that frequently fail to meet their expectations. Therefore, the identification of clickbaits is a significant NLP application. Previous studies have demonstrated that language models can effectively detect clickbaits. Deep learning models have attained great success in text-based assignments, but these are vulnerable to adversarial modifications. These attacks involve making undetectable alterations to a small number of words or characters in order to create a deceptive text that misleads the machine into making incorrect predictions. The present work introduces “Non-Alpha-Num”, a newly proposed textual adversarial assault that functions in a black box setting, operating at the character level. The primary goal is to manipulate a certain NLP model in a manner that the alterations made to the input data are undetectable by human observers. A series of comprehensive tests were conducted to evaluate the efficacy of the suggested attack approach on several widely-used models, including Word-CNN, BERT, DistilBERT, ALBERTA, RoBERTa, and XLNet. These models were fine-tuned using the clickbait dataset, which is commonly employed for clickbait detection purposes. The empirical evidence suggests that the attack model being offered routinely achieves much higher attack success rates (ASR) and produces high-quality adversarial instances in comparison to traditional adversarial manipulations. The findings suggest that the clickbait detection system has the potential to be circumvented, which might have significant implications for current policy efforts.

The escalating complexity and impact of cyber threats require organisations to rehearse responses to cyber-attacks by routinely conducting cyber security exercises. However, the effectiveness of these exercises is limited by the exercise planners’ ability to replicate real-world scenarios in a timely manner that is, most importantly, tailored to the training audience and sector impacted. To address this issue, we propose the integration of AI-driven sectorial threat intelligence and forecasting to identify emerging and relevant threats and anticipate their impact in different industries. By incorporating such automated analysis and forecasting into the design of cyber security exercises, organisations can simulate real-world scenarios more accurately and assess their ability to respond to emerging threats. Fundamentally, our approach enhances the effectiveness of cyber security exercises by tailoring the scenarios to reflect the threats that are more relevant and imminent to the sector of the targeted organisation, thereby enhancing its preparedness for cyber attacks. To assess the efficacy of our forecasting methodology, we conducted a survey with domain experts and report their feedback and evaluation of the proposed methodology.

The proliferation of the Internet of Things (IoT) paradigm has ushered in a new era of connectivity and convenience. Consequently, rapid IoT expansion has introduced unprecedented security challenges , among which source code vulnerabilities present a significant risk. Recently, machine learning (ML) has been increasingly used to detect source code vulnerabilities. However, there has been a lack of attention to IoT-specific frameworks regarding both tools and datasets. This paper addresses potential source code vulnerabilities in some of the most commonly used IoT frameworks. Hence, we introduce IoTvulCode - a novel framework consisting of a dataset-generating tool and ML-enabled methods for detecting source code vulnerabilities and weaknesses as well as the initial release of an IoT vulnerability dataset. Our framework contributes to improving the existing coding practices, leading to a more secure IoT infrastructure. Additionally, IoTvulCode provides a solid basis for the IoT research community to further explore the topic.

The convergence of information and communication technologies has introduced new and advanced capabilities to Industrial Control Systems. However, concurrently, it has heightened their vulnerability to cyber attacks. Consequently, the imperative for new security methods has emerged as a critical need for these organizations to effectively identify and mitigate potential threats. This paper introduces an innovative approach by proposing a dynamic vulnerability severity calculator. Our methodology encompasses the analysis of environmental topology and the effectiveness of deployed security mechanisms, coupled with the utilization of the Common Vulnerability Scoring System framework to adjust detected vulnerabilities based on the specific environment. Moreover, it evaluates the quantity of vulnerabilities and their interdependencies within each asset. Additionally, our approach integrates these factors into a comprehensive Fuzzy Cognitive Map model, incorporating attack paths to holistically assess the overall vulnerability score. To validate the efficacy of our proposed method, we present a relative case study alongside several modified scenarios, demonstrating its effectiveness in practical applications.

The integrity of electronic voting systems is critical in safeguarding the democratic process worldwide. This study addresses the twin challenges of bribery and coercion that undermine most existing electronic voting systems. Recognizing the limitations of current security measures, which fail to protect voter autonomy even after the disclosure of voting secrets, we propose an innovative level-five secure e-voting system. By integrating an additional setup phase, our system maintains voter volition, ensuring security even when key secrets are compromised. Utilizing cryptographic techniques, blind signatures, and subliminal channels in conjunction with smart card PIN mechanisms, our approach not only bolsters system security but also enhances its potential for widespread adoption. This work underscores the importance of advanced cryptographic methods in developing coercion-resistant electronic voting systems that prioritize voter privacy and choice.

In today's interconnected world, safeguarding digital data's confidentiality and security is crucial. Cryptography and steganography are two primary methods used for information security. While these methods have diverse applications, there is ongoing exploration into the potential benefits of merging them. This review focuses on journal articles from 2010 onwards and conference papers from 2018 onwards that integrate steganography and cryptography in practical applications. The results are gathered through different databases like Scopus, IEEE, and Web of Science. Our approach involves gaining insights into real-world applications explored in the existing literature and categorizing them based on domains and technological areas. Furthermore, we comprehensively analyze the advantages and limitations associated with these implementations, examining them from three evaluation perspectives: security, performance, and user experience. This categorization offers guidance for future research in unexplored areas, while the evaluation perspectives provide essential considerations for analyzing real-world implementations.

Phishing attacks pose a significant threat to online security, utilizing fake websites to steal sensitive user information. Deep learning techniques, particularly convolutional neural networks (CNNs), have emerged as promising tools for detecting phishing attacks. However, traditional CNN-based image classification methods face limitations in effectively identifying fake pages. To address this challenge, we propose an image-based coding approach for detecting phishing attacks using a CNN-LSTM hybrid model. This approach combines SMOTE, an enhanced GAN based on the Autoencoder network, and swarm intelligence algorithms to balance the dataset, select informative features, and generate grayscale images. Experiments on three benchmark datasets demonstrate that the proposed method achieves superior accuracy, precision, and sensitivity compared to other techniques, effectively identifying phishing attacks and enhancing online security.