International Journal of Information Security最新文献

In recent years, machine learning (ML) has become increasingly popular in various fields of activity. Cloud platforms have also grown in popularity, as they offer services that are more secure and accessible worldwide. In this context, cloud-based technologies emerged to support ML, giving rise to the machine learning as a service (MLaaS) concept. However, the clients accessing ML services in order to obtain classification results on private data may be reluctant to upload sensitive information to cloud. The model owners may also prefer not to outsource their models in order to prevent model inversion attacks and to protect intellectual property. The privacy-preserving evaluation of ML models is possible through multi-key homomorphic encryption (MKHE), that allows both the client data and the model to be encrypted under different keys. In this paper, we propose an MKHE evaluation method for decision trees and we extend the proposed method for random forests. Each decision tree is evaluated as a single lookup table, and voting is performed at the level of groups of decision trees in the random forest. We provide both theoretical and experimental evaluations for the proposed method. The aim is to minimize the performance degradation introduced by the encrypted model compared to a plaintext model while also obtaining practical classification times. In our experiments with the proposed MKHE random forest evaluation method, we obtained minimal (less than 0.6%) impact on the main ML performance metrics considered for each scenario, while also achieving reasonable classification times (of the order of seconds).

Due to its plug-and-play functionality and wide device support, the universal serial bus (USB) protocol has become one of the most widely used protocols. However, this widespread adoption has introduced a significant security concern: the implicit trust provided to USB devices, which has created a vast array of attack vectors. Malicious USB devices exploit this trust by disguising themselves as benign peripherals and covertly implanting malicious commands into connected host devices. Existing research employs supervised learning models to identify such malicious devices, but our study reveals a weakness in these models when faced with sophisticated data poisoning attacks. We propose, design and implement a sophisticated adversarial data poisoning attack to demonstrate how these models can be manipulated to misclassify an attack device as a benign device. Our method entails generating keystroke data using a microprogrammable keystroke attack device. We develop adversarial attacker by meticulously analyzing the data distribution of data features generated via USB keyboards from benign users. The initial training data is modified by exploiting firmware-level modifications within the attack device. Upon evaluating the models, our findings reveal a significant decrease from 99 to 53% in detection accuracy when an adversarial attacker is employed. This work highlights the critical need to reevaluate the dependability of machine learning-based USB threat detection mechanisms in the face of increasingly sophisticated attack methods. The vulnerabilities demonstrated highlight the importance of developing more robust and resilient detection strategies to protect against the evolution of malicious USB devices.

The Internet of Things (IoT) plays a fundamental role in contemporary society, necessitating an in-depth comprehension of its application layer protocols, intertwined technologies, security issues, and effective countermeasures. This survey delivers an exhaustive analysis of these protocols, emphasizing the escalating significance of explainable artificial intelligence in IoT (XAIoT). To elucidate its practical implications, we conducted a case study examining a real-world scenario where XAIoT significantly bolstered IoT security. This case study demonstrated XAIoT’s potential to enhance transparency and trustworthiness in IoT systems. Furthermore, the survey critically evaluates existing literature, pinpointing specific opportunities and gaps in the present state of IoT application layer security. For instance, our analysis revealed a pressing need for more robust security protocols and the integration of advanced machine-learning techniques for anomaly detection in IoT applications. This survey, designed to provide a comprehensive perspective, seeks to stimulate additional innovation and research in the realm of secure and intelligent IoT applications. In doing so, it contributes to the ongoing dialogue on improving IoT security, offering valuable insights for researchers and practitioners alike.

Sensor clouds are formed by IP-enabled wireless sensors and Internet of Things devices that are used for sensing and actuation in commercial and industrial applications. Data collected by the sensors are consolidated by distributed cloud data consolidation (DCS) servers to be utilized as raw sensory information by applications running data analytics and actuation functions. Alternatively, DC servers may feed sensor data to the cloud-hosted Big Data Analytics (BDS) servers. Sensor clouds and their respective DCS servers, as well as BDS servers, may form different security realms. These security realms’ ownership structures are complicated and differ from standard database servers, necessitating a dependable authentication technique to provide trusted access to DC and BDS servers. This paper proposes a new multiparty authentication framework to authenticate applications requesting access to the DCS and BDS servers without direct human or application access to the sensors and actuators. Only DC servers are permitted to communicate with sensors/actuators, and only applications certified by a Session Authority Cloud are granted access to DCS/BDS servers via an authentication protocol that includes many information and key exchanges. This solution may assure the reliable deployment of sensor clouds in different critical application domains (i.e., industry, commercial, national security, and defense, etc.) while reducing the potential of direct espionage of sensed/actuated systems. Linear Temporal Logic is used to explicitly analyze and establish the correctness of the presented framework. OPNET modeling and simulations are used to illustrate the protocol’s design and operations. The results demonstrate that multiparty authentication is conceivable for Sensor cloud computing systems.

Electronic contract signing requires the design of protocols that guarantee that the exchange is fair. In the past 5 years, we have observed that trusted third parties (TTPs) can be replaced by blockchain. However, none of the analyzed blockchain-based solutions meets the abuse-freeness requirement (established by Garay et al. in 1999), i.e., that neither party has the power to decide whether the protocol terminates or aborts. In this article, we present the first blockchain-based contract signing protocol that meets the abuse-freeness requirement. We analyze the economic impact that the use of blockchain has on the participants of a contract signing, concluding that the solution is both technically feasible and cost effective.

With the increase of IoT devices generating large amounts of user-sensitive data, improper firmware harms users’ security and privacy. Latest home appliances are integrated with features to assure compatibility with smart home IoT. However, applying complex security mechanisms to IoT is limited by device hardware capabilities, making them vulnerable to attacks. Such attacks have recently become frequent. To address this issue, we developed a secure verification mechanism for firmware released by the device’s manufacturer. We proposed an IoT gateway for secure firmware verification and updating for smart home IoT devices utilizing the IOTA MAM (Masked Authenticated Messaging) protocol and a distributed file system with IPFS (Inter-Planetary File System) protocol. These two communication protocols ensure decentralized communication and firmware file distribution between the IoT device vendor and the IoT end device. The proposed scheme securely shares latest firmware content over IOTA and IPFS networks, performs a secure firmware update on IoT end devices and ensures authenticity and integrity of the firmware. Two types of validation methods were proposed for firmware updating and validation. We implemented the proposed scheme using three entities, Vendor, IoT gateway, and IoT end device. Our system yielded promising results in performing secure automated firmware updates on IoT end devices with very low computational power. The system’s functionality was implemented using IOTA’s MAM run on Raspberry Pi as an IoT gateway along with an ESP8266 Wi-Fi microcontroller, demonstrating the effectiveness of our approach. Our proposed methodology can be used for secure firmware distribution on home IoT applications.

The vehicular ad-hoc network is a technology that enables vehicles to interact with each other and the surrounding infrastructure, aiming to enhance road safety and driver comfort. However, it is susceptible to various security attacks. Among these attacks, the position falsification attack is regarded as one of the most serious, in which the malicious nodes tamper with their transmitted location. Thus, developing effective misbehavior detection schemes capable of detecting such attacks is crucial. Many of these schemes employ machine learning techniques to detect misbehavior based on the features of the exchanged messages. However, the studies that identify the impact of feature engineering on schemes’ performance and highlight the most efficient features and algorithms are limited. This paper conducts a comprehensive literature survey to identify the key features and algorithms used in the literature that lead to the best-performing models. Then, a comparative study using the VeReMi dataset, which is publicly available, is performed to assess six models implemented using three different machine learning algorithms and two feature sets: one comprising selected and derived features and the other including all message features. The findings show that two of the suggested models that employ feature engineering perform almost equally to existing studies in identifying two types of position falsification attacks while exhibiting performance improvements in detecting other types. Furthermore, the results of evaluating the proposed models using another simulation exhibit a substantial improvement achieved by employing feature engineering techniques, where the average accuracy of the models is increased by 6.31–47%, depending on the algorithm used.

Spurred by the rapid modernisation of the sector and the advent of Internet Protocol Television (IPTV), audiovisual (AV) piracy is at epidemic levels, with interventions having limited effect. To date, the dominant themes in interventions have been around personal deterrence (i.e. the threat of legal action) and have not considered other factors that may influence an individual’s decision to consume infringing content. In this paper, we consider psychological factors, including perceptions around risk-taking, security behaviours, problematic internet use and personality traits, to gain a comprehensive understanding of factors influencing engagement with IPTV and the potential implications for cyber security. For this purpose, a survey was conducted with 283 participants living in the UK (age range 18–74, male 104), and an integrated structural equation model was constructed. Our findings showed a positive relationship between security behaviours and the perceived risk of viewing IPTV and a negative relationship between the dark personality triad and the perceived risk of viewing IPTV. They suggest that security behaviours fully mediate the relationship between problematic internet use and IPTV risk-taking, indicating a potential new path for anti-piracy interventions with greater efficacy.

The first Android-ready “G1” phone debuted in late October 2008. Since then, the growth of Android malware has been explosive, analogous to the rise in the popularity of Android. The major positive aspect of Android is its open-source nature, which empowers app developers to expand their work. However, authors with malicious intentions pose grave threats to users. In the presence of such threats, Android malware detection is the need of an hour. Consequently, researchers have proposed various techniques involving static, dynamic, and hybrid analysis to address such threats to numerous features in the last decade. However, the feature that most researchers have extensively used to perform malware analysis and detection in Android security is Android permission. Hence, to provide a clarified overview of the latest and past work done in Android malware analysis and detection, we perform a comprehensive literature review using permissions as a central feature or in combination with other components by collecting and analyzing 205 studies from 2009 to 2023. We extracted information such as the choice opted by researchers between analysis or detection, techniques used to select or rank the permissions feature set, features used along with permissions, detection models employed, malware datasets used by researchers, and limitations and challenges in the field of Android malware detection to propose some future research directions. In addition, on the basis of the information extracted, we answer the six research questions designed considering the above factors.

IoT deployments grow in numbers and size, which makes questions of long-term support and maintainability increasingly important. Without scalable and standard-compliant capabilities to transfer the control of IoT devices between service providers, IoT system owners cannot ensure long-term maintainability, and risk vendor lock-in. The manual overhead must be kept low for large-scale IoT installations to be economically feasible. We propose AutoPKI, a lightweight protocol to update the IoT PKI credentials and shift the trusted domains, enabling the transfer of control between IoT service providers, building upon the latest IoT standards for secure communication and efficient encodings. We show that the overhead for the involved IoT devices is small and that the overall required manual overhead can be minimized. We analyse the fulfilment of the security requirements, and for a subset of them, we demonstrate that the desired security properties hold through formal verification using the Tamarin prover.