The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
September 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
March 2022 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
November 2021 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
December 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
July 2021 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most cited articles in academia - International journal of network security &...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
September 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
March 2022 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
November 2021 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
December 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
July 2021 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most cited articles in academia - International journal of network security &...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most Downloaded article for an year in academia - International Journal of Ne...IJNSA Journal
This document summarizes a research article titled "SECURITY & PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS". The article analyzes various security and privacy threats related to the Internet of Things (IoT). It discusses some common attacks on different layers of the IoT and existing as well as proposed countermeasures. The article references 31 other sources and provides an abstract and keywords for the summarized research paper.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
1) The document discusses security issues in computer networks and proposes contemporary solutions. It covers topics like cryptography, secure data access, intrusion detection, and secure routing.
2) The literature review discusses previous research on wireless sensor network security including common attacks, requirements, and defenses. It also examines security issues that arise from the unique characteristics of wireless networks.
3) The document proposes that more research is still needed on topics like quantifying security costs and benefits, data integrity, survivability, and security for data-centric wireless sensor networks. A holistic security model is needed that integrates solutions at each network layer.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health
departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases
from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing
applications increased because an adversary can use them as surveillance tools that violate the user’s
privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in
its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf
hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security
vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a non-
interactive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard.
The new protocol can replace the authentication protocol in the Bluetooth stack without any modification
in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-the-
middle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE
standard shows that our method mitigates the tracking attack with low communication messages. Our
results help enhance the contact-tracing application’s security in which Bluetooth access is available.
Fog computing is a decentralized architecture that processes data and applications closer to end users and IoT devices than cloud computing does. It helps address issues with cloud computing like high latency and low capacity for IoT applications. Fog nodes can be devices like routers, switches and hubs that have some computing and storage capabilities. The paper discusses security and privacy issues with fog computing and possible solutions. It outlines threats like denial of service attacks, eavesdropping, spoofing and man-in-the-middle attacks. Authentication, authorization, and virtualization are identified as areas with security issues, and solutions like public key infrastructure, intrusion detection and certification authorities are proposed.
This document provides an overview of using data science techniques for analyzing Internet of Things (IoT) network traffic, using a smart home network as an example. It first discusses IoT systems, including components, communication protocols, and challenges. It then discusses how machine learning approaches like pattern detection, feature selection, and classification can be used to analyze IoT network traffic and behaviors. Specifically, it presents how these techniques could be applied in R and RStudio to a practical smart home network case study to better understand device interactions and identify anomalies.
Novel authentication framework for securing communication in internet-of-things IJECEIAES
Internet-of-Things (IoT) offers a big boon towards a massive network of connected devices and is considered to offer coverage to an exponential number of the smart appliance in the very near future. Owing to the nascent stage of evolution of IoT, it is shrouded by security loopholes because of various reasons. Review of existing research-based solution highlights the usage of conventional cryptographic-based solution over the traditional mechanism of data forwarding process between IoT nodes and gateway. The proposed system presents a novel solution to this problem by a model that is capable of performing a highly secured and cost-effective authentication process. The proposed system introduces Authentication Using Signature (AUS) as well as Security with Complexity Reduction (SCR) for the purpose to resist participation of any form of unknown threats. The outcome of the model shows better security strength with faster response time and energy saving of the IoT nodes.
The Internet is driving force on how we communicate with one another, from posting messages and images to Facebook or “tweeting” your activities from your vacation. Today it is being used everywhere, now imagine a device that connects to the internet sends out data based on its sensors, this is the Internet-ofThings, a connection of objects with a plethora of sensors. Smart devices as they are commonly called, are invading our homes. With the proliferation of cheap Cloud-based IoT Camera use as a surveillance system to monitor our homes and loved ones right from the palm of our hand using our smartphones. These cameras are mostly white-label product, a process in which the product comes from a single manufacturer and bought by a different company where they are re-branded and sold with their own product name, a method commonly practice in the retail and manufacturing industry. Each Cloud-based IoT cameras sold are not properly tested for security. The problem arises when a hacker, hacks into the Cloud-based IoT Camera sees everything we do, without us knowing about it. Invading our personal digital privacy. This study focuses on the vulnerabilities found on White-label Cloud-based IoT Camera on the market specifically on a Chinese brand sold by Shenzhen Gwelltimes Technology. How this IoT device can be compromised and how to protect our selves from such cyber-attacks.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
This document reviews securing cloud data using fog computing. It proposes using user behavior profiling and decoy technology to detect unauthorized access to cloud data. User behavior profiling models normal patterns of how, when and how much a user accesses cloud data. Deviations from this baseline may signal a masquerade attack. Decoy information like fake documents are generated and can be returned to attackers, confusing them into thinking they have accessed real data when they have not. The document discusses these techniques and compares them to related work on using software decoys and addressing security and legal issues in cloud computing.
This document proposes a new security architecture for cloud computing environments that addresses various security gaps. It presents a hybrid technique combining Advanced Encryption Standard (AES) and Quantum Key Distribution (QKD) for encryption and decryption with random key generation. QKD provides more flexibility for communication through attack detection, while addressing shortcomings of each individual approach like limited distance of QKD and key availability issues of AES. The new approach aims to provide a more trusted cloud communication environment.
The curriculum vitae provides biographical information on Omer K. Jasim including his education, research interests, teaching experience, awards, publications, and technical skills. It details his PhD in computer science from Ain Shams University in Egypt as well as his experience as a lecturer and head of the computer science department at various universities in Iraq. The CV highlights his research focus on network security, cryptography, cloud computing and his publication of papers in international conferences and journals.
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELING IJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat
modeling as a part of requirements engineering in secure software development provides a structured
approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities
in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for
privacy threat modeling in relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to specify characteristics
of a cloud privacy threat modeling methodology, different steps in the proposed methodology and
corresponding products. In addition, a case study has been implemented as a proof of concept to
demonstrate the usability of the proposed methodology. We believe that the extended methodology
facilitates the application of a privacy-preserving cloud software development approach from requirements
engineering to design.
Security Aspects of the Information Centric Networks ModelCSCJournals
With development of internet and the enormous growth of contents over networks, that motivated the researchers to proposed new paradigm model called Information Centric Networks ICN , the most features of ICN model is based on the content itself, instead, of the server located the contents over internet. This new model has a lot of challenges such as, mobility of contents, naming, replications, cashing, communications, and the security issue to secure the contents, customer, and providers. In this paper we will focus on ICN Model and propose solutions of security to protect the network elements, since the security is based on the packet itself rather than the host-centric.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
Securing mobile cloud using finger print authenticationIJNSA Journal
The document summarizes a research paper that proposes using fingerprint recognition for user authentication in mobile cloud computing. It introduces mobile cloud computing and the need to improve security by strengthening authentication methods. The proposed approach uses a mobile phone's camera to capture fingerprint images for authentication instead of additional hardware. The algorithm extracts features from captured images and matches them to stored templates. Experimental results on different mobile devices found processing times below standards. The solution was concluded to enhance mobile cloud security through accessible and cross-platform fingerprint authentication.
October 2022: Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
November 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Most Downloaded article for an year in academia - International Journal of Ne...IJNSA Journal
This document summarizes a research article titled "SECURITY & PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS". The article analyzes various security and privacy threats related to the Internet of Things (IoT). It discusses some common attacks on different layers of the IoT and existing as well as proposed countermeasures. The article references 31 other sources and provides an abstract and keywords for the summarized research paper.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
1) The document discusses security issues in computer networks and proposes contemporary solutions. It covers topics like cryptography, secure data access, intrusion detection, and secure routing.
2) The literature review discusses previous research on wireless sensor network security including common attacks, requirements, and defenses. It also examines security issues that arise from the unique characteristics of wireless networks.
3) The document proposes that more research is still needed on topics like quantifying security costs and benefits, data integrity, survivability, and security for data-centric wireless sensor networks. A holistic security model is needed that integrates solutions at each network layer.
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a open access peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health
departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases
from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing
applications increased because an adversary can use them as surveillance tools that violate the user’s
privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in
its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf
hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security
vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a non-
interactive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard.
The new protocol can replace the authentication protocol in the Bluetooth stack without any modification
in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-the-
middle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE
standard shows that our method mitigates the tracking attack with low communication messages. Our
results help enhance the contact-tracing application’s security in which Bluetooth access is available.
Fog computing is a decentralized architecture that processes data and applications closer to end users and IoT devices than cloud computing does. It helps address issues with cloud computing like high latency and low capacity for IoT applications. Fog nodes can be devices like routers, switches and hubs that have some computing and storage capabilities. The paper discusses security and privacy issues with fog computing and possible solutions. It outlines threats like denial of service attacks, eavesdropping, spoofing and man-in-the-middle attacks. Authentication, authorization, and virtualization are identified as areas with security issues, and solutions like public key infrastructure, intrusion detection and certification authorities are proposed.
This document provides an overview of using data science techniques for analyzing Internet of Things (IoT) network traffic, using a smart home network as an example. It first discusses IoT systems, including components, communication protocols, and challenges. It then discusses how machine learning approaches like pattern detection, feature selection, and classification can be used to analyze IoT network traffic and behaviors. Specifically, it presents how these techniques could be applied in R and RStudio to a practical smart home network case study to better understand device interactions and identify anomalies.
Novel authentication framework for securing communication in internet-of-things IJECEIAES
Internet-of-Things (IoT) offers a big boon towards a massive network of connected devices and is considered to offer coverage to an exponential number of the smart appliance in the very near future. Owing to the nascent stage of evolution of IoT, it is shrouded by security loopholes because of various reasons. Review of existing research-based solution highlights the usage of conventional cryptographic-based solution over the traditional mechanism of data forwarding process between IoT nodes and gateway. The proposed system presents a novel solution to this problem by a model that is capable of performing a highly secured and cost-effective authentication process. The proposed system introduces Authentication Using Signature (AUS) as well as Security with Complexity Reduction (SCR) for the purpose to resist participation of any form of unknown threats. The outcome of the model shows better security strength with faster response time and energy saving of the IoT nodes.
The Internet is driving force on how we communicate with one another, from posting messages and images to Facebook or “tweeting” your activities from your vacation. Today it is being used everywhere, now imagine a device that connects to the internet sends out data based on its sensors, this is the Internet-ofThings, a connection of objects with a plethora of sensors. Smart devices as they are commonly called, are invading our homes. With the proliferation of cheap Cloud-based IoT Camera use as a surveillance system to monitor our homes and loved ones right from the palm of our hand using our smartphones. These cameras are mostly white-label product, a process in which the product comes from a single manufacturer and bought by a different company where they are re-branded and sold with their own product name, a method commonly practice in the retail and manufacturing industry. Each Cloud-based IoT cameras sold are not properly tested for security. The problem arises when a hacker, hacks into the Cloud-based IoT Camera sees everything we do, without us knowing about it. Invading our personal digital privacy. This study focuses on the vulnerabilities found on White-label Cloud-based IoT Camera on the market specifically on a Chinese brand sold by Shenzhen Gwelltimes Technology. How this IoT device can be compromised and how to protect our selves from such cyber-attacks.
Automated diagnosis of attacks in internet of things using machine learning a...journalBEEI
The Internet of Things (IoT) is the interconnection of things around us to make our daily process more efficient by providing more comfort and productivity. However, these connections also reveal a lot of sensitive data. Therefore, thinking about the methods of information security and coding are important as the security approaches that rely heavily on coding are not a strong match for these restricted devices. Consequently, this research aims to contribute to filling this gap, which adopts machine learning techniques to enhance network-level security in the low-power devices that use the lightweight MQTT protocol for their work. This study used a set of tools tools and, through various techniques, trained the proposed system ranging from Ensemble methods to deep learning models. The system has come to know what type of attack has occurred, which helps protect IoT devices. The log loss of the Ensemble methods is 0.44, and the accuracy of multi-class classification is 98.72% after converting the table data into an image set. The work also uses a Convolution Neural Network, which has a log loss of 0.019 and an accuracy of 99.3%. It also aims to implement these functions in IDS.
This document reviews securing cloud data using fog computing. It proposes using user behavior profiling and decoy technology to detect unauthorized access to cloud data. User behavior profiling models normal patterns of how, when and how much a user accesses cloud data. Deviations from this baseline may signal a masquerade attack. Decoy information like fake documents are generated and can be returned to attackers, confusing them into thinking they have accessed real data when they have not. The document discusses these techniques and compares them to related work on using software decoys and addressing security and legal issues in cloud computing.
This document proposes a new security architecture for cloud computing environments that addresses various security gaps. It presents a hybrid technique combining Advanced Encryption Standard (AES) and Quantum Key Distribution (QKD) for encryption and decryption with random key generation. QKD provides more flexibility for communication through attack detection, while addressing shortcomings of each individual approach like limited distance of QKD and key availability issues of AES. The new approach aims to provide a more trusted cloud communication environment.
The curriculum vitae provides biographical information on Omer K. Jasim including his education, research interests, teaching experience, awards, publications, and technical skills. It details his PhD in computer science from Ain Shams University in Egypt as well as his experience as a lecturer and head of the computer science department at various universities in Iraq. The CV highlights his research focus on network security, cryptography, cloud computing and his publication of papers in international conferences and journals.
DESIGN AND IMPLEMENTATION OF THE ADVANCED CLOUD PRIVACY THREAT MODELING IJNSA Journal
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat
modeling as a part of requirements engineering in secure software development provides a structured
approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities
in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for
privacy threat modeling in relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to specify characteristics
of a cloud privacy threat modeling methodology, different steps in the proposed methodology and
corresponding products. In addition, a case study has been implemented as a proof of concept to
demonstrate the usability of the proposed methodology. We believe that the extended methodology
facilitates the application of a privacy-preserving cloud software development approach from requirements
engineering to design.
Security Aspects of the Information Centric Networks ModelCSCJournals
With development of internet and the enormous growth of contents over networks, that motivated the researchers to proposed new paradigm model called Information Centric Networks ICN , the most features of ICN model is based on the content itself, instead, of the server located the contents over internet. This new model has a lot of challenges such as, mobility of contents, naming, replications, cashing, communications, and the security issue to secure the contents, customer, and providers. In this paper we will focus on ICN Model and propose solutions of security to protect the network elements, since the security is based on the packet itself rather than the host-centric.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
This document discusses the risks, countermeasures, costs and benefits of cloud computing. It identifies key risks like cyberattacks, lack of data location control, complex trust boundaries that make investigations difficult, and privacy issues. It recommends solutions like well-defined policies, service level agreements, continuous risk assessments, encryption, and guidance from NIST. While cloud computing offers cost savings and flexibility, users are ultimately responsible for security and must approach cloud adoption with care given its immature nature and risks.
Securing mobile cloud using finger print authenticationIJNSA Journal
The document summarizes a research paper that proposes using fingerprint recognition for user authentication in mobile cloud computing. It introduces mobile cloud computing and the need to improve security by strengthening authentication methods. The proposed approach uses a mobile phone's camera to capture fingerprint images for authentication instead of additional hardware. The algorithm extracts features from captured images and matches them to stored templates. Experimental results on different mobile devices found processing times below standards. The solution was concluded to enhance mobile cloud security through accessible and cross-platform fingerprint authentication.
October 2022: Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
November 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
July 2022 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
April 2022 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
February 2024 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
September 2022: Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
May 2024 - Top 10 Read Articles in Network Security & Its Applications.pdfIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
March 2024 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
January 2024 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
August 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
December 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
June 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
May 2022: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
May 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
November 2023 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
January 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
This document summarizes a study that evaluated using blockchain technology for resource management between Network Providers (NPs) in Next Generation Networks (NGNs). The researchers implemented a resource management mechanism using a smart contract on a blockchain testbed. Experiments tested transaction throughput and latency using different consensus algorithms (Raft and IBFT). The goal was to assess if the solution could support micro-level resource reallocation between NPs or only at higher levels, and determine the most suitable consensus mechanism based on performance. Results showed that blockchain could enable distributed, trusted resource management between competitive NPs, but performance depends on the consensus algorithm used.
April 2024 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
December 2023 - Top 10 Read Articles in Network Security & Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
February 2023: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
This document summarizes an article that evaluates using blockchain technology for resource management between network providers (NPs) in next generation networks (NGNs). It describes implementing a resource management mechanism in a smart contract and testing it on real testbeds using Raft and IBFT consensus algorithms. The goals are to assess performance in terms of throughput and latency to determine if it can support micro-service level resource reallocation between NPs, and identify the most suitable consensus mechanism based on performance metrics. Experimental results showed that blockchain is suitable for resource management between NPs if throughput requirements are not extremely high and latency is not a critical factor.
October 2023 - Top 10 Read Articles in Network Security & Its Applications.pdfIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Similar to October 2021: Top 10 Read Articles in Network Security and Its Applications (20)
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
The CBC machine is a common diagnostic tool used by doctors to measure a patient's red blood cell count, white blood cell count and platelet count. The machine uses a small sample of the patient's blood, which is then placed into special tubes and analyzed. The results of the analysis are then displayed on a screen for the doctor to review. The CBC machine is an important tool for diagnosing various conditions, such as anemia, infection and leukemia. It can also help to monitor a patient's response to treatment.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
October 2021: Top 10 Read Articles in Network Security and Its Applications
1. October 2021: Top 10
Read Articles in
Network Security and
Its Applications
International Journal of Network
Security & Its Applications (IJNSA)
ERA, WJCI Indexed
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)
http://airccse.org/journal/ijnsa.html
Citations, h-index, i10-index
Citations 7722 h-index 42 i10-index 167
2. SECURITY & PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN
INTERNET OF THINGS
Faheem Masoodi1
Shadab Alam2
and Shams Tabrez Siddiqui2
1
Department of Computer Science, University of Kashmir, J&k, India 2
Department of Computer
Science, Jazan University, KSA
ABSTRACT
The idea to connect everything to anything and at any point of time is what vaguely defines the
concept of the Internet of Things (IoT). The IoT is not only about providing connectivity but also
facilitating interaction among these connected things. Though the term IoT was introduced in
1999 but has drawn significant attention during the past few years, the pace at which new
devices are being integrated into the system will profoundly impact the world in a good way but
also poses some severe queries about security and privacy. IoT in its current form is susceptible
to a multitudinous set of attacks. One of the most significant concerns of IoT is to provide
security assurance for the data exchange because data is vulnerable to some attacks by the
attackers at each layer of IoT. The IoT has a layered structure where each layer provides a
service. The security needs vary from layer to layer as each layer serves a different purpose. This
paper aims to analyze the various security and privacy threats related to IoT. Some attacks have
been discussed along with some existing and proposed countermeasures.
KEYWORDS
Internet of Things, privacy, attacks, security, threats, protocols.
For More Details : http://aircconline.com/ijnsa/V11N2/11219ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa19_current.html
3. REFERENCES
[1] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (IoT): a vision,
architectural elements, and future directions, Future Gener. Comput. Syst. 29 (7) (2013)
1645–1660.
[2] Roman, R., Najera, P., Lopez, J., 2011. Securing the internet of things. Computer 44 (9),
51_58.
[3] Horrow, S., and Anjali, S. (2012). Identity Management Framework for Cloud-Based
Internet of Things. SecurIT ’12 Proceedings of the First International Conference on Security
of Internet of Things, 200– 203. 2012
[4] Whitmore, A., Agarwal, A., and Da Xu, L. (2014). The Internet of Things: A survey of topics
and trends. Information Systems Frontiers, 17(2), 261– 274.
[5] Aazam, M., St-Hilaire, M., Lung, C.-H., and Lambadaris, I. (2016). PRE-Fog: IoT trace
based probabilistic resource estimation at Fog. 2016 13th IEEE Annual Consumer
Communications and Networking Conference (CCNC), 12– 17.
[6] Jiang, H., Shen, F., Chen, S., Li, K. C., and Jeong, Y. S. (2015). A secure and scalable
storage system for aggregate data in IoT. Future Generation Computer Systems, 49, 133–
141.
[7] Li, S., Tryfonas, T., and Li, H. (2016). The Internet of Things: a security point of view.
Internet Research, 26(2), 337– 359.
[8] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash. Internet of things:
A survey on enabling technologies, protocols, and applications. IEEE Communications
Surveys Tutorials, 17(4):2347–2376, Fourth quarter 2015.
[9] Pongle, P., and Chavan, G. (2015). A survey: Attacks on RPL and 6LoWPAN in IoT. 2015
International Conference on Pervasive Computing: Advance Communication Technology
and Application for Society, ICPC 2015, 0(c), 0–5
[10] Tsai, C.-W., Lai, C.-F., and Vasilakos, A. V. (2014). Future Internet of Things: open
issues and challenges. Wireless Networks, 20(8), 2201–2217.
[11] V. Karagiannis, P. Chatzimisios, F. Vazquez-Gallego, and J. Alonso-Zarate, "A survey
on application layer protocols for the internet of things," Transaction on IoT and Cloud
Computing, vol. 3, no. 1, pp. 11-17, 2015
[12] D. Locke, "MQ telemetry transport (MQTT) v3. 1 protocol specification," IBM
Developer WorksTechnicalLibrary,2010,
http://www.ibm.com/developerworks/webservices/library/wsmqtt/index.html
4. [13] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar, "Secure MQTT for the Internet
of Things (IoT)," in Fifth International Conference on Communication Systems and Network
Technologies (CSNT 2015), April 2015, pp. 746-751.
[14] OASIS, "OASIS Advanced Message Queuing Protocol (AMQP) Version 1.0," 2012,
http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-complete-v1.0-os.pdf
[15] T. Winter, et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks,"
IETF RFC 6550, Mar. 2012, http://www.ietf.org/rfc/rfc6550.txt
[16] A. Aijaz and A. Aghvami, "Cognitive machine-to-machine communications for internet-
of-things: A protocol stack perspective," IEEE Internet of Things Journal, vol. 2, no. 2, pp.
103-112, April 2015,
[17] http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=7006643
[18] Z. Zhou, B. Yao, R. Xing, L. Shu, and S. Bu, "E-CARP: An energy-efficient routing
protocol for UWSNs on the internet of underwater things," IEEE Sensors Journal, vol. PP,
no. 99, 2015, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7113774
[19] D. Dujovne, T. Watteyne, X. Vilajosana, and P. Thubert, "6TiSCH: Deterministic IP-
enabled industrial internet (of things)," IEEE Communications Magazine, vol. 52, no.12, pp.
36-41, December 2014, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6979984
[20] M. Hasan, E. Hossain, D. Niyato, "Random access for machine-to-machine
communication in LTEadvanced networks: issues and approaches," in IEEE
Communications Magazine, vol. 51, no. 6, pp.86-93, June 2013,
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6525600
[21] Z-Wave, "Z-Wave Protocol Overview," v. 4, May 2007,
https://wiki.ase.tut.fi/courseWiki/imges/9/94/SDS10243_2_Z_Wave_Protocol_Overview.pdf
[22] ZigBee Standards Organization, “ZigBee Specification,” Document 053474r17, Jan
2008, 604 pp., http://home.deib.polimi.it/cesana/teaching/IoT/papers/ZigBee/ZigBeeSpec.pdf
[23] O. Cetinkaya and O. Akan, "A dash7-based power metering system," in 12th Annual
IEEE Consumer Communications and Networking Conference (CCNC), Jan 2015, pp. 406-
411, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7158010
[24] Zhang, Zhi-Kai, et al. ”IoT security: ongoing challenges and research opportunities.”
ServiceOriented Computing and Applications (SOCA), 2014 IEEE 7th International
Conference on. IEEE, 2014.
[25] D. Migault, D. Palomares, E. Herbert, W. You, G. Ganne, G. Arfaoui, and M. Laurent,
“E2E: An Optimized IPsec Architecture for Secure And Fast Offload,” in Seventh
International Conference on Availability, Reliability and Security E2E: 2012.
5. [26] Abomhara, Mohamed, and Geir M. Køien. ”Security and privacy in the Internet of
Things: Current status and open issues.” Privacy and Security in Mobile Systems (PRISMS),
2014 International Conference on. IEEE, 2014.
[27] B. L. Suto, “Analyzing the Accuracy and Time Costs of Web Application Security
Scanners,” San Fr., no. October 2007, 2010.
[28] O. El Mouaatamid, M. LahmerInternet of Things security: layered classification of
attacks and possible countermeasures Electron J (9) (2016).
[29] Seda F. Gürses/Bettina Berendt/Thomas Santen, Multilateral Security Requirements
Analysis for Preserving Privacy in Ubiquitous Environments, in Bettina Berendt/Ernestina
Menasalvas (eds), Workshop on Ubiquitous Knowledge Discovery for Users (UKDU '06), at
51–64;
[30] Stankovic, J. (2014). Research directions for the internet of things. IEEE Internet of
Things Journal, 1(1), 3–9
[31] Sicari, Sabrina, et al. "Security, privacy and trust in the Internet of Things: The road
ahead." Computer Networks76 (2015): 146-164.
[32] https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/
Accessed on 15-03-2019
[33] Bokhari, Mohammad Ubaidullah, and Faheem Masoodi. "Comparative analysis of
structures and attacks on various stream ciphers." Proceedings of the 4th National
Conference. 2010.
6. USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKS
Chin-Ling Chen1
and Jian-Ming Chen2
1
Department of Information Management, National Pingtung University, Pingtung, Taiwan 900
2
Genesis Technology, Inc., HsinChu, Taiwan 300
ABSTRACT
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of
DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be
represented as the state of the model. Considering the attack type, we use this model to calculate
the final attack probability. The final attack probability is then converted into one prediction
vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment
results have shown that the prediction model that can make multi-vector DDoS detection and
analysis easier.
KEYWORDS
DDoS, attack detection, Markov chain, TCP SYN flood, ICMP flood, HTTP flood, LAND, UDP
flood.
For More Details : https://aircconline.com/ijnsa/V13N4/13421ijnsa01.pdf
Volume Link : https://airccse.org/journal/jnsa21_current.html
7. REFERENCES
[1] Karras, D. A. &Zorkadis,V. C. (2008) “On efficient security modelling of complex
interconnected communication systems based on Markov Processes,” 2008 New
Technologies, Mobility and Security, pp1-7.
[2] Zhai, J., Liu, G.& Dai, Y. (2010) “A covert channel detection algorithm based on TCP
Markov model,” 2010 International Conference on Multimedia Information Networking and
Security, pp893-897.
[3] Abdulmunem, A.-S. M. Q.&Kharchenko, V. S. (2016) “Availability and security assessment
of smart building automation systems: combining of attack tree analysis and Markov
models,” 2016 Third International Conference on Mathematics and Computers in Sciences
and in Industry (MCSI), pp302-307.
[4] Kolisnyk, M.,Kharchenko, V.&Iryna, P. (2019) “IoTserver availability consideringDDoS-
attacks: analysis of prevention methods and Markov model,” 2019 10th International
Conference on Dependable Systems, Services and Technologies (DESSERT).
[5] Shing, M. -L.&Shing, C. -C. (2010) “Information security risk assessment using Markov
models,” 2010 Third International Symposium on Electronic Commerce and Security,
pp403-406.
[6] Cao,L. -C. (2007) “A high-efficiency intrusion prediction technology based on Markov
Chain,” 2007 International Conference on Computational Intelligence and Security
Workshops (CISW 2007), pp518-521.
[7] Le,N. T.& Hoang,D. B. (2018) “Security threat probability computation using Markov Chain
and common vulnerability scoring system,” 2018 28th International Telecommunication
Networks and Applications Conference (ITNAC), pp1-6.
[8] Wang, C., Shi, C., Wang, C.& Fu,Y. (2016) “An analyzing method for computer network
security based on Markov game model,” 2016 IEEE Advanced Information Management,
Communicates, Electronic and Automation Control Conference (IMCEC), pp454-458.
[9] Miehling, E., Rasouli, M.&Teneketzis, D. (2017) “A dependency graph formalism for the
dynamic defense of cyber networks,” 2017 IEEE Global Conference on Signal and
Information Processing (GlobalSIP), pp511-512.
[10] Zheng, J.&Namin,A. S. (2018) “Defending SDN-based IoTnetworks againstDDoSattacks
using Markov Decision Process,” 2018 IEEE International Conference on Big Data (Big
Data), pp4589-4592.
[11] Kuang, G. C., Wang, X. F.& Yin, L. R. (2012) “A fuzzy forecast method for network
security situation based on Markov,” 2012 International Conference on Computer Science
and Information Processing (CSIP), pp785-789.
8. [12] Sun, S. (2015) “The research of the network security situation prediction mechanism
based on the complex network,” 2015 International Conference on Computational
Intelligence and Communication Networks (CICN), pp1183-1187.
[13] C. Zhou, S. Huang, N. Xiong, S. -H. Yang, H. Li, Y. Qin & X. Li, (2015) “Design and
analysis of multimodel-based anomaly intrusion detection systems in industrial process
automation,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2015, Vol.45,
No.10, pp1345-1360.
[14] Teoh, T. T., Nguwi, Y. Y., Elovici, Y., Cheung, N. M.& Ng, W. L. (2017) “Analyst
intuition based Hidden Markov Model on high speed, temporal cyber security big data,”
2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge
Discovery (ICNC-FSKD), pp2080-2083.
[15] Holgado, P., Villagrá, V. A.& Vázquez, L. (2020) “Real-time multistep attack prediction
based on Hidden Markov Models,” IEEE Transactions on Dependable and Secure
Computing, 2020, Vol.17, No.1.
9. AUTHORS
Chin-Ling Chen received the BS degree from National Taiwan University in
1988, the Master degree in Management Information System from the
University of Wisconsin, Milwaukee, in 1992, and the Ph.D. degree in
Information Management from National Taiwan University of Science and
Technology, 1999. Since the spring of 1999, he has joined the faculty of the
Department of Information Management at National Pingtung University,
Taiwan. His research interests include Internet QoS, network technology, and
network security. He is a member of IEICE.
Jian-Ming Chen received his master’s degree in Information Management
from National Pingtung University, 2019. Currently, he is a software
engineer of Genesis Technology, Inc, Hsinchu, Taiwan.
10. PHISHING MITIGATION TECHNIQUES: A LITERATURE SURVEY
Wosah Peace Nmachi and Thomas Win
School of Computing & Engineering University of Gloucestershire, Park Campus, Cheltenham
GL50 2RH United Kingdom
ABSTRACT
Email is a channel of communication which is considered to be a confidential medium of
communication for exchange of information among individuals and organisations. The
confidentiality consideration about e-mail is no longer the case as attackers send malicious
emails to users to deceive them into disclosing their private personal information such as
username, password, and bank card details, etc. In search of a solution to combat phishing
cybercrime attacks, different approaches have been developed. However, the traditional exiting
solutions have been limited in assisting email users to identify phishing emails from legitimate
ones. This paper reveals the different email and website phishing solutions in phishing attack
detection. It first provides a literature analysis of different existing phishing mitigation
approaches. It then provides a discussion on the limitations of the techniques, before concluding
with an explorationin to how phishing detection can be improved.
KEYWORDS
Cyber-security, Phishing Email Attack, Deep Learning, Stylometric Analysis, Cyber Human
Behaviour
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
11. REFERENCES
[1] Leite C., Gondim J. J. C., Barreto P. S., and Alchieri E. A., (2019). Waste flooding: A
phishing retaliation tool
[2] Xiujuan W., Chenxi Z., Kangfeng Z., Haoyang T., &Yuanrui T.(2019)detecting spear-
phishing emails based on authentication
[3] Duman S, Kalkan-Cakmakci K, Egele M. (2016)EmailProfiler: Spear phishing filtering with
header and stylometric features of emails.
[4] Calix K., Connors M., Levy D., Manzar H., McCabe G., & Westcott S. (2008). Stylometry
for E-mail author identification and authentication
[5] Gupta B. B., Arachchilage N A.G., &Psannis K. E. (2018).Defending against phishing
attacks: taxonomy of methods, current issues and future direction
[6] Dewan P, Kashyap A, &Kumaraguru P. (2014). Analysingsocial and stylometric features to
identify spear phishing emails
[7] AbahussainO. &Harrath Y. (2019). Detection of malicious emails through regular
expressions and databases
[8] Helmi R. A. A., Ren C. S.&Jamal A. (2019). Email anti-phishing detection application
[9] Asanka N. G.A.,Steve L.&Beznosov K. (2016) Phishing threat avoidance behaviour: An
empirical investigation
[10] Mohammad R., Thabtah F. & McCluskey L. (2015): Tutorial and critical analysis of
phishing websites methods
[11] Heartfield Ryan& George Loukas, (2018) Detecting semantic social engineering attacks
with the weakest link: Implementation and empirical evaluation of a human-as-a-security-
sensor framework
[12] Baniya T., Gautam D.& Kim Y. (2015). Safeguarding web surfing with URL blacklisting
[13] Canova G., Volkamer M., Bergmann C., &Borza R. (2014). NoPhish: An anti-phishing
education app
[14] Bottazzi G., Casalicchio E., Marturana F., &Piu M. (2015). MP-shield: A framework for
phishing detection in mobile devices.
[15] Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015) Identity-based encryption without
sourced revocation incloud computing
12. [16] Qabajeh I.,Thabtah F.,&Chiclana F. (2018) A recent review of conventional vs.
automated cybersecurity anti-phishing techniques
[17] Lötter Andrés.&Futcher Lynn, (2015) A framework to Assist Email Users in the
Identification of Phishing Attacks
[18] Gascon H., Ullrich S., Stritter B. &Rieck K. (2018) Reading between the lines: content-
agnostic detection of spear-phishing emails
[19] Smadi S., Aslam N., & Zhang L. (2018). Detection of online phishing email using
dynamic evolving neural network based on reinforcement learning
[20] Chandrasekaran M., Narayanan K., andUpadhayayaS. (2006) Phishing e-mail detection
based on structural properties.
[21] Ghafir I., Saleem J., Hammoudeh M., Faour H., Prenosil V., Jaf S., Jabbar S. & Baker T.
(2018). Security threats to critical infrastructure: the human factor
[22] Khonji M, Iraqi Y& Jones A. (2011). Mitigation of spear phishing attacks: A Content-
based Authorship Identification framework
[23] Iqbal F, BinsalleehH&Fung B C M. (2010). Mining writeprints from anonymous e-mails
for forensic investigation
[24] Lyon, J.& Wong M. (2006). Sender ID: authenticating e-mail,” RFC 4406.
[25] KunjuM.V., Esther D., Anthony H. C. &BhelwaS. (2019) Evaluation of phishing
techniques based on machine learning
[26] Peng T., Harris I., &Sawa Y. (2018).Detecting phishing attacks using natural language
processing and machine learning
[27] SahingozO.K.,Buber E., Demir O., &Diri B. (2019). Machine learning based phishing
detection from URLs
[28] Zhang, Y., Hong, J. I., &Cranor, L. F.(2007). Cantina: A content based approach to
detecting phishing web sites.
[29] Suganya V. (2016): A review on phishing attacks and various anti-phishing techniques
[30] Abdelhamid N., Ayesh A. &Thabtah F. (2014) Phishing detection based associative
classification data mining
[31] SternfeldUri&Striem-Amit Yonatan. (2019) Prevention of rendezvous generation
algorithm (RGA) and domain generation algorithm (DGA) malware over exiting internet
services.
13. [32] Akarsh S., Sriram S., &Poornachandran P.(2019) Deep learning framework for domain
generation algorithms prediction using long short-term memory.
[33] Bagui S., Nandi D.,Subhash B. & White J.R (2019) Classifying phishing email using
machine learning and deep learning
[34] Jain Kumar Ankit. & Gupta B.B. (2018). A machine learning based approach for
phishing detection using hyperlinks information
[35] Vinayakumar R., Soman K. P., Poornachandran P., Akarsh S. &Elhoseny M. (2019)
Deep learning framework for cyber threat situational awareness based on email and url data
analysis.
[36] Park Gilchan and Rayz Julia (2018).Ontological detection of phishing emails
[37] Surbhi G., Abhishek S.&Akanksha K. (2016). A literature survey on social engineering
attacks: phishing attack
[38] Jamil A., Asif K.& Ghulam Z. (2018) MPMPA: A mitigation and prevention model for
social engineering based phishing attacks on facebook
[39] Platsis George, (2018) Thehuman factor: Cyber security's greatest challenge
[40] NaimBaftiu. (2017).Cyber security in Kosovo
[41] Abdelhamid N., Thabtah F. & Abdel-jaber H. (2017) Phishing detection: A recent
intelligent machine learning comparison based on models content and features
[42] Alsharnouby M., Alaca F., Chiasson S. (2015)Why phishing still works: User strategies
for combating phishing attacks
[43] Chou N., Ledesma R., Teraguchi Y., Boneh D., and Mitchell J. C. (2004) “Client-side
defence against web-based identity theft”.
[44] Prakash P., Kumar M., Rao R. K. and Gupta M. (2010) PhishNet: Predictive blacklisting
to detect phishing attacks
[45] Delany Mark, (2007) Domain-based email authentication using public keys advertised in
the DNS (Domain Keys).
[46] Saidani N., Adi K. and AlliliM. S. (2020)A semantic-based classification approach for an
enhanced spam detection.
[47] Bhowmick A. and Hazarika S.M. (2016) Machine learning for e-mail spam filtering:
review techniques and trends.
14. CRITICAL INFRASTRUCTURE CYBERSECURITY CHALLENGES: IOT IN PERSPECTIVE
1
Akwetey Henry Matey, 2
Paul Danquah, 1
Godfred Yaw Koi-Akrofi and 1
Isaac Asampana
1
Departments of I.T. Studies, University of Professional Studies Accra
2
Department of I.T., Heritage Christian University
ABSTRACT
A technology platform that is gradually bridging the gap between object visibility and remote
accessibility is the Internet of Things (IoT). Rapid deployment of this application can
significantly transform the health, housing, and power (distribution and generation) sectors, etc.
It has considerably changed the power sector regarding operations, services optimization, power
distribution, asset management and aided in engaging customers to reduce energy consumption.
Despite its societal opportunities and the benefits it presents, the power generation sector is
bedeviled with many security challenges on the critical infrastructure. This review discusses the
security challenges posed by IoT in power generation and critical infrastructure. To achieve this,
the authors present the various IoT applications, particularly on the grid infrastructure, from an
empirical literature perspective. The authors concluded by discussing how the various entities in
the sector can overcome these security challenges to ensure an exemplary future IoT
implementation on the power critical infrastructure value chain.
KEYWORDS
Power Distribution, Internet of Things (IoT), Sensors, Technology, Implementation
For More Details : https://aircconline.com/ijnsa/V13N4/13421ijnsa04.pdf
Volume Link : https://airccse.org/journal/jnsa21_current.html
15. REFERENCES
[1] A. R., Khan, A.Mahmood, A. Safdar, Z. A. Khan, and & N. A Khan, "Load forecasting,
dynamic pricing and DSM in smart grid: A review," Renewable and Sustainable Energy
Reviews, Elsevier, vol. 54(C), pages 1311-1322, 2016.
[2] R. Mallik, and H. Kargupta, "A Sustainable Approach for Demand Prediction in Smart Grids
using a Distributed Local Asynchronous Algorithm. Accepted for publication in the
Proceedings of the Conference on Data Understanding (CIDU)", 2011.
[3] K. Zhou, and S. Yang, "Understanding household energy consumption behaviour: The
contribution of energy big data analytics," Renewable and Sustainable Energy Reviews,
Elsevier, vol. 56(C), pages 810-819, 2016.
[4] K. M. Läs- sig J., K. Kersting, "Wind Power Prediction with Machine Learning.," Springer,
vol. 9570 of L.N., 2016.
[5] W. Björn, E. Lorenz, and K. Oliver, "Statistical Learning for Short-Term Photovoltaic Power
Predictions.," vol. Volume 957, 2016.
[6] M. Stolpe, "The Internet of Things: Opportunities and Challenges for Distributed Data
Analysis," ACM SIGKDD Explor. Newsl., vol. 18, no. 1, pp. 15–34, 2016, DOI:
10.1145/2980765.2980768.
[7] B. Shakerighadi, A. A.-M. J. C. Vasquez, and J. M. Guerrero, "Internet of Things for Modern
Energy Systems ," 2018, DOI: 10.3390/en11051252.
[8] K. Sajid, A.; Abbas, H.; Saleem, "Cloud-Assisted IoT-Based SCADA Systems Security: A
Review of the State of the Art and Future Challenges.," IEEE Access, pp. 4, 1375–1384,
2016, DOI: 10.1109/ACCESS.2016.2549047.
[9] S. S. I. Samuel, "A review of connectivity challenges in IoT-smart home." MEC International
Conference on Big Data and Smart City, Muscat, Oman, pp. 364–367, 2016, DOI:
10.1109/ICBDSC.2016.7460395.
[10] G. Bedi, G. K. Venayagamoorthy, R. Singh, R. R. Brooks, and K. C. Wang, "Review of
Internet of Things (IoT) in Electric Power and Energy Systems," IEEE Internet Things J.,
vol. 5, no. 2, pp. 847–870, 2018, DOI: 10.1109/JIOT.2018.2802704.
[11] I. Doh, J. Lim, and K. Chae, "Secure Authentication for Structured Smart Grid System,"
2015, DOI: 10.1109/IMIS.2015.32.
[12] G. W. Bendermacher, M. G. Oude Egbrink, I. H. Wolfhagen, and D. H. Dolmans,
"Unraveling quality culture in higher education: A realist review, "Higher Education, 73(1),
39-60, 2017.
16. [13] R. Savolainen, Information seeking and searching strategies as plans and patterns of
action: A conceptual analysis, " Journal of Documentation, 72(6), 1154-1180, 2016.
[14] R. Syed, and K. Collins-Thompson, "Optimizing search results for a human learning
goal, " Information Retrieval Journal, 20, 506-523, 2017.
[15] M. Allen, "The SAGE Encyclopedia of Communication Research Methods," 2017. DOI:
https://dx.doi.org/10.4135/9781483381411
[16] M. W. and C. Ebert, "Reference Architectures for the Internet of Things," IEEE Software,
IEEE Comput. Soc., no. Jan/Feb 2016, p. P.112 ff, 2016.
[17] B. P. Carrez, Francois, Srdjan Krio, “Designing IoT Architecture ( s ) A European
Perspective,” pp. 79–84, 2014.
[18] K. . Wu G., Talwar, S., Johnsson K., Himayat, N., and Johnson, "Recent Progress in
Machine-To-Machine Communications," IEEE Commun. Mag., pp. 36–43, 2011.
[19] J. Guth et al., "Comparison of IoT Platform Architectures : A Field Study based on a
Reference Architecture Comparison of IoT Platform Architectures : A Field Study based on a
Reference Architecture," 2016.
[20] A. K. Minhaj, and S. Khaled, "IoT security: Review, blockchain solutions, and open
challenges", Future Generation Computer Systems, Volume 82, Pages 395-411, 2018
[21] E. Vasilomanolakis, "On the Security and Privacy of Internet of Things Architectures and
Systems."
[22] D. Minoli, and J. Kouns, "IoT Security ( IoTSec ) Considerations, Requirements, and
Architectures," 2017 14th IEEE Annu. Consum. Commun. Netw. Conf., pp. 1006–1007,
2017, DOI: 10.1109/CCNC.2017.7983271.
[23] T. O. Olowu, and A. Sundararajan, Future Challenges and Mitigation Methods for High
Photovoltaic Penetration : A Survey. 2020.
[24] N. M. Kumar, K. Atluri, and S. Palaparthi, "Internet of Things ( IoT ) in Photovoltaic
Systems," 2018 Natl. Power Eng. Conf., no. October, pp. 1–4, 2018, DOI:
10.1109/NPEC.2018.8476807.
[25] A. Ghasempour, "Internet of Things in Smart Grid: Architecture, Applications, Services,
Key Technologies, and Challenges," 2019, DOI: 10.3390/inventions4010022.
[26] M. Chen, J. Wan, and F. Li, "Machine-to-Machine Communications : Architectures,
Standards and Applications," vol. 6, no. 2, pp. 480–497, 2012, DOI:
10.3837/tiis.2012.02.002.
17. [27] N. A. Hidayatullah, A. C. Kurniawan, and A. Kalam, “Power Transmission and
Distribution Monitoring using Internet of Things (IoT) for Smart Grid,” IOP Conf. Ser.
Mater. Sci. Eng., vol. 384, no. 1, 2018, doi: 10.1088/1757-899X/384/1/012039.
[28] S. Rekha, and J. Anita, "Role of smart grid in the power sector and challenges for its
implementation : A review on Indian scenario," no. October 2018.
[29] S. Chakrabarty, D. W. Engels, and S. Member, "A Secure IoT Architecture for Smart
Cities," 2016.
[30] A. Ramamurthy and P. Jain, "The Internet of Things in the Power Sector Opportunities in
Asia and the Pacific," no. 48, 2017.
[31] Junru Lin. et al., "Monitoring Power Transmission Lines using a Wireless Sensor
Network Wireless," Commun. Mob. Comput. (John Wiley Sons, Ltd, 2014.
[32] O. K. and Hans-RolfT., "Sensor Technology and Future Trend IEEE Transaction on
Instrumentation and Measurement," IEEE, pp. 1497-1501.53(6) p, 2004.
[33] S. Kim, U. Kim, and J. Huh, "A Study on Improvement of Blockchain Application to
Overcome Vulnerability of IoT Multiplatform Security," 2019, DOI: 10.3390/en12030402.
[34] A. Janjić, L. Velimirović, J. Ranitović, and Ž. Džunić, "Internet of Things in Power
Distribution Networks – State of the Art," no. September 2017.
[35] T. Nguyen, S. Wang, M. Alhazmi, M. Nazemi, A. Estebsari, and P. Dehghanian,
"Electric Power Grid Resilience to Cyber Adversaries: State of the Art," IEEE Access, vol. 8,
pp. 87592–87608, 2020, DOI: 10.1109/ACCESS.2020.2993233.
[36] M. A. Shahid, R. Nawaz, I. M. Qureshi, and M. H. Mahmood, "Proposed Defense
Topology against Cyber Attacks in Smart Grid," 4th Int. Conf. Power Gener. Syst. Renew.
Energy Technol. PGSRET 2018, no. September, pp. 1–5, 2019, DOI:
10.1109/PGSRET.2018.8685944.
[37] M. Sahabuddin, B. Dutta, and M. Hassan, "Impact of cyber-attack on isolated power
system," 2016 3rd Int. Conf. Electr. Eng. Inf. Commun. Technol. iCEEiCT 2016, pp. 8–11,
2017, DOI: 10.1109/CEEICT.2016.7873088.
[38] Kaspersky, "Cyber threats for ICS in Energy in Europe. Object of research," pp. 1–11,
2020.
[39] C. Alcaraz, P. Najera, R. Roman, and J. Lopez, “How will city infrastructure and sensors
be made smart?,” White Pap., vol. 6, no. 11, p. 113, 2010, doi: 10.1002/047011276X.
[40] M. Eckel and T. Laffey, "Ensuring the integrity and security of network equipment is
critical in the fight against cyberattacks," Netw. Secure., vol. 2020, no. 9, pp. 18–19, 2020,
DOI: 10.1016/S1353-4858(20)30107-0.
18. [41] Electric Power Research Institute (EPRI), "Contributions of Supply and Demand
Resources to Required Power System Reliability Services," 2015.
[42] S. Ghosh and M. H. Ali, "Exploring Severity Ranking of Cyber-Attacks in Modern
Power Grid," 2019.
[43] Z. Livingston, Sanborn, Slaughter, "Managing cyber risk in the electric power sector |
Deloitte Insights," 2019.
[44] P. Eder-Neuhauser, T. Zseby, J. Fabini, and G. Vormayr, "Sustainable Energy, Grids and
Networks Cyberattack models for smart grid environments," Sustain. Energy, Grids
Networks, vol. 12, pp. 10–29, 2017, DOI: 10.1016/j.segan.2017.08.002.
[45] A. S. Bretas, N. G. Bretas, B. Carvalho, E. Baeyens, and P. P. Khargonekar, "Smart grids
cyber-physical security as a malicious data attack : An innovation approach ଝ," Electr. Power
Syst. Res., vol. 149, pp. 210–219, 2017, DOI: 10.1016/j.epsr.2017.04.018.
[46] J. Xu, B. Liu, H. Mo, and D. Dong, "Automatica Bayesian adversarial multi-node bandit
for optimal smart grid protection against cyber attacks ✩
," Automatica, vol. 128, p. 109551,
2021, DOI: 10.1016/j.automatica.2021.109551.
[47] S. Hasan, A. Dubey, G. Karsai, and X. Koutsoukos, "Electrical Power and Energy
Systems A game-theoretic approach for power systems defence against dynamic," Electr.
Power Energy Syst., vol. 115, no. January 2019, p. 105432, 2020, DOI:
10.1016/j.ijepes.2019.105432.
[48] B. Li, R. Lu, W. Wang, and K. R. Choo, "Distributed host-based collaborative detection
for false data injection attacks in smart grid cyber-physical system," J. Parallel Distrib.
Comput., vol. 103, pp. 32–41, 2017, DOI: 10.1016/j.jpdc.2016.12.012.
[49] X. Luo, Q. Yao, X. Wang, and X. Guan, "Electrical Power and Energy Systems
Observer-based cyber-attack detection and isolation in smart grids," Electr. Power Energy
Syst., vol. 101, no. January, pp. 127–138, 2018, DOI: 10.1016/j.ijepes.2018.02.039.
[50] A. Shukla, S. Dutta, and P. K. Sadhu, "An island detection approach by μ -PMU with
reduced chances of cyber attack," Int. J. Electr. Power Energy Syst., vol. 126, no. PA, p.
106599, 2021, DOI: 10.1016/j.ijepes.2020.106599.
[51] W. Ding, M. Xu, Y. Huang, P. Zhao, and F. Song, "Cyber attacks on PMU placement in a
smart grid : Characterization and optimization," Reliab. Eng. Syst. Saf., vol. 212, no. March,
p. 107586, 2021, DOI: 10.1016/j.ress.2021.107586.
[52] L. Lee and P. Hu, "Vulnerability analysis of cascading dynamics in smart grids under
load redistribution attacks," Electr. Power Energy Syst., vol. 111, no. February, pp. 182–190,
2019, DOI: 10.1016/j.ijepes.2019.03.062.
19. [53] M. Ashrafuzzaman, S. Das, Y. Chakhchoukh, S. Shiva, and F. T. Sheldon, "Computers &
Security Detecting stealthy false data injection attacks in the smart grid using ensemble-
based machine learning," Comput. Secure., vol. 97, p. 101994, 2020, DOI:
10.1016/j.cose.2020.101994.
[54] Y. Li and Y. Wang, "Developing graphical detection techniques for maintaining state
estimation integrity against false data injection attack in the integrated electric cyber-physical
system," J. Syst. Archit., vol. 105, no. December 2019, 2020, DOI:
10.1016/j.sysarc.2019.101705.
[55] S. Aoufi, A. Derhab, and M. Guerroumi, "Journal of Information Security and
Applications Survey of false data injection in the smart power grid : Attacks,
countermeasures and challenges," J. Inf. Secure. Appl., vol. 54, p. 102518, 2020, DOI:
10.1016/j.jisa.2020.102518.
[56] X. Liu, L. Che, K. Gao, and Z. Li, "Power System Intra-Interval Operational Security
under False Data Injection Attacks," IEEE Trans. Ind. Informatics, vol. 16, no. 8, pp. 4997–
5008, 2020, DOI: 10.1109/TII.2019.2954350.
[57] T. Zou, A. S. Bretas, C. Ruben, S. C. Dhulipala, and N. Bretas, "Smart grids cyber-
physical security : Parameter correction model against unbalanced false data injection attacks
☆," Electr. Power Syst. Res., vol. 187, no. June, p. 106490, 2020, DOI:
10.1016/j.epsr.2020.106490.
[58] X. Li and K. W. Hedman, "Enhancing Power System Cyber-Security with Systematic
Two-Stage Detection Strategy," IEEE Trans. Power Syst., vol. 35, no. 2, pp. 1549–1561,
2020, DOI: 10.1109/TPWRS.2019.2942333.
[59] M. Attia, S. Mohammed, H. Sedjelmaci, E. Aglzim, and D. Chrenko, "An efficient
Intrusion Detection System against cyber-physical attacks in the smart grid ☆," Comput.
Electr. Eng., vol. 68, no. May, pp. 499–512, 2018, doi: 10.1016/j.compeleceng.2018.05.006.
[60] S. N. Narayanan, K. Khanna, and B. K. Panigrahi, Security in Smart Cyber-Physical
Systems : A Case Study on Smart Grids and Smart Cars. Elsevier Inc., 2019.
[61] C. Dong, X. Li, W. Jiang, Y. Mu, J. Zhao, and H. Jia, "Cyber-physical modelling
operator and multimodal vibration in the integrated local vehicle-grid electrical system,"
Appl. Energy, vol. 286, no. December 2020, p. 116432, 2021, DOI:
10.1016/j.apenergy.2021.116432.
[62] S. D. Roy and S. Debbarma, "Detection and Mitigation of Cyber-Attacks on AGC
Systems of Low Inertia Power Grid," IEEE Syst. J., vol. 14, no. 2, pp. 2023–2031, 2020,
DOI: 10.1109/JSYST.2019.2943921.
[63] T. R. Sharafeev, O. V Ju, and A. L. Kulikov, "Cyber-Security Problems in Smart Grid,"
2018 Int. Conf. Ind. Eng. Appl. Manuf., pp. 1–6, 2018.
20. [64] N. Mhaisen, N. Fetais, and A. Massoud, "Secure smart contract-enabled control of
battery energy storage systems against cyber-attacks," Alexandria Eng. J., vol. 58, no. 4, pp.
1291–1300, 2019, DOI: 10.1016/j.aej.2019.11.001.
[65] Y. Liu, H. Qin, Z. Chen, C. Shi, R. Zhang, and W. Chen, "Research on cybersecurity
defence technology of power generation acquisition terminal in new energy plant," Proc. -
IEEE Int. Conf. Energy Internet, ICEI 2019, pp. 25–30, 2019, doi: 10.1109/ICEI.2019.00011.
[66] L. Arnaboldi, R. M. Czekster, C. Morisset, and R. Metere, "Modelling Load-Changing
Attacks in Cyber-Physical Systems," Electron. Notes Theor. Comput. Sci., vol. 353, pp. 39–
60, 2020, DOI: 10.1016/j.entcs.2020.09.018.
[67] P. Matoušek, O. Ryšavý, M. Grégr, and V. ech Havlena, "Journal of Information Security
and Applications Flow-based monitoring of ICS communication in the smart grid," J. Inf.
Secure. Appl., vol. 54, 2020, DOI: 10.1016/j.jisa.2020.102535.
[68] V. S. Rajkumar, M. Tealane, and S. Alexandru, "Cyber Attacks on Protective Relays in
Digital Substations and Impact Analysis," IEEE Xplore, 2020.
[69] H. Jia, C. Shao, D. Liu, C. Singh, Y. Ding, and Y. Li, "Operating Reliability Evaluation
of Power Systems with Demand-Side Resources Considering Cyber Malfunctions," IEEE
Access, vol. 8, pp. 87354–87366, 2020, DOI: 10.1109/ACCESS.2020.2992636.
[70] H. He, S. Huang, Y. Liu, and T. Zhang, "International Journal of Electrical Power and
Energy Systems A tri-level optimization model for power grid defence with the consideration
of post-allocated D.G.s against coordinated cyber-physical attacks," Int. J. Electr. Power
Energy Syst., vol. 130, no. March, p. 106903, 2021, DOI: 10.1016/j.ijepes.2021.106903.
[71] M. Woodard, K. Marashi, S. Sedigh, and A. R. Hurson, "Survivability evaluation and
importance analysis for cyber-physical smart grids," Reliab. Eng. Syst. Saf., vol. 210, no.
January, p. 107479, 2021, DOI: 10.1016/j.ress.2021.107479.
[72] L. Li et al., "Cyberattack estimation and detection for cyber-physical power systems R,"
Appl. Math. Comput., vol. 400, p. 126056, 2021, DOI: 10.1016/j.amc.2021.126056.
[73] M. Snehi and A. Bhandari, "Vulnerability retrospection of security solutions for
software-defined Cyber-Physical System against DDoS and IoT-DDoS attacks," Comput.
Sci. Rev., vol. 40, p. 100371, 2021, DOI: 10.1016/j.cosrev.2021.100371.
[74] Q. Su, S. Li, Y. Gao, X. Huang, and J. Li, "Observer-based detection and reconstruction
of dynamic load altering attack in smart grid," J. Franklin Inst., no. XXXX, 2021, DOI:
10.1016/j.jfranklin.2021.02.008.
[75] A. Sadu, A. Jindal, G. Lipari, F. Ponci, and A. Monti, "Resilient Design of Distribution
Grid Automation System against cyber-physical attacks using Blockchain and Smart
Contract," Blockchain Res. Appl., p. 100010, 2021, DOI: 10.1016/j.bcra.2021.100010.
21. [76] X. Liu, L. Che, K. Gao, and Z. Li, "Power System Intra-Interval Operational Security
under False Data Injection Attacks," IEEE Trans. Ind. Informatics, vol. P.P., no. c, p. 1,
2020, DOI: 10.1109/TII.2019.2954350.
[77] Kaspersky, "Cyber threats for ICS in Energy in Europe. Object of research," Kaspersky
ICS CERT, pp. 1–11, 2020.
[78] H. Jia, C. Shao, S. Member, and D. Liu, "Operating Reliability Evaluation of Power
Systems With Demand-Side Resources Considering Cyber Malfunctions," IEEE Access, vol.
8, 2020, DOI: 10.1109/ACCESS.2020.2992636.
[79] T. Nguyen, S. Wang, and S. Member, "Electric Power Grid Resilience to Cyber
Adversaries : State of the Art," IEEE Access, vol. 8, 2020, DOI:
10.1109/ACCESS.2020.2993233.
[80] H. Ge, D. Yue, X. Xie, C. Dou, and S. Wang, "Security control of cyber-physical system
based on switching approach for intermittent denial-of-service jamming attack," ISA Trans.,
no. XXXX, pp. 1–9, 2019, DOI: 10.1016/j.isatra.2019.11.014.
[81] X. Li, K. W. Hedman, and S. Member, "Enhancing Power System Cyber-Security with
Systematic Two-Stage Detection Strategy," IEEE Trans. Power Syst., vol. P.P., no. c, p. 1,
2019, DOI: 10.1109/TPWRS.2019.2942333.
[82] U. Tatar, H. Bahsi, and A. Gheorghe, "Impact assessment of cyber attacks: A
quantification study on power generation systems," Syst. Syst. Eng. Conf. SoSE, 2016, DOI:
10.1109/SYSOSE.2016.7542959.
22. PROOF-OF-REPUTATION: AN ALTERNATIVE CONSENSUS MECHANISM FOR
BLOCKCHAIN SYSTEMS
Oladotun Aluko1
and Anton Kolonin2
1
Novosibirsk State University, Novosibirsk, Russia
2
Aigents Group, Novosibirsk, Russia
ABSTRACT
Blockchains combine other technologies, such as cryptography, networking, and incentive
mechanisms, to enable the creation, validation, and recording of transactions between
participating nodes. A consensus algorithm is used in a blockchain system to determine the
shared state among distributed nodes. An important component underlying any blockchain-based
system is its consensus mechanism, which principally determines the performance and security
of the overall system. As the nature of peer-to-peer(P2P) networks is open and dynamic, the
security risk within that environment is greatly increased mostly because nodes can join and
leave the network at will. Thus, it is important to have a system that can check against malicious
behaviour. In this work, we propose a reputation-based consensus mechanism for blockchain-
based systems, Proof-of-Reputation(PoR) where the nodes with the highest reputation values
eventually become part of a consensus group that determines the state of the blockchain.
KEYWORDS
Consensus Mechanism, Distributed Ledger Technology, Blockchain, Reputation System, Social
Computing.
For More Details : https://aircconline.com/ijnsa/V13N4/13421ijnsa03.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
23. REFERENCES
[1] M. Crosby, P. Pattanayak, S. Verma, and V. Kalyanaraman. (2016) Blockchain technology:
Beyond bitcoin. [Online]. Available: https://j2-capital.com/wp-
content/uploads/2017/11/AIR- 2016-Blockchain.pdf?forcedefault=true.
[2] A. Baliga, “Understanding blockchain consensus models,” 2017.
[3] G.-T. Nguyen and K. Kim, “A survey about consensus algorithms used in blockchain,” J. Inf.
Process. Syst., vol. 14, pp. 101–128, 2018.
[4] Quantaloop.io. (2020) Types of consensus algorithms in blockchain. [Online]. Available:
https://quantaloop.io/proof-of-work-vs-proof-of-stake-101.
[5] F. Hendrikx, K. Bubendorfer, and R. Chard, “Reputation systems: A survey and taxonomy,”
Journal of Parallel and Distributed Computing, vol. 75, pp. 184–197, 2015.
[6] V. Gramoli, “From blockchain consensus back to byzantine consensus,” Future Generation
Computer Systems, vol. 107, pp. 760–769, 2020.
[7] S. Azouvi, P. McCorry, and S. Meiklejohn, “Betting on blockchain consensus with
fantomette,” arXiv preprint arXiv:1805.06786, 2018.
[8] M. S. Ferdous, M. J. M. Chowdhury, M. A. Hoque, and A. Colman, “Blockchain
consensuses algorithms: A survey,” arXiv preprint arXiv:2001.07091, 2020.
[9] L. M. Bach, B. Mihaljevic, and M. Zagar, “Comparative analysis of blockchain consensus
algorithms,” in 2018 41st International Convention on Information and Communication
Technology, Electronics and Microelectronics (MIPRO). IEEE, 2018, pp. 1545–1550.
[10] Y. Xiao, N. Zhang, W. Lou, and Y. T. Hou, “A survey of distributed consensus protocols
for blockchain networks,” IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp.
1432–1465, 2020.
[11] A. Gervais, G. O. Karame, K. Wu ̈st, V. Glykantzis, H. Ritzdorf, and S. Capkun, “On the
security and performance of proof of work blockchains,” in Proceedings of the 2016 ACM
SIGSAC conference on computer and communications security, 2016, pp. 3–16.
[12] A. Josang and R. Ismail, “The beta reputation system,” in Proceedings of the 15th bled
electronic commerce conference, vol. 5, 2002, pp. 2502– 2511.
[13] J. Weng, Z. Shen, C. Miao, A. Goh, and C. Leung, “Credibility: How agents can handle
unfair third-party testimonies in computational trust models,” IEEE Transactions on
Knowledge and Data Engineering, vol. 22, no. 9, pp. 1286–1298, 2009.
[14] S. Song, K. Hwang, R. Zhou, and Y.-K. Kwok,“Trusted p2p transactions with fuzzy
reputation aggregation,” IEEE Internet computing, vol. 9, no. 6, pp. 24–34, 2005.
24. [15] K.K.Bharadwaj and M.Y.H.Al-Shamri,“Fuzzy computational models for trust and
reputation systems,” Electronic commerce research and applications, vol. 8, no. 1, pp. 37–47,
2009.
[16] W. L. Teacy, M. Luck, A. Rogers, and N. R. Jennings, “An efficient and versatile
approach to trust and reputation using hierarchical bayesian modelling,” Artificial
Intelligence, vol. 193, pp. 149–185, 2012.
[17] M. Tavakolifard and S. J. Knapskog, “A probabilistic reputation algorithm for
decentralized multi-agent environments,” Electronic Notes in Theoretical Computer Science,
vol. 244, pp. 139–149, 2009.
[18] A. Whitby, A. Jøsang, and J. Indulska, “Filtering out unfair ratings in bayesian reputation
systems,” in Proc. 7th Int. Workshop on Trust in Agent Societies, vol. 6. Citeseer, 2004, pp.
106–117.
[19] A. Jøsang, Subjective logic. Springer, 2016.
[20] A. Jøsang and T. Bhuiyan, “Optimal trust network analysis with subjective logic,” in
2008 Second International Conference on Emerging Security Information, Systems and
Technologies. IEEE, 2008, pp. 179– 184.
[21] L. C. Freeman, “Centrality in social networks conceptual clarification,” Social networks,
vol. 1, no. 3, pp. 215–239, 1978.
[22] L. Kleinrock, R. Ostrovsky, and V. Zikas, “Proof-of-reputation blockchain with
nakamoto fallback,” in International Conference on Cryptology in India. Springer, 2020, pp.
16–38.
[23] J. Horton and J. Golden,“Reputation Inflation An Online Marketplace,” New York I, vol.
1, 2015.
[24] G. Swamynathan, K. C. Almeroth, and B. Y. Zhao, “The design of a reliable reputation
system,” Electronic Commerce Research, vol. 10, no. 3, pp. 239–270, 2010.
[25] K. Hoffman, D. Zage, and C. Nita-Rotaru, “A survey of attack and defense techniques for
reputation systems,” ACM Computing Surveys (CSUR), vol. 42, no. 1, pp. 1–31, 2009.
[26] M. Gupta, P. Judge, and M. Ammar, “A reputation system for peer-to-peer networks,” in
Proceedings of the 13th international workshop on Network and operating systems support
for digital audio and video, 2003, pp. 144–152.
[27] F. Gai, B. Wang, W. Deng, and W. Peng, “Proof of reputation: A reputation-based
consensus protocol for peer-to-peer network,” in International Conference on Database
Systems for Advanced Applications. Springer, 2018, pp. 666–681.
25. [28] J. Yu, D. Kozhaya, J. Decouchant, and P. Esteves-Verissimo,“Repucoin: Your reputation
is your power,” IEEE Transactions on Computers, vol. 68, no. 8, pp. 1225–1237, 2019.
[29] M. T. de Oliveira, L. H. Reis, D. S. Medeiros, R. C. Carrano, S. D. Olabarriaga, and D.
M. Mattos, “Blockchain reputation-based consensus: A scalable and resilient mechanism for
distributed mistrusting applications,” Computer Networks, vol. 179, p. 107367, 2020.
[30] C. Dwork, N. Lynch, and L. Stockmeyer, “Consensus in the presence of partial
synchrony,” Journal of the ACM (JACM), vol. 35, no. 2, pp. 288–323, 1988.
[31] G. Chalkiadakis, E. Elkind, and M. Wooldridge, “Computational aspects of cooperative
game theory,” Synthesis Lectures on Artificial Intelligence and Machine Learning, vol. 5, no.
6, pp. 1–168, 2011.
[32] P. Berman, J. A. Garay, K. J. Perry et al., “Towards optimal distributed consensus,” in
FOCS, vol. 89. Citeseer, 1989, pp. 410–415.
[33] L. Xiong and L. Liu, “Peertrust: Supporting reputation-based trust for peer-to-peer
electronic communities,” IEEE transactions on Knowledge and Data Engineering, vol. 16,
no. 7, pp. 843–857, 2004.
[34] A. Kolonin and S. SingularityNET, “Reputation systems for human-computer
environments,” Complexity, Informatics and Cybernetics, 2019.
[35] A. Kolonin, B. Goertzel, D. Duong, and M. Ikle, “A reputation system for artificial
societies,” arXiv preprint arXiv:1806.07342, 2018.
[36] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in
International conference on financial cryptography and data security. Springer, 2014, pp.
436–454.
[37] C. Grunspan and R. Perez-Marco, “On profitability of selfish mining,” arXiv preprint
arXiv:1805.08281, 2018.
[38] K. A. Negy, P. R. Rizun, and E. G. Sirer, “Selfish mining re-examined,” in International
Conference on Financial Cryptography and Data Security. Springer, 2020, pp. 61–78.
[39] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-
peer network,” in 24th {USENIX} Security Symposium ({USENIX} Security 15), 2015, pp.
129–144.
[40] J. Bonneau, "Why Buy When You Can Rent?" in International Conference on Financial
Cryptography and Data Security. Springer, 2016, pp. 19–26.
26. AUTHORS
Oladotun Aluko received his BSc (2017) in Computer Science and
Engineering from Obafemi Awolowo University, Nigeria. He is currently
working on his MSc in Big Data Analytics and Artificial Intelligence at
Novosibirsk State University, Novosibirsk, Russia. His research interests are
in Distributed Computing, Blockchain Technology, Machine Learning and
Cloud Databases.
Anton Kolonin received his PhD in 1998 after he independently developed a
software-algorithmic complex for processing geophysical data, introduced into
production in many CIS countries. He has also participated as a leader or lead
architect in many projects to develop algorithms and software, including those
related to the use of AI, including the recognition of static text, moving
objects, music, extracting information from texts and identifying events on
financial markets – in Russian and foreign companies. Since 2017, he has also
been a software architect for AI and blockchain in the Singularity NET
project, leading projects on unsupervised language learning and reputation
systems.
27. CONSTRUCTING THE 2-ELEMENT AGDS PROTOCOL BASED ON THE DISCRETE
LOGARITHM PROBLEM
Tuan Nguyen Kim1
, Duy Ho Ngoc2
and Nikolay A. Moldovyan3
1
Faculty of Information Technology - Duy Tan University, Da Nang 550000, Vietnam
2
Department of Information Technology, Ha Noi, Vietnam
3
St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences, St.
Petersburg, Russia
ABSTRACT
It is considered a group signature scheme in frame of which different sets of signers sign
electronic documents with hidden signatures and the head of the signing group generates a group
signature of fixed size. A new mechanism for imbedding the information about signers into a
group signature is proposed. The method provides possibilities for reducing the signature size
and to construct collective signature protocols for signing groups. New group signature and
collective signature protocols based on the computational difficulty of discrete logarithm are
proposed.
KEYWORDS
Groupdigital signature, Collective digital signature, difficult computational problems, Signing
group.
For More Details : https://aircconline.com/ijnsa/V13N4/13421ijnsa02.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
28. REFERENCES
[1] Shah F., Patel H.,“A Survey of Digital and Group Signature”, International Journal of
Computer Science and Mobile Computing, Vol.5 Issue.6, P. 274-278, (2016).
[2] Camenisch J.L., Piveteau J.M., Stadler M.A.,“Blind Signatures Based on the Discrete
Logarithm Problem”, Advances in Crypology – EUROCRYPT'94 Proc, Lecture Notes in
Computer Science. Springer Verlang, Vol. 950,P. 428–432, (1995).
[3] Moldovyan A.A., Moldovyan N.A.,“Blind Collective Signature Protocol Based on Discrete
Logarithm Problem”,Int. Journal of Network Security, Vol. 11, No. 2, P. 106–113, (2010).
[4] Qi Su, Wen-Min Li, “Improved Group Signature Scheme Based on Quantum Teleportation”,
International Journal of Theoretical Physics, Vol. 53, No. 4, P. 1208, (2016).
[5] Alamélou Q, Blazy O, Cauchie S., Gaborit Ph.,“A code-based group signature scheme”,
Designs, Codes and Cryptography, Vol. 82, No 1-2, P. 469–493, (2017).
[6] San Ling, Khoa Nguyen, Huaxiong Wang, “Group signature from lattices: simpler, tighter,
shorter, ring-based”, Proc. of 18th IACR International Conference on Practice and Theory in
Public-Key Cryptography,P.427-449, (2015).
[7] Moldovyan N.A,“Blind Signature Protocols from Digital Signature Standards”, Int. Journal
of Network Security, Vol. 13, No. 1, P. 22–30, (2011).
[8] Duy H.N., Binh D.V., Minh N.H., Moldovyan N.A. “240-bit collective signature protocol in
a non-cyclic finite group”, 2014 International conference on Advanced Technologies for
Communications (ATC),Hanoi, P. 467 – 470, (2014). (DOI 10.1109/ATC.2014.7043433)
[9] Moldovyan A.A., Moldovyan N.A., “Group signature protocol based on masking public
keys”, Quasigroups and related systems, Vol. 22, P. 133-140, (2014).
[10] Moldovyan N.A., Nguyen Hieu Minh, Dao Tuan Hung, Tran Xuan Kien,“Group
Signature Protocol Based on Collective Signature Protocol and Masking Public Keys
Mechanism”, International Journal of Emerging Technology and Advanced Engineering,
Vol. 6, Issue. 6, P. 1-5, (2016).
[11] Phong Q. Nguyen, Jiang Zhang, Zhenfeng Zhang, “Simpler efficient group signature
from lattices”, Proc. of 18th IACR International Conference on Practice and Theory in
Public-Key Cryptography, P.401-426, (2015).
[12] Berezin A. N., Moldovyan N. A., Shcherbakov V. A.,“Cryptoschemes Based on
Difficulty of Simultaneous Solving Two Different Difficult Problems”, Computer Science
Journal of Moldova, Vol. 21,No.2(62), P. 280-290, (2013).
29. AUTHORS
Tuan Nguyen Kim was born in 1969, received B.E, and M.E from Hue
University of Sciences in 1994, and Hanoi University of Technology in
1998. He has been a lecturer at Hue University since 1996. From 2011 to the
present (2021) he is a lecturer at School of Computer Science, Duy Tan
University, Da Nang, Vietnam. His main research interests include Computer
Network Technology and Information Security.
Duy Ho Ngoc was born in 1982. He received his Ph.D. in Cybersecurity in
2007 from LETI University, St. Petersburg, Russia Federation. He has
authored more than 45 scientific articles in cybersecurity.
Nikolay A. Moldovyan is an honored inventor of Russian Federation
(2002), a laboratory head at St. Petersburg Institute for Informatics and
Automation of Russian Academy of Sciences, and a Professor with the St.
Petersburg State Electrotechnical University. His research interests include
computer security and cryptography. He has authored or co-authored more
than 60 inventions and 220 scientific articles, books, and reports. He received
his Ph. D. from the Academy of Sciences of Moldova (1981).
30. COLLECTIVE SIGNATURE PROTOCOLS FOR SIGNING GROUPS BASED ON PROBLEM OF
FINDING ROOTS MODULO LARGE PRIME NUMBER
Tuan Nguyen Kim1
, Duy Ho Ngoc2
and Nikolay A. Moldovyan3
1
Faculty of Information Technology, Duy Tan University, Da Nang 550000, Vietnam
2
Department of Information Technology, Ha Noi, Vietnam
3
St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences, St.
Petersburg, Russia
ABSTRACT
Generally, digital signature algorithms are based on a single difficult computational problem like
prime factorization problem, discrete logarithm problem, elliptic curve problem. There are also
many other algorithms which are based on the hybrid combination of prime factorization
problem and discrete logarithm problem. Both are true for different types of digital signatures
like single digital signature, group digital signature, collective digital signature etc. In this paper
we propose collective signature protocols for signing groups based on difficulty of problem of
finding roots modulo large prime number. The proposed collective signatures protocols have
significant merits one of which is connected with possibility of their practical using on the base
of the existing public key infrastructures.
KEYWORDS
Collective digital signature, group digital signature, signing group, finding roots modulo.
For More Details : https://aircconline.com/ijnsa/V13N4/13421ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
31. REFERENCES
[1] National Institute of Standards and Technology,“Digital Signature Standard”,FIPS
Publication 186-3, (2009).
[2] Chaum D.,“Blind Signatures for Untraceable Payments”, Advances in Cryptology: Proc. of
CRYPTO’82, Plenum Press, p. 199–203, (1983).
[3] Camenisch J.L., Piveteau J.-M. and Stadler M.A,“Blind Signatures Based on the Discrete
Logarithm Problem”, In: Advances in Crypology – EUROCRYPT'94 Proc, Lecture Notes in
Computer Science, Springer-Verlag, Berlin Heidelberg New York, Vol. 950, 428–432,
(1995).
[4] Minh N. H., Binh D. V., Giang N. T. and Moldovyan N. A. “Blind Signature Protocol Based
on Difficulty of Simultaneous Solving Two Difficult Problems”, Applied Mathematical
Sciences,No.6, 6903–6910, (2012).
[5] Moldovyan N.A, “Blind Signature Protocols from Digital Signature Standards”, Int. Journal
of Network Security,No. 13, 22–30, (2011).
[6] Moldovyan N.A,“Blind Collective Signature Protocol”, Computer Science Journal of
Moldova,No. 19, 80–91, (2011).
[7] Moldovyan N.A. and Moldovyan A.A, “Blind Collective Signature Protocol Based on
Discrete Logarithm Problem”, Int. Journal of Network Security, No.11, 106–113, (2010).
[8] Pieprzyk J., HardjonoTh. and Seberry J.,“Fundamentals of Computer Security”, Springer-
verlag, Berlin, (2003).
[9] Moldovyan A.A. and Moldovyan N.A,“Group signature protocol based on masking public
keys,Quasigroups and related systems, No. 22, 133–140, (2014).
[10] Seetha R. and Saravanan R,“Digital Signature Schemes for group communication: A
Survey”, International Journal of Applied Engineering Research, No.11, 4416–4422, (2016).
[11] Enache A.-C,“About Group Digital Signatures”, Journal of Mobile, Embedded and
Distributed Systems, No.IV, 193–202, (2012).
[12] International Standard ISO/IEC 14888-3:2006(E), Information technology –Security
techniques – Digital Signatures with appendix – Part 3: Discrete logarithm based
mechanisms.
[13] GOST R 34.10-2001 and Russian Federation Standard, Information
Technology,“Cryptographic data Security. Produce and check procedures of Electronic
Digital Signature”, Government Committee of the Russia for Standards, (2012).
32. [14] Rajasree R.S,“Generation of Dynamic Group Digital Signature”, International Journal of
Computer Applications, No.98, 1–5, (2014).
[15] Moldovyan N.A., Nguyen Hieu Minh, Dao Tuan Hung and Tran Xuan Kien,“Group
Signature Protocol Based on Collective Signature Protocol and Masking Public Keys
Mechanism”, International Journal of Emerging Technology and Advanced Engineering,
No.6, 1–5, (2016).
[16] Moldovyan N.A,“Digital Signature Scheme Based on a New Hard Problem”, Computer
Science Journal of Moldova, No.16, 163–18, (2008).
33. AUTHORS
Tuan Nguyen Kim was born in 1969, received B.E, and M.E from Hue
University of Sciences in 1994, and Hanoi University of Technology in
1998. He has been a lecturer at Hue University since 1996. From 2011 to the
present (2021) he is a lecturer at School of Computer Science, Duy Tan
University, Da Nang, Vietnam. His main research interests include Computer
Network Technology and Information Security.
Duy Ho Ngoc was born in 1982. He received his Ph.D. in Cybersecurity in
2007 from LETI University, St. Petersburg, Russia Federation. He has
authored more than 45 scientific articles in cybersecurity.
Nikolay A. Moldovyan is an honored inventor of Russian Federation
(2002), a laboratory head at St. Petersburg Institute for Informatics and
Automation of Russian Academy of Sciences, and a Professor with the St.
Petersburg State Electrotechnical University. His research interests include
computer security and cryptography. He has authored or co-authored more
than 60 inventions and 220 scientific articles, books, and reports. He received
his Ph. D. from the Academy of Sciences of Moldova (1981).
34. EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS
ATTACK STRATEGIES
Iyas Alodat
Department of Computer and Information System, Jerash University, Jerash, Jordan
ABSTRACT
In this paper, we examined the effect on network performance of the various strategies an
attacker could adopt to launch Man-In The Middle (MITM) attacks on the wireless network,
such as fleet or random strategies. In particular, we're focusing on some of those goals for MITM
attackers - message delay, message dropping. According to simulation data, these attacks have a
significant effect on legitimate nodes in the network, causing vast amounts of infected packets,
end-to-end delays, and significant packet loss.
KEYWORDS
Wireless Network, Mobile Network, security; Man-In-The-Middle Attack; smart cities;
simulation; Intelligent Transportation System; Internet-of-Things.
For More Details : http://aircconline.com/ijnsa/V13N3/13321ijnsa02.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
35. REFERENCES
[1] Burchfiel, J., Tomlinson, R., & Beeler, M. (1975, May). Functions and structure of a packet
radio station. In Proceedings of the May 19-22, 1975, national computer conference and
exposition (pp. 245-251).
[2] Toor, Y., Muhlethaler, P., Laouiti, A., & De La Fortelle, A. (2008). Vehicle ad hoc networks:
Applications and related technical issues. IEEE communications surveys & tutorials, 10(3),
74-88.
[3] Bauwens, J., Jooris, B., Giannoulis, S., Jabandžić, I., Moerman, I., & De Poorter, E. (2019).
Portability, compatibility and reuse of MAC protocols across different IoT radio platforms.
Ad Hoc Networks, 86, 144-153.
[4] Chaqfeh, M.; Lakas, A. A Novel Approach for Scalable Multi-hop Data Dissemination in
Vehicular Ad Hoc Networks. Ad Hoc Netw. 2016, 37, 228–239
[5] Shi, Y., Ross, A., & Biswas, S. (2018). Source identification of encrypted video traffic in the
presence of heterogeneous network traffic. Computer Communications, 129, 101-110.
[6] Williams, R., Samtani, S., Patton, M., & Chen, H. (2018, November). Incremental hacker
forum exploit collection and classification for proactive cyber threat intelligence: An
exploratory study. In 2018 IEEE International Conference on Intelligence and Security
Informatics (ISI) (pp. 94-99). IEEE.
[7] Wang, J., Juarez, N., Kohm, E., Liu, Y., Yuan, J., & Song, H. (2019, April). Integration of
SDR and UAS for malicious Wi-Fi hotspots detection. In 2019 Integrated Communications,
Navigation and Surveillance Conference (ICNS) (pp. 1-8). IEEE.
[8] Phung, C. V., Dizdarevic, J., Carpio, F., & Jukan, A. (2019, May). Enhancing rest http with
random linear network coding in dynamic edge computing environments. In 2019 42nd
International Convention on Information and Communication Technology, Electronics and
Microelectronics (MIPRO) (pp. 435-440). IEEE.
[9] AMIR, A. Z. B. (2018). A study on Rogue Wireless Devices with Detection of Mousejack
Attacks and Vulnerabilities.
[10] Vanhoef, M., Bhandaru, N., Derham, T., Ouzieli, I., & Piessens, F. (2018, June).
Operating channel validation: preventing Multi-Channel Man-in-the-Middle attacks against
protected Wi-Fi networks. In Proceedings of the 11th ACM Conference on Security &
Privacy in Wireless and Mobile Networks (pp. 34-39).
[11] Chittamuru, S. V. R., Thakkar, I. G., Pasricha, S., Vatsavai, S. S., & Bhat, V. (2020).
Exploiting Process Variations to Secure Photonic NoC Architectures from Snooping Attacks.
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
[12] Rupprecht, D., Kohls, K., Holz, T., & Pöpper, C. (2019, May). Breaking LTE on layer
two. In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1121-1136). IEEE.
36. [13] Ullas, S. U., & Sandeep, J. (2019). Reliable Monitoring Security System to Prevent MAC
Spoofing in Ubiquitous Wireless Network. In Advances in Big Data and Cloud Computing
(pp. 141-153). Springer, Singapore.
[14] Maithili, K., Vinothkumar, V., & Latha, P. (2018). Analyzing the security mechanisms to
prevent unauthorized access in cloud and network security. Journal of Computational and
Theoretical Nanoscience, 15(6-7), 2059-2063.
[15] Tochner, S., Zohar, A., & Schmid, S. (2020, October). Route Hijacking and DoS in Off-
Chain Networks. In Proceedings of the 2nd ACM Conference on Advances in Financial
Technologies (pp. 228-240).
[16] Alharthi, D. N., Hammad, M. M., & Regan, A. C. (2020, March). A taxonomy of social
engineering defense mechanisms. In Future of Information and Communication Conference
(pp. 27-41). Springer, Cham.
[17] Metz, L. A. E. P. (2020). An evaluation of unity ML-Agents toolkit for learning boss
strategies (Doctoral dissertation).
[18] Shringarputale, S., McDaniel, P., Butler, K., & La Porta, T. (2020, November). Co-
residency Attacks on Containers are Real. In Proceedings of the 2020 ACM SIGSAC
Conference on Cloud Computing Security Workshop (pp. 53-66).
[19] Xia, W., Cong, W., Wei, Y., & Li, C. (2020). Critical angle of attack and the
corresponding impact cavity for non-circuitous trajectory of water entry of circular cylinder.
Applied Ocean Research, 103, 102322.
[20] Huang, Y., Kuo, H. K., Thomas, S., Kons, Z., Audhkhasi, K., Kingsbury, B., ... &
Picheny, M. (2020, May). Leveraging unpaired text data for training end-to-end speech-to-
intent systems. In ICASSP 2020-2020 IEEE International Conference on Acoustics, Speech
and Signal Processing (ICASSP) (pp. 7984-7988). IEEE.
[21] Verma, S., Hamieh, A., Huh, J. H., Holm, H., Rajagopalan, S. R., Korczynski, M., &
Fefferman, N. (2016, August). Stopping amplified dns ddos attacks through distributed query
rate sharing. In 2016 11th International Conference on Availability, Reliability and Security
(ARES) (pp. 69-78). IEEE.
[22] A. Guruswamy, R. S. Blum, S. Kishore and M. Bordogna, “On the Optimum Design of
L-Estimators for Phase Offset Estimation in IEEE 1588,” IEEE Transactions on
Communications, Vol. 63 , No. 9, pp. 5101 – 5115, Dec. 2015.
[23] Karthik, A. K., & Blum, R. S. (2016). Estimation theory based robust phase offset
estimation in the presence of delay attacks. arXiv preprint arXiv:1611.05117.
[24] Tsigkari, D., & Spyropoulos, T. (2020). An approximation algorithm for joint caching
and recommendations in cache networks. arXiv preprint arXiv:2006.08421.
37. [25] Stricot-Tarboton, S.; Chaisiri, S.; Ko, R.K.L. Taxonomy of Man-in-the-Middle Attacks
on HTTPS. In Proceedings of the 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China,
23–26 August 2016; pp. 527–534. [CrossRef]
[26] Chen, Z.; Guo, S.; Duan, R.; Wang, S. Security Analysis on Mutual Authentication
against Man-in-the-Middle Attack. In Proceedings of the First International Conference on
Information Science and Engineering, Nanjing, China, 26–28 December 2009; pp. 1855–
1858. [CrossRef]
[27] Conti, M.; Dragoni, N.; Lesyk, V. A Survey of Man In The Middle Attacks. IEEE
Commun. Surv. Tutor. 2016, 18, 2027–2051. [CrossRef]
[28] Glass, S.M.; Muthukkumarasamy, V.; Portmann, M. Detecting Man-in-the-Middle and
Wormhole Attacks in Wireless Mesh Networks. In Proceedings of the International
Conference on Advanced Information Networking and Applications, Bradford, UK, 26–29
May 2009; pp. 530–538.
[29] Kaplanis, C. Detection and Prevention of Man in the Middle Attacks in Wi-Fi
Technology. Master’s Thesis, Aalborg University, Aalborg, Denmark, 2015.
38. A CONCEPTUAL SECURE BLOCKCHAIN-BASED ELECTRONIC
VOTING SYSTEM
Ahmed Ben Ayed
Department of Engineering and Computer Science, Colorado Technical University, Colorado
Springs, Colorado, USA
ABSTRACT
Blockchain is offering new opportunities to develop new types of digital services. While research
on the topic is still emerging, it has mostly focused on the technical and legal issues instead of
taking advantage of this novel concept and creating advanced digital services. In this paper, we
are going to leverage the open source Blockchain technology to propose a design for a new
electronic voting system that could be used in local or national elections. The Blockchain-based
system will be secure, reliable, and anonymous, and will help increase the number of voters as
well as the trust of people in their governments.
KEYWORDS
Blockchain, Electronic Voting System, e-Voting, I-Voting, iVote
For More Details : https://aircconline.com/ijnsa/V9N3/9317ijnsa01.pdf
Volume Link : http://airccse.org/journal/jnsa17_current.html
39. REFERENCES
[1] Madise, Ü. Madise and T. Martens, “E-voting in Estonia 2005. The first practice of country-
wide binding Internet voting in the world.”,Electronic voting, 2nd International Workshop,
Bregenz, Austria,(2006) August 2-4.
[2] J. Gerlach and U. Grasser, “Three Case Studies from Switzerland: E-voting”, Berkman
Center Research Publication, (2009).
[3] I. S. G. Stenerud and C. Bull, “When reality comes knocking Norwegian experiences with
verifiable electronic voting”, Electronic Voting. Vol. 205. (2012), pp. 21-33.
[4] C. Meter and A. Schneider and M. Mauve, “Tor is not enough: Coercion in Remote
Electronic Voting Systems. arXiv preprint. (2017).
[5] D. L. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”,
Communication of the ACM. Vol. 24(2). (1981), pp. 84-90.
[6] T. ElGamal, “A public Key Cryptosystem and a Signature Scheme Based on Discrete
Logarithms”, IEEE Trans. Info. Theory. Vol. 31. (1985), pp. 469-472.
[7] S. Ibrahim and M. Kamat and M. Salleh and S. R. A. Aziz, “Secure E-Voting with Blind
Signature”, Proceeding of the 4th National Conference of Communication Technology,
Johor, Malaysia, (2003) January 14-15.
[8] J. Jan and Y. Chen and Y. Lin, “The Design of Protocol for e-Voting on the Internet”,
Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security
Technology, London, England, (2001) October 16-19.
[9] D. L. Dill and A.D. Rubin, “E-Voting Security”, Security and Privacy Magazine, Vol. 2(1).
(2004), pp. 22-23.
[10] D. Evans and N. Paul, “Election Security: Perception and Reality”. IEEE Privacy Magazine,
vol. 2(1). (2004), pp. 2-9.
[11] Trueb Baltic, “Estonian Electronic ID – Card Application Specification Prerequisites to the
Smart Card Differentiation to previous Version of EstEID Card Application.”
http://www.id.ee/public/TBSPEC-EstEID-Chip-App-v3_5-20140327.pdf
[12] Cybernetica. “Internet Voting Solution.”
https://cyber.ee/uploads/2013/03/cyber_ivoting_NEW2_A4_web.pdf.
[13] D. Springall, T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti, M. MacAlpine, and J. A.
Halderman, “Security Analysis of the Estonian Internet Voting System.” Proceedings of the
2014 ACM SIGSAC Conference on Computer and Communications Security. (2014), pp.
703-715.
40. [14] Ministry of Local Government and Modernisation. “Internet Voting Pilot to be
Discontinued.” https://www.regjeringen.no/en/aktuelt/Internet-voting-pilot-to-be-
discontinued/id764300/
[15] J. A. Halderman, and V. Teague, “The New South Wales iVote System: Security Failures
and Verifications Flaws in a Live Online Election.” International Conference on E-Voting
and Identity. (2015), pp. 35-53.
[16] S. Wolchok, E. Wustrow, D. Isabel, J. A. Halderman, “Attacking the Washington, DC
Internet Voting System.” International Conference on Financial Cryptography and Data
Security (2012), pp. 114-128.
[17] National Institute of Standards and Technology, “Federal Information Processing Standards
Publication”, (2012).
[18] S. Nakamoto, “A Peer-to-Peer Electronic Cash System”, (2008).
[19] F. Reid and M. Harrigan, “An Analysis of Anonymity in the Bitcoin System”, Security and
Privacy in Social Networks. (2013), pp. 1-27.
[20] S. Raval, “Decentralized Applications: Harnessing Bitcoin’s Blockchain Technology.”
O’Reilly Media, Inc. Sebastopol, California (2016).
[21] J. R. Douceur, “The Sybil Attack”, International Workshop on Peer-to-Peer Systems, (2002),
pp. 251-260.
41. AUTHORS
Ahmed Ben Ayed, has received his Bachelor of Science in Computer Information Systems,
Master of Science in Cyber Security and Information Assurance, and currently a doctoral student
at Colorado Technical University, and an Adjunct Professor at California Takshila University.
His research interests are Android Security, Pattern Recognition of Malicious Applications,
Machine Learning, Cryptography, Information & System Security and Cyber Security.
42. A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE
MECHANISMS AND INFOSEC POLICIES
Dalal Alharthi and Amelia Regan
Department of Computer Science, University of California Irvine, Irvine, California
ABSTRACT
Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks,
organizations should be aware of social engineering defense mechanisms and security policies.
To that end, the authors developed a taxonomy of social engineering defense mechanisms,
designed a survey to measure employee awareness of these mechanisms, proposed a model of
Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the
incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors
found that more than half of employees are not aware of social engineering attacks. The paper
also analyzed a second set of survey data, which found that on average, organizations
incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show
that organizations are vulnerable to social engineering attacks, and serious steps need to be taken
to elevate awareness against these emerging security threats.
KEYWORDS
Cybersecurity, Social Engineering, Employee Awareness, Defense Mechanisms, Security
Policies
For More Details : https://aircconline.com/ijnsa/V13N2/13221ijnsa04.pdf
Volume Link : http://airccse.org/journal/jnsa21_current.html
43. REFERENCES
[1] S. D. Applegate, Social engineering: hacking the wetware! Information Security Journal: A
Global Perspective 18 (1) (2009) 40–46.
[2] C. Hadnagy, Social engineering: The art of human hacking, John Wiley & Sons, 2010.3. A.
Berg, Cracking a social engineer, [online]. lan times (1995).
[3] A. Berg, Cracking a social engineer, [online]. lan times (1995).
[4] T. Greening, Ask and ye shall receive: a study in social engineering, ACM SIGSAC Review
14 (2) (1996) 8–14.
[5] A. Karakasiliotis, S. Furnell, M. Papadaki, Assessing end-user awareness of social
engineering and phishing.
[6] M. Workman, A test of interventions for security threats from social engineering,
Information Management & Computer Security 16 (5) (2008) 463–483.
[7] G. L. Orgill, G. W. Romney, M. G. Bailey, P. M. Orgill, The urgency for effective user
privacy-education to counter social engineering attacks on secure computer systems, in:
Proceedings of the 5th conference on Information technology education, ACM, 2004, pp.
177–181
[8] T. Bakhshi, M. Papadaki, S. Furnell, A practical assessment of social engineering
vulnerabilities., in: HAISA, 2008, pp. 12–23.
[9] F. Mouton, M. M. Malan, L. Leenen, H. S. Venter, Social engineering attack
framework, in: 2014 Information Security for South Africa, IEEE, 2014, pp. 1–9.
[10] R. Kalnin,š, J. Purin,š, and G. Alksnis, “Security evaluation of wireless network access
points,” Applied Computer Systems, vol. 21, no. 1, pp.38–45, 2017.
[11] D. N. Alharthi, M. M. Hammad, and A. C. Regan, “A taxonomy of social engineering
defense mechanisms,” in Future of Information and Communication Conference. Springer,
2020, pp. 27–41.
[12] F. Mouton, L. Leenen, and H. S. Venter, “Social engineering attack examples, templates
and scenarios,” Computers & Security, vol. 59, pp.186–209, 2016.
[13] N. Saxena, E. Hayes, E. Bertino, P. Ojo, K.-K. R. Choo, and P. Burnap, “Impact and key
challenges of insider threats on organizations and critical businesses,” Electronics, vol. 9, no.
9, p. 1460, 2020.
[14] T. Ahmad, “Corona virus (covid-19) pandemic and work from home: Challenges of
cybercrimes and cybersecurity,” Available at SSRN3568830, 2020.
44. [15] N. Sarginson, “Securing your remote workforce against new phishing attacks,” Computer
Fraud & Security, vol. 2020, no. 9, pp. 9–12, 2020.
[16] H. Aldawood and G. Skinner, “Contemporary cyber security social engineering solutions,
measures, policies, tools and applications: Acritical appraisal,” International Journal of
Security (IJS), vol. 10, no. 1, p. 1, 2019.
[17] V. Systems, “Varonis 2019 global data risk report,” 2019.
[18] A. Yazdanmehr and J. Wang, “Employees’ information security policy compliance: A
norm activation perspective,” Decision Support Systems, vol. 92, pp. 36–46, 2016.
[19] D. N. Alharthi and A. C. Regan, “Social engineering defense mechanisms: A taxonomy
and a survey of employees’ awareness level,” in Science and Information Conference.
Springer, 2020, pp. 521–541.
[20] D. N. Alharthi and A. C. Regan, “Social engineering InfoSec Policies (SE-IPs),” in the
14th International Conference on Network Security & Applications (CNSA 2021). CICT,
2021, pp. 521–541. NIAI - 2021 pp. 57-74, 2021.
[21] H. Aldawood, G. Skinner, An academic review of current industrial and commercial
cyber security social engineering solutions, in: Proceedings of the 3rd International
Conference on Cryptography, Security and Privacy, ACM, 2019, pp. 110–115.
[22] B. M. E. Elnaim, H. A. S. W. Al-Lami, The current state of phishing attacks against
Saudi Arabia university students.
[23] C. Happ, A. Melzer, G. Steffgen, Trick with treat–reciprocity increases the willingness to
communicate personal data, Computers in Human Behavior 61 (2016) 372–377.
[24] I. Ghafir, V. Prenosil, A. Alhejailan, M. Hammoudeh, Social engineering attack
strategies and defence approaches, in: 2016 IEEE 4th International Conference onFuture
Internet of Things and Cloud (FiCloud), IEEE, 2016, pp. 145–149.
[25] M. Gupta, R. Sharman, Social network theoretic framework for organizational
socialengineering susceptibility index, AMCIS 2006 Proceedings (2006) 408.
[26] K. Parsons, D. Calic, M. Pattinson, M. Butavicius, A. McCormac, T. Zwaans, Thehuman
aspects of information security questionnaire (hais-q): two further validation studies,
Computers & Security 66 (2017) 40–51.
[27] T. Herath, H. R. Rao, Encouraging information security behaviours in organizations:
Role of penalties, pressures and perceived effectiveness, Decision Support Systems47 (2)
(2009) 154–165.
[28] J. A. Stoner, Risky and cautious shifts in group decisions: The influence of widely held
values, Journal of Experimental Social Psychology 4 (4) (1968) 442–459.
45. [29] H. Aldawood and G. Skinner, “Reviewing cyber security social engineering training and
awareness programs—pitfalls and ongoing issues,” Future Internet, vol. 11, no. 3, p. 73,
2019.
[30] K. J. Knapp, R. F. Morris Jr, T. E. Marshall, and T. A. Byrd, “Information security
policy: An organizational-level process model,” computers &security, vol. 28, no. 7, pp.
493–508, 2009.
[31] C. Senarak, “Port cybersecurity and threat: A structural model for prevention and policy
development,” The Asian Journal of Shipping and Logistics, 2020.
[32] A. Karakasiliotis, S. Furnell, and M. Papadaki, “Assessing end-user awareness of social
engineering and phishing,” 2006.
[33] L. Li, W. He, L. Xu, I. Ash, M. Anwar, and X. Yuan, “Investigating the impact of
cybersecurity policy awareness on employees’ cybersecurity behavior,” International Journal
of Information Management, vol. 45, pp. 13–24, 2019.
[34] M. Siponen, M. A. Mahmood, and S. Pahnila, “Employees’ adherence to information
security policies: An exploratory field study,” Information& management, vol. 51, no. 2, pp.
217–224, 2014.
[35] F. Bélanger, S. Collignon, K. Enget, and E. Negangard, “Determinants of early
conformance with information security policies,” Information& Management, vol. 54, no. 7,
pp. 887–901, 2017.
[36] K.-c. Chang and Y. M. Seow, “Effects of it-culture conflict and user dissatisfaction on
information security policy non-compliance: A sense-making perspective,” 2014.
[37] F. Hadi, M. Imran, M. H. Durad, and M. Waris, “A simple security policy enforcement
system for an institution using sdn controller,” in 2018 15th International Bhurban
Conference on Applied Sciences and Technology (IBCAST). IEEE, 2018, pp. 489–494.
[38] V. D. Soni, “Disaster recovery planning: Untapped success factor in an organization,”
Available at SSRN 3628630, 2020.
[39] J. Horney, M. Nguyen, D. Salvesen, O. Tomasco, and P. Berke, “Engaging the public in
planning for disaster recovery,” International journal of disaster risk reduction, vol. 17, pp.
33–37, 2016.
[40] F. Salahdine and N. Kaabouch, “Social engineering attacks: A survey,” Future Internet,
vol. 11, no. 4, p. 89, 2019.
[41] C. Okoli, K. Schabram, A guide to conducting a systematic literature review of
information systems research.
46. [42] NCSC, National Cybersecurity Centre (Accessed 2019). Link
[43] S. Inc., Surveymonkey (Accessed 2019). Link
[44] Stats, “Saudi general authority for statistics,” Accessed 2020. [Online]. Available:
https://www.stats.gov.sa/
[45] Statista, “Statista,” Accessed 2020. [Online]. Available: https://www.statista.com/
[46] C. Bronk and E. Tikk-Ringas, “The cyber-attack on Saudi Aramco,” Survival, vol. 55,
no. 2, pp. 81–96, 2013.
[47] D. D. Cheong, “Cyberattacks in the gulf: lessons for active defence,” 2012.
[48] S. S. Basamh, H. Qudaih, and J. B. Ibrahim, “An overview on cybersecurity awareness
in Muslim countries,” International Journal of Information and Communication Technology
Research, 2014.
[49] ITU, “Committed to connecting the world,” Accessed 2020. [Online]. Available:
https://www.itu.int/en/Pages/default.aspx
[50] T. McClelland, “The insider’s view of a data breach-how policy, forensics, and
attribution apply in the real world,” 2018.
[51] R. Bhor and H. Khanuja, “Analysis of web application security mechanism and attack
detection using vulnerability injection technique,” in 2016 International Conference on
Computing Communication Control and automation (ICCUBEA). IEEE, 2016, pp. 1–6.
[52] J. Saleem and M. Hammoudeh, “Defense methods against social engineering attacks,” in
Computer and network security essentials. Springer, 2018, pp. 603–618.
47. AUTHORS
Dalal Alharthi is a Ph.D. Candidate in Computer Science at the University
of California, Irvine. She is also a Resident Engineer at Palo Alto Networks
and a Senior Prisma Cloud Consultant at Dell. She is equipped with 12+
years of work experience between academia and industry. Her research
interests are in the field of Cybersecurity, Network Security, Cloud Security,
Privacy, Human-Computer Interaction (HCI), and Artificial Intelligence
(AI).
Amelia Regan received a BAS in Systems Engineering from the University
of Pennsylvania, an MS degree in Applied Mathematics from Johns Hopkins
University, and an MSE degree and Ph.D. degree at the University of Texas.
She is a Professor of Computer Science at the University of California,
Irvine. Her research interests include network optimization, cyber-physical
transportation systems, machine learning tools for temporal-spatial data
analysis, and cybersecurity.