Cardiac implantable electronic devices (CIED) are vulnerable to radio frequency (RF) cyber-attacks. Besides, CIED communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. Therefore, it remains crucial to perform a cybersecurity risk assessment of CIED and the systems they rely on to determine the gravity of threats

The state-of-the-art contributions in the area of memory forensics are centered around uncovering potentially hidden processes, control flow and code pointer integrity manipulations and detecting malicious code injections done by attackers. At the same time, deployment of memory protection mechanisms like control flow integrity, data execution prevention/no-execute, address space layout randomization

With rapid technological development, mobile computing and wireless transmission have become mature. These two technologies can be combined for sharing medical records on social networks, but doing so depends on the secure sharing of a patient’s data between Pervasive Social Network (PSN) nodes. Previous research has revealed that most human sensors cannot support very heavy computation, so the computation

Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies

Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital certificates which are managed by certificate authorities (CAs) that authenticate users identity, in order to establish encrypted communication channels. The centralized operation model of CAs has already caused several targeted attacks due to the distribution

As known, security system administrators need to be aware of the security risks and abnormal behaviors in a network system. Given the exploitation probability value of each vulnerability, the cumulative probability of an attack path from an attacker to a target node can be quantified and calculated, namely as the K maximum probability attack paths for a target node. It is proposed in this paper a design

The pervasive use of mobile technologies and GPS-equipped vehicles has resulted in a large number of moving objects databases. Privacy protection is one of the most significant challenges related to moving objects databases because of the legal requirements in many application domains. Over the last few years, several differentially private mechanisms have been proposed for moving objects databases

Information systems and cloud computing infrastructures are frequently exposed to various types of threats. Without detection and prevention mechanisms, the threats can materialize and cause different types of damages that usually lead to significant financial losses. The threats arise from a complex and multifaceted environment. Currently, organizations are struggling to identify the threats to their

Cloud communication is an intrinsic aspect of cloud architecture. It is an internet-based communication that enables access to millions of cloud services. These services are provided using TCP/UDP-based communications and protected by traditional security protocols (e.g., SSL/ TLS/DTLS). However, security threats in cloud communications become the most serious issue nowadays. To address some of the

Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although

Cyberattacks, especially attacks that exploit operating system vulnerabilities, have been increasing in recent years. In particular, if administrator privileges are acquired by an attacker through a privilege escalation attack, the attacker can operate the entire system and cause serious damage. In this paper, we propose an additional kernel observer (AKO) that prevents privilege escalation attacks

The complexity of today’s integrated circuit (IC) supply chain, organised in several tiers and including many companies located in different countries, makes it challenging to assess the history and integrity of procured ICs. This enables malicious practices like counterfeiting and insertion of back doors, which are extremely dangerous, especially in supply chains of ICs for industrial control systems

Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the

This paper successfully tackles the problem of processing a vast amount of security related data for the task of network intrusion detection. It employs Apache Spark, as a big data processing tool, for processing a large size of network traffic data. Also, we propose a hybrid scheme that combines the advantages of deep network and machine learning methods. Initially, stacked autoencoder network is

Internet of Things (IoT) and cloud computing are separate emerging paradigms, which are both an indispensable part of numerous ubiquitous devices that are connected to our life via the Internet. Their enactment and effectiveness are presumed to be more and more pervasive, making them essential ingredients of the Future Internet. Cloud data broadcast system is a novel framework where the advancement

The fragility of password-based authentication has been recognized and studied for several decades. It is an increasingly common industry practice to profile users based on their sessions context, such as IP ranges and Browser type in order to build a risk profile on an incoming authentication attempt. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in the

The skyrocketing growth rate of new malware brings novel challenges to protect computers and networks. Discerning truly novel malware from variants of known samples is a way to keep pace with this trend. This can be done by grouping known malware in families by similarity and classifying new samples into those families. As malware and their families evolve over time, approaches based on classifiers

Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion

Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique characteristics are still difficult. To address this limitation, several visualization systems have been designed

The domain name system (DNS) provides a translation between readable domain names and IP addresses. The DNS is a key infrastructure component of the Internet and a prime target for a variety of attacks. One of the most significant threats to DNS’ well-being is a DNS poisoning attack in which the DNS responses are maliciously replaced, or poisoned, by an attacker. To identify this kind of attack, we

Under the threat of quantum computers’ expected powerful computational capacity, the study on post-quantum cryptography is becoming urgent nowadays. Lattice-based cryptography is one of the most promising candidates of post-quantum cryptography. To give a secure instantiation for practical applications, it is necessary to understand the complexity of the best-known attacks. Most of the attacks to lattice-based

Developments in technologies, attitudes and investment are transforming the space environment, achieving greater accessibility for an increasing number of parties. New and proposed constellations will increase the in-orbit satellite population by the order of thousands, expanding the threat landscape of the space industry. This article analyses past satellite security threats and incidents to assess

Several ongoing research efforts aim to design potential Future Internet Architectures, among which Named-Data Networking (NDN) introduces a shift from the existing host-centric Internet Protocol-based Internet infrastructure towards a content-oriented one. However, researchers have identified some design limitations in NDN, among which some enable to build up a new type of Distributed Denial of Service

Pollution attacks are one of the major concerns facing P2P networks. They have a tremendous impact on push-based fully connected overlays, in which each peer receives an exclusive chunk from the source and is also the only one responsible for relaying it to the rest of the peers. In this study, we propose a novel technique to identify and expel malicious peers which involves using trusted peers, software-defined

Digital information plays an essential role in supporting organizational business. However, incidents of sensitive information leakage often happen in organization environment. Therefore, risk analysis needs to be performed to recognize the impact of information security threat in organization. In order to carry out those risk analyses, risk model is needed to map risk of information security threat

A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and claimed that their scheme satisfies the following security requirements: anonymity, traceability and

In this work, we investigate the problem of secure wildcard search over encrypted data. The setting comprises of three entities, viz. the data owner, the server and the client. The data owner outsources the encrypted data to the server, who obliviously services the clients’ queries. We first analyze efficiency and security of two recent proposals from International Journal of Information Security,

To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied

Grover’s algorithm confers on quantum computers a quadratic advantage over classical computers for searching in an arbitrary data set, a scenario that describes Bitcoin mining. It has previously been argued that the only side effect of quantum mining would be an increased difficulty. In this work, we argue that a crucial argument in the analysis of Bitcoin security breaks down when quantum mining is

With the rapid development of mobile Internet, Android applications are used more and more in people’s daily life. While bringing convenience and making people’s life smarter, Android applications also face much serious security and privacy issues, e.g., information leakage and monetary loss caused by malware. Detection and classification of malware have thus attracted much research attention in recent

Android is currently the most widespread operating system (OS) worldwide, but also the most prone to attacks. Despite the challenges faced by Industry and Academia to improve the Android OS security, it still has several vulnerabilities. Among those, the severity of the Next-Intent Vulnerability (NIV) can be immediately grasped. Android apps are made of components, which by default are private and

The very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can

Leakage-resilient encryption is a powerful tool to protect data confidentiality against side channel attacks. In this work, we introduce a new and strong leakage setting to counter backdoor (or Trojan horse) plus covert channel attack, by relaxing the restrictions on leakage. We allow bounded leakage at anytime and anywhere and over anything. Our leakage threshold (e.g., 10,000 bits) could be much

Network intrusions are a big threat to network and system assets, which have become more complex to date. To enhance the detection performance, collaborative intrusion detection networks (CIDNs) are adopted by many organizations to protect their resources. However, such detection systems or networks are typically vulnerable to insider attacks, so that there is a need to implement suitable trust mechanisms

Cloud storage services allow users to outsource their data to remote cloud servers to relieve from the burden of local data storage and maintenance. Despite the benefits, data outsourcing has also made the data integrity protection in cloud storage a very challenging issue. Plenty of public auditing schemes have been proposed, which allow a third-party auditor to check the data integrity on behalf

Ensuring the satisfaction of security requirements is one of the most vital needs in developing different types of systems. Therefore, it is necessary to apply a method to accurately define security requirements and then, verify them in the design phase before starting system development. One of the key information security requirements is availability of system functionalities for authorized users

The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest lately, and it witnessed a large growth in the number of IoT devices due to the importance of such systems in today’s communication networks. On the other hand, the authentication of entities (devices) is a major concern and a main security challenge in IoT systems since any weakness

Detection and prevention of intrusions in enterprise networks and systems is an important, but challenging problem due to extensive growth and usage of networks that are constantly facing novel attacks. An intrusion detection system (IDS) monitors the network traffic and system-level applications to detect malicious activities in the network. However, most of the existing IDSs are incapable of providing

We propose an attribute-based fast data cloud-outsourcing (FDCO) scheme, which shows great performance in mobile devices. Technically, this work is a CCA-secure online/offline key encapsulation scheme based on ciphertext-policy attribute-based encryption with public validity test and indirect user revocation mechanism. We adapt it to a mobile cloud-outsourcing scenario and present a concrete system

Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed

User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the formal modeling of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user-mediated authentication

Intrusion detection systems (IDSs) are devices or software applications that monitor networks or systems for malicious activities and signals alerts/alarms when such activity is discovered. However, an IDS may generate many false alerts which affect its accuracy. In this paper, we develop a cyberattack triage algorithm to detect these alerts (so-called outliers). The proposed algorithm is designed

At present, many types of applications rely on wireless sensor networks because of their availability and advantages. The working environments of the wireless sensor networks are usually hostile and difficult to access because the sensor nodes are distributed randomly to their environments. Due to the random distribution of the sensor nodes, none of these nodes can authenticate the other sensor nodes

As the rising popularity of Bitcoin, people tend to use Bitcoin wallets to manage the keys for spending or receiving funds. Instead of generating randomly pairs of keys, which may need higher space complexity for key management, hierarchical deterministic (HD) wallets derive all the keys from a single seed, which is sufficient to recover all the keys, to reduce the complexity of key management. In

The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. These IoT devices can communicate with others over the Internet and fully integrate into people’s daily life. In recent years, IoT devices still suffer from basic security vulnerabilities making them vulnerable to a variety of threats and malware, especially IoT botnets. Unlike common

Physically Obfuscated Keys (POK) are used to embed in chips secret bit-strings to be used in cryptographic protocols. Usually a POK is built as an array of elementary 1-bit POKs (cells). In order to guarantee that the same secret bit-string is generated at every turn-on, stabilizer circuits are required, which are typically based on possibly expensive error-correction circuitry. In this paper we propose

Social choice provides methods for collective decisions. They include methods for voting and for aggregating rankings. These methods are used in multiagent systems for similar purposes when decisions are to be made by agents. Votes and rankings are sensitive information. Because of that, privacy mechanisms are needed to avoid the disclosure of sensitive information. Cryptographic techniques can be

The Android operating system dominates the smartphone market. Thus, to service the market, the number of Android applications has risen dramatically. These applications are processing a great amount of sensitive data, which could result in various concerns including data leakage and privacy violations. For example, applications may misuse the sensitive data stored on Android devices and violate the

Spam email automated analysis and classification are a challenging task, which is vital in the identification of botnet structures and cybercrime fighting. In this work, we propose an automated methodology and the resulting framework based on innovative categorical divisive clustering, used both for grouping and for classification of spam messages. In particular, the grouping is exploited to identify

Online personal data are rarely, if ever, effectively controlled by the users they concern. Worse, as demonstrated by the numerous leaks reported each week, the organizations that store and process them fail to adequately safeguard the required confidentiality. In this paper, we propose pdguard, a framework that defines prototypes and demonstrates an architecture and an implementation that address

Anonymization of graph-based data is a problem which has been widely studied over the last years, and several anonymization methods have been developed. Information loss measures have been used to evaluate data utility and information loss in the anonymized graphs. However, there is no consensus about how to evaluate data utility and information loss in privacy-preserving and anonymization scenarios

Recently, numerous exploitations and attacks in IoT environment occurred all over the world. One of the major attacking channels is utilizing the firmware of IoT devices as the access interface to compromise the targeted IoT devices. Therefore, it is important for IoT device manufacturers to support secure and efficient firmware update functionality for sold or deployed IoT devices. In this paper,

Zero-knowledge sets (ZKS) is a basic cryptographic primitive that can be used to commit to a set S and prove statements such as \(x\in S\) or \(x\notin S\), without revealing anything else on S. Mercurial commitment is a useful tool to construct ZKS. Trapdoor q-mercurial commitment, an extension of normal mercurial commitment, results in more efficient ZKS with much shorter proofs when combining with

Blockchain-enabled voting (BEV) systems have emerged as the next generation of modern electronic voting (e-voting) systems, because the immutable property of the blockchain has made itself a perfect distributed ballot box. Further, recent investigations have utilized the smart contract to build a decentralized autonomous voting application over blockchain. We identify nine critical desiderata, such

The innovations in the field of wearable medical devices, wireless communication and low cost cloud computing aid the wireless body area network (WBAN) to become a prominent component of future healthcare systems. WBAN consists of medical sensors, which continuously monitor the patients’ vital signs and transfers this data to the remote medical server via the cloud. The continuous monitoring of the

By using a deck of cards, it is possible to realize a secure multiparty computation. In particular, since a new shuffling operation, called a random bisection cut, was devised in 2009, many efficient card-based protocols have been designed. The random bisection cut functions in the following manner. A sequence of cards is bisected, and the two halves are shuffled. This results in two possible cases

The introduction of advanced communication infrastructure into the power grid raises a plethora of new opportunities to tackle climate change. This paper is concerned with the security of energy management systems which are expected to be implemented in the future smart grid. The existence of a novel class of false data injection attacks that are based on modifying forecasted demand data is demonstrated

Due to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many organizations to identify cyberattacks. Insider attack is one major threat to such defensive mechanisms. In the literature, challenge-based trust management scheme can

Bitcoin has attracted considerable attention from governments, banks, as well as researchers. However, Bitcoin is not a completely anonymous system. All transaction information in the Bitcoin system is published on the network and can be used to reveal the identity of the user by transaction correlation analysis. In this paper, a secure and privacy-preserving mix service for Bitcoin anonymity, Lockmix

Wong et al. proposed a novel symmetric encryption scheme in which we can find the k-nearest neighbors from encrypted data and an encrypted query. Their scheme uses a pair of encryption functions that has an inner-product preserving property. Because of this property, the pair of encryption functions has been used in several encryption schemes involving ranked multi-keyword search as applications. On