Security Architecture Research Articles

Cracking the Core: Hardware Vulnerabilities in Android Devices Unveiled

As Android devices become more prevalent, their security risks extend beyond software vulnerabilities to include critical hardware weaknesses. This paper provides a comprehensive and systematic review of hardware-related vulnerabilities in Android systems, which can bypass even the most sophisticated software defenses. We compile and analyze an extensive range of reported vulnerabilities, introducing a novel categorization framework to facilitate a deeper understanding of these risks, classified by affected hardware components, vulnerability type, and the potential impact on system security. The paper addresses key areas such as memory management flaws, side-channel attacks, insecure system-on-chip (SoC) resource allocation, and cryptographic vulnerabilities. In addition, it examines feasible countermeasures, including hardware-backed encryption, secure boot mechanisms, and trusted execution environments (TEEs), to mitigate the risks posed by these hardware threats. By contextualizing hardware vulnerabilities within the broader security architecture of Android devices, this review emphasizes the importance of hardware security in ensuring system integrity and resilience. The findings serve as a valuable resource for both researchers and security professionals, offering insights into the development of more robust defenses against the emerging hardware-based threats faced by Android devices.

IoT-Enabled Secure and Scalable Cloud Architecture for Multi-User Systems: A Hybrid Post-Quantum Cryptographic and Block Chain-Based Approach towards a Trustworthy Cloud Computing

Cloud computing remains one of the most significant advancements in resource provision to organizations in the latest decades since they initiate conveniences on demand access. The adoption of the IoT has brought about a new era of collaborative computing by employing a pool of linked smart sensors and devices that will produce and analyze great amounts of data, thus creating new related problems in terms of size and security, hence increasing even more the importance of traditional security measures. Therefore, in this paper, we synthesize a new SSCA that combines IoT and cryptographic mechanisms, to build highly available and secure cloud systems, which makes these systems multi-users and fully usable by many users at the same time. The design resolves to a distributed structure where sever al cloud nodes will address user s requests proficiently and it uses Multicast and Broadcast Rekeying Algorithm (MBRA) to maintain the privacy and the confidentiality of the users’ detail, employing a cryptosystem that integrates MBRA, Post Quantum Cryptography (PQC) and block chain. The architecture using IoT devices collects data from the distributed sensing resources through the data storage layer; it enforces the security integrity of the information collected by employing the MBRA-PQC encryption algorithms; the blockchain provides the security for the confidential data by storing it in unalterable and dispersed registers. The proposed approach is then demonstrated with different data sets and its performance is measured based on the response time, the throughput and scalability, security and reliability. The outcome of the expressions reveals the efficiency of the proposed SSCA compared to MHE-IS-CPMT as it reduced by 1. 67 seconds and 0. 97 seconds at 250 and 1000 devices respectively. Similarly, the result as AUC value for SSCA showed a better improvement than the MHE-IS-CPMT, EAM, SCSS, and SHCEF models with improvements in percent at 25-user level: 6. 30%, 6. 90%, 7. 60%, and 7. 30%, respectively as well as; at 50-user level: 5. 20%, 9. 30%, 11. 50%.

A Scalable, Secure, and Efficient Framework for Sharing Electronic Health Records Using Permissioned Blockchain Technology

This paper presents a scalable, secure blockchain-based healthcare system architecture that efficiently manages large patient datasets. DHTs and Skip Lists enable efficient data access, while DPoS and PBFT facilitate parallel transaction processing. Adaptive filters, Radix Trees extended by Merkle Trees, and an immutable blockchain ledger secured by Tendermint consensus ensure data integrity and protection against evolving threats. Threshold Cryptography secures consensus participant selection, and Bulletproofs verify transactions, complying with healthcare regulations. ChaCha20, a symmetric stream cipher, encrypts sensitive data, enhancing performance across devices. ABAC manages access rights, ensuring fine-grained control over data accessibility. This architecture offers a comprehensive, efficient, and secure solution for healthcare data management in blockchain environments.

India’s emerging undersea cable landscape: Varied Indo-Pacific partnerships to boost geopolitical ambitions?

India is set to be a cradle for undersea cable networks thanks to its geographical location, fast-growing economy, its potential to play a bigger role in global manufacturing, and its young, technologically skilled workforce. But amongst the tech giants such as the US and its allies, does India have the capabilities and the political intent to thwart China’s technological, and military disruption attempts in the Indo-Pacific? This article argues for enhanced maritime cooperation between like-minded states to improve interoperability between states and create a viable maritime security architecture that includes subsea cable security. It suggests that India can tamp down China’s growing influence in the Indian Ocean Region (IOR) by asserting Indian digital ascendance and by making full use of its multi-aligned “pointed” diplomacy with like-minded partners. To substantiate this approach, this article first defines the contours of India’s “pointed” diplomatic strategy and then discusses why India is crucial for the growing undersea cable network security in the IOR. Outlining India’s nascent attempts to create a relevant domestic regulatory framework on undersea cables, it explores India’s pointed diplomacy via its engagements with select partnerships, such as with the Quadrilateral Security Dialogue (Quad) members and IOR littorals, among others.

Understanding ASEAN's Perception and Response to Japan's "Indo-Pacific Strategy"

The ASEAN region is located along Japan's critical maritime lifeline and has maintained close cooperation with Japan in various fields for an extended period, making it a pivotal point for Japan's "Indo-Pacific Strategy". To successfully advance this strategy, Japan has strengthened cooperation with ASEAN and its member states in the economic and maritime security sectors through dual-track diplomacy, seeking ASEAN's recognition and support for the strategy. ASEAN views Japan's policies as beneficial to its development and capable of enhancing its strategic autonomy to some extent. However, the regional order constructed by Japan's "Indo-Pacific Strategy" undermines ASEAN's centrality in the regional security architecture and negatively impacts its amicable relations with China. To preserve its centrality, ASEAN introduced the "ASEAN Outlook on the Indo-Pacific", aiming to articulate its vision and stance clearly to maintain its central role in regional affairs. Furthermore, ASEAN employs a hedging strategy amid great power competition to safeguard its interests and actively collaborates with external countries to expand its strategic autonomy.

Evolution of Baltic Security: Analysis of Threats and Strategic Responses

This article explores the evolution of security in the Baltic region, focusing first on Estonia, Latvia and Lithuania, and analysing the key challenges posed by the Russian Federation since the annexation of Crimea in 2014 and the subsequent security measures taken by NATO through the Enhanced Forward Presence (eFP) mission. It details the strategic responses of the Baltic states, highlighting their military modernisation, defence cooperation with NATO and growing reliance on multinational exercises. The article also examines the role of Poland as a key player in NATO's eastern flank defence and the integration of Finland and Sweden into NATO, emphasising their contribution to strengthening the Baltic and Arctic security architecture. The analysis concludes with an examination of the multiple threats that characterise the region's security environment, underlining the importance of coherent multinational defence strategies.

The Dragon's Overwatch: Chinese Private Security Expansion in Latin America and the Caribbean

This scholarly disquisition furnishes a comprehensive exploration of the burgeoning presence of Chinese private security companies (PSCs) across Latin America and the Caribbean (LAC), delving into the strategic repercussions for regional security architectures and national sovereignty imperatives. Employing a meticulous qualitative methodology encompassing a thorough literature review, policy document analysis, and an examination of Chinese-language sources, the research elucidates the salient drivers catalyzing this phenomenon. These precipitating factors span cultural affinities, economic motivations, geopolitical ambitions, and the exigent security challenges besetting Chinese commercial entities operating within the LAC region. The operational modes of Chinese PSCs are subjected to forensic scrutiny, illuminating their diverse service offerings, geographical permeation across the region, and the obstacles they confront. Furthermore, the inquiry contextualizes the issue within the broader geopolitical milieu, accentuating concerns regarding transparency lacunae, regulatory deficiencies, and potential avenues for Chinese intelligence and military machinations, thereby potentially destabilizing the regional equilibrium. Ultimately, the research culminates in a series of substantive policy prescriptions aimed at mitigating risks, fortifying regional stability, and safeguarding national sovereignty through capacity-building initiatives, constructive engagement with Beijing, enhanced transparency mechanisms, and robust regional cooperation frameworks.

Specifying and Verifying Information Flow Control in SELinux Configurations

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing Mandatory Access Control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. However, its application is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. Despite CIL’s high level features, CIL configurations are hard to understand as different constructs interact in non-trivial ways. Moreover, there is no mechanism to ensure that a given configuration obeys desired information flow policies. To remedy this, we enrich CIL with a formal semantics, and we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements. Using IFCIL, administrators can express confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements and we experimentally assess it on ten real-world policies.

Türkiye’s Security Policy in Sub-Saharan Africa: A Constructivist Analysis

Türkiye’s comprehensive, pragmatic, multi-dimensional, and multi-stakeholder strategy towards Africa is commendable for adopting a collaborative approach that aligns well with the region’s needs. This study aims to explore Türkiye’s security relations in Sub-Saharan Africa through a constructivist perspective, focusing on the sub-regions of East Africa, West Africa, and the Sahel Belt. The research employs a qualitative methodology, drawing on official documents, academic literature, reports from international organizations, and discourse analysis to examine Türkiye’s security policy in the region. Türkiye’s security cooperation in Sub-Saharan Africa extends beyond mere military ties, encompassing a holistic strategy that supports regional peace and stability. By enhancing and strengthening these efforts, Türkiye significantly bolsters its standing in Sub-Saharan Africa and contributes to regional security architecture.

An intelligent native network slicing security architecture empowered by federated learning

Network Slicing (NS) has transformed the landscape of resource sharing in networks, offering flexibility to support services and applications with highly variable requirements in areas such as the next-generation 5G/6G mobile networks (NGMN), vehicular networks, industrial Internet of Things (IoT), and verticals. Although significant research and experimentation have driven the development of network slicing, existing architectures often fall short in intrinsic architectural intelligent security capabilities. This paper proposes an architecture-intelligent security mechanism to improve the NS solutions. We idealized a security-native architecture that deploys intelligent microservices as federated agents based on machine learning, providing intra-slice and architectural operation security for the Slicing Future Internet Infrastructures (SFI2) reference architecture. It is noteworthy that federated-learning approaches match the highly distributed modern microservice-based architectures, thus providing a unifying and scalable design choice for NS platforms addressing both service and security. Using ML-Agents and Security Agents, our approach identified Distributed Denial-of-Service (DDoS) and intrusion attacks within the slice using generic and non-intrusive telemetry records, achieving an average accuracy of approximately 95.60% in the network slicing architecture and 99.99% for the deployed slice – intra-slice. This result demonstrates the potential for leveraging architectural operational security and introduces a promising new research direction for network slicing architectures.

Multiple levels of crypto-fiduciary security unforgeable stamp

The paper introduces the concept of a multi-level crypto-fiduciary security system, focusing on the development and implementation of an unforgeable stamp mechanism. This security architecture integrates cryptographic techniques with fiduciary principles to create a robust authentication framework that ensures data integrity, confidentiality, and trust in transactions. The unforgeable stamp serves as a cryptographic seal that is tamper-proof, traceable, and resistant to counterfeiting or duplication, providing enhanced protection against fraud and unauthorized access. The proposed system leverages multiple layers of encryption, key management, and blockchain technology to achieve a secure and verifiable method of transaction validation. This work aims to address critical security challenges in financial, governmental, and other sensitive applications, where trust and data authenticity are paramount.

An Examination of the Security Architecture and Vulnerability Exploitation of the TurtleBot3 Robotic System

An Examination of the Security Architecture and Vulnerability Exploitation of the TurtleBot3 Robotic System

Сравнительный анализ интеграционных инициатив и проектов России и Китая в Центральной Азии

Based on the analysis, the author concludes that after the collapse of the USSR, Moscow made numerous attempts to create an integrated political and economic union in the post-Soviet space. However, in the first decade of the 21st century, none of these efforts was realized in reality, and the formation of the EAEU is seen as a step towards more effective economic growth and success compared to other post-Soviet initiatives. The path from the Customs Union to the Common Economic Space and from there to the Common Market appears not only logical but also realistic. In terms of military-political cooperation, it is recognized that there is no alternative to the CSTO in the post-Soviet space. It is the only structure that shapes the security architecture in its area of responsibility and ensures the security and stability of member countries against external and internal challenges and threats in the modern world. On the other hand, Beijing has made significant progress in its diplomatic contacts with the Central Asian states by establishing two major institutional pillars – the SCO and the global initiative BRI. These two instruments have become the fundamental basis that has improved China's foreign policy and external economic positioning in the Central Asian direction.

The October Revolution of 2020 in Kyrgyzstan and the Security Problem in Central Asia

The subject of the article is the analysis of the causes, course and effects of the October 2020 revolution in Kyrgyzstan. Particular emphasis is placed on the consequences of this revolution, especially on the change of the system of government in Kyrgyzstan and its impact on security in the region of Central Asia. The entirety of the normative provisions of the Constitution of May 5, 2021, and in particular the regulations regarding the mutual relations between the executive and legislative powers, proves that the presidential system of government established on its basis in Kyrgyzstan differs significantly from the classical model of such a system of government. This is evidenced primarily by the right of legislative initiative granted to the President of Kyrgyzstan, the right to participate in parliamentary sessions, and the right to determine the subject of its sessions. The October Revolution did not affect the security architecture in Central Asia directly. However, the adoption of the presidential system of government in Kyrgyzstan, the difficult economic situation, as well as unresolved social problems may result in further mass social protests in this country in the future, which may have a significant impact on the relations, especially with Uzbekistan and Tajikistan.

An Efficient Low-Latency and High Throughput LED Cipher Architecture for IoT Security on a Hardware Platform

An Efficient Low-Latency and High Throughput LED Cipher Architecture for IoT Security on a Hardware Platform

Protecting unauthenticated messages in LTE/5G mobile networks: A two-level Hierarchical Identity-Based Signature (HIBS) solution

As an essential public infrastructure, the security and reliability of mobile networks have a profound impact on people’s production and life. Although the security of LTE/5G networks has been improved a lot with the evolution of standards, there are still some unprotected messages being transmitted between the cellular network and device due to the symmetric key-based security architecture and the trade-off between security and other criteria like network availability. By exploiting these messages, various security attacks have been proposed and demonstrated against commercial mobile networks and devices in existing literature, such as user location tracking, bidding-down, and DoS attacks. To address this security issue, in this paper, we aim to protect these unauthenticated messages in mobile networks using digital signatures. Based on the idea of Hierarchical Identity-Based Signature (HIBS) in existing work, we analyse and design a two-level HIBS solution in detail in terms of different aspects such as keys generation and provisioning procedures, replay mitigation, and cell selection. Unlike previous work, our proposed solution also supports the protection of individual vulnerable RRC and NAS layer signalling in addition to authenticating the base station. We evaluated the efficiency and feasibility of several existing HIBS schemes and implemented the most efficient one in the 5G standalone network setup using open-source software. The implementation results further proved the feasibility of the solution in practice.

The Republic of South Ossetia in the Context of Regional Security Threats

The article analyzes the security problems in the South Caucasus. The emphasis is placed on the key security threats to the Republic of South Ossetia, which is actually in a state of latent conflict with Georgia. The article uses the method of situational analysis (sitanalysis), which involves considering the problem at the applied level, identifying all the factors that influence the formation of the situation. The author considers that the most important part of the situational analysis is the development of practical recommendations in order to implement a favorable forecast and, if possible, avoid an unfavorable course of events.According to the author’s main conclusions, the Republic of South Ossetia is currently facing a number of serious external threats to its national security in the South Caucasus. The existing threats, challenges and risks for South Ossetia in the South Caucasus region tend to increase, both in local and regional variants. According to the author, efforts should continue to create a sustainable security architecture in the South Caucasus in order to prevent any violent scenarios for resolving existing contradictions and achieving sustainable peace and stability in the region.

Advanced Persistent Threat Attack Detection Systems: A Review of Approaches, Challenges, and Trends

Advanced persistent threat (APT) attacks present a significant challenge for any organization, as they are difficult to detect due to their elusive nature and characteristics. In this paper, we conduct a comprehensive literature review to investigate the various APT attack detection systems and approaches and classify them based on their threat model and detection method. Our findings reveal common obstacles in APT attack detection, such as correctly attributing anomalous behavior to APT attack activities, limited availability of public datasets and inadequate evaluation methods, challenges with detection procedures, and misinterpretation of requirements. Based on our findings, we propose a reference architecture to enhance the comparability of existing systems and provide a framework for classifying detection systems. In addition, we look in detail at the problems encountered in current evaluations and other scientific gaps, such as a neglected consideration of integrating the systems into existing security architectures and their adaptability and durability. While no one-size-fits-all solution exists for APT attack detection, this review shows that graph-based approaches hold promising potential. However, further research is required for real-world usability, considering the systems’ adaptability and explainability.

Architecture for Enhancing Communication Security with RBAC IoT Protocol-Based Microgrids.

In traditional power grids, the unidirectional flow of energy and information has led to a decrease in efficiency. To address this issue, the concept of microgrids with bidirectional flow and independent power sources has been introduced. The components of a microgrid utilize various IoT protocols such as OPC-UA, MQTT, and DDS to implement bidirectional communication, enabling seamless network communication among different elements within the microgrid. Technological innovation, however, has simultaneously given rise to security issues in the communication system of microgrids. The use of IoT protocols creates vulnerabilities that malicious hackers may exploit to eavesdrop on data or attempt unauthorized control of microgrid devices. Therefore, monitoring and controlling security vulnerabilities is essential to prevent intrusion threats and enhance cyber resilience in the stable and efficient operation of microgrid systems. In this study, we propose an RBAC-based security approach on top of DDS protocols in microgrid systems. The proposed approach allocates roles to users or devices and grants various permissions for access control. DDS subscribers request access to topics and publishers request access to evaluations from the role repository using XACML. The overall implementation model is designed for the publisher to receive XACML transmitted from the repository and perform policy decision making and enforcement. By applying these methods, security vulnerabilities in communication between IoT devices can be reduced, and cyber resilience can be enhanced.

Maritime security and blue economy development in Nigeria: A structural equation model

The Nigerian Niger Delta region has been described as the epicenter of piracy and kidnapping for ransom of seafarers and other maritime crimes especially in the Gulf of Guinea region. This paper aimed to evaluate Maritime Security and Blue Economy development in Nigeria using structural equation model. The study adopted a quantitative research methodology and expost facto research design. A 33year (1990 - 2022) time series secondary data were sourced from International Maritime Bureau (IMB), Nigerian Ports Authority annual reports, CBN statistical bulletin, NOSDRA, and NPA annual statistics. The data obtained were transformed, cleaned, and subjected to Confirmatory factor analysis, measurement model and Structural equation modelling using AMOS (V23). From the structural equations analysis, the specified models met the minimum/necessary conditions (Df => 0) for model identification. The findings of the study revealed that 56 % of maritime security threats in Nigeria waters can be predicted by the number of crewmen kidnapped for ransom, 55 % by pirates’ attacks and 92 % by crude oil theft in Nigerian waters. Similarly, the results revealed that maritime security threats (MST) have a significant effect on blue economy development in Nigeria. Imperatively, adequate maritime security measures stimulate confidence among local and international stakeholders, attracting investments, encouraging trade partnerships, and enhancing the country’s position as a reliable maritime hub. Therefore, the study recommended that the Nigerian government should prioritise cooperation and collaborations with other regional navies to ensure adequate maritime domain awareness and security interdiction within her exclusive economic zone as provided by the Yaoundé code of conduct security architecture.