Legitimate Access Research Articles

Data Mining Approach for Evil Twin Attack Identification in Wi-Fi Networks

Recent cyber security solutions for wireless networks during internet open access have become critically important for personal data security. The newest WPA3 network security protocol has been used to maximize this protection; however, attackers can use an Evil Twin attack to replace a legitimate access point. The article is devoted to solving the problem of intrusion detection at the OSI model’s physical layers. To solve this, a hardware–software complex has been developed to collect information about the signal strength from Wi-Fi access points using wireless sensor networks. The collected data were supplemented with a generative algorithm considering all possible combinations of signal strength. The k-nearest neighbor model was trained on the obtained data to distinguish the signal strength of legitimate from illegitimate access points. To verify the authenticity of the data, an Evil Twin attack was physically simulated, and a machine learning model analyzed the data from the sensors. As a result, the Evil Twin attack was successfully identified based on the signal strength in the radio spectrum. The proposed model can be used in open access points as well as in large corporate and home Wi-Fi networks to detect intrusions aimed at substituting devices in the radio spectrum where IEEE 802.11 networking equipment operates.

Long-Short Term Memory Network Based Model for Reverse Brute Force Attack Detection

Reverse brute force attacks pose a significant threat to the security of online systems, where adversaries attempt to gain unauthorized access by systematically testing a multitude of username and password combinations against a single account. To address this challenge, the research presents an innovative Long-Short Term Memory Network based model designed to detect such attacks. The model utilizes LSTM algorithms to analyze login attempt patterns, identifying anomalies that may indicate reverse brute force attacks. By examining various factors like user login behavior, IP address, and time-based patterns, the model distinguishes legitimate access attempts from potential attacks with high accuracy. It incorporates real-time threat intelligence feeds and historical data analysis to continuously adapt and improve its detection capabilities. The model dynamically adjusts security parameters, enforces account lockouts, and communicates with firewall systems to block suspicious IP addresses, thus providing a proactive response to thwart attacks. The research evaluates the effectiveness of the AI model through simulated and real-world testing scenarios, demonstrating a significant reduction in false positives and successful prevention of reverse brute force attacks. Overall, the developed AI model offers a sophisticated and proactive solution to the evolving threat of reverse brute force attacks, contributing to the advancement of cybersecurity measures.

Perceptions of offender motives, opportunities and willingness for financial crime: an empirical analysis of survey responses in six nations

Purpose This study aims to identify perceptions of financial crime among students in six different countries. Design/methodology/approach Survey research was conducted among students in India, Iran, Malaysia, Norway, Romania and the USA to compare the ranking of perceptions. Findings The following three propositions for financial crime had most agreement among respondents: lack of oversight and guardianship, legitimate access to resources and heroic offender status. Research limitations/implications Scholars involved in various countries conducted survey research at different points in time with little knowledge of each other’s survey populations and response rates. Practical implications Crime convenience and, thus, attractiveness can be addressed by focusing on propositions finding the strongest agreement in the surveys. Social implications Agreement and lack of agreement indicate priorities in fighting financial crime. Originality/value The diversity of nations involved in survey research makes this study interesting.

Enchancing Health Records Security Through Blockchain Protocols

The traditional health record sharing system faces challenges in security, privacy, and efficient sharing. "Sec-Health" protocol, a blockchain-based solution, addresses these issues by integrating advanced cryptographic techniques. Its structured workflow includes setup, storage, sharing, and emergency access phases, ensuring controlled access and data integrity. Through blockchain and IPFS networks, users register securely in the setup phase. Health records are encrypted and stored in the blockchain network during storage. Access in the sharing phase is controlled by cryptographic material, allowing only authorized users. The emergency access phase ensures immediate and legitimate access during critical situations. Patients have dynamic control over their records through access revocation. Overall, Sec-Health offers a dynamic solution that enhances security, privacy, and collaboration in healthcare data management. Keywords: Blockchain, Healthcare, Records, Security

Intentional Adulteration of Foods with Chemicals: Snapshot for 2009–2022

Global occurrences of the intentional adulteration of food with a chemical toxicant culled from the literature and news reports from 2009 to 2022 were analyzed in terms of their ability to cause mass public health harm. A total of 76 intentional adulteration events that involved over 27 chemicals and 16 foods were identified. The chemicals used included pesticides, rat poisons, illicit drugs, and commercial chemicals. A total of 253 deaths and 4,887 illnesses were attributed to intentional adulteration events; there were deaths in 20% and illnesses in 50% of the events. Intentional adulteration during manufacturing, which accounted for 21 events (28%), resulted in 205 deaths (81%) and 3,572 illnesses (73%). Intentional adulteration at the food preparation node, which accounted for 17 events (22%), resulted in 39 deaths (15%) and 387 illnesses (8%). On-farm intentional adulteration, eight events (10%) resulted in 843 illnesses (17%) and no deaths. The perpetrators who were identified generally had legitimate access to the food, although in 63% of the cases studied, the perpetrator was not identified. Economically motivated adulteration and revenge resulted in over 80% of the deaths and illnesses.

Characteristics of Crime Convenience: The Case of Corporate Offenders

ABSTRACT This article presents a review of the research addressing the seriousness of corporate crime and the convenience for corporate offenders. Insights from this review are important as detection and prevention of corporate crime is dependent on addressing convenience issues for offenders. The perspective in this article suggests that convenience is a matter of avoiding strain and pain, saving time and efforts, overcoming barriers where the fences are at their lowest to gain from business possibilities and to avoid business threats such as bankruptcy. The opportunity for deviance among corporate offenders is typically based on their high social status and their legitimate access to resources to do both the right things and the wrong things. The opportunity structure to conceal deviance consists of institutional deterioration, lack of oversight and guardianship, and sometimes also criminal market forces. This is a scoping review article to identify convenience characteristics of corporate offenses and corporate offenders. Insights

The gray zone between legitimate and predatory open access scientific publishing.

Certain open access publishers based on the article processing charges model have found it highly profitable to operate within a gray zone that encompasses both legitimate and predatory publishing practices. In this context, maximum profits can be obtained by adequate combinations of journal acceptance rates and elevated article processing charges. Considering that the gray zone can be particularly challenging to identify and that it poses risks for authors aiming to establish academic carreers, we believe it is important to provide a comprehensive description of it.

An electronic medical record access control model based on intuitionistic fuzzy trust

Electronic Medical Records (EMR), as the core data of medical big data, has improved the efficiency of medical services in the process of sharing and use, but a series of data privacy leakage problems have emerged. Access control technology can ensure users' legitimate and appropriate access to data resources, but traditional access control has many limitations such as static and coarse-grained, which is difficult to meet in the dynamic and complex healthcare environment. We create a model to solve the privacy leakage problem of healthcare big data. The model utilizes the Latent Delicacy Allocation (LDA) topic model to quickly search documents and extract the topic probability distributions between the target patient and other patients' electronic medical records, which improves the efficiency of medical record document analysis; Calculating physician access similarity, we quantify physician access behavior to more accurately describe physician access behavior in the form of data. We combined the intuitionistic fuzzy theory with the trust evaluation method to create a novel trust evaluation method-- Intuitionistic Fuzzy Trust Evaluation Method, which can reflect the uncertainty characteristics that exist in the physician's diagnostic and treatment process when quantifying the trust of the access by using this method, and it is more flexible and practical, which enhances the accuracy of the quantification of the trust. Improving the traditional trust aggregation method by adding a time window and time decay function, the optimized method improves the accuracy of trust aggregation, and the experimental results are more in line with the actual law. We created a new intuitionistic fuzzy trust access control model using a relative entropy-based intuitionistic fuzzy clustering algorithm and a reward and punishment mechanism to achieve adaptive and dynamic access control for physician access behavior. Experiments show that the access control model based on intuitionistic fuzzy trust proposed in this article achieves 95% correctness in identifying user access behaviors and 94.29% correctness in identifying excessive user access behaviors. Experiments have proved that this model has obvious advantages over other models in the process of privacy protection of electronic medical record systems and has certain control effects.

Legal Status in the Donbas Conflicts: Foreign Fighters, Mercenaries, Far-Right Radicals

On January 6, 2021, an armed group of about two thousand people, who could not accept the loss of the election of former President Donald Trump, stormed the US Capitol. David C. Rapoport, who received many references to the wave theory of his in terrorism studies, penned an article on the Capitol Attack and said that he wondered what could happen when far-right actions coalesce into big movements. February 23, 2022, as the United Nations Security Council convened to resolve the ongoing tension between Russia and Ukraine, Russian President Vladimir Putin authorized the entry of the Russian Army into Ukraine on television screens. He said the 'special operation' was carried out under Article 51 of the United Nations Charter. The Donbas Conflict, which has been going on since 2014, seems to have presented a historic opportunity to the far-right radicals. Special military forces, foreign fighters, far-right radicals, terrorist organizations, states used force/violence. The conflicts attracted the attention of far-right radicals, and radicals found ample scope for legitimate use and access to the means of violence. The aim of the study is to present the legal framework of the space created by the Donbas Conflicts for far-right radicals. For this purpose, the legal framework applicable to the conflict will be drawn, the rights and authorities granted to the actors within this legal framework will be determined, and it will be investigated what kind of freedom the far-right radicals have achieved within this legal framework.

A compressed sensing-based progressive secret image sharing scheme and security analysis

Cryptographic secret image sharing (SIS) allows a secret image to be shared among participants, and any authorized set of participants can reconstruct the secret. In this paper, we first propose a conceptually simple way to construct a progressive SIS scheme based on semi-tensor product compressed sensing (STP-CS). In the sharing phase, the dealer employs STP-CS to compress the secret image and extracts several different rows of the compressed image in turn. Then the sub-shadows for participants are formed. In addition, he needs to employ a perfect secret sharing to share the measurement matrix (or an initial state of the linear feedback shift register) among all participants. Finally, the sub-shadow and the share of the measurement matrix together constitute the shadow of each participant. In the combination phase, any legitimate access structure can reconstruct the secret image gradually. The perfect secret sharing ensures that the combination phase can work if and only if the access structure is authorized. Simultaneously, the use of STP-CS ensures that the proposed scheme has the properties of gradual reconstruction, noise-resilience, and smaller shadow size. Also, we have proven that the proposed scheme achieves the extended Wyner-sense perfect secrecy. Besides, we provide an extend version, referred to as homomorphic secret image sharing (HSIS), for improving the efficiency of the combination algorithm. HSIS can outsource the combination phase to the cloud servers securely.

VISTA: An inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVeInSiderThreat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat.

A New Scalable and Secure Access Control Scheme Using Blockchain Technology for IoT

The growth of IoT devices is so rapid that several billions of such devices would be in use in a span of four-year period. Essential security mechanisms need to be put in place to curb several security attacks prevalent in IoT. Access control is an important security mechanism that ensures legitimate and controlled access to critical and limited resources in IoT. The current access control schemes for IoT could not handle burgeoning number of IoT devices, while meeting the necessary level of security. Consequently, in this paper, we propose a new scalable and secure access control scheme for IoT. With blockchain as the root-of-trust, the proposed scheme performs access control for the IoT devices without having the resource-constrained IoT devices to be part of the blockchain network and to possess substantial amount of blockchain data. Blockchain’s tamper-proof property makes it an ideal candidate to be chosen as the root-of-trust. The scheme is secure against various security attacks prevalent in IoT. A proof-of-concept implementation for the scheme is developed and deployed in Ethereum Mainnet. The transaction costs of the different operations in the scheme are fairly below USD 3. Furthermore, scalability of the proposed scheme in different scenarios is investigated.

An efficient and privacy-preserving query scheme in intelligent transportation systems

Privacy preservation is a crucial aspect of intelligent transportation systems, particularly in queries involving sensitive data stored in the Cloud. However, resource-constrained vehicles require security, privacy, and communication efficiency. To address these challenges, we propose an efficient and Privacy-Preserving Query (PPQ) scheme for intelligent transportation systems. The proposed scheme leverages matrix decomposition techniques to reorganize routes in a flexible manner. Additionally, all query operations are performed in the ciphertext state to protect the vehicle's route. Lightweight authentication is employed to ensure legitimate user access between vehicles and roadside units. Furthermore, security analysis confirms that the proposed scheme meets the security goals of privacy protection. Performance analysis demonstrates that the computational and communication overhead of the scheme are greatly improved compared to similar schemes. Therefore, the proposed solution is well-suited for resource-constrained vehicles.

Mikrotik Login Security with Port-Knocking and Brute Force Firewall at PT. Time Excelindo

In today's digital era, the use of MikroTik routers is increasingly common in companies, including PT Time Excelindo. However, attacks on MikroTik router logins are a frequent problem, and the company has a need to have a cheap and simple security system. This thesis aims to implement login security techniques using Port-Knocking and brute force firewalls on MikroTik routers at PT Time Excelindo, with the aim of providing solutions that are affordable and easy to implement. This study focuses on identifying the problems faced by PT Time Excelindo, namely repeated attacks against MikroTik router logins. The proposed solution involves implementing a Port- Knocking technique which will hide the login port on the router, so that only legitimate access will be allowed after a series of specific requests are made to certain ports. In addition, the firewall will also be activated to block brute force attacks by limiting the number of failed login attempts

A blockchain‐enabled security management framework for mobile edge computing

AbstractMobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet‐based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain‐enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain‐enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource‐constrained MEC devices. In addition, a smart contract‐based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.

A novel Evil Twin MiTM attack through 802.11v protocol exploitation

In recent years, especially where 802.11 networks are involved, we have seen a rise in Man in the Middle (MiTM) attacks. In this work, we propose a novel method that maliciously exploits the BSS Transition Management frames IEEE 802.11v protocol and demonstrates how such an attack can be performed, by utilizing roaming 802.11 protocols. To the best of our knowledge, this kind of approach has not been examined in the past. Our testbed results suggest that the proposed method is successful, regardless of the legitimate and rogue access point signal strengths provided to the terminal under attack. This is not the case for other MiTM attack methods, where the signal strength provided by the rogue access point to the terminal under attack must be stronger than the legitimate access point signal strength. During the experimentation phase with our testbed, several mobile phone models were used to demonstrate the suggested technique. After demonstrating the validity of the method through the testbed, further analysis is performed with a realistic ray tracing simulator to determine practical attack distance limits in an urban environment under investigation and how an adversary can manipulate a device to connect to a rogue access point.

A Novel Non-Linear Transformation Based Multi User Identification Algorithm for Fixed Text Keystroke Behavioral Dynamics

In this paper, we propose a new technique to uniquely classify and identify multiple users accessing a single application using keystroke dynamics. This problem is usually encountered when multiple users have legitimate access to shared computers and accounts, where, at times, one user can inadvertently be logged in on another user’s account. Since the login processes are usually bypassed at this stage, we rely on keystroke dynamics in order to tell users apart. Our algorithm uses the quantile transform and techniques from localization to classify and identify users. Specifically, we use an algorithm known as ordinal Unfolding based Localization (UNLOC), which uses only ordinal data obtained from comparing distance proxies, by “locating” users in a reduced PCA/Kernel-PCA/t-SNE space based on their typing patterns. Our results are validated with the help of benchmark keystroke datasets and show that our algorithm outperforms other methods.

MALDI MSI Separation of Same Donor’s Fingermarks Based on Time of Deposition—A Proof-of-Concept Study

Despite the advent of DNA profiling, fingerprints still play an important role in suspect identification. However, if single crime scene marks may be challenging to identify, overlapping fingermarks, understandably, pose an even greater challenge. In the last decade, mass spectrometry-imaging methods have provided a possible solution to the separation of fingermarks from two or more donors, based on the differential chemical composition. However, there are no studies attempting to separate overlapping marks from the same donor. This is important in relation to fingermark deposition at different times, which could be critical, for example, to ascertain legitimate access to the scene. In the work presented here, we investigate whether Matrix-Assisted Laser Desorption Ionisation Mass Spectrometry Imaging can separate the same donor's fingermarks deposited at different times based on intra-donor fingermark composition variability. Additionally, the hypothesis that the different times of deposition could be also determined was investigated in the view of linking the suspect at the scene at different times; the dating window of MALDI MSI within the selected molecular range was explored. Results show that it is possible to separate overlapping fingermarks from the same donor in most cases, even from natural marks. Fresh marks (0 days) could be separated from those of fourteen days of age, though the latter could not be distinguished from the set aged for seven days. Due to the use of only one donor, these are to be considered preliminary data, though findings are interesting enough to warrant further investigation of the capabilities and limitations of this approach using a larger cohort of donors.

Addressing insider attacks via forensic-ready risk management

Cyberattacks perpetrated by insiders are difficult to prevent using traditional security approaches. Often, such attackers misuse legitimate access to the system to conduct an attack, or an external attacker manipulates or masquerades as an insider to gain access, bypassing the security controls. A possible solution to this problem are forensic-ready software systems that support the eventual forensic investigation. For example, assuring that appropriate evidence of an attack would be generated and assessable if needed. While not primarily aimed at prevention, the controls of forensic-ready systems can be used to ensure reliable post-incident investigation in the case of an insider attack. Currently, however, there is a gap in adequate methods for identifying requirements and assessment of such systems. Therefore, we propose FR-ISSRM, a risk management approach to derive the forensic readiness requirements addressing insider attacks. The requirements, once implemented, assist in the reliable uncovering culprit, root cause, damage of the attack, and overall improvement of security posture. The approach is then demonstrated in three cases covering typical insider attacks.

Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study

Employees who have legitimate access to an organization's data may occasionally put sensitive corporate data at risk, either carelessly or maliciously. Ideally, potential breaches should be detected as soon as they occur, but in practice there may be delays, because human analysts are not able to recognize data exfiltration behaviors quickly enough with the tools available to them. Visualization may improve cybersecurity situation awareness. In this paper, we present a dashboard application for investigating file activity, as a way to improve situation awareness. We developed this dashboard for a wide range of stakeholders within a large financial services company. Cybersecurity experts/analysts, data owners, team leaders/managers, high level administrators, and other investigators all provided input to its design. The use of a co-design approach helped to create trust between users and the new visualization tools, which were built to be compatible with existing work processes. We discuss the user-centered design process that informed the development of the dashboard, and the functionality of its three inter-operable monitoring dashboards. In this case three dashboards were developed covering high-level overview, file volume/type comparison, and individual activity, but the appropriate number and type of dashboards to use will likely vary according to the nature of the detection task). We also present two use cases with usability results and preliminary usage data. The results presented examined the amount of use that the dashboards received as well as measures obtained using the Technology Acceptance Model (TAM). We also report user comments about the dashboards and how to improve them.