Security Implementation Research Articles

Rent-a-Read: A Secure, Cloud-Powered eBook Rental

Rent-a-Read is a secure, cloud-based eBook rental system designed to make books more accessible and affordable through a real-time rental platform. This paper presents a robust web-based solution that allows users to rent eBooks for a limited time, ensuring seamless access while preventing downloads. The platform is powered by Amazon Web Services (AWS) for secure storage, MongoDB for data management, and Flask with JWT authentication for backend services. The system implements fine-grained access control using signed URLs to provide time-limited access to rented content. Furthermore, MongoDB schemas are enforced to maintain data integrity, and the platform supports role-based access for customers and book owners. The integration of real-time payment system ensures a streamlined transaction process. This research outlines the architectural design, security implementations, and real-time functionalities that make Rent-a-Read a scalable and user-friendly solution for modern readers. Key Words: eBook rental, Cloud computing, MongoDB, AWS S3, Flask, JWT authentication, signed URLs, Role-based Access control, Secure content streaming, Real-time payments, Schema validation

A Review on Online Voting System using Face Recognition and Blockchain

Online voting systems represent a transformative approach to modernizing electoral processes, offering benefits such as increased accessibility, security, and efficiency. This paper explores the design, implementation, and challenges of online voting systems, with a particular focus on the integration of biometric authentication, encryption, and blockchain technology. These systems aim to address the critical issues of voter identity verification, fraud prevention, and the integrity of election results. The methodology for creating an online voting system involves a multi-stage process, including requirement analysis, system design, development, security implementation, testing, deployment, and post-election auditing. Despite the numerous advantages, challenges such as cybersecurity threats, privacy concerns, and digital accessibility remain. This paper discusses the importance of addressing these challenges to ensure the security, transparency, and inclusivity of online voting. By adopting robust security measures and considering the legal and technological landscape, online voting systems can enhance voter participation and transform electoral practices, providing a reliable and efficient alternative to traditional voting methods

A Secure and Efficient White-Box Implementation of SM4

Differential Computation Analysis (DCA) leverages memory traces to extract secret keys, bypassing countermeasures employed in white-box designs, such as encodings. Although researchers have made great efforts to enhance security against DCA, most solutions considerably decrease algorithmic efficiency. In our approach, the Feistel cipher SM4 is implemented by a series of table-lookup operations, and the input and output of each table are protected by affine transformations and nonlinear encodings generated randomly. We employ fourth-order non-linear encoding to reduce the loss of efficiency while utilizing a random sequence to shuffle lookup table access, thereby severing the potential link between memory data and the intermediate values of SM4. Experimental results indicate that the DCA procedure fails to retrieve the correct key. Furthermore, theoretical analysis shows that the techniques employed in our scheme effectively prevent existing algebraic attacks. Finally, our design requires only 1.44 MB of memory, significantly less than that of the known DCA-resistant schemes—Zhang et al.’s scheme (24.3 MB), Yuan et al.’s scheme (34.5 MB) and Zhao et al.’s scheme (7.8 MB). Thus, our SM4 white-box design effectively ensures security while maintaining a low memory cost.

User Authentication System Using Python

User authentication is a critical component in ensuring the security and privacy of digital systems. This paper User authentication is a critical component in ensuring the security and privacy of digital systems. This paper explores the implementation of user authentication explores the implementation of user authentication systems using Python, a versatile and widely-used systems using Python, a versatile and widely used programming language. With its robust libraries and frame works, Python provides a comprehensive eco system for designing, developing, and deploying secure authentication mechanisms. The study focuses on the practical implementation of authentication methods, including password-based systems, two-factor authentication (2FA), and biometrics integration. Python libraries such as Flask and Django are employed to create backend systems, while libraries liked crypt and pass lib are utilized for hashing and securing passwords. The integration of 2FA is demonstrated using PyOTP, which facilitates one-time password generation to enhance security. This paper also highlights the role of JSON Web Tokens (JWT) in enabling secure, stateless user sessions, making them suitable for modern web and mobile applications. Python's inter operability with biometric authentication systems is explored through the use of APIs and machine learning libraries, providing a foundation for advanced authentication mechanisms. The proposed authentication system is evaluated for its security, scalability, and ease of implementation, offering insights into best practices for minimizing vulnerabilities such as brute force attacks and data breaches. Additionally, the paper emphasizes the importance of encrypting sensitive user data during transmission using libraries like cryptography and SSL/TLS protocols. In conclusion, the paper demonstrates Python's potential to implement secure, flexible, and scalable user authentication systems suitable for diverse applications. It serves as a guide for developers and researchers aiming to enhance the security of their systems through robust authentication techniques. Programming language with its robust libraries and frameworks, Python provides a comprehensive eco system for designing, developing, and deploying secure authentication mechanisms. The study focuses on the practical implementation of authentication methods, including password-based systems, two-factor authentication (2FA), and biometrics integration. Python libraries such as Flask and Django are employed to create backend systems, while libraries like bcrypt and passlib are utilized for hashing and securing passwords. The integration of 2FA is demonstrated using PyOTP, which facilitates one-time password generation to enhance security.

The Transformative Role of Mobile Applications in Digital Banking: A Comprehensive Analysis of Customer Engagement and Service Evolution

The digital transformation of banking services through mobile applications represents a pivotal shift in the financial services industry, fundamentally changing how customers interact with their financial institutions. This comprehensive article research examines the multifaceted role of mobile applications in driving digital banking transformation, with particular emphasis on security implementations, customer engagement strategies, and the impact of automation and personalization on service delivery. The article analyzes the critical aspects of mobile banking infrastructure, including multi-layered security protocols, regulatory compliance frameworks, and technological integration strategies that have shaped the modern banking landscape. Special attention is given to the accelerated digital adoption during the COVID-19 pandemic, which served as a catalyst for unprecedented changes in banking behavior and technological advancement. Through analysis of industry data and expert insights, this research demonstrates how mobile banking applications have evolved from simple transaction tools into sophisticated platforms that integrate advanced security protocols, artificial intelligence, personalized analytics, and seamless customer engagement features. The article reveals significant improvements in customer satisfaction, operational efficiency, and service accessibility, with mobile banking users showing an increase during the pandemic period and an increase in customer engagement for institutions implementing advanced analytics and personalization strategies. This article contributes to the understanding of mobile banking's evolutionary trajectory and provides valuable insights for financial institutions seeking to enhance their digital banking capabilities in an increasingly competitive landscape.

A quest for a decision-making model for Indonesia’s national social security policies

This study aims to identify key strategies and tactics necessary to effectively implement national social security in a democratic Indonesia. Indonesia established the Law on the National Social Security System in 2004. However, the national social security programs did not commence until 2014. The national social security implementation has faced significant obstacles. These challenges include recurring delays, legal disputes, appeals, judicial reviews, and deviations from the original policy objectives, all threatening the long-term viability of the national social security programs. This article applies a qualitative approach by critically analyzing regulations, government reports, and publicly available data and observing open public meetings and hearings concerning implementing national social security programs. Our findings indicate that implementing national social security policies in a democratic Indonesia depends on effectively managing the dynamic processes involved in policy formulation and adoption. We propose a risk-based decision-making model to assist policymakers in mitigating policy-related risks and enhance the effectiveness of future policy agendas in social security.

Pelaksanaan BPJS Ketenagakerjaan terhadap karyawan (Studi di PT. Wonebesco Group Indonesia)

The purpose of this research is to determine the procedures and obstacles in implementing the Employment Social Security Administering Agency at PT. Wonebesco Group Indonesia Purwokerto Banyumas Regency. The approach method in this research is normative juridical, namely an approach that uses a legalistic positivistic conception., the data used is primary data through observations and interviews with sources and respondents as main data, secondary data as supporting data in the form of legal materials, research specifications using research Clinical law (Clinical Legal Research) is research to apply law in abstracto to cases in concrete. The data obtained will be analyzed using qualitative analysis methods, namely by observing the data obtained with the provisions and legal principles related to the problem being studied. This research was conducted to answer the procedures and obstacles in the Implementation of the Employment Social Security Administering Agency at PT. Wonebesco Group Indonesia Purwokerto Banyumas Regency. with a positivistic legal conception method. Implementation of BPJS Employment at PT. Wonebesco is in accordance with applicable laws and regulations by applying the percentage of contributions borne by the employer and the workforce. Giving rights to workers who have passed their term of employment or have not received a contract extension to receive assistance and guidance by the company in making claims against BPJS Employment

Extending Randomness-Free First-Order Masking Schemes and Applications to Masking-Friendly S-boxes

Masking has emerged as a widely adopted countermeasure against side-channel attacks. However, the implementation of masking schemes faces several challenges, including hardware area, latency and the overhead associated with fresh randomness generation. To eliminate the implementation cost caused by fresh randomness, Shahmirzadi et al. introduced a methodology for constructing 2-share first-order masking schemes without randomness at CHES 2021. In this work, we extend Shahmirzadi et al.’s method to find masked implementations for more S-boxes and further reduce the hardware overhead. We propose the concept of a non-linear compression layer, a comprehensive share assignment strategy based on a linear compression layer, and corresponding optimization techniques. Based on these techniques, we construct the first randomness-free first-order masking schemes for the PRINCE S-box and its inverse, reduce the hardware overhead of masking schemes for multiple S-boxes, and design new masking-friendly S-boxes. Particularly for the SKINNY S-box, the reduction is 21% and 15% in area and power consumption, respectively. To validate the security of masked implementations, we not only employ the automated tools SILVER and PROLEAD but also conduct FPGA-based experiments.

Prover - Toward More Efficient Formal Verification of Masking in Probing Model

In recent years, formal verification has emerged as a crucial method for assessing security against Side-Channel attacks of masked implementations, owing to its remarkable versatility and high degree of automation. However, formal verification still faces technical bottlenecks in balancing accuracy and efficiency, thereby limiting its scalability. Former tools like maskVerif and CocoAlma are very efficient but they face accuracy issues when verifying schemes that utilize properties of Boolean functions. Later, SILVER addressed the accuracy issue, albeit at the cost of significantly reduced speed and scalability compared to maskVerif. Consequently, there is a pressing need to develop formal verification tools that are both efficient and accurate for designing secure schemes and evaluating implementations. This paper’s primary contribution lies in proposing several approaches to develop a more efficient and scalable formal verification tool called Prover, which is built upon SILVER. Firstly, inspired by the auxiliary data structures proposed by Eldib et al. and optimistic sampling rule of maskVerif, we introduce two reduction rules aimed at diminishing the size of observable sets and secret sets in statistical independence checks. These rules substantially decrease, or even eliminate, the need for repeated computation of probability distributions using Reduced Ordered Binary Decision Diagrams (ROBDDs), a time-intensive procedure in verification. Subsequently, we integrate one of these reduction rules into the uniformity check to mitigate its complexity. Secondly, we identify that variable ordering significantly impacts efficiency and optimize it for constructing ROBDDs, resulting in much smaller representations of investigated functions. Lastly, we present the algorithm of Prover, which efficiently verifies the security and uniformity of masked implementations in probing model with or without the presence of glitches. Experimental results demonstrate that our proposed tool Prover offers a better balance between efficiency and accuracy compared to other state-of-the-art tools (IronMask, CocoAlma, maskVerif, and SILVER). In our experiments, we also found an S-box that can only be verified by Prover, as IronMask cannot verify S-boxes, and both CocoAlma and maskVerif suffer from false positive issues. Additionally, SILVER runs out of time during verification.

A novel approach for risk assessment optimization in big data platforms using SMT solvers

Big Data platforms store vast amounts of information, necessitating robust security measures, including risk-based approaches. Risk assessment, a key part of Information Security Management Systems (ISMS), involves evaluating threats, vulnerabilities, and documenting risks through risk registers. Organizations face the challenge of allocating resources effectively to implement controls that mitigate these risks. This involves calculating risk scores before and after control implementation and prioritizing them—an NP-Complete (Nondeterministic Polynomial-time Complete) problem. This paper presents a mathematical model for solving this using the Z3 Satisfiability Modulo Theories (SMT) solver. The model enables risk-based planning for security implementation in big data platforms. The results demonstrate the feasibility of the approach, with the system processing up to 11 risks (almost 40 million permutations) efficiently, compared to brute force methods, which struggle beyond six risks (720 permutations).

IoT Innovation in Hospitality: A Comprehensive Technical Analysis of Implementation and Impact

This comprehensive technical article analysis explores the transformative impact of Internet of Things (IoT) implementation in the hospitality industry, focusing on key applications, challenges, and future trends. The article examines how leading hotel chains have leveraged IoT technologies to enhance guest experiences, optimize operations, and advance sustainability initiatives. Through detailed case studies of Marriott International, Hilton Hotels, and InterContinental Hotels Group (IHG), the article demonstrates the practical applications of smart room technologies, predictive maintenance systems, energy management solutions, and security implementations. The article analysis encompasses the technical infrastructure requirements, integration challenges, and cost-benefit considerations of IoT deployment in hospitality settings. The article provides insights into how IoT solutions contribute to improved guest satisfaction, operational efficiency, and environmental sustainability while addressing critical aspects of data security and system integration. Furthermore, it explores the convergence of IoT with artificial intelligence and sustainable technologies, offering a forward-looking perspective on the evolution of smart hospitality systems and their potential to revolutionize the industry

Multi-Tenant Architecture: A Comprehensive Framework for Building Scalable SaaS Applications

Multi-tenant architecture has emerged as a fundamental paradigm in modern software development, particularly in Software as a Service (SaaS) applications where multiple organizations share computing resources while maintaining data isolation. This article presents a comprehensive framework for understanding and implementing multi-tenant systems, focusing on essential architectural decisions and design patterns that ensure scalability, security, and resource efficiency. The article examines the evolution from single-tenant to multi-tenant architectures, analyzes various data partitioning strategies, and explores critical aspects of tenant isolation, authentication, and authorization mechanisms. The article addresses key challenges in performance optimization, resource allocation, and security implementation, providing practical insights into database design approaches and caching strategies. Through a structured approach, this article bridges the gap between theoretical concepts and practical implementation, offering developers and architects a foundation for building robust multi-tenant systems. The findings emphasize the importance of balanced architectural decisions that accommodate both technical requirements and business objectives while maintaining system integrity and tenant isolation. This article contributes to the growing body of knowledge in cloud computing and distributed systems, providing practitioners with actionable insights for developing scalable multi-tenant applications.

Benchmarking for a New Railway Accident Classification Methodology and Its Database: A Case Study in Mexico, the United States, Canada, and the European Union

Rail accidents have decreased in recent years, although not significantly if measured by train accidents recorded in the last six years. Therefore, it is essential to identify weaknesses in the implementation of security and prevention systems. This research aims to study the trend and classification of railway accidents, as well as analyze public databases. Using the business management method of benchmarking, descriptive statistics, and a novel approach to the Ishikawa diagram, this study demonstrates best practices and strategies to reduce accidents. Unlike previous studies, this research specifically examines public databases and provides a framework for developing the standardization of railway accident causes and recommendations. The main conclusion is that the proposed classification of railway accident causes, and its associated database, ensures that agencies, researchers, and the government have accessible, easily linkable, and usable data references to enhance their analysis and support the continued reduction of accidents.

Building an AI Portfolio: A Technical Guide for Modern Logistics Specialists

This technical article provides a comprehensive framework for logistics specialists to build an effective AI portfolio in modern supply chain management. As the industry processes massive volumes of data annually, the integration of artificial intelligence has revolutionized logistics operations. The article addresses critical aspects, including demand forecasting, route optimization, inventory management, and security implementations. With AI implementations demonstrating significant performance improvements across cycle time reduction, transportation expense optimization, and inventory accuracy enhancement, the need for structured portfolio development has become increasingly important. The article outlines detailed technical requirements, implementation frameworks, and best practices for developing AI solutions in logistics, supported by real-world performance metrics and industry standards. Special attention is given to security considerations, scalability architecture, and professional development strategies, providing logistics professionals with a holistic approach to AI integration. The comprehensive coverage encompasses technical depth and practical implementation guidelines, making it a valuable resource for professionals seeking to advance their careers in AI-driven logistics operations.

Implementing Enterprise-Scale iOS MDM : A Technical Deep Dive

As organizations increasingly adopt mobile technologies, the need for effective remote management of iOS devices has grown significantly. This technical article examines implementation strategies and real-world performance metrics from a study of Mobile Device Management (MDM) implementations across 12 diverse organizations, encompassing 2,500 enterprise devices during 2023-2024. The article reveals that optimized MDM solutions can achieve 99.99% uptime while reducing infrastructure costs by up to 45%. Key findings demonstrate that effective MDM implementation reduces device management costs by 64%, improves security compliance rates to 99.3%, and decreases incident response time by 73%. Through automated troubleshooting and optimization, organizations experienced a 67% reduction in security incidents and a 42% decrease in IT support overhead while achieving 85% reduction in deployment time and 82% acceleration in app deployment processes. The article comprehensively evaluates architecture design, deployment metrics, security implementation, performance analysis, and scalability considerations. Implementation of advanced security protocols resulted in a 98.7% prevention rate for common mobile security threats, while maintaining 99.99% system reliability. The article also highlights the importance of phased deployment strategies, which demonstrate 43% higher success rates compared to direct full-scale implementations, and provides strategic insights for future planning and infrastructure optimization.

Event-Driven Architecture: Harnessing Kafka and Spring Boot for Scalable, Real-Time Applications

This comprehensive article explores the transformative impact of Event-Driven Architecture (EDA) in modern financial services, focusing on its implementation using Apache Kafka and Spring Boot. The article examines how financial institutions have revolutionized their transaction processing capabilities through EDA adoption, achieving significant improvements in system performance, reliability, and customer experience. Through a detailed examination of real-world implementations, the analysis demonstrates how EDA has enabled banks to handle unprecedented transaction volumes while substantially reducing system latency and improving resource utilization. The integration of Kafka and Spring Boot has proven particularly effective, with major financial institutions leveraging these technologies to achieve superior performance metrics and system availability. The article further explores critical patterns, including event sourcing, CQRS, and saga patterns, alongside cloud-based best practices for monitoring, performance optimization, and security implementations. By examining various implementation strategies and their outcomes, this article provides a comprehensive framework for building scalable, resilient financial systems that meet the demanding requirements of modern banking operations while ensuring regulatory compliance and maintaining high security and reliability standards.

THE FUTURE OF PERSONALISED CUSTOMER EXPERIENCE IN E-COMMERCE: DECODING THE POWER OF AI IN BUILDING TRUST, ENHANCING CONVENIENCE, AND ELEVATING SERVICE QUALITY FOR MALAYSIAN CONSUMERS

This study examines the influence of artificial intelligence (AI) on personalizing customer experiences on Shopee, a major e-commerce platform in Malaysia. Recognizing the increasing role of AI in enhancing trust, convenience, and service quality, this research aims to investigate these factors’ effects on personalised customer experience. The study employed a cross-sectional survey with a sample of 384 Shopee users, analysed using partial least squares structural equation modelling (PLS-SEM). Results reveal that trust in AI, convenience, and service quality all significantly contribute to customer satisfaction and personalised experiences. Trust fosters confidence in AI-driven features, convenience enhances customer ease and interaction efficiency, and high service quality positively impacts the perceived value of AI personalisation. These findings highlight the practical implications of AI for e-commerce, underscoring the need for secure, efficient, and high-quality AI implementations. Future research should explore the longitudinal impacts of AI-driven personalisation across different platforms and cultural contexts to better understand long-term customer loyalty and satisfaction.<p> </p><p><strong> Article visualizations:</strong></p><p><img src="/-counters-/soc/0763/a.php" alt="Hit counter" /></p>

An approach for real-time implementation of cyber security in power system network

Abstract In this era of Web World-3, usage of the Internet of Things (IoT) in power system networks has attained scalable altitude. By using this technology, data can be transferred and monitored from the far end. Further, the suggested corrective actions are also executed. However, recently, many cyber-attacks have been observed on the power system in which activities such as injection of false data, unwanted switching operations, formation of sub-system layers, and false indication of failure of cyber-physical components (CpC) are experienced. In the worst case, it leads to invite cascade tripping of the power system. Utmost care is taken for the selection of CpC for the power system. However, it is observed that the cyber attackers mostly take entry into the network using the CpC of the power system. Cyber attackers perform false switching operations and false data injection. This article suggests a cyber security concept to minimize the false switching operations and false data injection in the power system network. A hardware model is prepared and the working scheme is implemented using IoT technology. The hardware result suggests that the un-authentic attempt/cyber-attack has been identified and the alarm is generated. It also does not permit the un-authentic person to access the real-time data. A wide range of applicability of the suggested scheme has been verified by hardware results. In addition to this, the power factor correction algorithm also works satisfactorily in the hardware along with the cyber security constraints. In order to prove wide range of applicability of the suggested scheme, additional features such as controlling of multiple switching devices and interlock between CB and earthing switch has been successfully implemented in developed hardware.

Enhancing IOT Security: Investigating Lightweight Encryption Algorithms for Resource-Constrained Devices

Abstract: In this work, we examine three LWCs: namely AES-128, SPECK, and ASCON, considering their presentation on resource-constrained IoT devices. With the large-scale deployment of IoT in all areas of industry, ensuring the security and efficiency of cryptographic implementations has become highly critical because typical IoT devices are usually characterized by limited memory, processing power, and energy resources. The study ascertains the memory usage, throughput, energy efficiency, and strength of security in the chosen algorithms by highly popular resource-constrained boards such as Arduino Nano and Arduino Micro. The benchmarks have shown that SPECK has the highest throughput, which is much efficient for constrained environments. One of the significant features of ASCON is that it has minimized memory usage and high energy efficiency. Therefore, it suits for long-term usage in IoT. AES-128 is secure but resource-intensive, so its usage may be irrelevant in very constrained environments. The results are of great value for IoT developers as a contribution to the selection of cryptographic algorithms based on the conditions and resource restrictions of the IoT devices involved so that optimized security solutions are achieved.

Security Analysis and Implementation of a Multilevel AI-Based Authentication System for Enhanced and Faster Security on Mobile, Web-Based, and Other Devices

Security Analysis and Implementation of a Multilevel AI-Based Authentication System for Enhanced and Faster Security on Mobile, Web-Based, and Other Devices