Security Model Research Articles

Design and Performance Evaluation of an Authentic End-to-End Communication Model on Large-Scale Hybrid IPv4-IPv6 Virtual Networks to Detect MITM Attacks

After the end of IPv4 addresses, the Internet is moving towards IPv6 address architecture quickly with the support of virtualization techniques worldwide. IPv4 and IPv6 protocols will co-exist long during the changeover process. Some attacks, such as MITM attacks, do not discriminate by appearance and affect IPv4 and IPv6 address architectures. In an MITM attack, the attacker secretly captures the data, masquerades as the original sender, and sends it toward the receiver. The receiver replies to the attacker because the receiver does not authenticate the source. Therefore, the authentication between two parties is compromised due to an MITM attack. The existing authentication schemes adopt complicated mathematical procedures. Therefore, the existing schemes increase computation and communication costs. This paper proposes a lightweight and authentic end-to-end communication model to detect MITM attacks using a pre-shared symmetric key. In addition, we implement and analyze the performance of our proposed security model on Linux-based virtual machines connected to large-scale hybrid IPv4-IPv6 virtual networks. Moreover, security analyses prove the effectiveness of our proposed model. Finally, we compare the performance of our proposed security model with existing models in terms of computation cost and communication overhead.

Decentralized Machine Learning Framework for the Internet of Things: Enhancing Security, Privacy, and Efficiency in Cloud-Integrated Environments

The Internet of things (IoT) presents unique challenges for the deployment of machine learning (ML) models, particularly due to constraints on computational resources, the necessity for decentralized processing, and concerns regarding security and privacy in interconnected environments such as the Internet of cloud. In this paper, a novel decentralized ML framework is proposed for IoT environments characterized by wireless communication, dynamic data streams, and integration with cloud services. The framework integrates incremental learning algorithms with a robust decentralized model exchange protocol, ensuring that data privacy is preserved, while enabling IoT devices to participate in collaborative learning from distributed data across cloud networks. By incorporating a gossip-based communication protocol, the framework ensures energy-efficient, scalable, and secure model exchange, fostering effective knowledge sharing among devices, while addressing the potential security threats inherent in cloud-based IoT ecosystems. The framework’s performance was evaluated through simulations, demonstrating its ability to handle the complexities of real-time data processing in resource-constrained IoT environments, while also mitigating security and privacy risks within the Internet of cloud.

Prototype to mitigate risks for the closure of a company with the support of Information Technologies

The problems of business closures (SMEs) are constant in the world and in Ecuador due to the lack of application of appropriate management models that allow the conversion of strategies. The deductive method was used for exploratory research of the information related to the research topic. The objective is to design a prototype to mitigate risks and prevent threats to avoid the closure of this type of companies. The result was a conceptual model to minimize risks, a risk control prototype, a prototype flow chart, a simulation of processes with five scenarios, determination of the formula to detect the probability of closure as an SME and risk analysis and evaluation. It was concluded that the proposed prototype to detect threats and vulnerabilities provides an optimal security model for small and medium-sized companies; as a result of the simulations, a security percentage of 77.92% was established, which means that the greater the number of risks and threats, the greater the probability that a small and medium-sized company will close.

Zero Trust Security: Is it Optional?

Zero Trust Architecture (ZTA) is a cybersecurity model that authenticates and authorizes every interaction between a user or device and a network. It's based on the idea that "trust is good, but control is better", and assumes that all networks and traffic could be potential threats. ZTA goes beyond the traditional "trust but verify" approach, by treating every access request as potentially dangerous and requiring a thorough check before granting access. This is regardless of the requester's identity or location. Zero Trust is a security model that assumes nothing should be trusted automatically, even within a network. It requires all users, regardless of location, to be verified and authorized before accessing resources. This is achieved through strict security measures like multi-factor authentication, advanced endpoint protection, and robust identity management. Today, people expect to access applications and data anytime, anywhere. With the rise of cloud computing and IoT, the number of connected devices and potential attack points is growing. To protect data and networks, we need a new approach. This article explains what Zero Trust is and some of its key principles.

Application of zero trust model in preventing medical errors

Medical errors can occur in many areas of healthcare, including hospitals, clinics, and surgery centers. They can result in negative consequences for patients and their loved ones. Over the years, different methods have been used to reduce medical errors. Zero Trust is an information security model that denies access to applications and data by default. Other industries have successfully used Zero Trust Model (ZTM), and it has been shown to improve outcomes. This editorial analyzes how the ZTM can be introduced to prevent medical errors in healthcare settings. ZTM application in healthcare could potentially revolutionize patient safety by tightly controlling and monitoring access to sensitive patient data and critical systems. By enhancing security measures, the ZTM could address the paramount concerns of patient data privacy and safety in healthcare. The zero-trust approach offers a potential solution by identifying consistent causes of errors and providing viable solutions to prevent their recurrence. In the era of worsening ransomware attacks on healthcare systems, the ZTM could also have enormous implications in other cybersecurity aspects. With this manuscript, the authors advocate for the broader application of ZTM across other facets of healthcare cybersecurity.

Public Authentic-Replica Sampling Mechanism in Distributed Storage Environments

With the rapid development of wireless communication and big data analysis technologies, the storage of massive amounts of data relies on third-party trusted storage, such as cloud storage. However, once data are stored on third-party servers, data owners lose physical control over their data, making it challenging to ensure data integrity and security. To address this issue, researchers have proposed integrity auditing mechanisms that allow for the auditing of data integrity on cloud servers without retrieving all the data. To further enhance the availability of data stored on cloud servers, multiple replicas of the original data are stored on the server. However, in existing multi-replica auditing schemes, there is a problem of server fraud, where the server does not actually store the corresponding data replicas. To tackle this issue, this paper presents a formal definition of authentic replicas along with a security model for the authentic-replica sampling mechanism. Based on time-lock puzzles, identity-based encryption (IBE) mechanisms, and succinct proof techniques, we design an authentic replica auditing mechanism. This mechanism ensures the authenticity of replicas and can resist outsourcing attacks and generation attacks. Additionally, our schemes replace the combination of random numbers and replica correspondence tables with Linear Feedback Shift Registers (LFSRs), optimizing the original client-side generation and uploading of replica parameters from being linearly related to the number of replicas to a constant level. Furthermore, our schemes allow for the public recovery of replica parameters, enabling any third party to verify the replicas through these parameters. As a result, the schemes achieve public verifiability and meet the efficiency requirements for authentic-replica sampling in multi-cloud environments. This makes our scheme more suitable for distributed storage environments. The experiments show that our scheme makes the time for generating copy parameters negligible while also greatly optimizing the time required for replica generation. As the amount of replica data increases, the time spent does not grow linearly. Due to the multi-party aggregation design, the verification time is also optimal. Compared to the latest schemes, the verification time is reduced by approximately 30%.

Correction to “Optimized LightGBM Model for Security and Privacy Issues in Cyber‐Physical Systems”

Correction to “Optimized <scp>LightGBM</scp> Model for Security and Privacy Issues in Cyber‐Physical Systems”

High Capacity and Reversible Fragile Watermarking Method for Medical Image Authentication and Patient Data Hiding.

The exchange of medical images and patient data over the internet has attracted considerable attention in the past decade, driven by advancements in communication and health services. However, transferring confidential data through insecure channels, such as the internet, exposes it to potential manipulations and attacks. To ensure the authenticity of medical images while concealing patient data within them, this paper introduces a high-capacity and reversible fragile watermarking model in which an authentication watermark is initially generated from the cover image and merged with the patient's information, photo, and medical report to form the global watermark. This watermark is subsequently encrypted using the chaotic Chen system technique, enhancing the model's security and ensuring patient data confidentiality. The cover image then undergoes a Discrete Fourier Transform (DFT) and the encrypted watermark is inserted into the frequency coefficients using a new embedding technique. The experimental results demonstrate that the proposed method achieves great watermarked image quality, with a PSNR exceeding 113dB and an SSIM close to 1, while maintaining a high embedding capacity of 3 BPP (Bits Per Pixel) and offering perfect reversibility. Furthermore, the proposed model demonstrates high sensitivity to attacks, successfully detecting tampering in all 18 tested attacks, and achieves nearly perfect watermark extraction accuracy, with a Bit Error Rate (BER) of 0.0004%. This high watermark extraction accuracy is crucial in our situation where patient data need to be retrieved from the watermarked images with almost no alteration.

Lightweight Mutually Authenticated Key Exchange with Physical Unclonable Functions

Authenticated key exchange is desired in scenarios where two participants must exchange sensitive information over an untrusted channel but do not trust each other at the outset of the exchange. As a unique hardware-based random oracle, physical unclonable functions (PUFs) can embed cryptographic hardness and binding properties needed for a secure, interactive authentication system. In this paper, we propose a lightweight protocol, termed PUF-MAKE, to achieve bilateral mutual authentication between two untrusted parties with the help of a trusted server and secure physical devices. At the end of the protocol, both parties are authenticated and possess a shared session key that they can use to encrypt sensitive information over an untrusted channel. The PUF’s underlying entropy hardness characteristics and the key-encryption-key (KEK) primitive act as the root of trust in the protocol’s construction. Other salient properties include a lightweight construction with minimal information stored on each device, a key refresh mechanism to ensure a fresh key is used for every authentication, and robustness against a wide range of attacks. We evaluate the protocol on a set of three FPGAs and a desktop server, with the computational complexity calculated as a function of primitive operations. A composable security model is proposed and analyzed considering a powerful adversary in control of all communications channels. In particular, session key confidentiality is proven through formal verification of the protocol under strong attacker (Dolev-Yao) assumptions, rendering it viable for high-security applications such as digital currency.

Multi-cloud security model: establishment of inter-server communication for authentication integrity

Multi-cloud security model: establishment of inter-server communication for authentication integrity

Assessment of Cybersecurity Risks in Digital Twin Deployments in Smart Cities

Digital Twin (DT) technology has become a cornerstone of modern smart city infrastructure, providing real-time insights and operational efficiencies by creating a virtual replica of physical systems such as traffic networks, energy grids, and public services. While these advancements enable optimized urban management and improved decision-making, they also present new cybersecurity challenges that can potentially jeopardize the safety and reliability of critical infrastructures. This study addresses the cybersecurity risks associated with Digital Twin deployments in smart cities, focusing on threats such as unauthorized access, data manipulation, and hijacking of the DT models, which could result in service disruptions and compromise public safety. The research employs a comprehensive risk assessment methodology based on the NIST Cybersecurity Framework, where potential risks are identified, evaluated, and prioritized according to their severity and likelihood of occurrence. To mitigate these risks, a multi-layered security framework was developed, incorporating encryption mechanisms, robust access control, and an Artificial Immune System (AIS)-based anomaly detection model. The framework was tested through a simulated case study on a smart transportation system within a smart city environment, demonstrating its effectiveness in preventing data tampering and detecting unauthorized access. The results indicate that the proposed security model reduced data manipulation incidents by 35%, decreased response times for threat detection by 25%, and improved overall system resilience by 40%. These findings underscore the critical need for proactive cybersecurity strategies in ensuring the secure and resilient deployment of Digital Twin technologies in smart cities. The study concludes by emphasizing the importance of continuous security monitoring and adaptive threat management to safeguard smart city ecosystems from evolving cyber threats

Design of Provably Secure and Lightweight Authentication Protocol for Unmanned Aerial Vehicle systems

Drones also called Unmanned Aerial Vehicles (UAVs) have become more prominent in several applications such as package delivery, real-time object detection, tracking, traffic monitoring, security surveillance systems, and many others. As a key member of IoT, the group of Radio Frequency IDentification (RFID) technologies is referred to as Automatic Identification and Data Capturing (AIDC). In particular, RFID technology is becoming a contactless and wireless technique used to automatically identify and track the tagged objects via radio frequency signals. It also has drawn a lot of attention among researchers, scientists, industries, and practitioners due to its broad range of real-world applications in various fields. However, RFID systems face two key concerns related to security and privacy, where an adversary performs eavesdropping, tampering, modification, and even interception of the secret information of the RFID tags, which may cause forgery and privacy problems. In contrast to security and privacy, RFID tags have very limited computational power capability. To deal with these issues, this paper puts forward an RFID-based Lightweight and Provably Secure Authentication Protocol (LPSAP) for Unmanned Aerial Vehicle Systems. The proposed protocol uses secure Physically Unclonable Functions (PUFs), Elliptic-Curve Cryptography (ECC), secure one-way hash, bitwise XOR, and concatenation operations. We use Ouafi and Phan’s formal security model for analyzing security and privacy features such as traceability and mutual authentication. The rigorous informal analysis is carried out which ensures that our proposed protocol achieves various security and privacy features as well as resists various known security attacks. The performance analysis demonstrates that our proposed protocol outperforms other existing protocols. In addition, Scyther and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool simulation results demonstrates that there is no security attack possible within bounds. Therefore, our proposed LPSAP protocol achieves an acceptable high level of security with the least computational, communication, and storage costs on passive RFID tags.

Efficient Boolean-to-Arithmetic Mask Conversion in Hardware

Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating efficient Boolean masked adders. In this paper, we present first- and second-order secure hardware implementations to perform B2A mask conversion efficiently without using masked adder structures. We first introduce a first-order secure low-latency gadget that executes a B2A2k in a single cycle. Furthermore, we propose a second-order secure B2A2k gadget that has a latency of only 4 clock cycles. Both gadgets are independent of the input word size k. We then show how these new primitives lead to improved B2Aq hardware implementations that perform a B2A mask conversion of integers modulo an arbitrary number. Our results show that our new gadgets outperform comparable solutions by more than a magnitude in terms of resource requirements and are at least 3 times faster in terms of latency and throughput. All gadgets have been formally verified and proven secure in the glitch-robust PINI security model. We additionally confirm the security of our gadgets on an FPGA platform using practical TVLA tests.

Reinventing BrED: A Practical Construction

Broadcast Encryption (BE) allows a sender to send an encrypted message to multiple receivers. In a typical broadcast encryption scenario, the broadcaster decides the set of users who can decrypt a particular ciphertext (denoted as the privileged set). Gritti et al. (IJIS'16) introduced a new primitive called Broadcast Encryption with Dealership (BrED), where the dealer decides the privileged set. A BrED scheme allows a dealer to buy content from the broadcaster and sell it to users. It provides better flexibility in managing a large user base. To date, quite a few different constructions of BrED schemes have been proposed by the research community. We find that all existing BrED schemes are insecure under the existing security definitions. We demonstrate a concrete attack on all the existing schemes in the purview of the existing security definition. We also find that the security definitions proposed in the state-of-the-art BrED schemes do not capture the real world. We argue about the inadequacy of existing definitions and propose a new security definition that models the real world more closely. Finally, we propose a new BrED construction and prove it to be secure in our newly proposed security model.

Verifiable attribute-based multi-keyword search scheme with sensitive information hiding for cloud-assisted e-healthcare sharing systems

Cloud-assisted e-healthcare sharing systems (EHSSs) play an increasingly pivotal role in the contemporary healthcare field. By outsourcing electronic medical records (EMRs) to the cloud, hospitals can alleviate local storage and management burdens while facilitating data sharing. Due to the highly sensitive nature of EMRs, encryption is necessary before storing them on the cloud. Attribute-based keyword search (ABKS) enables the privacy protection of EMRs with efficient search services. However, there remain some limitations in practical application. Firstly, most ABKS schemes only support single keyword queries, resulting in inaccurate results and wastage of computing and bandwidth resources. Secondly, since sensitive information within EMRs is encrypted as a whole, different data users (including internal doctors and external researchers) should have varying access rights to prevent leakage of this sensitive information. Thirdly, incorrect search results could lead to misdiagnosis or endanger patients' lives and affect researchers' decision-making processes. To effectively tackle these challenges, this paper proposes a verifiable attribute-based multi-keyword search scheme with sensitive information hiding (VABMKS-SIH) for cloud-assisted EHSSs, where we present a secure model for multi-keyword search with two-level access structure by incorporating an improved blindness filtering technique into ciphertext-policy attribute-based encryption (CP-ABE) within existing keyword search framework. Our scheme employs a super-increasing sequence to aggregate multiple filtered data blocks into one unified ciphertext, thereby greatly reducing communication overhead during the transmission phases of ciphertext. To check the correctness of returned results, we introduce a lightweight algebraic signature algorithm based on fundamental algebraic operations. A security analysis demonstrates that VABMKS-SIH is provably secure under the random oracle mode. Additionally, we also evaluate the proposed scheme's performance to demonstrate its utility in cloud-assisted EHSSs.

Trust-aware and improved density peaks clustering algorithm for fast and secure models in wireless sensor networks

Many trust-based models for wireless sensor networks do not account for trust attacks, which are destructive phenomena that undermine the security and reliability of these models. Therefore, a trust-based fast security model fused with an improved density peaks clustering algorithm (TFSM-DPC) is proposed to quickly identify trust attacks in this paper. First, when calculating direct trust values, TFSM-DPC designs the adaptive penalty factors based on the state of received and sent packets and behaviors, and introduces the volatilization factors to reduce the effect of historical trust values. Second, TFSM-DPC improved density peaks clustering (DPC) algorithm to evaluate the trustworthiness of each recommendation value, thus filtering malicious recommendations before calculating the indirect trust values. Moreover, to filter two types of recommendations, the improved DPC algorithm incorporates artificial benchmark data along with trust values recommended by neighbors as input data. Finally, based on the relationship between direct trust and indirect trust, a secure formula for calculate the comprehensive trust is designed. Therefore, the proposed TFSM-DPC can improve the accuracy of trust evaluation and speed up the identification of malicious nodes. Simulation results show that TFSM-DPC can effectively identify on-off, bad-mouth and collusion attacks, and improve the speed of excluding malicious nodes from the network, compared to other trust-based algorithms.

Security-Aware Deadline Constraint Task Scheduling using Hybrid Optimization of Modified Flying Squirrel Genetic Chameleon Swarm Algorithm

Cloud computing enables cost-effective resource sharing in hybrid clouds to tackle the problem of insufficient resources by elastically scaling the service capability based on the users’ needs. However, task scheduling (TS) in cloud environments is challenging due to deadline-based performance and security constraints. To remove the existing drawbacks based on deadline and security constraints, a Security-Aware Deadline Constraint TS (SADCTS) approach is presented using a hybrid optimization algorithm of the Modified Flying Squirrel Genetic Chameleon Swarm Algorithm (MFSGCSA). The proposed MFSGCSA is developed by integrating the genetic operators into CSA and combining it with the modified Flying Squirrel Optimization (FSO) algorithm in which the position update and global search equations are enhanced by adaptive probability factor to reduce the local optimum problem. In this SADCTS approach, the task assignment process is modeled into an NP-hard problem concerning a multi-level security model using user authentication, integrity, and confidentiality. This maximizes tasks’ completion rate and decreases the resource costs to process tasks with different deadline limitations. The optimal schedule sequence is obtained by MFSGCSA, where tasks are scheduled concurrently based on security constraints, demand, and deadlines to improve the prominence of cost, energy, and makespan. Experiments are simulated using the CloudSim toolkit, and the comparative outcomes show that the suggested SADCTS approach reduced the makespan, cost, and energy by 5-20% more than the traditional methods. Thus, SADCTS provides less task violation of 0.0001%, high energy efficiency of 700GHz/W, high resource utilization of 92%, less cost efficiency of 72GHz/$, and less makespan of 480minutes to satisfy the necessary security and deadline requirements for TS in shared resource hybrid clouds.

Assessment of food security by using the core food security model (CFSM) in beedi workers: A case study in Murshidabad district of West Bengal

Assessment of food security by using the core food security model (CFSM) in beedi workers: A case study in Murshidabad district of West Bengal

Revolutionizing Cloud Security: A Novel Framework for Enhanced Data Protection in Transmission and Migration

This research introduces a novel security framework specifically tailored to enhance data protection during cloud transmission and migration. Our study addresses critical gaps in existing security models by proposing a multi-dimensional system that incorporates advanced encryption techniques, dynamic access control, and continuous security auditing. Notably, this framework excels in ensuring cloud data integrity, confidentiality, and availability—core aspects often compromised under conventional methods. Comparative analysis with existing models in simulated cloud environments reveals that our framework significantly enhances threat detection accuracy, response speed, and resource management efficiency. The findings highlight the system’s capability to reduce security vulnerabilities while optimizing operational overhead, presenting a substantial improvement over traditional security solutions. This innovative approach, marked by improved scalability and flexibility, is poised to revolutionize cloud data security practices across various industries, prompting further research into robust cloud computing security methodologies.

Mobile Device Security: A Two-Layered Approach with Blockchain and Sensor Technology for Theft Prevention

In the backdrop of the escalating incidents of mobile device theft and associated security challenges, a resilient and innovative solution is imperative. The traditional security mechanisms, largely reliant on the International Mobile Equipment Identity (IMEI), have been fraught with vulnerabilities, leading to a surge in incidents of device theft and data breaches. Addressing this pressing issue, we present a novel, two-tiered approach integrating sensor technology and blockchain to bolster mobile device security. This work aims to create and assess a dual-layered security strategy that uses blockchain and sensor technologies in a complementary way. Based on a rigorous conceptual framework, it explores a two-tiered security model that intricately combines sensor and blockchain technologies. This collaborative integration aims to provide an effective solution to the widespread challenges of theft and security breaches in mobile devices. The methodology employs a sensor layer for real-time data collection and processing to detect potential thefts, and activating alerts. The blockchain layer, invoked upon these alerts, initiates secure, transparent, and decentralized transactions for verification and validation across network nodes. This dual mechanism ensures swift and secure anti-theft actions, supported by an enhanced encryption standard. Our result analysis reveals the proposed system’s superiority in computational time, energy consumption, and overall security levels when compared to existing protocols. The integration of real-time processing and blockchain’s immutable nature promises reduced false positives and enhanced data integrity. The findings indicate that this integrative approach not only mitigates theft but also ensures data security, marking a significant stride in mobile security technology. In conclusion, this two-layered system promises a scalable, efficient, and robust solution to mobile device theft and data breaches, with potential impacts transcending individual device security to influence broader data privacy and security paradigms, thus signifying a pivotal development in the field of mobile security.