Security Risks Research Articles

SecureCloud: A Shield Against Virtual Threats

Cloud computing is a constituent of today and tomorrow innovative information and computing technologies which provides useful and convenient services like storage and access etc. But it has important problems which aggravate with security aspects of a system with regards to the data confidentiality and integrity. These challenges are met in this paper by conducting a detailed theoretical study of literature on data security risks in single and multi-cloud models. Some of the threats include; break-ins, theft of information and loss of information. A comparison of extant literature on security measures like encryption and access control in the cloud based systems is done. It is shown that the solutions available currently have certain deficits, which contribute to the necessity of enhancing safety features. Thus, to fill these gaps, it is suggested to have one layer of protection against data access and another one in relation to data downloads. That way it is protective of the data, useful and clients’ information privacy will be well protected. Thus, the results of the study can be valuable for researchers and cloud service providers who are working on the improvement of the information security in cloud environments

Computer Network and Database Security Technology Optimization

With the continuous development of computer network technology, its applications in daily life and work have become increasingly widespread, greatly improving efficiency. However, certain security risks remain. To ensure the security of computer networks and databases, it is essential to enhance the security of both through optimization of technology. This includes improving management practices, optimizing data processing methods, and establishing comprehensive laws and regulations. This paper analyzes the current security risks in computer networks and databases and proposes corresponding solutions, offering reference points for relevant personnel.

The Future of Public Money: From Fiscal Fantasy to Reality

With relentless pressures on the public purse and urgent demand to improve policy outcomes, it is time to reshape the management of public money. Governments around the world are in a fiscal fix. Debt is high, growth remains stubbornly low, and taxpayers are dissatisfied as they pay more for outcomes that are stagnating or getting worse. Given aging populations, creaking infrastructure, heightened defense, security risks, and the green transition, demand for public spending will not ease up. In today’s volatile world, the next shock—which would be costly for governments to manage—could be just around the corner. Some commentators say their governments are living in a “fiscal fantasyland”; that the trade-offs required to place public finances on a sustainable footing remain unconfronted and leave difficult decisions delayed. It is not hard to feel pessimistic about the situation and the prospects for the future. However, the authors of this report do not share this pessimism. That is because the ideas and technology are in place to get us out of this fiscal fix. Our working hypothesis is that the answer lies in focusing not just on the money—the facts of revenue, expenditure, and debt—but in engaging much more deeply with the productivity of the money that is spent; how it contributes to the actual outcomes achieved. To test this hypothesis and draw up a route map to guide governments out of “fiscal fantasyland,” representatives of the EY organization have been working with OMFIF’s Economic and Monetary Policy Institute. We joined an OMFIF-convened group of leading public finance thinkers from international finance institutions, public sector bodies, and the investor community to review how public finances are managed today and explore how public money could be better allocated in the future—through more effective rules and institutions, and better use of data and technology. Our discussions led to a consensus. Although many countries have good public finance institutional frameworks and practices in place, fundamental implementation issues in the various service delivery systems are impeding their effectiveness. For instance, long-term goals and horizon targets are undermined by short-term political cycles and priorities; insufficient accounting for future risks disincentivizes investment in resilience; and the lack of information on the impact achieved by expenditure hampers effective decisions on how to allocate money. The heartening news is that there are clear ways in which structure, rules, and decision-making can be overhauled, to improve dramatically the management of public finances. These ideas and approaches are set out in this report and the authors hope you find them to be a valuable contribution to this debate. How well governments manage public money to improve outcomes matters greatly to citizens and communities all around the world. This is a vitally important debate and it is one we are delighted to help convene and advance.

Quantifying food security and mitigation risks consequential to climate change impacts on crop yields

Abstract Climate change is expected to impact crop yields globally, with some regions benefiting from favorable conditions and CO2 fertilization, while others face adverse effects from altered precipitation and higher temperatures. Changes in crop yields can destabilize the global food system and pose challenges to food security. Moreover, crop production is crucial, as biofuels are becoming increasingly important contributors to climate change mitigation measures aimed at limiting global warming. This study uses the IMAGE integrated assessment model framework to analyze different indicators related to food security and climate change mitigation under varying climate change impacts on crop yields. Twelve spatially explicit crop productivity projections were taken from the full archive of the Global Gridded Crop Model Intercomparison (GGCMI) of 120 climate-crop model combinations, forced by CMIP6-based climate scenarios. The selection includes two average-performing climate-crop model combinations, two pessimistic combinations that perform one standard deviation below the mean, and two optimistic model combinations that perform one standard deviation above the mean. To single out the effect of climate change on productivity changes, we drew samples from two representative concentration pathways (RCP2.6 and RCP8.5). These productivity projections were applied within an otherwise uniform scenario (SSP2) and analyzed for their effect on total calorie demand, crop prices, and number of people at risk of undernourishment to quantify food security. Risks to climate change mitigation targets were explored by modeling the total bioenergy supply, emissions, and global mean temperature. The results revealed significant differences in the risk of food security and mitigation potential between different regions and climate change scenarios. Across scenarios, the crop area extent can vary up to 2 million km2 due to changing crop yields. The projected change in global hunger ranges from 60 to 160 million undernourished people, indicating uncertainty between climate and crop model combinations. Low-income regions are especially impacted because of their high sensitivity to changes in food prices. Global climate change mitigation ambitions can also deviate by the latter part of the 21st century, as changes in yields will impact biofuel production as well as Agriculture, Forestry and Other Land Use (AFOLU) emissions. The quantitative insights generated by this study highlight the need for global policy efforts to make the agricultural system more adaptive to climate change to handle potential negative impacts.

How Educational Institutions use Social Media Platforms to Engage Students, Promote Online Communities and Build a Sense of Belonging

This study seeks to explore the role of social media in enhancing the involvement of students, feelings of belonging, and collaborative behavior in the academic environment while trying to understand how these platforms may impact the safety of the university as well as obstacles to crime. The study, focusing upon the case of universities in Punjab, Pakistan, that include University of Punjab, University of Education, and so forth, analyzes how the social media levels, whether Facebook, Instagram, or Twitter, assist in creating online communities in mutual interaction as relations become institutionalized and thus minimize the risks for security. Social media turns out to be an important platform, both in terms of communication and coordination while also putting it to good use for spreading awareness regarding crime prevention and reporting of incidents. Thus, the study is conducted by using a quantitative research design with a sample of 274 students selected through snowball sampling, who completed structured surveys. Data were analyzed through multiple linear regressions, ANOVA, and post-hoc Tukey's HSD tests using SPSS software to explore the impact of social media use on student outcomes and their perceptions of safety. The results indicated that Facebook significantly influenced student involvement with the university, whereas a sense of belonging was created with a relatively less powerful influence of Instagram and Twitter. The study reports on how Facebook and Twitter are also seen to positively disseminate information regarding campus security concerns, where students can provide safety tips and issue various complaints about suspicious activities. Therefore, the findings of this research suggest that social media, such as Facebook, can be used by institutions of learning to facilitate peer-to-peer and peer-to-student collaboration and enhance the feeling of belonging and attachment to an institution while at the same time providing a safer camp environment. Recommendations In conclusion, universities are advised to take decisive actions on formulating strategies towards effective use of social media that might improve the overall student experience, engagement, and crime prevention.

Practical Security of Continuous Variable Measurement- Device-Independent Quantum Key Distribution with Local Local Oscillator

Continuous-variable (CV) measurement-device-independent (MDI) quantum key distribution (QKD) can remove the feasible side-channel attacks on detectors based on the accurate Bell-state measurement (BSM), where an optical amplitude modulator (AM) plays a crucial role in managing the intensity of the transmitted light pulse. However, the AM-involved practical security has remained elusive as the operating frequency of the AM usually determines the actual secret key rate of the CV-MDI-QKD system. We find that an imperfect pulse generated from the AM at high speed can lead to a challenge to the practical security as a minor intensity change of the light pulse can bring about a potential information leakage. Taking advantage of this flaw, we suggest an attack strategy targeting the embedded AM in CV-MDI-QKD without sending the local oscillator (LO). This attack can damage the AM and thus decrease the estimated secret key rate of the system even when the orthogonal local LO (LLO) scheme is carried out. To assess the practical security risk resulting from the leaked information from the AM, we conduct numerical simulations to demonstrate the influence of the AM on the CVMDI-QKD system.

Perceived risks of financial misconduct and fintech in crowdfunding of Vietnamese individual investors

Crowdfunding is a method of funding a project or venture by collecting small amounts of money from a large number of people – typically via the Internet – which presents both opportunities for financial inclusion and risks to financial consumers. This study aimed to investigate the influence of perceived risks of financial misconduct and fintech on the intentions of individual investors to participate in crowdfunding. The authors employed a quantitative method to gather approximately 900 survey responses, which were subsequently collated for further analysis. The findings indicate that the perceived risk of financial misconduct is a second-order factor that is reflected by four first-order factors: credibility risk, market risk, asymmetric information risk, and financial risk. Similarly, the perceived risk of fintech is a second-order factor that is reflected by three first-order factors: security risk, time-consuming risk, and expense risk. The study reveals that the perceived risk of financial misconduct negatively affects the intention to participate in crowdfunding, while the perceived risk of fintech positively influences the intention to participate. Additionally, the perceived risk of fintech also positively impacts the perceived risk of financial misconduct. Based on these research results, this study proposes policy implications for project owners, investors and regulatory agencies to enhance the quality of crowdfunding platforms. These recommendations aim to protect users from threats and risks associated with using these platforms, thereby improving the overall effectiveness and safety of the crowdfunding environment.

A memristor‐sourced key for encrypted power and data synchronous transmission in switched mode power supplies

AbstractIn power and data synchronous transmission (PDST), it is crucial to modulate additional signals onto the voltage bus of the converters. This reduces the cost of monitoring and control of the power grid. There is thus the need to ensure that the data transmitted is well secured. This study, designs an electronic system that uses the common coupling point for PDST. Then Chua's memristive circuit is introduced as an entropy source for generating a random bit sequence for encrypted PDST in a switched mode power supply. The encrypted data signal is modulated using phase shift key modulation. Thereafter, the carrier signal is pulse width modulation modulated to control the switching operation of the power switch. The use of Chua's memristive circuit for generating a random number is not new; however, there is little study directly adopting its use in PDST. This allows for resource sharing since multiple signal sources can share the same bus without interference or security risk. The generated random bits are tested for randomness using National Institute of Standards and Technology test suite and autocorrelation test. MATLAB/Simulink and experimental results both confirm the effectiveness of the proposed data encryption method.

Cross-layer Authentication Mechanism Model Combined with 5G Converged Channel Fingerprint

In the actual communication environment, once the attacker successfully steals the legitimate channel information, the key information can be cracked according to the authentication response, so there is a security risk of key leakage. This paper combines the physical layer channel characteristics with the shared key, and combines it into a joint key to design a challenge-response physical layer authentication mechanism based on interpolation polynomial. Then, this method is applied to the EAP-AKA’ authentication protocol of 5G network, and a cross-layer authentication mechanism for 5G converged channel fingerprint is proposed. Finally, using the captured high-level authentication challenge response data, a simulation environment is built in MATLAB and the feasibility and security of the scheme are verified. The experimental results show that the authentication mechanism has better authentication performance and security performance. Compared with the traditional high-level authentication mechanism, it has certain advantages in computing overhead and can meet the 5G application scenarios of large-scale IoT terminals. Moreover, it combines physical layer authentication with high-level authentication, realizes mutual complementarity and mutual enhancement, and enhances the security performance of authentication.

API Common Security Threats and Security Protection Strategies

This study analyzes the core role of APIs in modern digital ecology and the security threats they face, such as information leakage and overstepping access, and explores their security risks for technologies such as RESTful and GraphQL. It proposes to use OAuth/JWT authentication mechanism to strengthen access control, adopt HTTPS/TLS to secure data transmission, and combine with API gateway to defend against DDoS attacks. It also emphasizes the importance of fine-grained privilege management and log auditing. The study provides strategic guidance for improving API security protection and looks forward to the trend of intelligent protection.

ChatGPT: Technology Frontiers and Cybersecurity Challenges

This paper examines the evolution and application of OpenAI's advanced conversational AI, ChatGPT, particularly within the domain of cybersecurity. With an architecture built on the Transformer model, ChatGPT demonstrates significant capabilities in language understanding and generation. It leverages vast datasets, ranging from social media posts to technical documents, ensuring the model adapts to diverse fields and maintains compliance with privacy and security regulations. The paper explores ChatGPT's role in network security, highlighting its proficiency in threat detection, vulnerability assessment, and incident response, essential as regulations like GDPR and CCPA become more stringent. Furthermore, the study addresses potential security risks associated with AI, such as phishing and misinformation, and discusses mitigation strategies through advanced training techniques like adversarial training and multi-task learning. A novel variational autoencoder (VAE)-based method, T-VAE, is introduced, offering enhanced generalization capabilities across different tasks and scenarios. The findings suggest that while ChatGPT has made significant strides in cybersecurity applications, continuous improvements in model robustness and adaptability are necessary to mitigate emerging threats and adapt to evolving digital landscapes.

Accounting for Natural Disasters Using Risk of Information Security

Objective: The harm that can be done to an information technology system is referred to as "information security risk" (IS). Data breaches, administrative actions, financial expenses, and reputational harm are just a few of the many possible dangers that fall under the broad category of information systems risks. IS hazards include hostile assaults, spam, viruses, human error, hardware and software malfunctions, and natural disasters like floods, hurricanes, and fires. Methods: Key security controls for applications are identified, evaluated, and implemented through security risk assessments. Another priority is to avoid security gaps and defects in software. This article analyzes documented historical research on natural disaster accounting. Based on the results of 35 publications on general topics, economic history, and accounting, 11 papers were selected and reviewed. By analyzing the scattered literature, emerging themes, investigated disasters, investigated time periods, and main contributions of published research were identified. Result: To compare the predictive capabilities of the machine learning models and validate the landslide, flood, and wildfire hazard maps, the area under the curve (AUC) was calculated. For the landslide, flood, and wildfire hazard maps, the RF model provided the highest AUC values (0.81, 0.85, and 0.94, respectively).

Country risk mapping in a changing world—comparative survey on academic research and industrial practices

AbstractIn an era marked by rapid geopolitical shifts, persistent pandemics, and escalating climate threats, the imperative to transcend traditional country risk mapping methodologies has never been more critical. This study embarks on a comprehensive examination of the efficiency of current academic and industrial approaches to mapping the multifaceted country risks. By proposing a structured risk mapping framework that incorporates seven pivotal risk categories as Political Risk, Institutional Risk, War and Armed Conflict Risk, Public Security Risk, Socioeconomic Risk, Ecological Threat Risk, and Infrastructure Risk, the research seeks to foster a more nuanced understanding of how different organizations assess and prioritize these risk factors. Employing a dual approach that includes a thorough literature review and an extensive industry survey, and a detailed analysis of each of the seven risk category by juxtaposing relevant academic insights with industry practices, this study examines the discrepancies between academic theories and practical applications in country risk mapping. It reveals underestimate country risk factors, inadequate risk categorization granularity, inconsistencies in risk prioritization, terminological mismatches, and a need for a more integrated and holistic approach to country risk mapping. The paper concludes by proposing future research directions that aim to refine country risk mapping methodologies. It advocates a forward-looking perspective that adequately addresses the complexity and inter-connectivity of global operational risks.

Compressive sensing and DNA coding operation: Revolutionary approach to colour medical image compression‐encryption algorithm

AbstractWith advancements in medical imaging technology, colour medical images make lesion diagnosis more intuitive. However, when transmitting these high‐capacity images, doctors and researchers must not only address the challenges of storage and transmission efficiency but also guard against unauthorized access and data security risks. To address these issues, a revolutionary approach for colour medical image compression encryption based on compressive sensing and deoxyribonucleic acid (DNA) coding operation is introduced in this study. Randomness and sparse optimizations are performed on three floating‐point matrices obtained through discrete wavelet and sparse transforms of plain colour medical images by employing position scrambling and reduced‐stiffness operations. Subsequently, the floating‐point matrices are measured and quantized to generate three 8‐bit integer matrices. Further, pixel‐by‐pixel DNA encoding, DNA‐base scrambling, DNA XOR, and DNA decoding operations are performed to achieve DNA base‐position scrambling and value diffusion. Finally, the regrouped bit planes help yield the compressed encrypted images. A comprehensive analysis of the proposed algorithm's encryption and decryption effectiveness, compression performance, and security was conducted. The results show that, with a compression ratio of 0.5, average PSNR = 42.7153 dB and average MSSIM = 0.9779, key space is , average entropy = 7.9986 bits, average histogram variance = 509.53, and the correlation coefficients are close to 0. Moreover, the algorithm shows some immunity to common cryptographic attacks, such as differential, known‐plaintext, noise, and occlusion attacks. Thus, the proposed algorithm addresses the challenges posed by the sensitive nature of patient information and limited storage space.

Enhancing PV feed-in power forecasting through federated learning with differential privacy using LSTM and GRU

Given the inherent fluctuation of photovoltaic (PV) generation, accurately forecasting solar power output and grid feed-in is crucial for optimizing grid operations. Data-driven methods facilitate efficient supply and demand management in smart grids, but predicting solar power remains challenging due to weather dependence and data privacy restrictions. Traditional deep learning (DL) approaches require access to centralized training data, leading to security and privacy risks. To navigate these challenges, this study utilizes federated learning (FL) to forecast feed-in power for the low-voltage grid. We propose a bottom-up, privacy-preserving prediction method using differential privacy (DP) to enhance data privacy for energy analytics on the customer side. This study aims at proving the viability of an enhanced FL approach by employing three years of meter data from three residential PV systems installed in a southern city of Germany, incorporating irradiance weather data for accurate PV power generation predictions. For the experiments, the DL models long short-term memory (LSTM) and gated recurrent unit (GRU) are federated and integrated with DP. Consequently, federated LSTM and GRU models are compared with centralized and local baseline models using rolling 5-fold cross-validation to evaluate their respective performances. By leveraging advanced FL algorithms such as FedYogi and FedAdam, we propose a method that not only predicts sequential energy data with high accuracy, achieving an R2 of 97.68%, but also adheres to stringent privacy standards, offering a scalable solution for the challenges of smart grids analytics, thus clearly showing that the proposed approach is promising and worth being pursued further.

EMPViT: Efficient multi-path vision transformer for security risks detection in power distribution network

To maintain the safe operation of power distribution network (PDN) equipment, it is important to accurately and promptly identify security risks. However, conventional drone-based object detection methods face challenges due to noise and similarity features in risk targets, as well as limited computing resources of unmanned aerial vehicles (UAVs). To address these challenges, an efficient embedding-based multi-path fusion architecture is proposed. This architecture uses a re-parameterized depthwise block to embed local context information at different scales, enhancing the extraction of tiny features while preserving inference speed. Additionally, a coordinated self-attention module is proposed to reduce computational complexity while maintaining the performance of global information. By fusing fine and coarse feature representations without requiring a lot of computation, this module efficiently learns from both local and global features from images. The goal is to create an efficient multi-path vision transformer (EMPViT) architecture that achieves a balance between accuracy and efficiency. The proposed EMPViT has been evaluated on two different drone image dataset, demonstrating better performance compared to other architectures. Specifically, the EMPViT-S improves the detection mAP by 1.2%, and the inference speed is improved to 1.24 times on average on Drone-PDN dataset. It has achieved the same performance improvement on VisDrone-DET2019 dataset, gaining detection performance by 1.3% and 1.2 times acceleration on average.

Wavelet and VMD enhanced traffic forecasting and scheduling method for edge cloud networks

With the proliferation of Intelligent applications, more and more organizations migrate their applications from cloud to edge cloud network to reduce the latency of applications and alleviate the workload of cloud. When the network congestion occurs, network monitoring and detection system may disable, and edge cloud network will be vulnerable to be attacked. Traffic forecasting can identify the traffic patterns in advance, and dynamically allocate network resources to decrease latency of applications and avoid security risks caused by network congestion. Therefore, we propose a network scheduling framework WVNF (Wavelet VMD Based Network Flow Management) based on traffic prediction, which utilizes neural networks to forecast network traffic and deploys route strategies to optimize network scheduling. Specifically, in order to accurately forecast network traffic, we propose a neural network model, named TSWNet (Traffic Sequence Wavelet Network). TSWNet uses VMD (variational mode decomposition) to decompose time series and extract signal structure information on different time scales, and adopts wavelet transformation to extract the local and global features of the traffic sequence in the time and frequency domain. In addition, we model this traffic scheduling problem and propose a route strategy, which utilizes the result of TSWNet to find the best path. In extensive tests, TSWNet significantly outperformed existing models, reducing MSE and MAE by up to 48.8% and 27.8% respectively, demonstrating its effective traffic prediction and network scheduling capabilities.

Secure control for uncertain nonlinear cyber–physical systems: A prescribed-time scheme based on temporal scaling

In this paper, the prescribed-time secure control is explored for uncertain nonlinear cyber–physical systems through temporal scaling transformation and gain control technique, where the nonlinearity is more generic than common linear growth conditions due to the presence of large uncertainties and low-order states. Given that security risks exist in open networks, the impact of deception attacks is considered, whereas, this prevents the gain control technique from being applied directly to control design. To lift the restriction, a novel auxiliary system is firstly constructed to cleverly turn the secure control to the boundedness control of the auxiliary system. Next, a crucial bridge, temporal scaling transformation, is employed to transform the control issue in the finite time into infinite time, which opens up more possibilities for solving studied issues. Then, by the gain control technique, a Zeno-free secure control strategy with dynamically adjustable triggering mechanism is devised, which successfully ensures the convergence of system states within the prescribed time meanwhile counteracting deception attacks. Further, an improved nonlinearity, i.e. containing both low-order and high-order states, is discussed. Particularly, the proposed control strategies not only avoid real-time control updates, but also the gains therein handle system nonlinearities efficiently. Eventually, the validity of major results is verified via simulation examples.

A Roadmap to Systematic Review: Evaluating the Role of Data Networks and Application Programming Interfaces in Enhancing Operational Efficiency in Small and Medium Enterprises

The adoption of Data Networks and Application Programming Interfaces (APIs) has become crucial for small and medium enterprises (SMEs) to streamline operations, improve efficiency, and reduce costs. However, SMEs often face challenges such as resource limitations and security vulnerabilities, which hinder their ability to fully leverage these technologies. This systematic review examines the role of Data Networks and APIs in enhancing operational efficiency within SMEs, focusing on key metrics such as speed, cost reduction, scalability, and security challenges. Following PRISMA 2020 guidelines, we conducted a systematic search across multiple databases including Web of Science, Scopus, IEEE Xplore, and Google Scholar. Studies published between 2014 and 2024, focused on SMEs, and addressing the role of Data Networks and APIs in operational efficiency were included. A total of 49 studies met the inclusion criteria and were analyzed for key outcomes related to operational efficiency, cost-effectiveness, and security risks. The review found that Data Networks and APIs significantly improve operational efficiency by increasing process speed (12% increase), reducing operational costs (8% reduction), and enhancing overall productivity. However, security challenges, particularly related to API vulnerabilities, were a major concern, with cyberattacks on APIs increasing by 400% in Q1 2023 alone. Despite these risks, the benefits of implementing Data Networks and APIs in SMEs, particularly in terms of scalability and real-time data processing, were evident across industries. Data Networks and APIs offer substantial improvements in operational efficiency for SMEs, although security remains a significant challenge. Future efforts should focus on developing security frameworks tailored to SMEs while maintaining the operational benefits of these technologies. Further research is needed to explore scalable and secure API models for SMEs.

A smart contract solution for transparent auctions on permissioned blockchain platform

The rapid and advanced development of the Internet and Technology in recent years has led to the increased popularity of online electronic auctioning (e-auction) systems like eBay. These e-auctions are becoming increasingly essential to the global economy and hold a promising future as they increase user participation and provide advantages such as time-saving, low cost, and ubiquity (not limited to geographic location). However, existing real-time e-auction systems are centralized and rely on intermediaries, leading to issues such as lack of transparency, corruption, security risks, interoperability, and low trust from bidders and auctioneers. To address these issues, we present a permissioned blockchain-based transparent auction system that allows participants to participate in the auction and bidder organization in a single decentralized platform. Auctioneer announces the auction then bidders submit an individual bid for the auction during the auction period. In this paper, we present the implementation of smart contracts over the Hyperledger Fabric platform, conduct testbeds using the caliper benchmark tool, and report the results.