Types Of Security Attacks Research Articles

A three-factor mutual authentication scheme for telecare medical information system based on ECC

In critical pandemic situations, the Telecare Medical Information System (TMIS) is a technological invention that offers secure and authentic patient registration and medical services remotely. Wireless Body Area Network (WBAN) uses TMIS to facilitate users/patients with remote medical services. Numerous schemes for authentication have been developed for secure and authentic communication to prevent security attacks encompassing replay, impersonation, and forgery attacks. Ryu et al. have proposed an ECC-based mutual authentication scheme in 2022. Nevertheless, through security scheme analysis, we have evidenced that Ryu et al.’s scheme has a trapdoor for insider attacks and privileged insider attacks. Their proposed scheme offers no assurance of server anonymity. In this paper, we propose a three-factor authentication system based on ECC that protects sensitive patient data from getting out during communication and protects against different types of security attacks. We have conducted an informal security analysis to verify that our scheme withstands security attacks.

A Distance Vector Hop-Based Secure and Robust Localization Algorithm for Wireless Sensor Networks

Location information of sensor nodes in a wireless sensor network is important. The sensor nodes are usually required to ascertain their positions so that the data collected by these nodes can be labeled with this information. On the other hand, certain attacks on wireless sensor networks lead to the incorrect estimation of sensor node positions. In such situations, when the location information is not correct, the data may be labeled with wrong location information that may subvert the desired operation of the wireless sensor network. In this work, we formulate and propose a distance vector hop-based algorithm to provide secure and robust localization in the presence of malicious sensor nodes that result in incorrect position estimation and jeopardize the wireless sensor network operation. The algorithm uses cryptography to ensure secure and robust operation in the presence of adversaries in the sensor network. As a result of the countermeasures, the attacks are neutralized and the sensor nodes are able to estimate their positions as desired. Our secure localization algorithm provides a defense against various types of security attacks, such as selective forwarding, wormhole, Sybil, tampering, and traffic replay, compared with other algorithms which provide security against only one or two types. Simulation experiments are performed to evaluate the performance of the proposed method, and the results indicate that our secure localization algorithm achieves the design objectives successfully. Performance of the proposed method is also compared with the performance of basic distance vector hop algorithm and two secure algorithms based on distance vector hop localization. The results reveal that our proposed secure localization algorithm outperforms the compared algorithms in the presence of multiple attacks by malicious nodes.

A Survey on Security Threats to Machine Learning Systems at Different Stages of its Pipeline

In recent years, Machine learning is being used in various systems in wide variety of applications like Healthcare, Image processing, Computer Vision, Classifications, etc. Machine learning algorithms have shown that it can solve complex problem-solving capabilities close to humans or beyond humans as well. But recent studies show that Machine Learning Algorithms and models are vulnerable to various attacks which compromise security the systems. These attacks are hard to detect because they can hide in data at various stages of machine learning pipeline without being detected. This survey aims to analyse various security attacks on machine learning and categorize them depending on position of attacks in machine learning pipeline. This paper will focus on all aspects of machine learning security at various stages from training phase to testing phase instead of focusing on one type of security attack. Machine Learning pipeline, Attacker’s goals, Attacker’s knowledge, attacks on specified applications are considered in this paper. This paper also presented future scope of research of security attacks in machine learning. In this Survey paper, we concluded that Machine Learning Pipeline itself is vulnerable to different attacks so there is need to build a secure and robust Machine Learning Pipeline. Our survey has categorized these security attacks in details with respect to ML Pipeline stages.

A Novel Multi-Factor Authentication Algorithm Based on Image Recognition and User Established Relations

Conventional authentication methods, like simple text-based passwords, have shown vulnerabilities to different types of security attacks. Indeed, 61% of all breaches involve credentials, whether stolen via social engineering or hacked using brute force. Therefore, a robust user authentication mechanism is crucial to have secure systems. Combining textual passwords with graphical passwords in a multi-factor approach can be an effective strategy. Advanced authentication systems, such as biometrics, are secure, but require additional infrastructure for efficient implementation. This paper proposes a Multi-Factor Authentication (MFA) based on a non-biometric mechanism that does not require additional hardware. The novelty of the proposed mechanism lies in a two-factor authentication algorithm which requires a user to identify specific images out of a set of randomly selected images, then the user is required to establish a self-pre-configured relation between two given images to complete authentication. A functional prototype of the proposed system was developed and deployed. The proposed system was tested by users of different backgrounds achieving 100% accuracy in identifying and authenticating users, if authentication elements and credentials were not forgotten. It was also found to be accepted by the users as being easy to use and preferable over common MFA mechanisms.

Bayesian Modeling for Differential Cryptanalysis of Block Ciphers: A DES Instance

Encryption algorithms based on block ciphers are among the most widely adopted solutions for providing information security. Over the years, a variety of methods have been proposed to evaluate the robustness of these algorithms to different types of security attacks. One of the most effective analysis techniques is differential cryptanalysis, whose aim is to study how variations in the input propagate on the output. In this work we address the modeling of differential attacks to block cipher algorithms by defining a Bayesian framework that allows a probabilistic estimation of the secret key. In order to prove the validity of the proposed approach, we present as case study a differential attack to the Data Encryption Standard (DES) which, despite being one of the methods that has been most thoroughly analyzed, is still of great interest to the scientific community since its vulnerabilities may have implications on other ciphers.

Blockchain Enabled Anonymous Privacy-Preserving Authentication Scheme for Internet of Health Things.

The Internet of Health Things (IoHT) has emerged as an attractive networking paradigm in wireless communications, integrated devices and embedded system technologies. In the IoHT, real-time health data are collected through smart healthcare sensors and, in recent years, the IoHT has started to have an important role in the Internet of Things technology. Although the IoHT provides comfort in health monitoring, it also imposes security challenges in maintaining patient data confidentiality and privacy. To overcome such security issues, in this paper, a novel blockchain-based privacy-preserving authentication scheme is proposed as an approach for achieving efficient authentication of the patient without the involvement of a trusted entity. Moreover, a secure handover authentication mechanism that ensures avoiding the patient re-authentication in multi-doctor communication scenarios and revoking the possible malicious misbehavior of medical professionals in the IoHT communication with the patient is developed. The performance of the proposed authentication and handover scheme is analyzed concerning the existing state-of-the-art authentication schemes. The results of the performance analyses reveal that the proposed authentication scheme is resistant to different types of security attacks. Moreover, the results of analyses show that the proposed authentication scheme outperforms similar state-of-the-art authentication schemes in terms of having lower computational, communication and storage costs. Therefore, the novel authentication and handover scheme has proven practical applicability and represents a valuable contribution to improving the security of communication in IoHT networks.

A Proactive Attack Detection for Heating, Ventilation, and Air Conditioning (HVAC) System Using Explainable Extreme Gradient Boosting Model (XGBoost)

The advent of Industry 4.0 has revolutionized the life enormously. There is a growing trend towards the Internet of Things (IoT), which has made life easier on the one hand and improved services on the other. However, it also has vulnerabilities due to cyber security attacks. Therefore, there is a need for intelligent and reliable security systems that can proactively analyze the data generated by these devices and detect cybersecurity attacks. This study proposed a proactive interpretable prediction model using ML and explainable artificial intelligence (XAI) to detect different types of security attacks using the log data generated by heating, ventilation, and air conditioning (HVAC) attacks. Several ML algorithms were used, such as Decision Tree (DT), Random Forest (RF), Gradient Boosting (GB), Ada Boost (AB), Light Gradient Boosting (LGBM), Extreme Gradient Boosting (XGBoost), and CatBoost (CB). Furthermore, feature selection was performed using stepwise forward feature selection (FFS) technique. To alleviate the data imbalance, SMOTE and Tomeklink were used. In addition, SMOTE achieved the best results with selected features. Empirical experiments were conducted, and the results showed that the XGBoost classifier has produced the best result with 0.9999 Area Under the Curve (AUC), 0.9998, accuracy (ACC), 0.9996 Recall, 1.000 Precision and 0.9998 F1 Score got the best result. Additionally, XAI was applied to the best performing model to add the interpretability in the black-box model. Local and global explanations were generated using LIME and SHAP. The results of the proposed study have confirmed the effectiveness of ML for predicting the cyber security attacks on IoT devices and Industry 4.0.

NovelADS: A Novel Anomaly Detection System for Intra-Vehicular Networks

Modern vehicular electronics is a complex system of multiple Electronic Control Units (ECUs) communicating to provide efficient vehicle functioning. These ECUs communicate using the well-known Controller Area Network (CAN) protocol. The increasing amount of research in the Intelligent Transportation System (ITS) domain has demonstrated that this protocol is vulnerable to various types of security attacks, compromising the safety of passengers and pedestrians on the roads. Hence, there is a need to develop novel anomaly detection systems to address this problem. This work presents a novel deep learning-based Intrusion Detection System incorporating thresholding and error reconstruction approaches. We train and explore multiple neural network architectures and compare their performance. The proposed anomaly detection system is tested on four kinds of attacks - Denial of Service (DoS), Fuzzy, RPM Spoofing and Gear Spoofing using evaluation metrics such as Precision, Recall and F1-Score. We also present reconstruction-error distribution plots to give a qualitative intuition about the proposed system’s ability to distinguish between genuine and anomalous sequences.

Certificate-Based Anonymous Authentication With Efficient Aggregation for Wireless Medical Sensor Networks

Wireless medical sensor networks (WMSNs) have aroused widespread attention in recent years with the development of Internet of Things (IoT) technology. WMSNs offer many new opportunities for healthcare professionals to monitor patients and patient self-monitoring. To overcome the resource (such as memory and power) limitations of sensors and attain data security of patients’ private medical information, researchers have designed plenty of work for securing WMSNs. For years, certificate-based aggregate signature (CBAS) schemes have been put forward for WMSNs to prevent patients’ sensitive medical data from being tampered with and damaged. In this work, we analyze the security flaws of a very recent CBAS scheme proposed by Verma <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (2021) by presenting two types of security attacks. We later propose a CBAS scheme with user anonymity protection for WMSNs and prove its security based on the standard cryptographic assumption. The performance comparison results from theory and experiment illustrate the practicality of our design.

Security issues of Vehicular Ad Hoc Networks (VANET): A Systematic Review

Vehicular ad hoc networks (VANETs) are a subset of mobile ad hoc networks (MANETs) that refer to a group of connected cars. The various networking layers in common Internet protocol stack topologies are linked to security vulnerabilities in VANETs. A security breach in a VANET is typically serious and harmful. Also Current VANET security standards handle the bulk of the security issues that vehicle networks confront. This paper presents VANET’s different types of security attacks in a systematic review approach. The information was gathered by a systematic examination of existing research articles. Furthermore, the study's shortcomings were the dataset's size and the absence of quality characteristics.

A novel deep learning based security assessment framework for enhanced security in swarm network environment

Security assessments are essential in network systems to improve the reliability of the environment. This study presents a deep learning-based security assessment model as a proactive approach for monitoring network activities. This approach can improve security across the network environment and connected computing infrastructures by detecting and classifying various types of security attacks. Deep learning is one of the emerging solutions for integrating intelligent and smart techniques into traditional solutions for improving the performance of security detection. Leveraging a multilayer perceptron (MLP) combined with an XGBoost classifier for large-scale data processing and classification, the performance of the approach demonstrated an accuracy of 93.30% and a precision of 92.73% for malicious attack detection.

Feasible Region of Secure and Distributed Data Storage in Adversarial Networks

Large volumes of data are being generated daily from IoT networks, healthcare, and many other applications, which makes secure, reliable, and cost-effective data storage a critical infrastructure of the computing system. Existing data storage largely depends on a centralized cloud, which is not only costly but also vulnerable to single points of failure and other types of security attacks. Moreover, cloud providers will have full access to user data and revision history beyond user control. To provide data security, data encryption has to be used, which requires extensive computing power and cumbersome key management. Distributed storage system (DSS) is being widely viewed as a natural solution to future online data storage due to improved access time and lower storage cost. However, the existing DSS also has the limitations of low storage efficiency and lack of data security. In this paper, we investigate multi-layer code-based distributed data storage systems that can achieve inherit content confidentiality and optimal storage efficiency. Our comprehensive performance analysis shows that the optimal code can improve the feasible region in reliable data storage by 50% under various adversarial attack scenarios.

Security Trend and Trust in India's E-Governance Framework

In an e-governance framework, the end user frequently falls victim to the digital divide and a lack of required knowledge regarding self-protection against cyber-attacks. The purpose of this research is to examine the threats to the e-governance framework, end users' trust in the security of e-governance applications, and end users' security behaviour on the Internet. Additionally, the research forecasts future trends in various types of security attacks in India. To forecast future trends in various types of security attacks in India, historical data from the CERT-in annual report is gathered (2006 to 2020). To forecast future trends, the AutoRegressive Integrated Moving Average (ARIMA) is applied to the collected data. Additionally, an anonymous survey of 1,000 end users was conducted to ascertain end users' trust in the security of e-governance applications and some end users' security behaviour on the Internet. The research concludes that five of the six attack categories identified by CERT-in will see a consistent increase in the next five years.

Combined Anomaly Detection Framework for Digital Twins of Water Treatment Facilities

Digital twins of cyber-physical systems with automated process control systems using programmable logic controllers (PLCs) are increasingly popular nowadays. At the same time, cyber-physical security is also a growing concern with system connectivity. This study develops a combined anomaly detection framework (CADF) against various types of security attacks on the digital twin of process control in water treatment facilities. CADF utilizes the PLC-based whitelist system to detect anomalies that target the actuators and the deep learning approach of natural gradient boosting (NGBoost) and probabilistic assessment to detect anomalies that target the sensors. The effectiveness of CADF is verified using a physical facility for water treatment with membrane processes called the Secure Water Treatment (SWaT) system in the Singapore University of Technology and Design. Various attack scenarios are tested in SWaT by falsifying the reported values of sensors and actuators in the digital twin process. These scenarios include both trivial attacks, which are commonly studied, as well as non-trivial (i.e., sophisticated) attacks, which are rarely reported. The results show that CADF performs very well with good detection accuracy in all scenarios, and particularly, it is able to detect all sophisticated attacks while ongoing before they can induce damage to the water treatment facility. CADF can be further extended to other cyber-physical systems in the future.

A Survey on IoT Security: Attacks, Challenges and Countermeasures

IoT technology grows enormously now-a-days in various fields and it is a need to achieve high security requirements. IoT produces more amounts of data to communicate to each other which may undergo various issues like low processor speed, power, and memory. The IoT devices undergoing these barriers along with crucial information will get into different types of security attacks in IoT layers. An outline of IoT, it’s architecture, state-of-the-art technologies, security attacks in layers and analysis of security threats are studied and the countermeasures have been reported in this survey. The challenges and goals facing IoT security have also been discussed. The security threats on the IoT devices have been briefly introduced. The security challenges, giving research directions and finding security solution for each and every challenge have been also discussed.

Blockchain-Based Authentication in Internet of Vehicles: A Survey.

Internet of Vehicles (IoV) has emerged as an advancement over the traditional Vehicular Ad-hoc Networks (VANETs) towards achieving a more efficient intelligent transportation system that is capable of providing various intelligent services and supporting different applications for the drivers and passengers on roads. In order for the IoV and VANETs environments to be able to offer such beneficial road services, huge amounts of data are generated and exchanged among the different communicated entities in these vehicular networks wirelessly via open channels, which could attract the adversaries and threaten the network with several possible types of security attacks. In this survey, we target the authentication part of the security system while highlighting the efficiency of blockchains in the IoV and VANETs environments. First, a detailed background on IoV and blockchain is provided, followed by a wide range of security requirements, challenges, and possible attacks in vehicular networks. Then, a more focused review is provided on the recent blockchain-based authentication schemes in IoV and VANETs with a detailed comparative study in terms of techniques used, network models, evaluation tools, and attacks counteracted. Lastly, some future challenges for IoV security are discussed that are necessary to be addressed in the upcoming research.

Authentication scheme for Unmanned Aerial Vehicles based Internet of Vehicles networks

New and advanced technologies have introduced amazing areas like the Internet of Vehicles (IoV) and Unmanned Aerial Vehicle (UAV). These two technologies are emerged to facilitate the ground users by providing more fast and convenient data communication services. Due to the open nature of these networks, security and user privacy is always a serious concern. Different types of security attacks have been noticed in these networks like jamming attacks, global positioning system jamming, signal jamming, and data jamming. The existing solutions have been designed to resolve and tackle security issues such as authenticity, insurance of data integrity, provision of correct message authentication, and removal of redundant authentication. However, existing schemes have some limitations in terms of computational costs and efficiency and do not provide security at all levels. This paper proposes an Efficient Authentication Scheme for Safety Applications for Internet of Vehicles (EASSAIV) for message authentication. The proposed scheme can gather, process, and verify the information delivered to roadside units, UAVs, or to the vehicles and authenticate the received messages. Proposed scheme achieved better performance as compared to state of the art scheme in terms of safety, packet loss, delay and computational cost.

Smart home security: challenges, issues and solutions at different IoT layers

The Internet of Things is a rapidly evolving technology in which interconnected computing devices and sensors share data over the network to decipher different problems and deliver new services. For example, IoT is the key enabling technology for smart homes. Smart home technology provides many facilities to users like temperature monitoring, smoke detection, automatic light control, smart locks, etc. However, it also opens the door to new set of security and privacy issues, for example, the private data of users can be accessed by taking control over surveillance devices or activating false fire alarms, etc. These challenges make smart homes feeble to various types of security attacks and people are reluctant to adopt this technology due to the security issues. In this survey paper, we throw light on IoT, how IoT is growing, objects and their specifications, the layered structure of the IoT environment, and various security challenges for each layer that occur in the smart home. This paper not only presents the challenges and issues that emerge in IoT-based smart homes but also presents some solutions that would help to overcome these security challenges.

Smart detection and prevention procedure for DoS attack in MANET

A self-organized wireless communication short-lived network containing collection of mobile nodes is mobile ad hoc network (MANET). The mobile nodes communicate with each other by wireless radio links without the use of any pre-established fixed communication network infrastructure or centralized administration, such as base stations or access points, and with no human intervention. In addition, this network has potential applications in conference, disaster relief, and battlefield scenario, and have received important attention in current years. There is some security concern that increases fear of attacks on the mobile ad-hoc network. The mobility of the NODE in a MANET poses many security problems and vulnerable to different types of security attacks than conventional wired and wireless networks. The causes of these issues are due to their open medium, dynamic network topology, absence of central administration, distributed cooperation, constrained capability, and lack of clear line of defense. Without proper security, mobile hosts are easily captured, compromised, and attacked by malicious nodes. Malicious nodes behavior may deliberately disrupt the network so that the whole network will be suffering from packet losses. One of the major concerns in mobile ad-hoc networks is a traffic DoS attack in which the traffic is choked by the malicious node which denied network services for the user. Mobile ad-hoc networks must have a safe path for transmission and correspondence which is a serious testing and indispensable issue. So as to provide secure communication and transmission, the scientist worked explicitly on the security issues in versatile impromptu organizations and many secure directing conventions and security measures within the networks were proposed. The goal of the work is to study DoS attacks and how it can be detected in the network. Existing methodologies for finding a malicious node that causes traffic jamming is based on node’s retains value. The proposed approach finds a malicious node using reliability value determined by the broadcast reliability packet (RL Packet). In this approach at the initial level, every node has zero reliability value, specific time slice, and transmission starts with a packet termed as reliability packet, node who responded properly in specific time, increases its reliability value and those nodes who do not respond in a specific time decreases their reliability value and if it goes to less than zero then announced that it’s a malicious node. Reliability approach makes service availability and retransmission time.

Fuzzy-based reliable and secure cooperative spectrum sensing for the smart grid

Cognitive radio is a promising technology to solve the spectrum scarcity problem caused by inefficient utilization of radio spectrum bands. It allows secondary users to opportunistically access the underutilized spectrum bands assigned to licensed primary users. The local individual spectrum detection is inefficient, and cooperative spectrum sensing is employed to enhance spectrum detection accuracy. However, cooperative spectrum sensing opens up opportunities for new types of security attacks related to the cognitive cycle. One of these attacks is the spectrum sensing data falsification attack, where malicious secondary users send falsified sensing reports about spectrum availability to mislead the fusion center. This internal attack cannot be prevented using traditional cryptography mechanisms. To the best of our knowledge, none of the previous work has considered both unreliable communication environments and the spectrum sensing data falsification attack for cognitive radio based smart grid applications. This paper proposes a fuzzy inference system based on four conflicting descriptors. An attack model is formulated to determine the probability of detection for both honest and malicious secondary users. It considers four independent malicious secondary users’ attacking strategies of always yes, always no, random, and opposite attacks. The performance of the proposed fuzzy fusion system is simulated and compared with the conventional fusion rules of AND, OR, Majority, and the reliable fuzzy fusion that does not consider the secondary user’s sensing reputation. The results indicate that incorporating sensing reputation in the fusion center has enhanced the accuracy of spectrum detection and have prevented malicious secondary users from participating in the spectrum detection fusion