User authentication and access control to blockchain-based forensic log data
- Islam, Md Ezazul, Islam, Md Rafiqul, Chetty, Madhu, Lim, Suryani, Chadhar, Mehmood
- Authors: Islam, Md Ezazul , Islam, Md Rafiqul , Chetty, Madhu , Lim, Suryani , Chadhar, Mehmood
- Date: 2023
- Type: Text , Journal article
- Relation: Eurasip Journal on Information Security Vol. 2023, no. 1 (2023), p.
- Full Text:
- Reviewed:
- Description: For dispute resolution in daily life, tamper-proof data storage and retrieval of log data are important with the incorporation of trustworthy access control for the related users and devices, while giving access to confidential data to the relevant users and maintaining data persistency are two major challenges in information security. This research uses blockchain data structure to maintain data persistency. On the other hand, we propose protocols for the authentication of users (persons and devices) to edge server and edge server to main server. Our proposed framework also provides access to forensic users according to their relevant roles and privilege attributes. For the access control of forensic users, a hybrid attribute and role-based access control (ARBAC) module added with the framework. The proposed framework is composed of an immutable blockchain-based data storage with endpoint authentication and attribute role-based user access control system. We simulate authentication protocols of the framework in AVISPA. Our result analysis shows that several security issues can efficiently be dealt with by the proposed framework. © 2023, The Author(s).
- Authors: Islam, Md Ezazul , Islam, Md Rafiqul , Chetty, Madhu , Lim, Suryani , Chadhar, Mehmood
- Date: 2023
- Type: Text , Journal article
- Relation: Eurasip Journal on Information Security Vol. 2023, no. 1 (2023), p.
- Full Text:
- Reviewed:
- Description: For dispute resolution in daily life, tamper-proof data storage and retrieval of log data are important with the incorporation of trustworthy access control for the related users and devices, while giving access to confidential data to the relevant users and maintaining data persistency are two major challenges in information security. This research uses blockchain data structure to maintain data persistency. On the other hand, we propose protocols for the authentication of users (persons and devices) to edge server and edge server to main server. Our proposed framework also provides access to forensic users according to their relevant roles and privilege attributes. For the access control of forensic users, a hybrid attribute and role-based access control (ARBAC) module added with the framework. The proposed framework is composed of an immutable blockchain-based data storage with endpoint authentication and attribute role-based user access control system. We simulate authentication protocols of the framework in AVISPA. Our result analysis shows that several security issues can efficiently be dealt with by the proposed framework. © 2023, The Author(s).
Cybersecurity challenges in blockchain technology : a scoping review
- Mahmood, Samreen, Chadhar, Mehmood, Firmin, Sally
- Authors: Mahmood, Samreen , Chadhar, Mehmood , Firmin, Sally
- Date: 2022
- Type: Text , Journal article , Review
- Relation: Human Behavior and Emerging Technologies Vol. 2022, no. (2022), p.
- Full Text:
- Reviewed:
- Description: Blockchain technology (BCT) is an emerging technology. Cybersecurity challenges in BCT are being explored to add greater value to business processes and reshape business operations. This scoping review paper was aimed at exploring the current literature's scope and categorizing various types of cybersecurity challenges in BCT. Databases such as Elsevier, ResearchGate, IEEE, ScienceDirect, and ABI/INFORM Collection (ProQuest) were searched using a combination of terms, and after rigorous screening, 51 research studies were found relevant. Data coding was performed following a framework proposed for scoping review. After careful analysis, thirty different types of cybersecurity challenges in BCT were categorized into six standardized classes. Our results show that most of the studies disclose cybersecurity challenges in BCT generally without pointing to any specific industry sector, and to a very little extent, few papers reveal cybersecurity challenges in BCT related to specific industry sectors. Also, prior studies barely investigated the strategies to minimize cybersecurity challenges in BCT. Based on gap identification, future research avenues were proposed for scholars.
- Authors: Mahmood, Samreen , Chadhar, Mehmood , Firmin, Sally
- Date: 2022
- Type: Text , Journal article , Review
- Relation: Human Behavior and Emerging Technologies Vol. 2022, no. (2022), p.
- Full Text:
- Reviewed:
- Description: Blockchain technology (BCT) is an emerging technology. Cybersecurity challenges in BCT are being explored to add greater value to business processes and reshape business operations. This scoping review paper was aimed at exploring the current literature's scope and categorizing various types of cybersecurity challenges in BCT. Databases such as Elsevier, ResearchGate, IEEE, ScienceDirect, and ABI/INFORM Collection (ProQuest) were searched using a combination of terms, and after rigorous screening, 51 research studies were found relevant. Data coding was performed following a framework proposed for scoping review. After careful analysis, thirty different types of cybersecurity challenges in BCT were categorized into six standardized classes. Our results show that most of the studies disclose cybersecurity challenges in BCT generally without pointing to any specific industry sector, and to a very little extent, few papers reveal cybersecurity challenges in BCT related to specific industry sectors. Also, prior studies barely investigated the strategies to minimize cybersecurity challenges in BCT. Based on gap identification, future research avenues were proposed for scholars.
Determinants of the intention to adopt digital-only banks in Malaysia: The extension of environmental concern
- Saif, Mashaal A. M., Hussin, Nazimah, Husin, Maizaitulaidawati Md, Alwadain, Ayed, Chakraborty, Ayon
- Authors: Saif, Mashaal A. M. , Hussin, Nazimah , Husin, Maizaitulaidawati Md , Alwadain, Ayed , Chakraborty, Ayon
- Date: 2022
- Type: Text , Journal article
- Relation: Sustainability (Basel, Switzerland) Vol. 14, no. 17 (2022), p. 11043
- Full Text:
- Reviewed:
- Description: Digital-only banks have not achieved adoption expectations despite being one of the latest innovations in fintech. Several digital-only banks in the United States and Japan have gone bankrupt, and others continue to operate at a loss. Therefore, it is imperative to conduct this study in Malaysia to understand customers’ behavior, particularly regarding the adoption of digital-only banks. With climate change, environmental-friendly behavior, which has been ignored in digital-only bank literature, is becoming increasingly pertinent. This study addresses the lack of an integrated model that investigates the effect of external factors (i.e., critical mass, number of services, and environmental concerns), customer self-determination factors (i.e., trust), and mental perceptions of technology adoption (i.e., convenience, economic efficiency, functional and security risks, as well as perceived value) on the intention to adopt digital-only banks. Data were collected through an online survey targeting Klang Valley residents in the prime age range of 25–54 years old using stratified random sampling. The data was analyzed using structural equation modeling by performing confirmatory factor analysis (CFA) and SEM path analysis in AMOS.v26 software. The results show that convenience, economic efficiency, number of services, trust, perceived value, and environmental concern all have positive significant relationships with the intention to adopt digital-only banks. Further, environmental concern is the strongest indicator of behavioral intention. In contrast, functional and security risks have a negative but non-significant relationship with the intention to adopt digital-only banks. Finally, critical mass has a positive but non-significant effect on the behavioral intention. This study is among the first to examine the influence of environmental concern on behavioral intentions in a digital-only banking context. It also contributes to an expanding body of research investigating environmental sustainability by presenting empirical results in the context of digital-only banks.
- Authors: Saif, Mashaal A. M. , Hussin, Nazimah , Husin, Maizaitulaidawati Md , Alwadain, Ayed , Chakraborty, Ayon
- Date: 2022
- Type: Text , Journal article
- Relation: Sustainability (Basel, Switzerland) Vol. 14, no. 17 (2022), p. 11043
- Full Text:
- Reviewed:
- Description: Digital-only banks have not achieved adoption expectations despite being one of the latest innovations in fintech. Several digital-only banks in the United States and Japan have gone bankrupt, and others continue to operate at a loss. Therefore, it is imperative to conduct this study in Malaysia to understand customers’ behavior, particularly regarding the adoption of digital-only banks. With climate change, environmental-friendly behavior, which has been ignored in digital-only bank literature, is becoming increasingly pertinent. This study addresses the lack of an integrated model that investigates the effect of external factors (i.e., critical mass, number of services, and environmental concerns), customer self-determination factors (i.e., trust), and mental perceptions of technology adoption (i.e., convenience, economic efficiency, functional and security risks, as well as perceived value) on the intention to adopt digital-only banks. Data were collected through an online survey targeting Klang Valley residents in the prime age range of 25–54 years old using stratified random sampling. The data was analyzed using structural equation modeling by performing confirmatory factor analysis (CFA) and SEM path analysis in AMOS.v26 software. The results show that convenience, economic efficiency, number of services, trust, perceived value, and environmental concern all have positive significant relationships with the intention to adopt digital-only banks. Further, environmental concern is the strongest indicator of behavioral intention. In contrast, functional and security risks have a negative but non-significant relationship with the intention to adopt digital-only banks. Finally, critical mass has a positive but non-significant effect on the behavioral intention. This study is among the first to examine the influence of environmental concern on behavioral intentions in a digital-only banking context. It also contributes to an expanding body of research investigating environmental sustainability by presenting empirical results in the context of digital-only banks.
Formal modeling and verification of a blockchain-based crowdsourcing consensus protocol
- Afzaal, Hamra, Imran, Muhammad, Janjua, Muhammad, Gochhayat, Sarada
- Authors: Afzaal, Hamra , Imran, Muhammad , Janjua, Muhammad , Gochhayat, Sarada
- Date: 2022
- Type: Text , Journal article
- Relation: IEEE Access Vol. 10, no. (2022), p. 8163-8183
- Full Text:
- Reviewed:
- Description: Crowdsourcing is an effective technique that allows humans to solve complex problems that are hard to accomplish by automated tools. Some significant challenges in crowdsourcing systems include avoiding security attacks, effective trust management, and ensuring the system's correctness. Blockchain is a promising technology that can be efficiently exploited to address security and trust issues. The consensus protocol is a core component of a blockchain network through which all the blockchain peers achieve an agreement about the state of the distributed ledger. Therefore, its security, trustworthiness, and correctness have vital importance. This work proposes a Secure and Trustworthy Blockchain-based Crowdsourcing (STBC) consensus protocol to address these challenges. Model checking is an effective and automatic technique based on formal methods that is utilized to ensure the correctness of STBC consensus protocol. The proposed consensus protocol's formal specification is described using Communicating Sequential Programs (CSP#). Safety, fault tolerance, leader trust, and validators' trust are important properties for a consensus protocol, which are formally specified through Linear Temporal Logic (LTL) to prevent several security attacks, such as blockchain fork, selfish mining, and invalid block insertion. Process Analysis Toolkit (PAT) is utilized for the formal verification of the proposed consensus protocol. © 2022 Institute of Electrical and Electronics Engineers Inc.. All rights reserved.
- Authors: Afzaal, Hamra , Imran, Muhammad , Janjua, Muhammad , Gochhayat, Sarada
- Date: 2022
- Type: Text , Journal article
- Relation: IEEE Access Vol. 10, no. (2022), p. 8163-8183
- Full Text:
- Reviewed:
- Description: Crowdsourcing is an effective technique that allows humans to solve complex problems that are hard to accomplish by automated tools. Some significant challenges in crowdsourcing systems include avoiding security attacks, effective trust management, and ensuring the system's correctness. Blockchain is a promising technology that can be efficiently exploited to address security and trust issues. The consensus protocol is a core component of a blockchain network through which all the blockchain peers achieve an agreement about the state of the distributed ledger. Therefore, its security, trustworthiness, and correctness have vital importance. This work proposes a Secure and Trustworthy Blockchain-based Crowdsourcing (STBC) consensus protocol to address these challenges. Model checking is an effective and automatic technique based on formal methods that is utilized to ensure the correctness of STBC consensus protocol. The proposed consensus protocol's formal specification is described using Communicating Sequential Programs (CSP#). Safety, fault tolerance, leader trust, and validators' trust are important properties for a consensus protocol, which are formally specified through Linear Temporal Logic (LTL) to prevent several security attacks, such as blockchain fork, selfish mining, and invalid block insertion. Process Analysis Toolkit (PAT) is utilized for the formal verification of the proposed consensus protocol. © 2022 Institute of Electrical and Electronics Engineers Inc.. All rights reserved.
How much I can rely on you : measuring trustworthiness of a twitter user
- Das, Rajkumar, Karmakar, Gour, Kamruzzaman, Joarder
- Authors: Das, Rajkumar , Karmakar, Gour , Kamruzzaman, Joarder
- Date: 2021
- Type: Text , Journal article
- Relation: IEEE Transactions on Dependable and Secure Computing Vol. 18, no. 2 (2021), p. 949-966
- Full Text:
- Reviewed:
- Description: Trustworthiness in an online environment is essential because individuals and organizations can easily be misled by false and malicious information receiving from untrustworthy users. Though existing methods assess users' trustworthiness by exploiting Twitter account properties, their efficacy is inadequate because of Twitter's restriction on profile and tweet size, the existence of missing or insufficient profiles, and ease to create fake accounts or relationships to pretend as trustworthy. In this paper, we present a holistic approach by exploiting ideas perceived from real-world organizations for trust estimation along with available Twitter information. Users' trustworthiness is determined by considering their credentials, recommendation from referees and the quality of the information in their Twitter accounts and tweets. We establish the feasibility of our approach analytically and further devise a multi-objective cost function for the A
- Authors: Das, Rajkumar , Karmakar, Gour , Kamruzzaman, Joarder
- Date: 2021
- Type: Text , Journal article
- Relation: IEEE Transactions on Dependable and Secure Computing Vol. 18, no. 2 (2021), p. 949-966
- Full Text:
- Reviewed:
- Description: Trustworthiness in an online environment is essential because individuals and organizations can easily be misled by false and malicious information receiving from untrustworthy users. Though existing methods assess users' trustworthiness by exploiting Twitter account properties, their efficacy is inadequate because of Twitter's restriction on profile and tweet size, the existence of missing or insufficient profiles, and ease to create fake accounts or relationships to pretend as trustworthy. In this paper, we present a holistic approach by exploiting ideas perceived from real-world organizations for trust estimation along with available Twitter information. Users' trustworthiness is determined by considering their credentials, recommendation from referees and the quality of the information in their Twitter accounts and tweets. We establish the feasibility of our approach analytically and further devise a multi-objective cost function for the A
Security and blockchain convergence with internet of multimedia things : current trends, research challenges and future directions
- Jan, Mian, Cai, Jinjin, Gao, Xiang-Chuan, Khan, Fazlullah, Mastorakis, Spyridon, Usman, Muhammad, Alazab, Mamoun, Watters, Paul
- Authors: Jan, Mian , Cai, Jinjin , Gao, Xiang-Chuan , Khan, Fazlullah , Mastorakis, Spyridon , Usman, Muhammad , Alazab, Mamoun , Watters, Paul
- Date: 2021
- Type: Text , Journal article
- Relation: Journal of Network and Computer Applications Vol. 175, no. (2021), p.
- Full Text:
- Reviewed:
- Description: The Internet of Multimedia Things (IoMT) orchestration enables the integration of systems, software, cloud, and smart sensors into a single platform. The IoMT deals with scalar as well as multimedia data. In these networks, sensor-embedded devices and their data face numerous challenges when it comes to security. In this paper, a comprehensive review of the existing literature for IoMT is presented in the context of security and blockchain. The latest literature on all three aspects of security, i.e., authentication, privacy, and trust is provided to explore the challenges experienced by multimedia data. The convergence of blockchain and IoMT along with multimedia-enabled blockchain platforms are discussed for emerging applications. To highlight the significance of this survey, large-scale commercial projects focused on security and blockchain for multimedia applications are reviewed. The shortcomings of these projects are explored and suggestions for further improvement are provided. Based on the aforementioned discussion, we present our own case study for healthcare industry: a theoretical framework having security and blockchain as key enablers. The case study reflects the importance of security and blockchain in multimedia applications of healthcare sector. Finally, we discuss the convergence of emerging technologies with security, blockchain and IoMT to visualize the future of tomorrow's applications. © 2020 Elsevier Ltd
- Authors: Jan, Mian , Cai, Jinjin , Gao, Xiang-Chuan , Khan, Fazlullah , Mastorakis, Spyridon , Usman, Muhammad , Alazab, Mamoun , Watters, Paul
- Date: 2021
- Type: Text , Journal article
- Relation: Journal of Network and Computer Applications Vol. 175, no. (2021), p.
- Full Text:
- Reviewed:
- Description: The Internet of Multimedia Things (IoMT) orchestration enables the integration of systems, software, cloud, and smart sensors into a single platform. The IoMT deals with scalar as well as multimedia data. In these networks, sensor-embedded devices and their data face numerous challenges when it comes to security. In this paper, a comprehensive review of the existing literature for IoMT is presented in the context of security and blockchain. The latest literature on all three aspects of security, i.e., authentication, privacy, and trust is provided to explore the challenges experienced by multimedia data. The convergence of blockchain and IoMT along with multimedia-enabled blockchain platforms are discussed for emerging applications. To highlight the significance of this survey, large-scale commercial projects focused on security and blockchain for multimedia applications are reviewed. The shortcomings of these projects are explored and suggestions for further improvement are provided. Based on the aforementioned discussion, we present our own case study for healthcare industry: a theoretical framework having security and blockchain as key enablers. The case study reflects the importance of security and blockchain in multimedia applications of healthcare sector. Finally, we discuss the convergence of emerging technologies with security, blockchain and IoMT to visualize the future of tomorrow's applications. © 2020 Elsevier Ltd
A robust forgery detection method for copy-move and splicing attacks in images
- Islam, Mohammad, Karmakar, Gour, Kamruzzaman, Joarder, Murshed, Manzur
- Authors: Islam, Mohammad , Karmakar, Gour , Kamruzzaman, Joarder , Murshed, Manzur
- Date: 2020
- Type: Text , Journal article
- Relation: Electronics Vol. 9, no. 9 (2020), p. 1-22
- Full Text:
- Reviewed:
- Description: Internet of Things (IoT) image sensors, social media, and smartphones generate huge volumes of digital images every day. Easy availability and usability of photo editing tools have made forgery attacks, primarily splicing and copy-move attacks, effortless, causing cybercrimes to be on the rise. While several models have been proposed in the literature for detecting these attacks, the robustness of those models has not been investigated when (i) a low number of tampered images are available for model building or (ii) images from IoT sensors are distorted due to image rotation or scaling caused by unwanted or unexpected changes in sensors' physical set-up. Moreover, further improvement in detection accuracy is needed for real-word security management systems. To address these limitations, in this paper, an innovative image forgery detection method has been proposed based on Discrete Cosine Transformation (DCT) and Local Binary Pattern (LBP) and a new feature extraction method using the mean operator. First, images are divided into non-overlapping fixed size blocks and 2D block DCT is applied to capture changes due to image forgery. Then LBP is applied to the magnitude of the DCT array to enhance forgery artifacts. Finally, the mean value of a particular cell across all LBP blocks is computed, which yields a fixed number of features and presents a more computationally efficient method. Using Support Vector Machine (SVM), the proposed method has been extensively tested on four well known publicly available gray scale and color image forgery datasets, and additionally on an IoT based image forgery dataset that we built. Experimental results reveal the superiority of our proposed method over recent state-of-the-art methods in terms of widely used performance metrics and computational time and demonstrate robustness against low availability of forged training samples.
- Description: This research was funded by Research Priority Area (RPA) scholarship of Federation University Australia.
- Authors: Islam, Mohammad , Karmakar, Gour , Kamruzzaman, Joarder , Murshed, Manzur
- Date: 2020
- Type: Text , Journal article
- Relation: Electronics Vol. 9, no. 9 (2020), p. 1-22
- Full Text:
- Reviewed:
- Description: Internet of Things (IoT) image sensors, social media, and smartphones generate huge volumes of digital images every day. Easy availability and usability of photo editing tools have made forgery attacks, primarily splicing and copy-move attacks, effortless, causing cybercrimes to be on the rise. While several models have been proposed in the literature for detecting these attacks, the robustness of those models has not been investigated when (i) a low number of tampered images are available for model building or (ii) images from IoT sensors are distorted due to image rotation or scaling caused by unwanted or unexpected changes in sensors' physical set-up. Moreover, further improvement in detection accuracy is needed for real-word security management systems. To address these limitations, in this paper, an innovative image forgery detection method has been proposed based on Discrete Cosine Transformation (DCT) and Local Binary Pattern (LBP) and a new feature extraction method using the mean operator. First, images are divided into non-overlapping fixed size blocks and 2D block DCT is applied to capture changes due to image forgery. Then LBP is applied to the magnitude of the DCT array to enhance forgery artifacts. Finally, the mean value of a particular cell across all LBP blocks is computed, which yields a fixed number of features and presents a more computationally efficient method. Using Support Vector Machine (SVM), the proposed method has been extensively tested on four well known publicly available gray scale and color image forgery datasets, and additionally on an IoT based image forgery dataset that we built. Experimental results reveal the superiority of our proposed method over recent state-of-the-art methods in terms of widely used performance metrics and computational time and demonstrate robustness against low availability of forged training samples.
- Description: This research was funded by Research Priority Area (RPA) scholarship of Federation University Australia.
A secured framework for SDN-based edge computing in IoT-enabled healthcare system
- Li, Junxia, Cai, Jinjin, Khan, Fazlullah, Rehman, Ateeq, Balasubramanian, Venki
- Authors: Li, Junxia , Cai, Jinjin , Khan, Fazlullah , Rehman, Ateeq , Balasubramanian, Venki
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 135479-135490
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) consists of resource-constrained smart devices capable to sense and process data. It connects a huge number of smart sensing devices, i.e., things, and heterogeneous networks. The IoT is incorporated into different applications, such as smart health, smart home, smart grid, etc. The concept of smart healthcare has emerged in different countries, where pilot projects of healthcare facilities are analyzed. In IoT-enabled healthcare systems, the security of IoT devices and associated data is very important, whereas Edge computing is a promising architecture that solves their computational and processing problems. Edge computing is economical and has the potential to provide low latency data services by improving the communication and computation speed of IoT devices in a healthcare system. In Edge-based IoT-enabled healthcare systems, load balancing, network optimization, and efficient resource utilization are accurately performed using artificial intelligence (AI), i.e., intelligent software-defined network (SDN) controller. SDN-based Edge computing is helpful in the efficient utilization of limited resources of IoT devices. However, these low powered devices and associated data (private sensitive data of patients) are prone to various security threats. Therefore, in this paper, we design a secure framework for SDN-based Edge computing in IoT-enabled healthcare system. In the proposed framework, the IoT devices are authenticated by the Edge servers using a lightweight authentication scheme. After authentication, these devices collect data from the patients and send them to the Edge servers for storage, processing, and analyses. The Edge servers are connected with an SDN controller, which performs load balancing, network optimization, and efficient resource utilization in the healthcare system. The proposed framework is evaluated using computer-based simulations. The results demonstrate that the proposed framework provides better solutions for IoT-enabled healthcare systems. © 2013 IEEE. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Venki Balasubramaniam” is provided in this record**
- Authors: Li, Junxia , Cai, Jinjin , Khan, Fazlullah , Rehman, Ateeq , Balasubramanian, Venki
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 135479-135490
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) consists of resource-constrained smart devices capable to sense and process data. It connects a huge number of smart sensing devices, i.e., things, and heterogeneous networks. The IoT is incorporated into different applications, such as smart health, smart home, smart grid, etc. The concept of smart healthcare has emerged in different countries, where pilot projects of healthcare facilities are analyzed. In IoT-enabled healthcare systems, the security of IoT devices and associated data is very important, whereas Edge computing is a promising architecture that solves their computational and processing problems. Edge computing is economical and has the potential to provide low latency data services by improving the communication and computation speed of IoT devices in a healthcare system. In Edge-based IoT-enabled healthcare systems, load balancing, network optimization, and efficient resource utilization are accurately performed using artificial intelligence (AI), i.e., intelligent software-defined network (SDN) controller. SDN-based Edge computing is helpful in the efficient utilization of limited resources of IoT devices. However, these low powered devices and associated data (private sensitive data of patients) are prone to various security threats. Therefore, in this paper, we design a secure framework for SDN-based Edge computing in IoT-enabled healthcare system. In the proposed framework, the IoT devices are authenticated by the Edge servers using a lightweight authentication scheme. After authentication, these devices collect data from the patients and send them to the Edge servers for storage, processing, and analyses. The Edge servers are connected with an SDN controller, which performs load balancing, network optimization, and efficient resource utilization in the healthcare system. The proposed framework is evaluated using computer-based simulations. The results demonstrate that the proposed framework provides better solutions for IoT-enabled healthcare systems. © 2013 IEEE. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Venki Balasubramaniam” is provided in this record**
Bio-inspired network security for 5G-enabled IoT applications
- Saleem, Kashif, Alabduljabbar, Ghadah, Alrowais, Nouf, Al-Muhtadi, Jalal, Imran, Muhammad, Rodrigues, Joel
- Authors: Saleem, Kashif , Alabduljabbar, Ghadah , Alrowais, Nouf , Al-Muhtadi, Jalal , Imran, Muhammad , Rodrigues, Joel
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE access Vol. 8, no. (2020), p. 1-1
- Full Text:
- Reviewed:
- Description: Every IPv6-enabled device connected and communicating over the Internet forms the Internet of things (IoT) that is prevalent in society and is used in daily life. This IoT platform will quickly grow to be populated with billions or more objects by making every electrical appliance, car, and even items of furniture smart and connected. The 5th generation (5G) and beyond networks will further boost these IoT systems. The massive utilization of these systems over gigabits per second generates numerous issues. Owing to the huge complexity in large-scale deployment of IoT, data privacy and security are the most prominent challenges, especially for critical applications such as Industry 4.0, e-healthcare, and military. Threat agents persistently strive to find new vulnerabilities and exploit them. Therefore, including promising security measures to support the running systems, not to harm or collapse them, is essential. Nature-inspired algorithms have the capability to provide autonomous and sustainable defense and healing mechanisms. This paper first surveys the 5G network layer security for IoT applications and lists the network layer security vulnerabilities and requirements in wireless sensor networks, IoT, and 5G-enabled IoT. Second, a detailed literature review is conducted with the current network layer security methods and the bio-inspired techniques for IoT applications exchanging data packets over 5G. Finally, the bio-inspired algorithms are analyzed in the context of providing a secure network layer for IoT applications connected over 5G and beyond networks.
- Authors: Saleem, Kashif , Alabduljabbar, Ghadah , Alrowais, Nouf , Al-Muhtadi, Jalal , Imran, Muhammad , Rodrigues, Joel
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE access Vol. 8, no. (2020), p. 1-1
- Full Text:
- Reviewed:
- Description: Every IPv6-enabled device connected and communicating over the Internet forms the Internet of things (IoT) that is prevalent in society and is used in daily life. This IoT platform will quickly grow to be populated with billions or more objects by making every electrical appliance, car, and even items of furniture smart and connected. The 5th generation (5G) and beyond networks will further boost these IoT systems. The massive utilization of these systems over gigabits per second generates numerous issues. Owing to the huge complexity in large-scale deployment of IoT, data privacy and security are the most prominent challenges, especially for critical applications such as Industry 4.0, e-healthcare, and military. Threat agents persistently strive to find new vulnerabilities and exploit them. Therefore, including promising security measures to support the running systems, not to harm or collapse them, is essential. Nature-inspired algorithms have the capability to provide autonomous and sustainable defense and healing mechanisms. This paper first surveys the 5G network layer security for IoT applications and lists the network layer security vulnerabilities and requirements in wireless sensor networks, IoT, and 5G-enabled IoT. Second, a detailed literature review is conducted with the current network layer security methods and the bio-inspired techniques for IoT applications exchanging data packets over 5G. Finally, the bio-inspired algorithms are analyzed in the context of providing a secure network layer for IoT applications connected over 5G and beyond networks.
Energy sector development : system dynamics analysis
- Laimon, Mohamd, Mai, Thanh, Goh, Steven, Yusaf, Talal
- Authors: Laimon, Mohamd , Mai, Thanh , Goh, Steven , Yusaf, Talal
- Date: 2020
- Type: Text , Journal article
- Relation: Applied Sciences-Basel Vol. 10, no. 1 (Jan 2020), p. 19
- Full Text:
- Reviewed:
- Description: The development of a complex and dynamic system such as the energy sector requires a comprehensive understanding of its constituent components and their interactions, and thus requires approaches that can adapt to the dynamic complexity in systems. Previous efforts mainly used reductionist approaches, which examine the components of the system in isolation, neglecting their interdependent nature. Such approaches reduce our ability to understand the system and/or mitigate undesirable outcomes. We adopt a system dynamics approach to construct an integrated model for analysing the behaviour of the energy sector. Although the Australian energy sector is used as a case study, the model can be applied in other context elsewhere around the world The results indicate that the current trajectory of the Australian energy sector is unsustainable and growth is not being controlled. Limits to growth are fast approaching due to excessive fossil fuel extraction, high emissions and high energy dependency. With the current growth, Australia's global CO2 emissions footprint will increase to unprecedented levels reaching 12% by 2030 (9.5% for exports and 2.5% for domestic). Oil dependency will account for 43% and 47% of total consumption by 2030 and 2050. By 2032, coal will be the only fossil fuel resource available in Australia. Expansion of investment in coal and gas production is a large risk.
- Authors: Laimon, Mohamd , Mai, Thanh , Goh, Steven , Yusaf, Talal
- Date: 2020
- Type: Text , Journal article
- Relation: Applied Sciences-Basel Vol. 10, no. 1 (Jan 2020), p. 19
- Full Text:
- Reviewed:
- Description: The development of a complex and dynamic system such as the energy sector requires a comprehensive understanding of its constituent components and their interactions, and thus requires approaches that can adapt to the dynamic complexity in systems. Previous efforts mainly used reductionist approaches, which examine the components of the system in isolation, neglecting their interdependent nature. Such approaches reduce our ability to understand the system and/or mitigate undesirable outcomes. We adopt a system dynamics approach to construct an integrated model for analysing the behaviour of the energy sector. Although the Australian energy sector is used as a case study, the model can be applied in other context elsewhere around the world The results indicate that the current trajectory of the Australian energy sector is unsustainable and growth is not being controlled. Limits to growth are fast approaching due to excessive fossil fuel extraction, high emissions and high energy dependency. With the current growth, Australia's global CO2 emissions footprint will increase to unprecedented levels reaching 12% by 2030 (9.5% for exports and 2.5% for domestic). Oil dependency will account for 43% and 47% of total consumption by 2030 and 2050. By 2032, coal will be the only fossil fuel resource available in Australia. Expansion of investment in coal and gas production is a large risk.
Investigating smart home security : is blockchain the answer?
- Arif, Samrah, Khan, M. Arif, Rehman, Sabih, Kabir, Muhammad, Imran, Muhammad
- Authors: Arif, Samrah , Khan, M. Arif , Rehman, Sabih , Kabir, Muhammad , Imran, Muhammad
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 117802-117816
- Full Text:
- Reviewed:
- Description: Smart Home automation is increasingly gaining popularity among current applications of Internet of Things (IoT) due to the convenience and facilities it provides to the home owners. Sensors are employed within the home appliances via wireless connectivity to be accessible remotely by home owners to operate these devices. With the exponential increase of smart home IoT devices in the marketplace such as door locks, light bulbs, power switches etc, numerous security concerns are arising due to limited storage and processing power of such devices, making these devices vulnerable to several attacks. Due to this reason, security implementations in the deployment of these devices has gained popularity among researchers as a critical research area. Moreover, the adoption of traditional security schemes has failed to address the unique security concerns associated with these devices. Blockchain, a decentralised database based on cryptographic techniques, is gaining enormous attention to assure security of IoT systems. The blockchain framework within an IoT system is a fascinating substitute to the traditional centralised models, which has some significant concerns in fulfilling the demand of smart homes security. In this article, we aim to examine the security of smart homes by instigating the adoption of blockchain and exploring some of the currently proposed smart home architectures using blockchain technology. To present our findings, we describe a simple secure smart home framework based on a refined version of blockchain called Consortium blockchain. We highlight the limitations and opportunities of adopting such an architecture. We further evaluate our model and conclude with the results by designing an experimental testbed using a few household IoT devices commonly available in the marketplace. © 2013 IEEE.
- Authors: Arif, Samrah , Khan, M. Arif , Rehman, Sabih , Kabir, Muhammad , Imran, Muhammad
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 117802-117816
- Full Text:
- Reviewed:
- Description: Smart Home automation is increasingly gaining popularity among current applications of Internet of Things (IoT) due to the convenience and facilities it provides to the home owners. Sensors are employed within the home appliances via wireless connectivity to be accessible remotely by home owners to operate these devices. With the exponential increase of smart home IoT devices in the marketplace such as door locks, light bulbs, power switches etc, numerous security concerns are arising due to limited storage and processing power of such devices, making these devices vulnerable to several attacks. Due to this reason, security implementations in the deployment of these devices has gained popularity among researchers as a critical research area. Moreover, the adoption of traditional security schemes has failed to address the unique security concerns associated with these devices. Blockchain, a decentralised database based on cryptographic techniques, is gaining enormous attention to assure security of IoT systems. The blockchain framework within an IoT system is a fascinating substitute to the traditional centralised models, which has some significant concerns in fulfilling the demand of smart homes security. In this article, we aim to examine the security of smart homes by instigating the adoption of blockchain and exploring some of the currently proposed smart home architectures using blockchain technology. To present our findings, we describe a simple secure smart home framework based on a refined version of blockchain called Consortium blockchain. We highlight the limitations and opportunities of adopting such an architecture. We further evaluate our model and conclude with the results by designing an experimental testbed using a few household IoT devices commonly available in the marketplace. © 2013 IEEE.
Privacy protection and energy optimization for 5G-aided industrial internet of things
- Humayun, Mamoona, Jhanjhi, Nz, Alruwaili, Madallah, Amalathas, Sagaya, Balasubramanian, Venki, Selvaraj, Buvana
- Authors: Humayun, Mamoona , Jhanjhi, Nz , Alruwaili, Madallah , Amalathas, Sagaya , Balasubramanian, Venki , Selvaraj, Buvana
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 183665-183677
- Full Text:
- Reviewed:
- Description: The 5G is expected to revolutionize every sector of life by providing interconnectivity of everything everywhere at high speed. However, massively interconnected devices and fast data transmission will bring the challenge of privacy as well as energy deficiency. In today's fast-paced economy, almost every sector of the economy is dependent on energy resources. On the other hand, the energy sector is mainly dependent on fossil fuels and is constituting about 80% of energy globally. This massive extraction and combustion of fossil fuels lead to a lot of adverse impacts on health, environment, and economy. The newly emerging 5G technology has changed the existing phenomenon of life by connecting everything everywhere using IoT devices. 5G enabled IIoT devices has transformed everything from traditional to smart, e.g. smart city, smart healthcare, smart industry, smart manufacturing etc. However, massive I/O technologies for providing D2D connection has also created the issue of privacy that need to be addressed. Privacy is the fundamental right of every individual. 5G industries and organizations need to preserve it for their stability and competency. Therefore, privacy at all three levels (data, identity and location) need to be maintained. Further, energy optimization is a big challenge that needs to be addressed for leveraging the potential benefits of 5G and 5G aided IIoT. Billions of IIoT devices that are expected to communicate using the 5G network will consume a considerable amount of energy while energy resources are limited. Therefore, energy optimization is a future challenge faced by 5G industries that need to be addressed. To fill these gaps, we have provided a comprehensive framework that will help energy researchers and practitioners in better understanding of 5G aided industry 4.0 infrastructure and energy resource optimization by improving privacy. The proposed framework is evaluated using case studies and mathematical modelling. © 2020 Institute of Electrical and Electronics Engineers Inc.. All rights reserved.
- Authors: Humayun, Mamoona , Jhanjhi, Nz , Alruwaili, Madallah , Amalathas, Sagaya , Balasubramanian, Venki , Selvaraj, Buvana
- Date: 2020
- Type: Text , Journal article
- Relation: IEEE Access Vol. 8, no. (2020), p. 183665-183677
- Full Text:
- Reviewed:
- Description: The 5G is expected to revolutionize every sector of life by providing interconnectivity of everything everywhere at high speed. However, massively interconnected devices and fast data transmission will bring the challenge of privacy as well as energy deficiency. In today's fast-paced economy, almost every sector of the economy is dependent on energy resources. On the other hand, the energy sector is mainly dependent on fossil fuels and is constituting about 80% of energy globally. This massive extraction and combustion of fossil fuels lead to a lot of adverse impacts on health, environment, and economy. The newly emerging 5G technology has changed the existing phenomenon of life by connecting everything everywhere using IoT devices. 5G enabled IIoT devices has transformed everything from traditional to smart, e.g. smart city, smart healthcare, smart industry, smart manufacturing etc. However, massive I/O technologies for providing D2D connection has also created the issue of privacy that need to be addressed. Privacy is the fundamental right of every individual. 5G industries and organizations need to preserve it for their stability and competency. Therefore, privacy at all three levels (data, identity and location) need to be maintained. Further, energy optimization is a big challenge that needs to be addressed for leveraging the potential benefits of 5G and 5G aided IIoT. Billions of IIoT devices that are expected to communicate using the 5G network will consume a considerable amount of energy while energy resources are limited. Therefore, energy optimization is a future challenge faced by 5G industries that need to be addressed. To fill these gaps, we have provided a comprehensive framework that will help energy researchers and practitioners in better understanding of 5G aided industry 4.0 infrastructure and energy resource optimization by improving privacy. The proposed framework is evaluated using case studies and mathematical modelling. © 2020 Institute of Electrical and Electronics Engineers Inc.. All rights reserved.
A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks
- Khraisat, Ansam, Gondal, Iqbal, Vamplew, Peter, Kamruzzaman, Joarder, Alazab, Ammar
- Authors: Khraisat, Ansam , Gondal, Iqbal , Vamplew, Peter , Kamruzzaman, Joarder , Alazab, Ammar
- Date: 2019
- Type: Text , Journal article
- Relation: Electronics (Switzerland) Vol. 8, no. 11 (2019), p.
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques. © 2019 by the authors. Licensee MDPI, Basel, Switzerland.
- Authors: Khraisat, Ansam , Gondal, Iqbal , Vamplew, Peter , Kamruzzaman, Joarder , Alazab, Ammar
- Date: 2019
- Type: Text , Journal article
- Relation: Electronics (Switzerland) Vol. 8, no. 11 (2019), p.
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques. © 2019 by the authors. Licensee MDPI, Basel, Switzerland.
Robust malware defense in industrial IoT applications using machine learning with selective adversarial samples
- Khoda, Mahbub, Imam, Tasadduq, Kamruzzaman, Joarder, Gondal, Iqbal, Rahman, Ashfaqur
- Authors: Khoda, Mahbub , Imam, Tasadduq , Kamruzzaman, Joarder , Gondal, Iqbal , Rahman, Ashfaqur
- Date: 2019
- Type: Text , Journal article
- Relation: IEEE Transactions on Industry Applications Vol.56, no 4. (2020), p. 4415-4424
- Full Text:
- Reviewed:
- Description: Industrial Internet of Things (IIoT) deploys edge devices to act as intermediaries between sensors and actuators and application servers or cloud services. Machine learning models have been widely used to thwart malware attacks in such edge devices. However, these models are vulnerable to adversarial attacks where attackers craft adversarial samples by introducing small perturbations to malware samples to fool a classifier to misclassify them as benign applications. Literature on deep learning networks proposes adversarial retraining as a defense mechanism where adversarial samples are combined with legitimate samples to retrain the classifier. However, existing works select such adversarial samples in a random fashion which degrades the classifier's performance. This work proposes two novel approaches for selecting adversarial samples to retrain a classifier. One, based on the distance from malware cluster center, and the other, based on a probability measure derived from a kernel based learning (KBL). Our experiments show that both of our sample selection methods outperform the random selection method and the KBL selection method improves detection accuracy by 6%. Also, while existing works focus on deep neural networks with respect to adversarial retraining, we additionally assess the impact of such adversarial samples on other classifiers and our proposed selective adversarial retraining approaches show similar performance improvement for these classifiers as well. The outcomes from the study can assist in designing robust security systems for IIoT applications.
- Authors: Khoda, Mahbub , Imam, Tasadduq , Kamruzzaman, Joarder , Gondal, Iqbal , Rahman, Ashfaqur
- Date: 2019
- Type: Text , Journal article
- Relation: IEEE Transactions on Industry Applications Vol.56, no 4. (2020), p. 4415-4424
- Full Text:
- Reviewed:
- Description: Industrial Internet of Things (IIoT) deploys edge devices to act as intermediaries between sensors and actuators and application servers or cloud services. Machine learning models have been widely used to thwart malware attacks in such edge devices. However, these models are vulnerable to adversarial attacks where attackers craft adversarial samples by introducing small perturbations to malware samples to fool a classifier to misclassify them as benign applications. Literature on deep learning networks proposes adversarial retraining as a defense mechanism where adversarial samples are combined with legitimate samples to retrain the classifier. However, existing works select such adversarial samples in a random fashion which degrades the classifier's performance. This work proposes two novel approaches for selecting adversarial samples to retrain a classifier. One, based on the distance from malware cluster center, and the other, based on a probability measure derived from a kernel based learning (KBL). Our experiments show that both of our sample selection methods outperform the random selection method and the KBL selection method improves detection accuracy by 6%. Also, while existing works focus on deep neural networks with respect to adversarial retraining, we additionally assess the impact of such adversarial samples on other classifiers and our proposed selective adversarial retraining approaches show similar performance improvement for these classifiers as well. The outcomes from the study can assist in designing robust security systems for IIoT applications.
Security hardening of implantable cardioverter defibrillators
- Jaffar, Iram, Usman, Muhammad, Jolfaei, Alireza
- Authors: Jaffar, Iram , Usman, Muhammad , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1173-1178
- Full Text:
- Reviewed:
- Description: Contemporary healthcare has witnessed a wide deployment of Implantable Cardioverter Defibrillators (ICDs), which have the capability to be controlled remotely, making them equally accessible from both home and hospitals. The therapeutic benefits of ICDs seem to outweigh potential security concerns, yet overlooking the presence of malicious attacks cannot be justified. This study investigates the scenario where an adversary falsifies a controller command and sends instructions to issue high electric shocks in succession. We propose a novel security hardening mechanism to protect data communications between ICD and controller from malicious data manipulations. Our proposed method verifies the correctness of an external command with respect to the history of heart rhythms. The proposed method is evaluated using real data. Multi-aspect analyses show the effectiveness of the proposed scheme.
- Description: Proceedings of the IEEE International Conference on Industrial Technology
- Authors: Jaffar, Iram , Usman, Muhammad , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1173-1178
- Full Text:
- Reviewed:
- Description: Contemporary healthcare has witnessed a wide deployment of Implantable Cardioverter Defibrillators (ICDs), which have the capability to be controlled remotely, making them equally accessible from both home and hospitals. The therapeutic benefits of ICDs seem to outweigh potential security concerns, yet overlooking the presence of malicious attacks cannot be justified. This study investigates the scenario where an adversary falsifies a controller command and sends instructions to issue high electric shocks in succession. We propose a novel security hardening mechanism to protect data communications between ICD and controller from malicious data manipulations. Our proposed method verifies the correctness of an external command with respect to the history of heart rhythms. The proposed method is evaluated using real data. Multi-aspect analyses show the effectiveness of the proposed scheme.
- Description: Proceedings of the IEEE International Conference on Industrial Technology
Timeless principles of taxpayer protection: how they adapt to digital disruption
- Authors: Bentley, Duncan
- Date: 2019
- Type: Text , Journal article
- Relation: eJournal of Tax Research Vol. 16, no. 3 (2019), p. 679-713
- Full Text:
- Reviewed:
- Description: Digital transformation will pose growing challenges to tax revenues and systems of taxation that were designed for another century. The tax rules may hasten slowly, but the record of response to the challenges of electronic commerce, and of base erosion and profit shifting, shows that tax administration is more adaptable. This article identifies the detailed nature of technological changes in electronics and systems; big data, automation and artificial intelligence; and security, including blockchain; as those changes affect tax administration. It highlights the critical taxpayer rights issues and applies accepted taxpayer rights frameworks. The article concludes that taxpayer rights principles are both highly adaptable to a digital world, and provide useful guidance to where urgent action and further research are required. © 2019 UNSW Business School™.
- Authors: Bentley, Duncan
- Date: 2019
- Type: Text , Journal article
- Relation: eJournal of Tax Research Vol. 16, no. 3 (2019), p. 679-713
- Full Text:
- Reviewed:
- Description: Digital transformation will pose growing challenges to tax revenues and systems of taxation that were designed for another century. The tax rules may hasten slowly, but the record of response to the challenges of electronic commerce, and of base erosion and profit shifting, shows that tax administration is more adaptable. This article identifies the detailed nature of technological changes in electronics and systems; big data, automation and artificial intelligence; and security, including blockchain; as those changes affect tax administration. It highlights the critical taxpayer rights issues and applies accepted taxpayer rights frameworks. The article concludes that taxpayer rights principles are both highly adaptable to a digital world, and provide useful guidance to where urgent action and further research are required. © 2019 UNSW Business School™.
Vulnerability modelling for hybrid IT systems
- Ur-Rehman, Attiq, Gondal, Iqbal, Kamruzzuman, Joarder, Jolfaei, Alireza
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzuman, Joarder , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1186-1191
- Full Text:
- Reviewed:
- Description: Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.
- Description: Proceedings of the IEEE International Conference on Industrial Technology
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzuman, Joarder , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1186-1191
- Full Text:
- Reviewed:
- Description: Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.
- Description: Proceedings of the IEEE International Conference on Industrial Technology
GDPR: Governance implications for regimes outside the EU
- Ingley, Coral, Wells, Philippa
- Authors: Ingley, Coral , Wells, Philippa
- Date: 2018
- Type: Text , Conference proceedings
- Relation: 14th European Conference on Management, Leadership and Governance, ECMLG 2018 p. 105-113
- Full Text:
- Reviewed:
- Description: It is estimated that as of 2017 around 120 nations around the globe had legislation to protect personal data with at least another 30 in train. Many of the early regimes (dating back to the 1980s and 90s) reflect the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980, updated 2013). However, there are also increasing concerns that these guidelines may no longer be fit for purpose with recent issues regarding breaches of data security and privacy. The EU's General Data Protection Regulation (GDPR) (2016) implements a reformed data privacy regime. Tellingly, some of the new and pending privacy regulations elsewhere reflect the GDPR, a characteristic that suggests much about the impact of international trade. Two questions arise: first, how is the GDPR likely to affect and influence governance of organisations, not only those domiciled in the EU, but also those trading with the Union or having a presence there? Second, compared to the GDPR, what gaps are there in other existing privacy regimes and what are the implications for the governance of those organisations and their risk management strategies? This paper compares the GDPR with privacy regimes in place in New Zealand and Australia (the first of which has GDPR “approved country status” for receipt of data) and attempts to answer the questions above, thus providing a focus for empirical research. As such, the paper provides insight into the impact of the data privacy and security legislative reform, on corporate governance, strategy and risk management beyond the EU in its reach to far distant regions. © The Authors, 2018. All Rights Reserved.
- Description: Proceedings of the 14th European Conference on Management, Leadership and Governance, ECMLG 2018
- Authors: Ingley, Coral , Wells, Philippa
- Date: 2018
- Type: Text , Conference proceedings
- Relation: 14th European Conference on Management, Leadership and Governance, ECMLG 2018 p. 105-113
- Full Text:
- Reviewed:
- Description: It is estimated that as of 2017 around 120 nations around the globe had legislation to protect personal data with at least another 30 in train. Many of the early regimes (dating back to the 1980s and 90s) reflect the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980, updated 2013). However, there are also increasing concerns that these guidelines may no longer be fit for purpose with recent issues regarding breaches of data security and privacy. The EU's General Data Protection Regulation (GDPR) (2016) implements a reformed data privacy regime. Tellingly, some of the new and pending privacy regulations elsewhere reflect the GDPR, a characteristic that suggests much about the impact of international trade. Two questions arise: first, how is the GDPR likely to affect and influence governance of organisations, not only those domiciled in the EU, but also those trading with the Union or having a presence there? Second, compared to the GDPR, what gaps are there in other existing privacy regimes and what are the implications for the governance of those organisations and their risk management strategies? This paper compares the GDPR with privacy regimes in place in New Zealand and Australia (the first of which has GDPR “approved country status” for receipt of data) and attempts to answer the questions above, thus providing a focus for empirical research. As such, the paper provides insight into the impact of the data privacy and security legislative reform, on corporate governance, strategy and risk management beyond the EU in its reach to far distant regions. © The Authors, 2018. All Rights Reserved.
- Description: Proceedings of the 14th European Conference on Management, Leadership and Governance, ECMLG 2018
A secure lightweight texture encryption scheme
- Jolfaei, Alireza, Wu, Xinwen, Muthukkumarasamy, Vallipuram
- Authors: Jolfaei, Alireza , Wu, Xinwen , Muthukkumarasamy, Vallipuram
- Date: 2016
- Type: Text , Conference paper
- Relation: 7th Pacific-Rim Symposium on Image and Video Technology, PSIVT 2015; Auckland, New Zealand; 23rd-27th November 2015; published in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 9555, p. 344-356
- Full Text:
- Reviewed:
- Description: Due to the widespread application of augmented and virtual environments, the research into 3D content protection is fundamentally important. To maintain confidentiality, encryption of 3D content, including the 3D objects and texture images, is essential. In this paper, a novel texture encryption scheme is proposed which complements the existing 3D object encryption methods. The proposed method encrypts texture images by bit masking and a permutation procedure using the Salsa20/12 stream cipher. The method is lightweight and satisfies the security requirement. It also prevents the partial disclosure of the encrypted 3D surface geometry by protecting the texture patterns from being partially leaked. The scheme has a better speed-security profile than the full encryption and the selective (4most significant bit-plane) encryption by 128-bit AES. The encryption schemes are implemented and tested with 500 sample texture images. The experimental results show that the scheme has a better encryption performance compared to the full/selective encryption by 128-bit AES.
- Description: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
- Authors: Jolfaei, Alireza , Wu, Xinwen , Muthukkumarasamy, Vallipuram
- Date: 2016
- Type: Text , Conference paper
- Relation: 7th Pacific-Rim Symposium on Image and Video Technology, PSIVT 2015; Auckland, New Zealand; 23rd-27th November 2015; published in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 9555, p. 344-356
- Full Text:
- Reviewed:
- Description: Due to the widespread application of augmented and virtual environments, the research into 3D content protection is fundamentally important. To maintain confidentiality, encryption of 3D content, including the 3D objects and texture images, is essential. In this paper, a novel texture encryption scheme is proposed which complements the existing 3D object encryption methods. The proposed method encrypts texture images by bit masking and a permutation procedure using the Salsa20/12 stream cipher. The method is lightweight and satisfies the security requirement. It also prevents the partial disclosure of the encrypted 3D surface geometry by protecting the texture patterns from being partially leaked. The scheme has a better speed-security profile than the full encryption and the selective (4most significant bit-plane) encryption by 128-bit AES. The encryption schemes are implemented and tested with 500 sample texture images. The experimental results show that the scheme has a better encryption performance compared to the full/selective encryption by 128-bit AES.
- Description: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Preserving the confidentiality of digital images using a chaotic encryption scheme
- Jolfaei, Alireza, Matinfar, Ahmadreza, Mirghadri, Abdolrasoul
- Authors: Jolfaei, Alireza , Matinfar, Ahmadreza , Mirghadri, Abdolrasoul
- Date: 2015
- Type: Text , Journal article
- Relation: International Journal of Electronic Security and Digital Forensics Vol. 7, no. 3 (2015), p. 258-277
- Full Text:
- Reviewed:
- Description: Confidentiality of digital images is an important requirement for many multimedia applications and services. To maintain confidentiality, encryption of digital images is essential. Digital images are usually very large and encrypting such bulky data induces many performance overheads, which can be too expensive for real-time applications in resource constrained environments. In this paper, we propose a chaotic image encryption scheme which satisfies the need for both light-weightedness and security. To justify the security and efficiency, the new cipher was evaluated using a series of statistical tests. These tests included a visual testing and a histogram analysis, a randomness analysis, a correlation analysis, an entropy analysis and an image encryption quality analysis. Based on all analyses and experimental results, it is concluded that the proposed scheme is effective, efficient and trustworthy and therefore can be adopted for image encryption.
- Authors: Jolfaei, Alireza , Matinfar, Ahmadreza , Mirghadri, Abdolrasoul
- Date: 2015
- Type: Text , Journal article
- Relation: International Journal of Electronic Security and Digital Forensics Vol. 7, no. 3 (2015), p. 258-277
- Full Text:
- Reviewed:
- Description: Confidentiality of digital images is an important requirement for many multimedia applications and services. To maintain confidentiality, encryption of digital images is essential. Digital images are usually very large and encrypting such bulky data induces many performance overheads, which can be too expensive for real-time applications in resource constrained environments. In this paper, we propose a chaotic image encryption scheme which satisfies the need for both light-weightedness and security. To justify the security and efficiency, the new cipher was evaluated using a series of statistical tests. These tests included a visual testing and a histogram analysis, a randomness analysis, a correlation analysis, an entropy analysis and an image encryption quality analysis. Based on all analyses and experimental results, it is concluded that the proposed scheme is effective, efficient and trustworthy and therefore can be adopted for image encryption.