Web technologies have created a worldwide web of problems and cyber risks for individuals and organizations. In this paper, we evaluate web technologies and present the different technologies and their positive impacts on individuals and business sectors. Also, we present a cyber-criminals metrics engine for attack determination on web technologies platforms’ weaknesses. Finally, this paper offers a cautionary note to protect Small and Medium Businesses (SMBs) and make recommendations to help minimize cyber risks and save individuals and organizations from cyberattack distress.

With the advancement in computing power and speed, the Internet is being transformed from screen-based information to immersive and extremely low latency communication environments in web 3.0 and the Metaverse. With the emergence of the Metaverse technology, more stringent demands are required in terms of connectivity such as secure access and data privacy. Future technologies such as 6G, Blockchain, and Artificial Intelligence (AI) can mitigate some of these challenges. The Metaverse is now on the verge where security and privacy concerns are crucial for the successful adaptation of such disruptive technology. The Metaverse and web 3.0 are to be decentralized, anonymous, and interoperable. Metaverse is the virtual world of Digital Twins and nonfungible tokens (NFTs).The control and possession of users’ data on centralized servers are the cause of numerous security and privacy concerns.This paper proposes a solution for the security and interoperability challenges using Self-Sovereign Identity (SSI) integrated with blockchain. The philosophy of Self-Sovereign Identity, where the users are the only holders and owners of their identity, comes in handy to solve the questions of decentralization, trust, and interoperability in the Metaverse. This work also discusses the vision of a single, open standard, trustworthy, and interoperable Metaverse with initial design and implementation of SSI concepts.

The internet has made everything convenient. Through the world wide web it has almost single-handily transformed the way we live our lives. In doing so, we have become so fuelled by cravings for fast and cheap web connections that we find it difficult to take in the bigger picture. It is widely documented that we need a safer and more trusting internet, but few know or agree on what this actually means. This paper introduces a new body of research that explores whether there needs to be a fundamental shift in how we design and deliver these online spaces. In detail, the authors suggest the need for an internet security aesthetic that opens up the internet (from end to end) to fully support the people that are using it. Going forward, this research highlights that social trust needs to be a key concern in defining the future value of the internet.

Current and future networks must tackle identity management to authenticate and authorise users to access services. Identity management solutions are widely employed nowadays, where one authenticates in third-party services using account information stored securely in identity providers. Solutions like OpenID Connect relying on OAuth 2.0 are employed to support Single-Sign-On, facilitating users’ login process, which does not need to manage multiple accounts in several services. Despite their wide usage in several domains (enterprise, web applications), they only consider entities like persons. Thus, trust information regarding the levels of trust a person can perceive when accessing services with its devices in specific environments (e.g. untrusted networks like public hotspots) can be employed to protect access to data. OIDC-TCI is an approach to convey context information reflecting the trust relations between endusers, the applications/services running in devices, and a specific environment where access to sensitive resources needs to be authorised. The results demonstrate OIDC-TCI as a feasible solution to convey trust with minimal impact, in compliance with OpenID Connect, in a web service - TeaStore.

COVID-19 has taught us the need of practicing social distancing. In the year 2020 because of sudden lockdown across the globe, E-commerce websites and e-shopping were the only escape to fulfill our basic needs and with the advancement of technology putting your websites online has become a necessity. Be it food, groceries, or our favorite outfit, all these things are now available online. It was noticed during the lockdown period that the businesses that had no social presence suffered heavy losses. On the other hand, people who had established their presence on the internet saw a sudden boom in their overall sales. This project discusses how the recent advancement in the field of Machine Learning and Artificial Intelligence has led to an increase in the sales of various businesses. The machine learning model analyses the pattern of customer’s behavior which affects the sales builds a dataset after many observations and finally helps generate an algorithm which is an efficient recommendation system. This project also discusses how cyber security helps us have secured and authenticated transactions which have aided ecommerce business growth by building customer s trust.

We are adopting blockchain-based security features for the usage in web service applications \& platforms. These technology concepts allow us to enhance the level of trustworthiness for any kind of public web service platform. Related platforms are using simple user registration and validation procedures, which provide huge potential for illegal activities. In contrast, more secure live video identity checks are binding massive resources for the individual, staff-intensive validation tasks. Our approach combines traditional web-based service platform features with blockchain-based security enhancements. The concepts are used on two layers, for the user identification procedures as well as the entire process history on the web service platform.

To improve the security and reliability of remote terminals under trusted cloud platform, an identity authentication model based on DAA optimization is proposed. By introducing a trusted third-party CA, the scheme issues a cross domain DAA certificate to the trusted platform that needs cross domain authentication. Then, privacy CA isolation measures are taken to improve the security of the platform, so that the authentication scheme can be used for identity authentication when ordinary users log in to the host equipped with TPM chip. Finally, the trusted computing platform environment is established, and the performance load distribution and total performance load of each entity in the DAA protocol in the unit of machine cycle can be acquired through experimental analysis. The results show that the scheme can take into account the requirements of anonymity, time cost and cross domain authentication in the trusted cloud computing platform, and it is a useful supplement and extension to the existing theories of web service security.

The objective of this paper is to introduce a scheme of comprehensive-factor authentication in edge computing, focusing on a case study of time attendance in smart environments. This authentication scheme deploys all possible factors to maximize security while maintaining usability at a specific smart context. The factors used include three classic elements: something you know, something you have, and something you are, plus an additional location factor. The usability issue involves the ability to reduce time used and to minimize the human actions required throughout the authentication process. The results show that all factors should be authenticated at once in background, and a user can successfully complete the authentication process by performing one or two actions simultaneously. Since user role in a smart environment can be more complicated than roles in other smart offices, role classification at an early stage is highly recommended. The case study reveals that the same setting can require varying levels of security and usability for each user.

Cyber-physical Systems can be defined as a complex networked control system, which normally develop by combining several physical components with the cyber space. Cyber Physical System are already a part of our daily life. As its already being a part of everyone life, CPS also have great potential security threats and can be vulnerable to various cyber-attacks without showing any sign directly to component failure. To protect user security and privacy is a fundamental concern of any kind of system; either it’s a simple web application or supplicated professional system. Digital Multifactor authentication is one of the best ways to make secure authentication. It covers many different areas of a Cyberconnected world, including online payments, communications, access right management, etc. Most of the time, Multifactor authentication is little complex as it requires extra step from users. This paper will discuss the evolution from single authentication to Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). This paper seeks to analyze and evaluate the most prominent authentication techniques based on accuracy, cost, and feasibility of implementation. We also suggest several authentication schemes which incorporate with Multifactor authentication for CPS.

Two-factor authentication (2FA) is commonly used in Internet of Things (IoT) authentication to provide multi-layer protection. Tokens, often known as One-Time Passwords (OTP), are used to offer additional information. While this technique provides flexible verification and an additional layer of security, it still has a number of security issues. This is because it relies on third-party services to produce tokens or OTPs, which leads to serious information leakage issues. Additionally, relying on a third party to provide authentication tokens significantly increases the risk of exposure and attacks, as tokens can be stolen via Man-In-The-Middle (MITM) attacks. In trying to rectify this issue, in this paper, we propose and develop a blockchain-based two-factor authentication method for web-based access to sensor data. The proposed method provides a lightweight and usercentric authentication that makes use of Ethereum blockchain and smart contracts technologies. Then we provided performance and security analysis of our system. Based on the evaluation results, our method has proven to be effective and has the ability to facilitate reliable authentication.

Two-factor authentication (2FA) offers very important security enhancement to traditional username-password authentication, while in many cases incurring undesirable user burdens (e.g., entering a one-time verification code sent to a phone via SMS). Some zero-effort authentication techniques (e.g., Sound-Proof) have been proposed to relieve such burdens without degrading security, but are vulnerable to prediction attacks and co-existence attacks. This paper proposes ABLE, a zeroeffort 2FA approach based on co-location detection leveraging environmental Bluetooth Low Energy (BLE) signal characteristics. In this approach, a laptop on which the user tries to authenticate to a web server, and the user’s smartphone placed nearby which is trusted by the server, both collect and send a record of environmental BLE signal characteristics to the server. The server decides whether the two devices are colocated by evaluating the similarity of the two records, and makes the authentication decision. ABLE is constructed based on the fact that only two devices in close proximity share similar environmental signal characteristics, which distinguishes a legitimate user device from potential adversaries. Due to its location-sensitive nature, combining favorable features brought with the BLE protocol, ABLE is gifted with good resistance to attacks that threaten existing zero-effort authentication schemes. ABLE is not only immune to remote attackers, but also achieves an accuracy over 90\% even against co-present attackers.

The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a twofactor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80\% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5\%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.

Increasing number of online services have brought great convenience to users, and remote user authentication schemes have been widely used to verify the legitimacy of the authorized users. However, most of the existing authentication schemes are based on password, in which users need to remember the complex passwords and change them frequently. In addition, the great majority of authentication schemes have security defects. Through the analysis of the scheme proposed by Haq et al., we find that it is difficult to resist the key compromise impersonation attack. Therefore, an improved two-factor multiserver authentication scheme without password is proposed. The perfect combination of the user s biological characteristics and the PUF s physical characteristics enhances the practicality and efficiency of the solution. Security analysis of the proposed scheme shows that it can resist various known security attacks.

This work proposes a two-factor authentication method by integrating the second factor into the authentication service in system with a centralized user s database. This approach made it possible to achieve the universality of the process and reduce the authentication time. In this case, the compromise of the first factor becomes inexpedient. Simulation showed that the rest of the authentication parameters meet the requirements defined by international standards for two-factor authentication procedures.

There are three critical aspects of cyber security: authentication, safety, and secrecy. Consumers have access to a wide range of alternatives for improving the safety of passwordbased login systems. With two-factor authentication, the majority of this was done. Two-factor authentication combines singlefactor authentication processes. Two-factor authentication is becoming increasingly common and widely accepted in today’s technological age due to the growing need for privacy and security. Customized security measures are more effective and bought if they are easy to use and implement. For increased website and mobile app security, this study examines the consequences of using a three- factor authentication scheme. This post will present an app we built that might provide a good three-factor authentication approach without losing the convenience.

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

Connected vehicles need to generate, store, process, and exchange a multitude of information with their environment. Much of this information is privacy-critical and thus regulated by privacy laws like the GDPR for Europe. In this paper, we analyze and rate exemplary data (flows) of the electric driving domain with regard to their criticality based on a reference architecture. We classify the corresponding ECUs based on their processed privacy-critical data and propose technical mitigation measures and technologies in form of generic privacy-enhancing building blocks according to the classification and requirements derived from the GDPR.

The integrated big data platform aims to provide one-stop development and operation capabilities for massive heterogeneous data. Various components are organically combined and managed in a unified way. At the same time, the underlying technical details are shielded from users, so as to finally achieve the purpose of convenient data development, reducing operation and maintenance costs, and standardizing management processes. This article introduces the functional modules that the platform should have one by one, covering data storage, data integration, data management and governance, data development, data processing and analysis, high availability, operation and maintenance management, and data security. Finally, the typical characteristics and development direction of the integrated big data platform are pointed out.

Practical cryptographic systems rely on a true random number generator (TRNG), which is a necessary component in any hardware Root-of-Trust (RoT). Hardware trust anchors are also integrated into larger chips, for instance as hard-IP cores in FPGAs, where the remaining FPGA fabric is freely programmable. To provide security guarantees, proper operation of the TRNG is critical. By that, adversaries are interested to tamper with the ability of TRNGs to produce unpredictable random numbers. In this paper, we show that an FPGA on-chip attack can reduce the true randomness of a TRNG integrated as a hard-IP module in the FPGA. This module is considered to be an immutable security module, compliant with NIST SP 800193 Platform Firmware Resilience Guidelines (PFR), which is a well known guideline for system resilience, and it is also certified by the Cryptographic Algorithm Validation Program (CAVP). By performing an on-chip voltage drop-based fault attack with user-programmable FPGA logic, the random numbers produced by the IP core fail NIST SP 800-22 and BSI AIS31 tests, meaning they are not truly random anymore. By that, this paper shows that new attack vectors can break even verified IP cores, since on-chip attacks are usually not considered in the threat model, which can still affect highly integrated systems.

Employing Trusted Execution Environment (TEE) technology such as ARM TrustZone to deploy sensitive security modules and credentials for secure, authenticated access is the go-to solution to address integrity and confidentiality challenges in untrusted devices. While it has been attracting attention as an effective building block for secure enterprise IT systems (e.g., BYOD), these secure operating systems are often not open-source, and thus system operators and developers have to largely depend on mobile platform vendors to deploy their applications in the secure world on TEE. Our solution, called GateKeeper, addresses the primary obstacle for system operators to adopt ARM TrustZone TEE to deploy their own, in-house security systems, by enabling the operators more control and flexibility on Trusted App (TA) installation and update procedure without mandating involvement of the mobile platform vendors at each iteration. In this paper, we first formulate an ecosystem for enabling such operator-centric TA management, and then discuss the design of GateKeeper, which is a comprehensive framework to enable operator-centric TA management on top of GlobalPlatform specification. We further present a proof-ofconcept implementation using OP-TEE open-source secure OS to demonstrate the feasibility and practical resource consumption (less than 1000 lines of code and 500 KBytes on memory).

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

Internet of Things (IoT) devices are increasingly deployed nowadays in various security-sensitive contexts, e.g., inside homes or in critical infrastructures. The data they collect is of interest to attackers as it may reveal living habits, personal data, or the operational status of specific targets. This paper presents an approach to counter software manipulation attacks against running processes, data, or configuration files on an IoT device, by exploiting trusted computing techniques and remote attestation. We have used a Raspberry Pi 4 single-board computer device equipped with Infineon Trusted Platform Module (TPM) v2, acting as an attester. A verifier node continuously monitors the attester and checks its integrity through remote attestation protocol and TPM-enabled operations. We have exploited the Keylime framework from MIT Lincoln Laboratories as remote attestation software. Through tests, we show that remote attestation can be performed within short time (in order of seconds), allowing to restrict the window of exposure of such devices to attacks against the running software and/or hosted data.

In this paper, the electronic structure of selfassembled InGaN/GaN nanowire heterojunctions is investigated. By growing the "T" shaped InGaN/GaN nanowire heterojunction structure, the crystal quality of InGaN was improved, and the phase separation phenomenon of In0.5Ga0.5N nanowires was found. Firstly, it is found that the morphology of GaN self-assembled nanowires is better when the V/III ratio is 9. Then, the morphology and physical properties of InGaN/GaN nanowire heterojunctions with different in compositions were studied. It was found that with the increase of the in composition, the lateral extension of InGaN became serious and the crystal quality deteriorated. A trusted platform module with a similar mechanism but oriented to the cloud environment was proposed, which could monitor the security status of all virtual machines in the virtual group and give Validators provide a view of the trusted state of semiconductor materials.

With the development of Internet of Things (IoT) technology, the digital pill has been employed as an IoT system for emerging remote health monitoring to detect the impact of medicine intake on patients’ biological index. The medical data is then used for model training with federated learning. An adversary can launch poisoning attacks by tampering with patients’ medical data, which will lead to misdiagnosis of the patients’ conditions. Lots of studies have been conducted to defend against poisoning attacks based on blockchain or hardware. However, 1) Blockchain-based schemes can only exploit on-chain data to deal with poisoning attacks due to the lack of off-chain trusted entities. 2) Typical hardware-based schemes have the bottleneck of single point of failure. To overcome these defects, we propose a defense scheme via multiple Trusted Platform Modules (TPMs) and blockchain oracle. Benefitting from multiple TPMs verification results, a distributed blockchain oracle is proposed to obtain off-chain verification results for smart contracts. Then, the smart contracts could utilize the off-chain verification result to identify poisoning attacks and store the unique identifiers of the non-threatening IoT device immutably on the blockchain as a whitelist of federated learning participants. Finally, we analyze the security features and evaluate the performance of our scheme, which shows the robustness and efficiency of the proposed work.

Embedded smart devices are widely used in people s life, and the security problems of embedded smart devices are becoming more and more prominent. Meanwhile lots of methods based on software have been presented to boot the system safely and ensure the security of the system execution environment. However, it is easy to attack and destroy the methods based on software, which will cause that the security of the system cannot be guaranteed. Trusted Computing Group proposed the method of using Trusted Platform Module (TPM) to authenticate the credibility of the platform, which can solve the disadvantages of using methods based on software to protect the system. However, due to the limited resource and volume of embedded smart devices, it is impossible to deploy TPM on embedded smart devices to ensure the security of the system operating environment. Therefore, a novel trusted boot model for embedded smart devices without TPM is proposed in this paper, in which a device with TPM provides trusted service to realize the trusted boot of embedded smart devices without TPM through the network and ensure the credibility of the system execution environment.