Cybersecurity is an ever-evolving discipline that aims to protect every aspect of an information system, including its users, from digital threats, adversaries and attacks. When it comes to the overall security of an account or a system as a whole, the combination of people and passwords have always been considered the weakest link in the chain since poorly chosen weak, leaked, reused and easy-to-remember passwords still continue to pose an insurmountable threat to the security of innumerable accounts and systems. Yet, much to the dismay of cybersecurity specialists and researchers from all over the world, password-based authentication still remains as one of the most dominant ways of verifying a user s identity, thus making our password-protected accounts, systems and devices a highly lucrative target for cybercriminals. This paper aims to highlight the strengths and weaknesses of passwords in comparison with various other techniques such as multi-factor and adaptive risk-based authentication schemes that have been adopted over the years to augment password-based authentication systems as well as discuss the recent advent of the FIDO2 authentication standard that aims to bid adieu to passwords in favor of making biometric and possession-based authentication the new norm by making them more easily accessible to developers and users alike while ensuring an optimum level of security and privacy at all times.
Authored by Mohammed Kabir, Wael Elmedany
With people s attention to information security, the research on authentication encryption algorithm has become a very important branch of cryptography in recent years. It is widely used in data encryption, message authentication, authentication and key management. In the network of large-scale communication nodes, there are a large quantity of network nodes and a variety of devices. The traditional PKI cryptosystem has the problems of certificate management difficulty and resource waste. Based on the research of block cipher algorithm, this article discusses its application in the design of terminal identity authentication system, and designs a node two-way authentication scheme based on identity encryption. The simulation results show that the block cipher algorithm proposed in this article can get 95.82\%, accuracy, which is higher than the contrast algorithm. Authentication and encryption algorithm based on block cipher plays an important role in authentication and encryption algorithm because of its fast implementation speed of software and hardware and easy standardization. The research shows that the algorithm proposed in this article is superior to other algorithms in the application of terminal identity authentication system. It provides a new solution for related research.
Authored by Dongmei Bin, Xin Li, Ming Xie, Yongjian Liang, Chunyan Yang
Due to the existing global navigation satellite system (GNSS) is an open, without certification system, satellite receiver is vulnerable to the potential for fraud. Therefore, it is urgent to solve the security certification problem of GNSS civil signals. Aiming at the above problems, this paper proposes a navigation encryption authentication technology based on modulation Method authentication (MMA) based on UBFH-BOC signal system. The results show that the authentication scheme can effectively resist the threat of spoofing, ensure the security of navigation signal transmission, and provide a reference for the subsequent application of high security navigation signal structure.
Authored by Minshu Zhang, Lixin Zhang, Lang Bian, Tian Li
The changes in technologies has also changed the way we compute. Computing applications provide various types of functionalities. However, a common thing is to secure the same computing system. It requires a high level of developer skills to secure a system. Generally, verifying users before access of services, encryption of data, and techniques of parallel access of information by multiple users is done to ensure only valid users can access the services. One need to verify person, device, process, or service before it access the related service(s). In this paper, we present a review of authentication techniques used in computing computing. It elaborates methods used for traditional authentication using articles, letters, people, passwords, one-time passwords, digital certificates, two-way authentication to latest behavioural, doodles, image sequence, gestures based recognition of users using biometrics, gait-based and their behavioural analytics. It also discusses key features of various methods including gaps and scope of improvement.
Authored by Mandeep Kaur, Prachi Garg
The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a two-factor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80\% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5\%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.
Authored by Rizka Pahlevi, Vera Suryani, Hilal Nuha, Rahmat Yasirandi
The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a user s environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi-Fi radio wave transmission and ML algorithms to analyze beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi access points to determine the user s location. The aim is to provide a secure and efficient method of authentication without the need for additional hardware or software. A prototype was developed using Raspberry Pi devices and experiments were conducted to demonstrate the effectiveness and practicality of the proposed approach. Results showed that the proposed system can significantly enhance the security of sensitive information in various industries such as finance, healthcare, and retail. This study sheds light on the potential of Wi-Fi radio waves and RSSI values as a means of user authentication and the power of ML to identify patterns in wireless signals for security purposes. The proposed system holds great promise in revolutionizing the field of 2FA and user authentication, offering a new era of secure and seamless access to sensitive information.
Authored by Ali AlQahtani, Thamraa Alshayeb
In today s world, the traditional way of password based authentication is having limitations in addressing the security concerns of the digital users. There is a strong movement in favour of passwordless authentication to secure our cyber identities and digital assets. In the recent years, a lot of research outputs have been published in the field of authentication with techniques like multifactor authentication, passwordless authentication, adaptive authentication and continuous authentication. Not only the user, but also the device, the application etc. must be authenticated to access the resources, facilities and services. Even though the passwords face some serious security issues, they enjoy considerable user acceptance and hence some schemes termed as semi-passwordless authentication are also prevalent. This paper goes through existing authentication schemes, their security issues, attacks and the next step ahead.
Authored by Midhuna R, N. Jeyanthi
With the advances in 5G communication and mobile device, internet of drones (IoD) has emerged as a fascinating new concept in the realm of smart cities, and has garnered significant interest from both scientific and industrial communities. However, IoD are fragile to variety of security attacks because an adversary can reuse, delete, insert, intercept or block the transmitted messages over an open channel. Therefore, it is imperative to have robust and efficient authentication and key agreement (AKA) schemes for IoD in order to to fulfill the necessary security requirements. Recently, Nikooghadm et al. designed a secure and lightweight AKA scheme for internet of drones (IoD) in IoT environments. However, we prove that their scheme is not resilient to various security threats and does not provide the necessary security properties. Thus, we propose the essential security requirements and guidelines to enhance the security flaws of Nikooghadm et al.’s scheme.
Authored by Sungjin Yu, Keonwoo Kim, Kim Taesung, Boheung Chung, Yousung Kang
As digital ecosystems burgeon, the imperative to fortify user authentication methods intensifies. This paper introduces a novel two-factor authentication system designed to transcend the limitations of conventional password-based approaches. Our approach intertwines traditional login credentials with personalized image-based verification, ushering in a dual-layered authentication paradigm. This elevates security by mandating the fulfillment of two independent factors and engenders a user-centric authentication experience. Users establish primary login credentials during the account creation phase and select personalized images imbued with personal significance. Each image is intricately linked to a user-defined keyword, enhancing the authentication process s meaningfulness. The authentication phase comprises submitting primary credentials, random display of associated keywords, and subsequent user identification and image upload. The system intelligently restricts authentication attempts with differentiated limits for known and unknown devices to preempt password attacks. The amalgamation of personalized images, keywords, and a strategic limitation on authentication attempts distinguishes our system as a comprehensive solution. It mitigates the vulnerabilities associated with traditional authentication methods and augments the user experience. Our two-factor authentication system stands as a testament to the evolving landscape of user authentication, offering a secure and engaging pathway in an era of heightened digital vulnerabilities. While our innovative system presents significant progress, it is imperative to recognize certain limitations for a successful implementation. Ongoing attention and refinement are particularly crucial in addressing concerns related to device and image dependency and potential vulnerabilities associated with shoulder surfing attacks.
Authored by Essohanam Djeki, Jules Dégila, Muhtar Alhassan
In present authentication systems on the web, users are compelled to interact with identity providers. Initially, they are required to register on a particular website wherein they fill all their details. After this stage, they get a user id and password or token which they can use for accessing the application and their respective features. However, from security point of view, this type of system can be challenging. In such systems, authentication of data is available with the identity providers. It could be hacked to obtain the user passwords and other details. Various current systems track the activity of users and users provide access to sensitive information for the same. For example, access to storage, files, contacts, etc. To make sure that data is available, third-party servers are required which need to be available during authentication. In current, various methods for authentication such as Single-Factor, Two-Factor Authentication (2FA), Single Sign-On, Multi-Factor Authentication, etc are used. In this paper, we will study the authentication systems, their advantages and flaws along with the protocols used.
Authored by Anagha Chaudhari, Ashish Pawar, Adesh Pawar, Ajay Pawar, Ganesh Pawar
Data encryption is the process of turning data into encrypted data. It is a crucial technology for securing data while it is being stored or transmitted, especially in cloud environments where data is stored remotely and accessed over the internet. In our study, we compared five well-known algorithms to determine which is the most reliable for data encryption in cloud environments. This research study provides insights into the performance of different data encryption algorithms in the cloud environment and their potential applications in various industries. There are several benefits of using data encryption, including cost efficiency, management control and remote worker protection. Encryption is cheap to implement as many of today s devices and systems come with built-in encryption technology. Encryption can free organizations from government-imposed regulatory fines as some governments have mandated regulations and requirements regarding data protection that require private data to be encrypted and prevent all unauthorized access and all illegal activities. Encryption can help secure and protect remote workers by securing their data and communications. As more and more employees opt for remote working, that is, working from home, the need for data security has become more important.
Authored by R.E.H.S. Rajendra, T.Veer Reddy, B.Lakshmi Murthy, Sai Bhagavan, Srithar S, S.S. Aravinth
Encryption technique is widely used to ensure security in communication and wireless networks such as the Internet, Networking zone and Intranet. Every type of data has its own characteristics consequently, to safeguard private picture data from unwanted access, a variety of strategies are employed. In this paper an image encryption technology called Data Encryption Standard (DES) is combined with XOR to create a block cypher transformation algorithm for picture security. The suggested method is based on XOR with DES encryption, which emphasizes larger changes in the RGB combination as well as the histogram. The findings of the suggested method indicate more variety. The security of the system will be increased by increasing the variety.
Authored by Hariom Singh, Chetan Gupta
Nowadays, the increasing number of devices deployed in IoT systems implementation and the requirement of preserving the integrity of data transported over the Internet, demand the use of data encryption schemes. This paper aims to show the performance evaluation of CP-ABE (Ciphertext-Policy Attribute Based Encryption) type of encryption over MQTT (Message Queue Transport Telemetry) that focuses on execution time for an IoT system with Raspberry Pi. For the implementation, two Raspberry Pi 4 Computer Model B are used for both the publisher and the subscriber, and a computer with Ubuntu 20.04 LTS operating system is used for the Broker and the Key Authority. The result of the present work provides relevant information on the execution times required in the CP-ABE encryption scheme to provide data integrity and fine-grained access control policy in an IoT system. The work demonstrates that the CP-ABE encryption scheme is suitable for IoT systems.
Authored by Fredy Mendoza-Cardenas, Rai Leon-Aguilar, Jose Quiroz-Arroyo
This paper present s a new image encryption model with focus on symmetric key schemes. It discus 5 schemes: Random Generation Key (8B); Random Key Generation part A(4B) and part B(4B); Input User Key (4B), Encrypted key and Random Key generation (4B); Random Key Generate (4B) and Input User Encrypted Key (4B); Input User Key (8B). Experimental results are based on image encryption by DES algorithm (5 instances) and by AES algorithm (5 instances). A table with image quality values and a table with complex arithmetic mean error are done.
Authored by Gergana Spasova, Milena Karova
The foundation of cryptography is number theory, which is crucial to data security. The majority of commonly used encryption techniques use prime integers, making it challenging to identify specific prime values (keys). The suggested approach employs matrices and vectors as keys, making it harder to identify the individual keys and using vectors to represent the data. Now a days, one method for providing data security safeguards is encryption. The right encryption technique protects digital data from unauthorized access, data corruption, e-piracy, e-theft, and other threats. Data security is the main benefit of utilizing this method. Here, we have used the symmetric key encryption procedure to generate keys from two uneven matrices. Seven different keys in matrix format have been chosen to perform encryption and decryption. With the help of an example, the techniques for encryption and decryption have been explained.
Authored by M. Maragatharajan, L. Sathishkumar, J. Manikandan, S. Suprakash, P. Naveen
Nowadays, in communications, the main criteria to ensure that the information and communication in the network. The normal two users communication exchanges confidential data and files via the network. Secure data communication is the most important and crucial problem by message transmission networks. To resolve this problem, cryptography uses mathematical encryption and decryption data on adaptation by converting a data from key into an unreadable format. Cryptography provides a method for performing the transmission of confidential or secure communication. The proposed Padding Key Encryption (PKE) algorithm is used to encrypt the data; it generates the secret key in an unreadable format. The receiver decrypts the data using the private key in a readable format. In the proposed PKE algorithm, the sender sends data into plain text to cipher-text using a secret key to the authorized person; the unauthorized person cannot access the data through the Internet; only an authorized person can view the data the private key. The proposed simulation results provide high security to communicate the receiver for confidential data or files compared with other previous methods.
Authored by Aman Mittal, Frederick Sidney
This paper presents a novel image encryption method that combines symmetric and asymmetric encryption with a watermark embedding extraction algorithm based on wavelet transform. The algorithm ensures the invisibility and robustness of the watermark, providing the first layer of encryption. The second layer of encryption is implemented by leveraging the efficiency of symmetric encryption and the security of asymmetric encryption. The integrity of the watermarking is evaluated using MEB(\%), PSNR(dB), and SSIM(\%), while the algorithm s efficiency is assessed through the encryption time T(ms). Experimental results show that the watermark achieves a PSNR of 59.671dB and an SSIM of 99.9, confirming its integrity and robustness. Furthermore, the synthetic encryption process takes only 50 seconds, ensuring both security and efficiency without increasing the time complexity. In conclusion, the proposed synthetic encryption algorithm demonstrates excellent performance in terms of efficiency and security.
Authored by Xin Xiong, Ruixuan Xu, Zhiyang Li, Xinyi Zheng, Ziqing Wang
The power communication network based on 5G network slicing is an important foundation to support smart grid, and the bearing of small granularity power regulation and control class services depends on the slicing soft isolation technology, and the data isolation between each soft isolation channel is crucial. In this paper, we propose a new symmetric cryptographic algorithm based on random coding, and establish a hybrid encryption method based on this symmetric algorithm, combined with SM2 and SM3 algorithms, which is suitable for encrypting the data of power regulation and control services. It is also verified through simulation that the proposed hybrid encryption method has high encryption efficiency while ensuring security.
Authored by Yunfei Guo, Peng Wu, Wei Huang, Yong Zhang, Jian Meng
This paper explores the advantages and limitations of probabilistic and deterministic encryption schemes for securing sensitive data. While probabilistic encryption ensures high security for data encryption, it can pose limitations when filtering and querying data. On the other hand, deterministic encryption method is a more flexible and unchanging encryption scheme that allows for the benefits of filtering data while icing its security. Many platform encryptions use deterministic encryption to allow for filtering of translated data while minimizing exposure of plain values to cipher values. Still, deterministic encryption can still pose certain pitfalls and may reveal information to eavesdroppers. A promising variation of encryption for perfecting security in communication end is ‘Varying encryption’ which is grounded on factors such as distance and country of connection. This acclimatized approach offers increased speed and security and can confuse attackers, making it harder for them to gain access to information being transmitted. Though, careful analysis of the advantages and disadvantages of assigning a specific encryption standard to a given set of conditions is essential to achieve optimal results.
Authored by Akash Sunoj, Bismin Sherif V
With the increased usage of video communication technologies, the requirement for secure video data transfer has grown more critical than ever. Video encryption methods are critical in preventing unauthorized access to sensitive video data while it is provided across insecure networks. This study compares several video encryption algorithms, including symmetric and asymmetric key-based encryption methods. The goal of this research is to compare the security, computational complexity, and transmission overhead of several video encryption techniques. The research includes an examination of well-known encryption algorithms that include AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adelman) and DES (Data Encryption Standard), as well as variants on these techniques. Furthermore, this work offers a hybrid video encryption method that combines symmetric and asymmetric key-based encryption approaches to provide good security while being computationally simple. The experimental results reveal that the proposed method is more successful and effective than existing video encryption techniques. The suggested method used to secure video data communication over unsecured networks such as the internet, assuring the video data s secrecy, integrity, and authenticity.
Authored by Riddhi Mirajkar, Nilesh Sable, Dipak Palve, Sayali Sontakke
Nowadays, companies, critical infrastructure and governments face cyber attacks every day ranging from simple denial-of-service and password guessing attacks to complex nationstate attack campaigns, so-called advanced persistent threats (APTs). Defenders employ intrusion detection systems (IDSs) among other tools to detect malicious activity and protect network assets. With the evolution of threats, detection techniques have followed with modern systems usually relying on some form of artificial intelligence (AI) or anomaly detection as part of their defense portfolio. While these systems are able to achieve higher accuracy in detecting APT activity, they cannot provide much context about the attack, as the underlying models are often too complex to interpret. This paper presents an approach to explain single predictions (i. e., detected attacks) of any graphbased anomaly detection systems. By systematically modifying the input graph of an anomaly and observing the output, we leverage a variation of permutation importance to identify parts of the graph that are likely responsible for the detected anomaly. Our approach treats the anomaly detection function as a black box and is thus applicable to any whole-graph explanation problems. Our results on two established datasets for APT detection (StreamSpot \& DARPA TC Engagement Three) indicate that our approach can identify nodes that are likely part of the anomaly. We quantify this through our area under baseline (AuB) metric and show how the AuB is higher for anomalous graphs. Further analysis via the Wilcoxon rank-sum test confirms that these results are statistically significant with a p-value of 0.0041\%.
Authored by Felix Welter, Florian Wilkens, Mathias Fischer
This study explores the pressing need for more effective IT governance and cybersecurity resilience within enterprises by strategically integrating red teaming exercises. Our research approach involved a comprehensive investigation encompassing literature review, surveys, interviews, and robust data analysis. We leveraged established frameworks like ISO 27001:2022, NIST CSF, and COBIT 2019 for model development. The results demonstrate a significant correlation between the frequency of red teaming exercises and higher IT governance maturity, highlighting the positive impact of increased engagement. The study emphasizes the value of incorporating red teaming insights to enhance IT governance maturity and bolster cybersecurity resilience, accounting for organizational size and industry sector variables. It underscores the critical importance of seamlessly integrating red teaming outcomes into governance procedures to fortify cybersecurity defenses and enable organizations to adapt swiftly to evolving threats, thus enhancing their overall security posture. Our model provides a practical roadmap for organizations dedicated to strengthening cybersecurity resilience in today s fast-changing digital landscape.
Authored by Semi Yulianto, Ford Gaol, Suhono Supangkat, Benny Ranti
The ever-evolving and intricate nature of cyber environments, coupled with the escalating risk of cyber-attacks, necessitates robust solutions in the realm of cybersecurity. Knowledge graphs have emerged as a promising avenue for consolidating, representing, managing, and reasoning over cyber threat intelligence. However, applying knowledge graphs to tackle real-world challenges in cyber-attack and defense scenarios remains an area requiring further exploration. This paper aims to address this gap by providing a comprehensive overview of the fundamental concepts, schema design, and construction methodologies for the cybersecurity knowledge graph. To facilitate future research endeavors, we have carefully curated datasets and open-source libraries tailored for knowledge construction and information extraction tasks. Furthermore, we present a detailed comparative review of recent advancements in the application scenarios of cybersecurity knowledge graphs. To provide clarity and organization, we introduce a novel classification framework that categorizes interconnected works into distinct primary categories and subcategories. The paper concludes by outlining potential research directions in the cybersecurity knowledge graph domain, paving the way for further advancements and innovations in the field.
Authored by Subhash Chandra, Ch. Mounika, Iddum Kumar, P. Dhanivarma, Machineni Mounika
As computing ability continues to rapidly develop, neural networks have found widespread use in various fields. However, in the realm of visible watermarking for image copyright protection, neural networks have made image protection through watermarking less effective. Some research has even shown that watermarks can be removed without damaging to the original image, posing a significant threat to digital copyright protection. In response, the community has introduced adversarial perturbations for watermark protection, but these are sample-specific and time-consuming in real-world scenarios. To address this issue, we propose a new universal adversarial perturbation for watermark removal networks that offers two options. The first option involves adding perturbations to the entire host image, bringing the output of the watermark removal network closer to the original image and providing protection. The second option involves adding perturbations only to the watermark position, reducing the impact of the perturbation on the image and enhancing stealthiness. Our experiments demonstrate that our method effectively resists watermark removal networks and has good generalizability across different images.
Authored by Jianbo Chen, Xinwei Liu, Siyuan Liang, Xiaojun Jia, Yuan Xun
As the network security landscape changes with time and market, organizations seek different and innovative approaches to strengthen their security defenses. This paper gives a theoretical explanation, highlighting the combination of honeypots and network monitoring tools as a dynamic strategy for enhancing security within networking environments. By using honeypots along with network monitoring tools, we bring out a multilayered defense strategy aimed at identifying and examining potential attack patterns. Our research dives into the theory of honeypots, their role in diverting malicious attacks, and their relationship with network monitoring tools. This combined framework helps organizations to detect, analyze, and ultimately reduce security threats. Through theoretical inputs and suggestions, this paper presents a framework for organizations seeking to enhance their cybersecurity defenses by exploring the complications of attacks through advanced network monitoring, along with honeypot security mechanisms.
Authored by Tejas Shivaprasad, A Moulya, N Guruprasad