Biblio
Digital identity is the key element of digital transformation in representing any real-world entity in the digital form. To ensure a successful digital future the requirement for an effective digital identity is paramount, especially as demand increases for digital services. Several Identity Management (IDM) systems are developed to cope with identity effectively, nonetheless, existing IDM systems have some limitations corresponding to identity and its management such as sovereignty, storage and access control, security, privacy and safeguarding, all of which require further improvement. Self-Sovereign Identity (SSI) is an emerging IDM system which incorporates several required features to ensure that identity is sovereign, secure, reliable and generic. It is an evolving IDM system, thus it is essential to analyse its various features to determine its effectiveness in coping with the dynamic requirements of identity and its current challenges. This paper proposes numerous governing principles of SSI to analyse any SSI ecosystem and its effectiveness. Later, based on the proposed governing principles of SSI, it performs a comparative analysis of the two most popular SSI ecosystems uPort and Sovrin to present their effectiveness and limitations.
Managing identity across an ever-growing digital services landscape has become one of the most challenging tasks for security experts. Over the years, several Identity Management (IDM) systems were introduced and adopted to tackle with the growing demand of an identity. In this series, a recently emerging IDM system is Self-Sovereign Identity (SSI) which offers greater control and access to users regarding their identity. This distinctive feature of the SSI IDM system represents a major development towards the availability of sovereign identity to users. uPort is an emerging open-source identity management system providing sovereign identity to users, organisations, and other entities. As an emerging identity management system, it requires meticulous analysis of its architecture, working, operational services, efficiency, advantages and limitations. Therefore, this paper contributes towards achieving all of these objectives. Firstly, it presents the architecture and working of the uPort identity management system. Secondly, it develops a Decentralized Application (DApp) to demonstrate and evaluate its operational services and efficiency. Finally, based on the developed DApp and experimental analysis, it presents the advantages and limitations of the uPort identity management system.
Dynamic Fuzzy Rule Interpolation (D-FRI) offers a dynamic rule base for fuzzy systems which is especially useful for systems with changing requirements and limited prior knowledge. This suggests a possible application of D-FRI in the area of network security due to the volatility of the traffic. A honeypot is a valuable tool in the field of network security for baiting attackers and collecting their information. However, typically designed with fewer resources they are not considered as a primary security tool for use in network security. Consequently, such honeypots can be vulnerable to many security attacks. One such attack is a spoofing attack which can cause severe damage to the honeypot, making it inefficient. This paper presents a vigilant dynamic honeypot based on the D-FRI approach for use in predicting and alerting of spoofing attacks on the honeypot. First, it proposes a technique for spoofing attack identification based on the analysis of simulated attack data. Then, the paper employs the identification technique to develop a D-FRI based vigilant dynamic honeypot, allowing the honeypot to predict and alert that a spoofing attack is taking place in the absence of matching rules. The resulting system is capable of learning and maintaining a dynamic rule base for more accurate identification of potential spoofing attacks with respect to the changing traffic conditions of the network.
Cisco Adaptive Security Appliance (ASA) 5500 Series Firewall is amongst the most popular and technically advanced for securing organisational networks and systems. One of its most valuable features is its threat detection function which is available on every version of the firewall running a software version of 8.0(2) or higher. Threat detection operates at layers 3 and 4 to determine a baseline for network traffic, analysing packet drop statistics and generating threat reports based on traffic patterns. Despite producing a large volume of statistical information relating to several security events, further effort is required to mine and visually report more significant information and conclude the security status of the network. There are several commercial off-the-shelf tools available to undertake this task, however, they are expensive and may require a cloud subscription. Furthermore, if the information transmitted over the network is sensitive or requires confidentiality, the involvement of a third party or a third-party tool may place organisational security at risk. Therefore, this paper presents a fuzzy logic aided intelligent threat detection solution, which is a cost-free, intuitive and comprehensible solution, enhancing and simplifying the threat detection process for all. In particular, it employs a fuzzy reasoning system based on the threat detection statistics, and presents results/threats through a developed dashboard user interface, for ease of understanding for administrators and users. The paper further demonstrates the successful utilisation of a fuzzy reasoning system for selected and prioritised security events in basic threat detection, although it can be extended to encompass more complex situations, such as complete basic threat detection, advanced threat detection, scanning threat detection, and customised feature based threat detection.
The development of a robust strategy for network security is reliant upon a combination of in-house expertise and for completeness attack vectors used by attackers. A honeypot is one of the most popular mechanisms used to gather information about attacks and attackers. However, low-interaction honeypots only emulate an operating system and services, and are more prone to a fingerprinting attack, resulting in severe consequences such as revealing the identity of the honeypot and thus ending the usefulness of the honeypot forever, or worse, enabling it to be converted into a bot used to attack others. A number of tools and techniques are available both to fingerprint low-interaction honeypots and to defend against such fingerprinting; however, there is an absence of fingerprinting techniques to identify the characteristics and behaviours that indicate fingerprinting is occurring. Therefore, this paper proposes a fuzzy technique to correlate the attack actions and predict the probability that an attack is a fingerprinting attack on the honeypot. Initially, an experimental assessment of the fingerprinting attack on the low- interaction honeypot is performed, and a fingerprinting detection mechanism is proposed that includes the underlying principles of popular fingerprinting attack tools. This implementation is based on a popular and commercially available low-interaction honeypot for Windows - KFSensor. However, the proposed fuzzy technique is a general technique and can be used with any low-interaction honeypot to aid in the identification of the fingerprinting attack whilst it is occurring; thus protecting the honeypot from the fingerprinting attack and extending its life.