Biblio

Cyber security is everybody's responsibility. It is the capability of the person to protect or secure the use of cyberspace from cyber-attacks. Cyber security awareness is the combination of both knowing and doing to safeguard one's personal information or assets. Online threats continue to rise in the Philippines which is the focus of this study, to identify the level of cyber security awareness among the students and teachers of Occidental Mindoro State College (OMSC) Philippines. Results shows that the level of cyber security awareness in terms of Knowledge, majority of the students and teachers got the passing score and above however there are almost fifty percent got below the passing score. In terms of Practices, both the teachers and the students need to strengthen the awareness of system and browser updates to boost the security level of the devices used. More than half of the IT students are aware of the basic cyber security protocol but there is a big percentage in the Non-IT students which is to be considered. Majority of the teachers are aware of the basic cyber security protocols however the remaining number must be looked into. There is a need to intensity the awareness of the students in the proper etiquette in using the social media. Boost the basic cyber security awareness training to all students and teachers to avoid cybercrime victims.

To keep up with the continuous modernization of web applications and to facilitate their development, a large number of new features are introduced to the web platform every year. Although new web features typically undergo a security review, issues affecting the privacy and security of users could still surface at a later stage, requiring the deprecation and removal of affected APIs. Furthermore, as the web evolves, so do the expectations in terms of security and privacy, and legacy features might need to be replaced with improved alternatives. Currently, this process of deprecating and removing features is an ad-hoc effort that is largely uncoordinated between the different browser vendors. This causes a discrepancy in terms of compatibility and could eventually lead to the deterrence of the removal of an API, prolonging potential security threats. In this paper we propose a progressive security mechanism that aims to facilitate and standardize the deprecation and removal of features that pose a risk to users’ security, and the introduction of features that aim to provide additional security guarantees.

Structured Query Language Injection (SQLi) is a client-side application vulnerability that allows attackers to inject malicious SQL queries with harmful intents, including stealing sensitive information, bypassing authentication, and even executing illegal operations to cause more catastrophic damage to users on the web application. According to OWASP, the top 10 harmful attacks against web applications are SQL Injection attacks. Moreover, based on data reports from the UK's National Fraud Authority, SQL Injection is responsible for 97% of data exposures. Therefore, in order to prevent the SQL Injection attack, detection SQLi system is essential. The contribution of this research is securing web applications by developing a browser extension for Google Chrome using Long Short-Term Memory (LSTM), which is a unique kind of RNN algorithm capable of learning long-term dependencies like SQL Injection attacks. The results of the model will be deployed in static analysis in a browser extension, and the LSTM algorithm will learn to identify the URL that has to be injected into Damn Vulnerable Web Application (DVWA) as a sample-tested web application. Experimental results show that the proposed SQLi detection model based on the LSTM algorithm achieves an accuracy rate of 99.97%, which means that a reliable client-side can effectively detect whether the URL being accessed contains a SQLi attack or not.

Aiming at the current troubles encountered by enterprise employees in their daily work when operating business systems due to web compatibility issues, a dual-core secure browser is designed and developed in the paper based on summarizing the current development status of multi-core browsers, key difficulties and challenges in the field. Based on the Chromium open-source project, the design of a dual-core browser auto-adaptation method is carried out. Firstly, dual-core encapsulation technology is implemented, followed by a study of the core auto-adaptation algorithm, and then a core cookie sharing function is developed based on Hook technology. In addition, the security of the browser is reinforced by designing a cookie manager, adding behavior monitoring functions, and unified platform control to enhance confidentiality and security, providing a safe and secure interface for employees' work and ubiquitous IoT access. While taking security into account, the browser realizes the need for a single browser compatible with all business system web pages of the enterprise, enhancing the operating experience of the client. Finally, the possible future research directions in this field are summarized and prospected.

User privacy is an attractive and valuable task to the success of blockchain systems. However, user privacy protection's performance and data capacity have not been well studied in existing access control models of blockchain systems because of traceability and openness of the P2P network. This paper focuses on investigating performance and data capacity from a blockchain infrastructure perspective, which adds secondary encryption to shield confidential information in a non-invasive way. First, we propose an efficient asymmetric encryption scheme by combining homomorphic encryption and state-of-the-art multi-signature key aggregation to preserve privacy. Second, we use smart contracts and CA infrastructure to achieve attribute-based access control. Then, we use the non-interactive zero-knowledge proof scheme to achieve secondary confidentiality explicitly. Finally, experiments show our scheme succeeds better performance in data capacity and system than other schemes. This scheme improves availability and robust scalability, solves the problem of multi-signature key distribution and the unlinkability of transactions. Our scheme has established a sound security cross-chain system and privacy confidentiality mechanism and that has more excellent performance and higher system computing ability than other schemes.

Nowadays, network information security is of great concern, and the measurement of the trustworthiness of terminal devices is of great significance to the security of the entire network. The measurement method of terminal device security trust still has the problems of high complexity, lack of universality. In this paper, the device fingerprint library of device access network terminal devices is first established through the device fingerprint mixed collection method; Secondly, the software and hardware features of the device fingerprint are used to increase the uniqueness of the device identification, and the multi- dimensional standard metric is used to measure the trustworthiness of the terminal device; Finally, Block chain technology is used to store the fingerprint and standard model of network access terminal equipment on the chain. To improve the security level of network access devices, a device access method considering the trust of terminal devices from multiple perspectives is implemented.

IoT has been an efficient technology for interconnecting different physical objects with the internet. Several cyber-attacks have resulted in compromise in security. Blockchain distributed ledger provide immutability that can answer IoT security concerns. The paper aims at highlighting the challenges & problems currently associated with IoT implementation in real world and how these problems can be minimized by implementing Blockchain based solutions and smart contracts. Blockchain helps in creation of new highly robust IoT known as Blockchain of Things(BCoT). We will also examine presently employed projects working with integrating Blockchain & IoT together for creating desired solutions. We will also try to understand challenges & roadblocks preventing the further implementation of both technologies merger.

CP-ABE (Ciphertext-policy attribute based encryption) is considered as a secure access control for data sharing. However, the SK(secret key) in most CP-ABE scheme is generated by Centralized authority(CA). It could lead to the high cost of building trust and single point of failure. Because of the characters of blockchain, some schemes based on blockchain have been proposed to prevent the disclosure and protect privacy of users' attribute. Thus, a new CP-ABE identity-attribute management(IAM) data sharing scheme is proposed based on blockchain, i.e. IAM-BDSS, to guarantee privacy through the hidden policy and attribute. Meanwhile, we define a transaction structure to ensure the auditability of parameter transmission on blockchain system. The experimental results and security analysis show that our IAM-BDSS is effective and feasible.

With the rapid development of blockchain technology, it provides a new technical solution for secure storage of data and trusted computing. However, in the actual application of data traceability, blockchain technology has an obvious disadvantage: the large amount of data stored in the blockchain system will lead to a long response time for users to query data. Higher query delay severely restricts the development of block chain technology in the traceability system. In order to solve this problem, we propose an efficient, secure and low storage overhead blockchain query scheme. Specifically, we design an index structure independent of Merkle tree to support efficient intra-block query, and create new fields in the block header to optimize inter-block query. Compared with several existing schemes, our scheme ensures the security of data. Finally, we simulate and evaluate our proposed scheme. The results show that the proposed scheme has better execution efficiency while reducing additional overhead.

Blockchain is a relatively new technology, a distributed database used for sharing between nodes of computer networks. A blockchain stores all information in automated digital format as a database. Blockchain innovation ensures the accuracy and security of the data record and generates trust without the need for a trusted third party. The objectives of this paper are to determine the security risk of the blockchain systems, analyze the vulnerabilities exploited on the blockchain, and identify recent security challenges that the blockchain faces. This review paper presents some of the previous studies of the security threats that blockchain faces and reviews the security enhancement solutions for blockchain vulnerabilities. There are some studies on blockchain security issues, but there is no systematic examination of the problem, despite the blockchain system’s security threats. An observational research methodology was used in this research. Through this methodology, many research related to blockchain threats and vulnerabilities obtained. The outcomes of this research are to Identify the most important security threats faced by the blockchain and consideration of security recently vulnerabilities. Processes and methods for dealing with security concerns are examined. Intelligent corporate security academic challenges and limitations are covered throughout this review. The goal of this review is to serve as a platform as well as a reference point for future work on blockchain-based security.

Virtual power plants are among the promising ways that variable generation and flexible demand may be optimally balanced in the future. The virtual power plant is an important branch of the energy internet, and it plays an important role in the aggregation of distributed power generation resources and the establishment of virtual power resource transactions. However, in the existing virtual power plant model, the following problems are becoming increasingly prominent, such as safeguard, credit rating system, privacy protection, benefit distribution. Firstly, the operation and transaction mechanism of the virtual power plant was introduced. Then, the blockchain technology is introduced into the virtual power plant transaction to make it more conducive to the information transparent, stable dispatch system, data security, and storage security. Finally, the operation and transaction system based on blockchain technology for the virtual power plant was design.

Blockchain smart contracts are prevalent nowadays as numerous applications are developed based on this feature. Though smart contracts are important and widely used, they contain certain vulnerabilities. This paper discusses various security issues that arise in smart contract applications. They are categorized in the smart contract platform, the applications that integrate with the Blockchain, and the vulnerabilities in smart contract code. A detailed study of smart contract-specific vulnerabilities and the defense against those vulnerabilities are presented in this article. Because of certain limitations of platforms or programming language used to write smart contract, there are possibilities of attacks on smart contracts. Hence different security measures or precautions to be taken while writing the smart contract code is discussed in this article. This will prevent the potential attacks happening on Blockchain distributed applications.

The exponential rise of online services has heightened awareness of safeguarding the various applications that cooperate with and provide Internet users. Users must present their credentials, such as user name and secret code, to the servers to be authorized. This sensitive data should be secured from being exploited due to numerous security breaches, resulting in criminal activity. It is vital to secure systems against numerous risks. This article offers a novel approach to protecting against brute force attacks. A solution is presented where the user obtains the keypad on each occurrence. Following the establishment of the keypad, the webserver produces an encrypted password for the user's Computer/device authentication. The encrypted password will be used for authentication; users must type the amended one-time password (OTP) every time they access the website. This research protects passwords using reformation-based encryption and decryption and optimal honey encryption (OH-E) and decryption.

The development of IoT has penetrated various sectors. The development of IoT devices continues to increase and is predicted to reach 75 billion by 2025. However, the development of IoT devices is not followed by security developments. Therefore, IoT devices can become gateways for cyber attacks, including brute force and sniffing attacks. Authentication mechanisms can be used to ward off attacks. However, the implementation of authentication mechanisms on IoT devices is challenging. IoT devices are dominated by constraint devices that have limited computing. Thus, conventional authentication mechanisms are not suitable for use. Two-factor authentication using RFID and fingerprint can be a solution in providing an authentication mechanism. Previous studies have proposed a two-factor authentication mechanism using RFID and fingerprint. However, previous research did not pay attention to message exchange security issues and did not provide mutual authentication. This research proposes a secure mutual authentication protocol using two-factor RFID and fingerprint using MQTT protocol. Two processes support the authentication process: the registration process and authentication. The proposed protocol is tested based on biometric security by measuring the false acceptance rate (FAR) and false rejection rate (FRR) on the fingerprint, measuring brute force attacks, and measuring sniffing attacks. The test results obtained the most optimal FAR and FRR at the 80% threshold. Then the equal error rate (ERR) on FAR and FRR is around 59.5%. Then, testing brute force and sniffing attacks found that the proposed protocol is resistant to both attacks.

In recent decennium, hardware security has gained a lot of attention due to different types of attacks being launched, such as IP theft, reverse engineering, counterfeiting, etc. The critical testing infrastructure incorporated into ICs is very popular among attackers to mount side-channel attacks. The IEEE standard 1687 (IJTAG) is one such testing infrastructure that is the focus of attackers these days. To secure access to the IJTAG network, various techniques based on Locking SIB (LSIB) have been proposed. One such very effective technique makes use of Security Linear Feedback Shift Register (SLFSR) along with LSIB. The SLFSR obfuscates the scan chain information from the attacker and hence makes the brute-force attack against LSIB ineffective.In this work, it is shown that the SLFSR based Locking SIB is vulnerable to side-channel attacks. A power analysis attack along with known-plaintext attack is used to determine the IJTAG network structure. First, the known-plaintext attack is used to retrieve the SLFSR design information. This information is further used along with power analysis attack to determine the exact length of the scan chain which in turn breaks the whole security scheme. Further, a countermeasure is proposed to prevent the aforementioned hybrid attack.

In this work, we discuss data breaches based on the “2012 SocialArks data breach” case study. Data leakage refers to the security violations of unauthorized individuals copying, transmitting, viewing, stealing, or using sensitive, protected, or confidential data. Data leakage is becoming more and more serious, for those traditional information security protection methods like anti-virus software, intrusion detection, and firewalls have been becoming more and more challenging to deal with independently. Nevertheless, fortunately, new IT technologies are rapidly changing and challenging traditional security laws and provide new opportunities to develop the information security market. The SocialArks data breach was caused by a misconfiguration of ElasticSearch Database owned by SocialArks, owned by “Tencent.” The attack methodology is classic, and five common Elasticsearch mistakes discussed the possibilities of those leakages. The defense solution focuses on how to optimize the Elasticsearch server. Furthermore, the ElasticSearch database’s open-source identity also causes many ethical problems, which means that anyone can download and install it for free, and they can install it almost anywhere. Some companies download it and install it on their internal servers, while others download and install it in the cloud (on any provider they want). There are also cloud service companies that provide hosted versions of Elasticsearch, which means they host and manage Elasticsearch clusters for their customers, such as Company Tencent.

The consensus-based frequency control relying on a communication system is used to restore the frequency deviations introduced by the primary droop control in an islanded AC microgrid, a typical cyber-physical power system(CPPS). This paper firstly studies the performance of the CPPS under two types of Distributed Denial of Service (DDoS ) attacks, finds that the intelligent attacks may cause more damage than the brute force attacks, and analyzes some potential defense strategies of the CPPS from two points of view. Some simulation results are also given to show the performance of both the physical and cyber system of the CPPS under different operation conditions.

Recently, a mechanism that randomly shuffles the data sent and allows securing the communication without the need to encrypt all the information has been proposed. This proposal is ideal for IoT systems with low computational capacity. In this work, we analyze the strength of this proposal from a brute-force attack approach to obtain the original message without knowledge of the applied disordering. It is demonstrated that for a set of 10x10 16-bit data, the processing time and the required memory are unfeasible with current technology. Therefore, it is safe.

The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.

In the era of Internet usage growth, storage services are widely used where users' can store their data, while hackers techniques pose massive threats to users' data security. The proposed system introduces multiple layers of security where data confidentiality, integrity and availability are achieved using honey encryption, hashed random passwords as well as detecting intruders and preventing them. The used techniques can ensure security against brute force and denial of service attacks. Our proposed methodology proofs the efficiency for storing and retrieving data using honey words and password hashing with less execution time and more security features achieved compared with other systems. Other systems depend on user password leading to easily predict it, we avoid this approach by making the password given to the user is randomly generated which make it unpredictable and hard to break. Moreover, we created a simple user interface to interact with users to take their inputs and store them along with the given password in true database, if an adversary detected, he will be processed as a normal user but with fake information taken from another database called false database, after that, the admin will be notified about this illegitimate access by providing the IP address. This approach will make the admin have continuous detection and ensure availability and confidentiality. Our execution time is efficient as the encryption process takes 244 ms and decryption 229 ms.

A brute force is a Hacking methodology used to decrypt login passwords, keys and credentials. Hacks that exploit vulnerabilities in packages are rare, whereas Brute Force attacks aim to be the simplest, cheapest, and most straightforward approach to access a website. Using Splunk to analyse massive amounts of data could be very beneficial. The application enables to capture, search, and analyse log information in real-time. By analysing logs as well as many different sources of system information, security events can be uncovered. A log file, which details the events that have occurred in the environment of the application and the server on which they run, is a valuable piece of information. Identifying the attacks against these systems is possible by analysing and correlating this information. Massive amounts of ambiguous and amorphous information can be analysed with its superior resolution. The paper includes instructions on setting up a Splunk server and routing information there from multiple sources. Practical search examples and pre-built add-on applications are provided. Splunk is a powerful tool that allows users to explore big data with greater ease. Seizure can be tracked in near real-time and can be searched through logs. A short amount of time can be spent on analysing big data using map-reduce technology. Briefly, it helps to analyse unstructured log data to better understand how the applications operate. With Splunk, client can detect patterns in the data through a powerful query language. It is easy to set up alerts and warnings based on the queries, which will help alert client about an ongoing (suspected) activity and generate a notification in real-time.

Traditional side-channel attacks have shortcomings such as low efficiency, extremely difficult collection and injection of fault information in real environments, and poor applicability of attacks. The cache timing attack proposed in recent years is a new type of side-channel attack method. This attack method uses the difference in the reading speed of the computer CPU cache to enable the attacker to obtain the confidential information during the execution of the algorithm. The attack efficiency is high, and the cost is relatively low. little. Present algorithm is a lightweight block cipher proposed in 2007. The algorithm has excellent hardware implementation and concise round function design. On this basis, scholars at home and abroad have carried out different side-channel attacks on it, such as differential attacks., multiple differential chain attacks, algebraic attacks, etc. At present, there is no published research on the Cache timing attack against the Present algorithm at home and abroad. In this paper, the output value of the S box in the first and second rounds of the encryption process is obtained through the combination of the Cache timing attack and the side-channel Trojan horse, and Combined with the key recovery algorithm, the master key of the algorithm is finally recovered.

Cybersecurity is without doubt becoming a societal challenge. It even starts to affect sectors that were not considered to be at risk in the past because of their relative isolation. One of these sectors is aviation in general, and specifically air traffic management. Nowadays, the cyber security is one of the essential issues of current Air Traffic Systems. Compliance with the basic principles of cyber security is mandated by European Union law as well as the national law. Therefore, EUROCONTROL as the provider of several tools or services (ARTAS, EAD, SDDS, etc.), is regularly conducting various activities, such as the cyber-security assessments, penetration testing, supply chain risk assessment, in order to maintain and improve persistence of the products against the cyber-attacks.

Distributed ledger technologies (DLTs) based on Directed Acyclic Graphs (DAGs) have been gaining much attention due to their performance advantage over the traditional blockchain. IOTA is an example of DAG-based DLT that has shown its significance in the Internet of Things (IoT) environment. Despite that, IOTA is vulnerable to double-spend attacks, which threaten the immutability of the ledger. In this paper, we propose an efficient yet simple method for detecting a parasite chain, which is one form of attempting a double-spend attack in the IOTA network. In our method, a score function measuring the importance of each transaction in the IOTA network is employed. Any abrupt change in the importance of a transaction is reflected in the 1st and 2nd order derivatives of this score function, and therefore used in the calculation of an anomaly score. Due to how the score function is formulated, this anomaly score can be used in the detection of a particular type of parasite chain, characterized by sudden changes in the in-degree of a transaction in the IOTA graph. The experimental results demonstrate that the proposed method is accurate and linearly scalable in the number of edges in the network.

One of the fifth generation’s most promising solutions for addressing the network system capacity issue is the ultra-dense network. However, a new problem arises because the user equipment secure access is made up of access points that are independent, transitory, and dynamic. The APs are independent and equal in this. It is possible to think of it as a decentralized access network. The access point’s coverage is less than the standard base stations. The user equipment will interface with access points more frequently as it moves, which is a problem. The current 4G Authentication and Key Agreement method, however, is unable to meet this need for quick and frequent authentication. This study means to research how blockchain innovation is being utilized in production network the executives, as well as its forthcoming purposes and arising patterns. To more readily comprehend the direction of important exploration and illuminate the benefits, issues, and difficulties in the blockchain-production network worldview, a writing overview and a logical evaluation of the current examination on blockchain-based supply chains were finished. Multifaceted verification strategies have as of late been utilized as possible guards against blockchain attacks. To further develop execution, scatter administration, and mechanize processes, inventory network tasks might be upset utilizing blockchain innovation