Biblio

In the PKI-CA system with a traditional trust model based on trust chain and centralized private key management, there are some problems with issuing certificates illegally, denying issued certificates, tampering with issuance log, and leaking certificate private key due to the excessive power of a single CA. A novel distributed CA system based on blockchain was constructed to solve the problems. The system applied blockchain and smart contract to coordinate the certificate issuing process, and stored the issuing process logs and information used to verify certificates on the blockchain. It guaranteed the non-tamperability and non-repudiation of logs and information. Aiming at the disadvantage of easy leakage of private keys in centralized management mode, the system used the homomorphism of elliptic encryption algorithm, CPK and transformation matrix to generate and store user private keys safely and distributively. Experimental analysis showed that the system can not only overcome the drawbacks of the traditional PKI-CA system, but also issue certificates quickly and save as much storage as possible to store certificate private keys.

The access control mechanism of most consortium blockchain is implemented through traditional Certificate Authority scheme based on trust chain and centralized key management such as PKI/CA at present. However, the uneven power distribution of CA nodes may cause problems with leakage of certificate keys, illegal issuance of certificates, malicious rejection of certificates issuance, manipulation of issuance logs and metadata, it could compromise the security and dependability of consortium blockchain. Therefore, this paper design and implement a Certificate Authority scheme based on trust ring model that can not only enhance the reliability of consortium blockchain, but also ensure high performance. Combined public key, transformation matrix and elliptic curve cryptography are applied to the scheme to generate and store keys in a cluster of CA nodes dispersedly and securely for consortium nodes. It greatly reduced the possibility of malicious behavior and key leakage. To achieve the immutability of logs and metadata, the scheme also utilized public blockchain and smart contract technology to organize the whole procedure of certificate issuance, the issuance logs and metadata for certificate validation are stored in public blockchain. Experimental results showed that the scheme can surmount the disadvantages of the traditional scheme while maintaining sufficiently good performance, including issuance speed and storage efficiency of certificates.

It is the key to the Internet's expansion of social and economic functions by ensuring the credibility of online users' identities and behaviors while taking into account privacy protection. Public Key Infrastructure (PKI) and blockchain technology have provided ways to achieve credibility from different perspectives. Based on these two technologies, we attempt to generalize people's offline activities to online ones with our proposed model, Atom and Molecule. We then present the strict definition of trustworthy system and the trustworthy Internet. The definition of Generalized Blockchain and its practical implementation are provided as well.

We propose DecCert, a decentralized public key infrastructure designed as a smart contract that solves the problem of identity attestation on public blockchains. Our system allows an individual to bind an identity to a public blockchain address. Once a claim of identity is made by an individual, other users can choose to verify the attested identity based on the evidence presented by an identity claim maker by staking cryptocurrency in the DecCert smart contract. Increasing levels of trust are naturally built based upon the amount staked and the duration the collateral is staked for. This mechanism replaces the usual utilization of digital signatures in a traditional hierarchical certificate authority model or the web of trust model to form a publicly verifiable decentralized stake of trust model. We also present a novel solution to the certificate revocation problem and implement our solution on the Ethereum blockchain. Further, we show that our design solves Zooko’s triangle as defined for public key infrastructure deployments.

Large-scale onboarding of industrial cyber physical systems requires efficiency and security. In situations with the dynamic addition of devices (e.g., from subcontractors entering a workplace), automation of the onboarding process is desired. The Eclipse Arrowhead framework, which provides a platform for industrial automation, requires reliable, flexible, and secure device onboarding to local clouds. In this paper, we propose a device onboarding method in the Arrowhead framework where decentralized authorization is provided by Power of Attorney. The model allows users to subgrant power to trusted autonomous devices to act on their behalf. We present concepts, an implementation of the proposed system, and a use case for scalable onboarding where Powers of Attorney at two levels are used to allow a subcontractor to onboard its devices to an industrial site. We also present performance evaluation results.

Public Key Infrastructure (PKI) as a techno-policy ecosystem for establishing electronic trust has survived for several decades and evolved as the de-facto model for centralized trust in electronic transactions. In this paper, we study the PKI ecosystem that are prevailing in the South Asian and Oceanic countries and brief them. We also look at how PKI has coped up with the rapid technological changes and how policies have been realigned or formulated to strengthen the PKI ecosystem in these countries.

A digital certificate is by far the most widely used artifact to establish secure electronic communication over the Internet. It certifies to its user that the public key encapsulated in it is associated with the subject of the certificate. A Public Key Infrastructure (PKI) is responsible to create, store, distribute, and revoke digital certificates. To establish a secure communication channel two unfamiliar entities rely on a common certificate issuer (a part of PKI) that vouches for both entities' certificates - thus authenticating each other via public keys listed in each other's certificates. Therefore, PKIs act as a trusted third party for two previously unfamiliar entities. Certificates are static data structures, their revocation status must be checked before usage; this step inadvertently involves a PKI for every secure channel establishment - leading to privacy violations of relying parties. As PKIs act as trust anchors for their subjects, any inadvertent event or malfeasance in PKI setup breaches the trust relationship leading to identity theft. Alternative PKI trust models, like PGP and SPKI, have been proposed but with limited deployment. With several retrofitting amendments to the prevalent X.509 standard, the standard has been serving its core objective of entity authentication but with modern requirements of contextual authentication, it is falling short to accommodate the evolving requirements. With the advent of blockchain as a trust management protocol, the time has come to rethink flexible alternatives to PKI core functionality; keeping in mind the modern-day requirements of contextual authentication-cum-authorization, weighted trust anchors, privacy-preservation, usability, and cost-efficient key management. In this paper, we assess this technology's complementary role in modern-day evolving security requirements. We discuss the feasibility of re-engineering PKIs with the help of blockchains, and identity networks.

Phishing has become a prominent method of data theft among hackers, and it continues to develop. In recent years, many strategies have been developed to identify phishing website attempts using machine learning particularly. However, the algorithms and classification criteria that have been used are highly different from the real issues and need to be compared. This paper provides a detailed comparison and evaluation of the performance of several machine learning algorithms across multiple datasets. Two phishing website datasets were used for the experiments: the Phishing Websites Dataset from UCI (2016) and the Phishing Websites Dataset from Mendeley (2018). Because these datasets include different types of class labels, the comparison algorithms can be applied in a variety of situations. The tests showed that Random Forest was better than other classification methods, with an accuracy of 88.92% for the UCI dataset and 97.50% for the Mendeley dataset.

People are increasingly sharing their details online as internet usage grows. Therefore, fraudsters have access to a massive amount of information and financial activities. The attackers create web pages that seem like reputable sites and transmit the malevolent content to victims to get them to provide subtle information. Prevailing phishing security measures are inadequate for detecting new phishing assaults. To accomplish this aim, objective to meet for this research is to analyses and compare phishing website and legitimate by analyzing the data collected from open-source platforms through a survey. Another objective for this research is to propose a method to detect fake sites using Decision Tree and Random Forest approaches. Microsoft Form has been utilized to carry out the survey with 30 participants. Majority of the participants have poor awareness and phishing attack and does not obverse the features of interface before accessing the search browser. With the data collection, this survey supports the purpose of identifying the best phishing website detection where Decision Tree and Random Forest were trained and tested. In achieving high number of feature importance detection and accuracy rate, the result demonstrates that Random Forest has the best performance in phishing website detection compared to Decision Tree.

During pandemic COVID-19 outbreaks, number of cyber-attacks including phishing activities have increased tremendously. Nowadays many technical solutions on phishing detection were developed, however these approaches were either unsuccessful or unable to identify phishing pages and detect malicious codes efficiently. One of the downside is due to poor detection accuracy and low adaptability to new phishing connections. Another reason behind the unsuccessful anti-phishing solutions is an arbitrary selected URL-based classification features which may produce false results to the detection. Therefore, in this work, an intelligent phishing detection and prevention model is designed. The proposed model employs a self-destruct detection algorithm in which, machine learning, especially supervised learning algorithm was used. All employed rules in algorithm will focus on URL-based web characteristic, which attackers rely upon to redirect the victims to the simulated sites. A dataset from various sources such as Phish Tank and UCI Machine Learning repository were used and the testing was conducted in a controlled lab environment. As a result, a chrome extension phishing detection were developed based on the proposed model to help in preventing phishing attacks with an appropriate countermeasure and keep users aware of phishing while visiting illegitimate websites. It is believed that this smart phishing detection and prevention model able to prevent fraud and spam websites and lessen the cyber-crime and cyber-crisis that arise from year to year.

Global cybersecurity threats have grown as a result of the evolving digital transformation. Cybercriminals have more opportunities as a result of digitization. Initially, cyberthreats take the form of phishing in order to gain confidential user credentials.As cyber-attacks get more sophisticated and sophisticated, the cybersecurity industry is faced with the problem of utilising cutting-edge technology and techniques to combat the ever-present hostile threats. Hackers use phishing to persuade customers to grant them access to a company’s digital assets and networks. As technology progressed, phishing attempts became more sophisticated, necessitating the development of tools to detect phishing.Machine learning is unsupervised one of the most powerful weapons in the fight against terrorist threats. The features used for phishing detection, as well as the approaches employed with machine learning, are discussed in this study.In this light, the study’s major goal is to propose a unique, robust ensemble machine learning model architecture that gives the highest prediction accuracy with the lowest error rate, while also recommending a few alternative robust machine learning models.Finally, the Random forest algorithm attained a maximum accuracy of 96.454 percent. But by implementing a hybrid model including the 3 classifiers- Decision Trees,Random forest, Gradient boosting classifiers, the accuracy increases to 98.4 percent.

The vertiginous technological advance related to globalization and the new digital era has led to the design of new techniques and tools that deal with the risks of technology and information. Terms such as "cybersecurity" stand out, which corresponds to that area of computer science that is responsible for the development and implementation of information protection mechanisms and technological infrastructure, in order to deal with cyberattacks. Phishing is a crime that uses social engineering and technical subterfuge to steal personal identity data and financial account credentials from users, representing a high economic and financial risk worldwide, both for individuals and for large organizations. The objective of this research is to determine the ways to prevent phishing, by analyzing the characteristics of this computer fraud, the various existing modalities and the main prevention strategies, in order to increase the knowledge of users about this. subject, highlighting the importance of adequate training that allows establishing efficient mechanisms to detect and block phishing.

Phishing emails are becoming more and more sophisticated, making current detection techniques ineffective. The reporting of phishing emails from users is, thus, crucial for organizations to detect phishing attacks and mitigate their effect. Despite extensive research on how the believability of a phishing email affects detection rates, there is little to no research about the relationship between the believability of a phishing email and the associated reporting rate. In this work, we present a controlled experiment with 446 subjects to evaluate how the reporting rate of a phishing email is linked to its believability and detection rate. Our results show that the reporting rate decreases as the believability of the email increases and that around half of the subjects who detect the mail as phishing, have an intention to report the email. However, the group intending to report an email is not a subset of the group detecting the mail as phishing, suggesting that reporting is still a concept misunderstood by many.

Many organizations use internal phishing campaigns to gauge awareness and coordinate training efforts based on those findings. Ongoing content design is important for phishing training tools due to the influence recency has on phishing susceptibility. Traditional approaches for content development require significant investment and can be prohibitively costly, especially during the requirements engineering phase of software development and for applications that are constantly evolving. While prior research primarily depends upon already known phishing cues curated by experts, our project, Phish Finders, uses crowdsourcing to explore phishing cues through the unique perspectives and thought processes of everyday users in a realistic yet safe online environment, Zooniverse. This paper contributes qualitative analysis of crowdsourced comments that identifies novel cues, such as formatting and typography, which were identified by the crowd as potential phishing indicators. The paper also shows that crowdsourcing may have the potential to scale as a requirements engineering approach to meet the needs of content labeling for improved training tool development.

Phishing activity is undertaken by the hackers to compromise the computer networks and financial system. A compromised computer system or network provides data and or processing resources to the world of cybercrime. Cybercrimes are projected to cost the world \$6 trillion by 2021, in this context phishing is expected to continue being a growing challenge. Statistics around phishing growth over the last decade support this theory as phishing numbers enjoy almost an exponential growth over the period. Recent reports on the complexity of the phishing show that the fight against phishing URL as a means of building more resilient cyberspace is an evolving challenge. Compounding the problem is the lack of cyber security expertise to handle the expected rise in incidents. Previous research have proposed different methods including neural network, data mining technique, heuristic-based phishing detection technique, machine learning to detect phishing websites. However, recently phishers have started to use more sophisticated techniques to attack the internet users such as VoIP phishing, spear phishing etc. For these modern methods, the traditional ways of phishing detection provide low accuracy. Hence, the requirement arises for the application and development of modern tools and techniques to use as a countermeasure against such phishing attacks. Keeping in view the nature of recent phishing attacks, it is imperative to develop a state-of-the art anti-phishing tool which should be able to predict the phishing attacks before the occurrence of actual phishing incidents. We have designed such a tool that will work efficiently to detect the phishing websites so that a user can understand easily the risk of using of his personal and financial data.

The main objective of this research is to increase security awareness against phishing attacks in the education sector by teaching users about phishing URLs. The educational media was made based on references from several previous studies that were used as basic references. Development of antiphishing game framework educational media using the extended DPE framework. Participants in this study were vocational and college students in the technology field. The respondents included vocational and college students, each with as many as 30 respondents. To assess the level of awareness and understanding of phishing, especially phishing URLs, participants will be given a pre-test before playing the game, and after completing the game, the application will be given a posttest. A paired t-test was used to answer the research hypothesis. The results of data analysis show differences in the results of increasing identification of URL phishing by respondents before and after using educational media of the anti-phishing game framework in increasing security awareness against URL phishing attacks. More serious game development can be carried out in the future to increase user awareness, particularly in phishing or other security issues, and can be implemented for general users who do not have a background in technology.

Phishing is a method of online fraud where attackers are targeted to gain access to the computer systems for monetary benefits or personal gains. In this case, the attackers pose themselves as legitimate entities to gain the users' sensitive information. Phishing has been significant concern over the past few years. The firms are recording an increase in phishing attacks primarily aimed at the firm's intellectual property and the employees' sensitive data. As a result, these attacks force firms to spend more on information security, both in technology-centric and human-centric approaches. With the advancements in cyber-security in the last ten years, many techniques evolved to detect phishing-related activities through websites and emails. This study focuses on the latest techniques used for detecting phishing attacks, including the usage of Visual selection features, Machine Learning (ML), and Artificial Intelligence (AI) to see the phishing attacks. New strategies for identifying phishing attacks are evolving, but limited standardized knowledge on phishing identification and mitigation is accessible from user awareness training. So, this study also focuses on the role of security-awareness movements to minimize the impact of phishing attacks. There are many approaches to train the user regarding these attacks, such as persona-centred training, anti-phishing techniques, visual discrimination training and the usage of spam filters, robust firewalls and infrastructure, dynamic technical defense mechanisms, use of third-party certified software to mitigate phishing attacks from happening. Therefore, the purpose of this paper is to carry out a systematic analysis of literature to assess the state of knowledge in prominent scientific journals on the identification and prevention of phishing. Forty-three journal articles with the perspective of phishing detection and prevention through awareness training were reviewed from 2011 to 2020. This timely systematic review also focuses on the gaps identified in the selected primary studies and future research directions in this area.

Forming a secure autonomous vehicle group is extremely challenging since we have to consider threats and vulnerability of autonomous vehicles. Existing studies focus on communications among risk-free autonomous vehicles, which lack metrics to measure passenger security and cargo values. This work proposes a novel autonomous vehicle group formation method. We introduce risk assessment scoring to assess passenger security and cargo values, and propose an autonomous vehicle group formation method based on it. Our vehicle group is composed of a master node, and a number of core and border ones. Finally, the extensive simulation results show that our method is better than a Connectivity Prediction-based Dynamic Clustering model and a Low-InDependently clustering architecture in terms of node survival time, average change count of master nodes, and average risk assessment scoring.

The Internet of Things (IoT) aims to introduce pervasive computation into the human environment. The processing on a cloud platform is suggested due to the IoT devices' resource limitations. High latency while transmitting IoT data from its edge network to the cloud is the primary limitation. Modern IoT applications frequently use fog computing, an unique architecture, as a replacement for the cloud since it promises faster reaction times. In this work, a fog layer is introduced in smart vital sign monitor design in order to serve faster. Context aware computing makes use of environmental or situational data around the object to invoke proactive services upon its usable content. Here in this work the fog layer is intended to provide local data storage, data preprocessing, context awareness and timely analysis.

The growing amount of data and advances in data science have created a need for a new kind of cloud platform that provides users with flexibility, strong security, and the ability to couple with supercomputers and edge devices through high-performance networks. We have built such a nation-wide cloud platform, called "mdx" to meet this need. The mdx platform's virtualization service, jointly operated by 9 national universities and 2 national research institutes in Japan, launched in 2021, and more features are in development. Currently mdx is used by researchers in a wide variety of domains, including materials informatics, geo-spatial information science, life science, astronomical science, economics, social science, and computer science. This paper provides an overview of the mdx platform, details the motivation for its development, reports its current status, and outlines its future plans.

The increasing data generation rate and the proliferation of deep learning applications have led to the development of machine learning-as-a-service (MLaaS) platforms by major Cloud providers. The existing MLaaS platforms, however, fall short in protecting the clients’ private data. Recent distributed MLaaS architectures such as federated learning have also shown to be vulnerable against a range of privacy attacks. Such vulnerabilities motivated the development of privacy-preserving MLaaS techniques, which often use complex cryptographic prim-itives. Such approaches, however, demand abundant computing resources, which undermine the low-latency nature of evolving applications such as autonomous driving.To address these challenges, we propose SCLERA–an efficient MLaaS framework that utilizes trusted execution environment for secure execution of clients’ workloads. SCLERA features a set of optimization techniques to reduce the computational complexity of the offloaded services and achieve low-latency inference. We assessed SCLERA’s efficacy using image/video analytic use cases such as scene detection. Our results show that SCLERA achieves up to 23× speed-up when compared to the baseline secure model execution.

State-of-the-art approaches in gait analysis usually rely on one isolated tracking system, generating insufficient data for complex use cases such as sports, rehabilitation, and MedTech. We address the opportunity to comprehensively understand human motion by a novel data model combining several motion-tracking methods. The model aggregates pose estimation by captured videos and EMG and EIT sensor data synchronously to gain insights into muscle activities. Our demonstration with biceps curl and sitting/standing pose generates time-synchronous data and delivers insights into our experiment’s usability, advantages, and challenges.

Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.

With the development of 5G networking technology on the Internet of Vehicle (IoV), there are new opportunities for numerous cyber-attacks, such as in-vehicle attacks like hijacking occurrences and data theft. While numerous attempts have been made to protect against the potential attacks, there are still many unsolved problems such as developing a fine-grained access control system. This is reflected by the granularity of security as well as the related data that are hosted on these platforms. Among the most notable trends is the increased usage of smart devices, IoV, cloud services, emerging technologies aim at accessing, storing and processing data. Most popular authentication protocols rely on knowledge-factor for authentication that is infamously known to be vulnerable to subversions. Recently, the zero-trust framework has drawn huge attention; there is an urgent need to develop further the existing Continuous Authentication (CA) technique to achieve the zero-trustiness framework. In this paper, firstly, we develop the static authentication process and propose a secured protocol to generate the smart key for user to unlock the vehicle. Then, we proposed a novel and secure continuous authentication system for IoVs. We present the proof-of-concept of our CA scheme by building a prototype that leverages the commodity fingerprint sensors, NFC, and smartphone. Our evaluations in real-world settings demonstrate the appropriateness of CA scheme and security analysis of our proposed protocol for digital key suggests its enhanced security against the known attack-vector.

With their variety of application verticals, smart cities represent a killer scenario for Cloud-IoT computing, e.g. fog computing. Such applications require a management capable of satisfying all their requirements through suitable service placements, and of balancing among QoS-assurance, operational costs, deployment security and, last but not least, energy consumption and carbon emissions. This keynote discusses these aspects over a motivating use case and points to some open challenges.