10 research outputs found

    Analysing the Security Aspects of IoT using Blockchain and Cryptographic Algorithms

    Get PDF
    Technological advancement is a never-ending field that shows its evolution from time to time. In 1832, with the invention of the electromagnetic telegraph, the era of the Internet of Things (IoT) began. Within the time of 190 years, this technological domain has revolutionized IoT and made it omnipresent. However, with this evolved and omnipresent nature of IoT, many drawbacks, privacy, interoperability, and security issues have also been generated. These different concerns should be tackled with some newer technologies rather than the conventional ones as somehow, they are only the generator of those issues. Outdated Security could be an appropriate issue of IoT along with the centralized point of failure. It also possesses more concerns and challenges to tackle. On the other side, there is a visible solution to address the challenges of IoT in this developing domain of technology. The visible approach is Blockchain which acted as the backbone in securing Bitcoin in 2008, which was created by the pseudo group named Satoshi Nakamoto. Blockchain has evolved from Blockchain 1.0 to Blockchain 4.0 as the latest one depicts its amalgamation with another component of Industry 4.0 i.e., Artificial Intelligence (AI). AI will give the ability to think logically and like humans. In addition to this SMART solution, there is also an advanced cryptographical technique known as the Elliptic Curve Digital Signature Algorithm (ECDSA) which can enhance the security spectrum of IoT if applied appropriately. This paper produces a vision to enhance and optimize the security of IoT using a network peer-to-peer technology Blockchain along with advanced cryptography

    A Review on Cloud Data Security Challenges and existing Countermeasures in Cloud Computing

    Get PDF
    Cloud computing (CC) is among the most rapidly evolving computer technologies. That is the required accessibility of network assets, mainly information storage with processing authority without the requirement for particular and direct user administration. CC is a collection of public and private data centers that provide a single platform for clients throughout the Internet. The growing volume of personal and sensitive information acquired through supervisory authorities demands the usage of the cloud not just for information storage and for data processing at cloud assets. Nevertheless, due to safety issues raised by recent data leaks, it is recommended that unprotected sensitive data not be sent to public clouds. This document provides a detailed appraisal of the research regarding data protection and privacy problems, data encrypting, and data obfuscation, including remedies for cloud data storage. The most up-to-date technologies and approaches for cloud data security are examined. This research also examines several current strategies for addressing cloud security concerns. The performance of each approach is then compared based on its characteristics, benefits, and shortcomings. Finally, go at a few active cloud storage data security study fields

    PERANCANGAN INFRASTRUKTUR KUNCI PUBLIK DENGAN IMPLEMENTASI PEMBANGUNAN SISTEM UJIAN DARING BERBASIS WEB

    Get PDF
    During the Covid-19 pandemic, almost all educational institutions in Indonesia are implementing Distance Learning (PJJ). Like learning in general, in each semester an exam will be held, be it the Midterm Exam or the End of Semester Exam, and of course the exam takes place remotely. This has caused concerns from teachers to their students about the method of distributing exam questions and sending exam answer sheets. In other words, it is difficult for teachers to ensure the safety of the distribution of questions, as well as to carry out endorsements and verifications on the exam answer sheets collected by their students. In this study, the authors built a public key infrastructure implemented in a web-based online exam system with an approach to encryption and digital signatures. Encryption and digital signatures are two commonly used primitive cryptography that can provide security services, such as confidentiality, integrity, and authenticity of messages. It is hoped that with this research, we can find out the implementation of public key infrastructure in the web-based online examination system.Di masa pandemi Covid-19, hampir semua lembaga pendidikan di Indonesia menerapkan Pembelajaran Jarak Jauh (PJJ). Seperti pembelajaran pada umumnya, di setiap semester akan diadakan ujian, baik itu Ujian Tengah Semester maupun Ujian Akhir Semester, dan tentunya ujian tersebut dilakukan secara jarak jauh. Hal ini menimbulkan kekhawatiran dari guru kepada siswanya tentang cara pembagian soal ujian dan pengiriman lembar jawaban ujian. Dengan kata lain, sulit bagi guru untuk memastikan keamanan distribusi soal, serta melakukan pengesahan dan verifikasi pada lembar jawaban ujian yang dikumpulkan oleh siswanya. Pada penelitian ini, penulis membangun infrastruktur kunci publik yang diimplementasikan dalam sistem ujian online berbasis web dengan pendekatan enkripsi dan tanda tangan digital. Enkripsi dan tanda tangan digital adalah dua kriptografi primitif yang umum digunakan yang dapat memberikan layanan keamanan, seperti kerahasiaan, integritas, dan keaslian pesan. Diharapkan dengan penelitian ini dapat diketahui implementasi infrastruktur kunci publik pada sistem ujian online berbasis web

    Kesedaran pelajar terhadap risiko Bitcoin

    Get PDF
    Kajian ini bertujuan untuk mengkaji kesedaran pelajar terhadap risiko mata wang maya iaitu Bitcoin yang mula diperkenalkan oleh Nakamoto Satoshi pada 2008. Kajian ini berbentuk kuantitatif yang dijalankan terhadap sejumlah 200 orang pelajar universiti daripada keseluruhan 8 buah fakulti di Universiti Kebangsaan Malaysia (UKM) kampus Bangi. Seramai 25 orang pelajar daripada setiap fakulti telah terpilih secara rawak untuk menjawab satu soal selidik yang disediakan untuk mengumpul data. Hasil kajian mendapati bahawa para pelajar tidak menyedari secara menyeluruh tentang pelbagai jenis risiko yang terlibat apabila melabur dalam Bitcoin. Mereka sedar mengenai risiko ketidakstabilan harga Bitcoin, kes penipuan Bitcoin dan kebarangkalian kehilangan Bitcoin sekiranya e-wallet hilang. Para pelajar juga menyedari risiko Bitcoin boleh dikurangkan melalui penyimpanan dalam β€˜cold wallet’ serta penggunaan β€˜anti-virus’ bagi melindungi perisian daripada digodam. Namun begitu, mereka tidak sedar tentang risiko turun-naik harga Bitcoin dipengaruhi oleh permintaan dan penawaran Bitcoin di pasaran yang mana boleh menyebabkan mereka mengalami kerugian. Di samping itu, mereka juga tidak menyedari bahawa β€˜backup files’ boleh mengurangkan risiko pencerobohan terhadap akaun Bitcoin

    Balancing End-to-End Encryption and Public Safety

    Get PDF
    Over the last decade, there has been a significant debate around end-to-end encryption (E2EE) and its implications for public safety. At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. At the extreme ends of this deeply polarised debate are two key arguments. On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to E2EE communications to spy on their citizens. On the security side, it is maintained that obtaining lawful exceptional access is the only way to protect citizens and uphold national security. The debate has reached a deadlock, with both sides perpetuating zero-sum views.However, experts are calling for a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate. Through a review of the existing literature and insights from 22 semi-structured interviews, this paper balances the perspectives from a range of relevant stakeholders on the main elements of the E2EE debate and presents some key takeaways in an effort to move away from a crude privacy-versus-security binary.The paper presents the following key findings:There are clear and significant cyber security and privacy benefits to E2EE. Efforts to weaken or restrict its access would be a net loss for all.Criminal use of E2EE is a significant risk to public safety and solutions are vital. Yet, it should also be acknowledged that technology is an enabler of criminal and harmful activity and should not be treated as the root cause.The possibility of developing technical tools which could assist law enforcement investigations should not be categorically ruled out, but future proposals must be measured against the principles of proportionality, legality and technical robustness.Alternative options for law enforcement investigations such as metadata analysis and legal hacking should be considered, but they are not without their drawbacks. Legal hacking could be proportionate but its reliance on software vulnerabilities is largely at odds with strong cyber security. Metadata analysis is promising but more research is needed to determine the extent to which it can be used to aid law enforcement investigations.Industry do have a responsibility to make their platforms safer and free from criminal abuse. This requires implementation of safety-by-design principles and the provision of resources for better digital literacy and education. Governments must have oversight over the technical tools developed.A more nuanced debate must continue which actively moves away from zero-sum views of absolute privacy versus absolute security, and focuses more on how the risks to public safety can be reduced in proportion with the need to protect citizens' rights and freedoms

    A practical implementation of quantum-derived keys for secure vehicle-to-infrastructure communications

    Get PDF
    We provide a practical implementation of a free space optical quantum key distribution (FSO-QKD) system within a vehicle-to-infrastructure (V2I) application developed under the Innovate UK AirQKD project. The FSO-QKD system provides the quantum secure encryption keys that serve as the foundation for secure communications throughout the V2I application to address known concerns over V2I security. This document includes summaries of the quantum key generation process and the deployed V2I technology. Subsequently, a high-level view of the system design, the practical experiment, and its execution are presented. Multiple AirQKD project partners developed technologies ranging from semiconductors and hardware to security protocols and software, to enable the QKD-secured V2I system. The developed technology includes a novel zero-trust security protocol used to protect the V2I communications, ensuring that spoofed V2I messages from a compromised device are not accepted by the system

    Improving key exchange protocols based on sender and receiver electronic identification documents

    Get PDF
    ΠŸΡ€Π΅Π΄ΠΌΠ΅Ρ‚ Ρ€Π°Π΄Π° докторскС Π΄ΠΈΡΠ΅Ρ€Ρ‚Π°Ρ†ΠΈΡ˜Π΅ јС саглСдавањС Π°ΠΊΡ‚ΡƒΠ΅Π»Π½ΠΈΡ… ΠΏΡ€ΠΎΠ±Π»Π΅ΠΌΠ° Π²Π΅Π·Π°Π½ΠΈΡ… Π·Π° појмовС Ρ€Π°Π·ΠΌΠ΅Π½Π° криптографских ΠΊΡ™ΡƒΡ‡Π΅Π²Π° ΠΈ Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π° корисника систСма Π·Π° Ρ‚Π°Ρ˜Π½Ρƒ ΠΊΠΎΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΡ˜Ρƒ. Π Π°Π΄ сС Π±Π°Π²ΠΈ Π°Π½Π°Π»ΠΈΠ·ΠΎΠΌ ΠΏΠΎΡΡ‚ΠΎΡ˜Π΅Ρ›ΠΈΡ… Ρ€Π΅ΡˆΠ΅ΡšΠ° Ρƒ области ΠΈΡΡ‚Ρ€Π°ΠΆΠΈΠ²Π°ΡšΠ° ΠΈ Ρ€Π°Π·Π²ΠΈΡ˜Π°ΡšΠ΅ΠΌ сопствСног систСма Π·Π° Ρ‚Π°Ρ˜Π½Ρƒ ΠΊΠΎΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΡ˜Ρƒ. Научни Ρ†ΠΈΡ™ Π΄ΠΈΡΠ΅Ρ€Ρ‚Π°Ρ†ΠΈΡ˜Π΅ јС ΡƒΠ½Π°ΠΏΡ€Π΅Ρ’Π΅ΡšΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Π° Π·Π° Ρ€Π°Π·ΠΌΠ΅Π½Ρƒ криптографских ΠΊΡ™ΡƒΡ‡Π΅Π²Π° Π½Π° Π±Π°Π·ΠΈ Π»ΠΈΡ‡Π½ΠΈΡ… ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΎΠ½ΠΈΡ… Π΄ΠΎΠΊΡƒΠΌΠ΅Π½Π°Ρ‚Π°. Π˜Π·Π²Ρ€ΡˆΠ΅Π½Π° јС Π°Π½Π°Π»ΠΈΠ·Π° ΠΏΠΎΡΡ‚ΠΎΡ˜Π΅Ρ›ΠΈΡ… приступа Ρƒ области ΠΈΡΡ‚Ρ€Π°ΠΆΠΈΠ²Π°ΡšΠ° с Ρ†ΠΈΡ™Π΅ΠΌ Π΄Π° сС ΠΏΠΎΠ±ΠΎΡ™ΡˆΠ° Π½ΠΈΠ²ΠΎ Π·Π°ΡˆΡ‚ΠΈΡ‚Π΅ ΠΏΡ€ΠΈΠ»ΠΈΠΊΠΎΠΌ Ρ‚Π°Ρ˜Π½Π΅ ΠΊΠΎΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π΅ ΠΈ добијС основа Π·Π° Ρ€Π°Π·Π²ΠΎΡ˜ сопствСног систСма. КомбиновањСм криптографских ΠΌΠ΅Ρ‚ΠΎΠ΄Π° којС ΠΎΠ±Π΅Π·Π±Π΅Ρ’ΡƒΡ˜Ρƒ повСрљивост, аутСнтичност ΠΈ ΠΈΠ½Ρ‚Π΅Π³Ρ€ΠΈΡ‚Π΅Ρ‚, ΡƒΠ· ΠΏΡ€ΠΈΠΌΠ΅Π½Ρƒ стСганографских ΠΌΠ΅Ρ‚ΠΎΠ΄Π° Π·Π° Ρ€Π°Π·ΠΌΠ΅Π½Ρƒ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡ˜Π° Π½Π° скривСн Π½Π°Ρ‡ΠΈΠ½, корисницима ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½ΠΎΠ³ систСма сС ΠΏΡ€ΡƒΠΆΠ° могућност Π΄Π° Π½Π° Сфикасан ΠΈ сигуран Π½Π°Ρ‡ΠΈΠ½ Ρ€Π°Π·ΠΌΠ΅ΡšΡƒΡ˜Ρƒ Ρ‚Π°Ρ˜Π½Π΅ ΠΏΠΎΡ€ΡƒΠΊΠ΅. Анализом Ρ€Π΅Π·ΡƒΠ»Ρ‚Π°Ρ‚Π° ΠΈΡΡ‚Ρ€Π°ΠΆΠΈΠ²Π°ΡšΠ° Π·Π°ΠΊΡ™ΡƒΡ‡Π΅Π½ΠΎ јС Π΄Π° ΠΏΠΎΡΡ‚ΠΎΡ˜ΠΈ оправданост ΡƒΠΏΠΎΡ‚Ρ€Π΅Π±Π΅ Π»ΠΈΡ‡Π½ΠΈΡ… ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΎΠ½ΠΈΡ… Π΄ΠΎΠΊΡƒΠΌΠ΅Π½Π°Ρ‚Π° Π·Π° Ρ€Π°Π·ΠΌΠ΅Π½Ρƒ криптографских ΠΊΡ™ΡƒΡ‡Π΅Π²Π° који сС користС Ρƒ Ρ‚Π°Ρ˜Π½ΠΎΡ˜ ΠΊΠΎΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΡ˜ΠΈ

    Analyzing Small Business Strategies to Prevent External Cybersecurity Threats

    Get PDF
    Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities

    Analyzing Small Business Strategies to Prevent External Cybersecurity Threats

    Get PDF
    Some small businesses’ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities
    corecore