10 research outputs found
Analysing the Security Aspects of IoT using Blockchain and Cryptographic Algorithms
Technological advancement is a never-ending field that shows its evolution from time to time. In 1832, with the invention of the electromagnetic telegraph, the era of the Internet of Things (IoT) began. Within the time of 190 years, this technological domain has revolutionized IoT and made it omnipresent. However, with this evolved and omnipresent nature of IoT, many drawbacks, privacy, interoperability, and security issues have also been generated. These different concerns should be tackled with some newer technologies rather than the conventional ones as somehow, they are only the generator of those issues. Outdated Security could be an appropriate issue of IoT along with the centralized point of failure. It also possesses more concerns and challenges to tackle. On the other side, there is a visible solution to address the challenges of IoT in this developing domain of technology. The visible approach is Blockchain which acted as the backbone in securing Bitcoin in 2008, which was created by the pseudo group named Satoshi Nakamoto. Blockchain has evolved from Blockchain 1.0 to Blockchain 4.0 as the latest one depicts its amalgamation with another component of Industry 4.0 i.e., Artificial Intelligence (AI). AI will give the ability to think logically and like humans. In addition to this SMART solution, there is also an advanced cryptographical technique known as the Elliptic Curve Digital Signature Algorithm (ECDSA) which can enhance the security spectrum of IoT if applied appropriately. This paper produces a vision to enhance and optimize the security of IoT using a network peer-to-peer technology Blockchain along with advanced cryptography
A Review on Cloud Data Security Challenges and existing Countermeasures in Cloud Computing
Cloud computing (CC) is among the most rapidly evolving computer technologies. That is the required accessibility of network assets, mainly information storage with processing authority without the requirement for particular and direct user administration. CC is a collection of public and private data centers that provide a single platform for clients throughout the Internet. The growing volume of personal and sensitive information acquired through supervisory authorities demands the usage of the cloud not just for information storage and for data processing at cloud assets. Nevertheless, due to safety issues raised by recent data leaks, it is recommended that unprotected sensitive data not be sent to public clouds. This document provides a detailed appraisal of the research regarding data protection and privacy problems, data encrypting, and data obfuscation, including remedies for cloud data storage. The most up-to-date technologies and approaches for cloud data security are examined. This research also examines several current strategies for addressing cloud security concerns. The performance of each approach is then compared based on its characteristics, benefits, and shortcomings. Finally, go at a few active cloud storage data security study fields
PERANCANGAN INFRASTRUKTUR KUNCI PUBLIK DENGAN IMPLEMENTASI PEMBANGUNAN SISTEM UJIAN DARING BERBASIS WEB
During the Covid-19 pandemic, almost all educational institutions in Indonesia are implementing Distance Learning (PJJ). Like learning in general, in each semester an exam will be held, be it the Midterm Exam or the End of Semester Exam, and of course the exam takes place remotely. This has caused concerns from teachers to their students about the method of distributing exam questions and sending exam answer sheets. In other words, it is difficult for teachers to ensure the safety of the distribution of questions, as well as to carry out endorsements and verifications on the exam answer sheets collected by their students. In this study, the authors built a public key infrastructure implemented in a web-based online exam system with an approach to encryption and digital signatures. Encryption and digital signatures are two commonly used primitive cryptography that can provide security services, such as confidentiality, integrity, and authenticity of messages. It is hoped that with this research, we can find out the implementation of public key infrastructure in the web-based online examination system.Di masa pandemi Covid-19, hampir semua lembaga pendidikan di Indonesia menerapkan Pembelajaran Jarak Jauh (PJJ). Seperti pembelajaran pada umumnya, di setiap semester akan diadakan ujian, baik itu Ujian Tengah Semester maupun Ujian Akhir Semester, dan tentunya ujian tersebut dilakukan secara jarak jauh. Hal ini menimbulkan kekhawatiran dari guru kepada siswanya tentang cara pembagian soal ujian dan pengiriman lembar jawaban ujian. Dengan kata lain, sulit bagi guru untuk memastikan keamanan distribusi soal, serta melakukan pengesahan dan verifikasi pada lembar jawaban ujian yang dikumpulkan oleh siswanya. Pada penelitian ini, penulis membangun infrastruktur kunci publik yang diimplementasikan dalam sistem ujian online berbasis web dengan pendekatan enkripsi dan tanda tangan digital. Enkripsi dan tanda tangan digital adalah dua kriptografi primitif yang umum digunakan yang dapat memberikan layanan keamanan, seperti kerahasiaan, integritas, dan keaslian pesan. Diharapkan dengan penelitian ini dapat diketahui implementasi infrastruktur kunci publik pada sistem ujian online berbasis web
Kesedaran pelajar terhadap risiko Bitcoin
Kajian ini bertujuan untuk mengkaji kesedaran pelajar terhadap risiko mata wang maya iaitu Bitcoin yang mula
diperkenalkan oleh Nakamoto Satoshi pada 2008. Kajian ini berbentuk kuantitatif yang dijalankan terhadap
sejumlah 200 orang pelajar universiti daripada keseluruhan 8 buah fakulti di Universiti Kebangsaan Malaysia
(UKM) kampus Bangi. Seramai 25 orang pelajar daripada setiap fakulti telah terpilih secara rawak untuk menjawab
satu soal selidik yang disediakan untuk mengumpul data. Hasil kajian mendapati bahawa para pelajar tidak
menyedari secara menyeluruh tentang pelbagai jenis risiko yang terlibat apabila melabur dalam Bitcoin. Mereka
sedar mengenai risiko ketidakstabilan harga Bitcoin, kes penipuan Bitcoin dan kebarangkalian kehilangan Bitcoin
sekiranya e-wallet hilang. Para pelajar juga menyedari risiko Bitcoin boleh dikurangkan melalui penyimpanan
dalam βcold walletβ serta penggunaan βanti-virusβ bagi melindungi perisian daripada digodam. Namun begitu,
mereka tidak sedar tentang risiko turun-naik harga Bitcoin dipengaruhi oleh permintaan dan penawaran Bitcoin
di pasaran yang mana boleh menyebabkan mereka mengalami kerugian. Di samping itu, mereka juga tidak
menyedari bahawa βbackup filesβ boleh mengurangkan risiko pencerobohan terhadap akaun Bitcoin
Balancing End-to-End Encryption and Public Safety
Over the last decade, there has been a significant debate around end-to-end encryption (E2EE) and its implications for public safety. At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. At the extreme ends of this deeply polarised debate are two key arguments. On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to E2EE communications to spy on their citizens. On the security side, it is maintained that obtaining lawful exceptional access is the only way to protect citizens and uphold national security. The debate has reached a deadlock, with both sides perpetuating zero-sum views.However, experts are calling for a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate. Through a review of the existing literature and insights from 22 semi-structured interviews, this paper balances the perspectives from a range of relevant stakeholders on the main elements of the E2EE debate and presents some key takeaways in an effort to move away from a crude privacy-versus-security binary.The paper presents the following key findings:There are clear and significant cyber security and privacy benefits to E2EE. Efforts to weaken or restrict its access would be a net loss for all.Criminal use of E2EE is a significant risk to public safety and solutions are vital. Yet, it should also be acknowledged that technology is an enabler of criminal and harmful activity and should not be treated as the root cause.The possibility of developing technical tools which could assist law enforcement investigations should not be categorically ruled out, but future proposals must be measured against the principles of proportionality, legality and technical robustness.Alternative options for law enforcement investigations such as metadata analysis and legal hacking should be considered, but they are not without their drawbacks. Legal hacking could be proportionate but its reliance on software vulnerabilities is largely at odds with strong cyber security. Metadata analysis is promising but more research is needed to determine the extent to which it can be used to aid law enforcement investigations.Industry do have a responsibility to make their platforms safer and free from criminal abuse. This requires implementation of safety-by-design principles and the provision of resources for better digital literacy and education. Governments must have oversight over the technical tools developed.A more nuanced debate must continue which actively moves away from zero-sum views of absolute privacy versus absolute security, and focuses more on how the risks to public safety can be reduced in proportion with the need to protect citizens' rights and freedoms
A practical implementation of quantum-derived keys for secure vehicle-to-infrastructure communications
We provide a practical implementation of a free space optical quantum key distribution (FSO-QKD) system within a vehicle-to-infrastructure (V2I) application developed under the Innovate UK AirQKD project. The FSO-QKD system provides the quantum secure encryption keys that serve as the foundation for secure communications throughout the V2I application to address known concerns over V2I security. This document includes summaries of the quantum key generation process and the deployed V2I technology. Subsequently, a high-level view of the system design, the practical experiment, and its execution are presented. Multiple AirQKD project partners developed technologies ranging from semiconductors and hardware to security protocols and software, to enable the QKD-secured V2I system. The developed technology includes a novel zero-trust security protocol used to protect the V2I communications, ensuring that spoofed V2I messages from a compromised device are not accepted by the system
Improving key exchange protocols based on sender and receiver electronic identification documents
ΠΡΠ΅Π΄ΠΌΠ΅Ρ ΡΠ°Π΄Π° Π΄ΠΎΠΊΡΠΎΡΡΠΊΠ΅ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠ΅ ΡΠ΅ ΡΠ°Π³Π»Π΅Π΄Π°Π²Π°ΡΠ΅ Π°ΠΊΡΡΠ΅Π»Π½ΠΈΡ
ΠΏΡΠΎΠ±Π»Π΅ΠΌΠ° Π²Π΅Π·Π°Π½ΠΈΡ
Π·Π° ΠΏΠΎΡΠΌΠΎΠ²Π΅ ΡΠ°Π·ΠΌΠ΅Π½Π° ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΠΊΠΈΡ
ΠΊΡΡΡΠ΅Π²Π° ΠΈ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ° ΠΊΠΎΡΠΈΡΠ½ΠΈΠΊΠ° ΡΠΈΡΡΠ΅ΠΌΠ° Π·Π° ΡΠ°ΡΠ½Ρ ΠΊΠΎΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΡΡ. Π Π°Π΄ ΡΠ΅ Π±Π°Π²ΠΈ Π°Π½Π°Π»ΠΈΠ·ΠΎΠΌ ΠΏΠΎΡΡΠΎΡΠ΅ΡΠΈΡ
ΡΠ΅ΡΠ΅ΡΠ° Ρ ΠΎΠ±Π»Π°ΡΡΠΈ ΠΈΡΡΡΠ°ΠΆΠΈΠ²Π°ΡΠ° ΠΈ ΡΠ°Π·Π²ΠΈΡΠ°ΡΠ΅ΠΌ ΡΠΎΠΏΡΡΠ²Π΅Π½ΠΎΠ³ ΡΠΈΡΡΠ΅ΠΌΠ° Π·Π° ΡΠ°ΡΠ½Ρ ΠΊΠΎΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΡΡ.
ΠΠ°ΡΡΠ½ΠΈ ΡΠΈΡ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠ΅ ΡΠ΅ ΡΠ½Π°ΠΏΡΠ΅ΡΠ΅ΡΠ΅ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π° Π·Π° ΡΠ°Π·ΠΌΠ΅Π½Ρ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΠΊΠΈΡ
ΠΊΡΡΡΠ΅Π²Π° Π½Π° Π±Π°Π·ΠΈ Π»ΠΈΡΠ½ΠΈΡ
ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΎΠ½ΠΈΡ
Π΄ΠΎΠΊΡΠΌΠ΅Π½Π°ΡΠ°. ΠΠ·Π²ΡΡΠ΅Π½Π° ΡΠ΅ Π°Π½Π°Π»ΠΈΠ·Π° ΠΏΠΎΡΡΠΎΡΠ΅ΡΠΈΡ
ΠΏΡΠΈΡΡΡΠΏΠ° Ρ ΠΎΠ±Π»Π°ΡΡΠΈ ΠΈΡΡΡΠ°ΠΆΠΈΠ²Π°ΡΠ° Ρ ΡΠΈΡΠ΅ΠΌ Π΄Π° ΡΠ΅ ΠΏΠΎΠ±ΠΎΡΡΠ° Π½ΠΈΠ²ΠΎ Π·Π°ΡΡΠΈΡΠ΅ ΠΏΡΠΈΠ»ΠΈΠΊΠΎΠΌ ΡΠ°ΡΠ½Π΅ ΠΊΠΎΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΡΠ΅ ΠΈ Π΄ΠΎΠ±ΠΈΡΠ΅ ΠΎΡΠ½ΠΎΠ²Π° Π·Π° ΡΠ°Π·Π²ΠΎΡ ΡΠΎΠΏΡΡΠ²Π΅Π½ΠΎΠ³ ΡΠΈΡΡΠ΅ΠΌΠ°. ΠΠΎΠΌΠ±ΠΈΠ½ΠΎΠ²Π°ΡΠ΅ΠΌ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΠΊΠΈΡ
ΠΌΠ΅ΡΠΎΠ΄Π° ΠΊΠΎΡΠ΅ ΠΎΠ±Π΅Π·Π±Π΅ΡΡΡΡ ΠΏΠΎΠ²Π΅ΡΡΠΈΠ²ΠΎΡΡ, Π°ΡΡΠ΅Π½ΡΠΈΡΠ½ΠΎΡΡ ΠΈ ΠΈΠ½ΡΠ΅Π³ΡΠΈΡΠ΅Ρ, ΡΠ· ΠΏΡΠΈΠΌΠ΅Π½Ρ ΡΡΠ΅Π³Π°Π½ΠΎΠ³ΡΠ°ΡΡΠΊΠΈΡ
ΠΌΠ΅ΡΠΎΠ΄Π° Π·Π° ΡΠ°Π·ΠΌΠ΅Π½Ρ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡΠ° Π½Π° ΡΠΊΡΠΈΠ²Π΅Π½ Π½Π°ΡΠΈΠ½, ΠΊΠΎΡΠΈΡΠ½ΠΈΡΠΈΠΌΠ° ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½ΠΎΠ³ ΡΠΈΡΡΠ΅ΠΌΠ° ΡΠ΅ ΠΏΡΡΠΆΠ° ΠΌΠΎΠ³ΡΡΠ½ΠΎΡΡ Π΄Π° Π½Π° Π΅ΡΠΈΠΊΠ°ΡΠ°Π½ ΠΈ ΡΠΈΠ³ΡΡΠ°Π½ Π½Π°ΡΠΈΠ½ ΡΠ°Π·ΠΌΠ΅ΡΡΡΡ ΡΠ°ΡΠ½Π΅ ΠΏΠΎΡΡΠΊΠ΅.
ΠΠ½Π°Π»ΠΈΠ·ΠΎΠΌ ΡΠ΅Π·ΡΠ»ΡΠ°ΡΠ° ΠΈΡΡΡΠ°ΠΆΠΈΠ²Π°ΡΠ° Π·Π°ΠΊΡΡΡΠ΅Π½ΠΎ ΡΠ΅ Π΄Π° ΠΏΠΎΡΡΠΎΡΠΈ ΠΎΠΏΡΠ°Π²Π΄Π°Π½ΠΎΡΡ ΡΠΏΠΎΡΡΠ΅Π±Π΅ Π»ΠΈΡΠ½ΠΈΡ
ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΎΠ½ΠΈΡ
Π΄ΠΎΠΊΡΠΌΠ΅Π½Π°ΡΠ° Π·Π° ΡΠ°Π·ΠΌΠ΅Π½Ρ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΠΊΠΈΡ
ΠΊΡΡΡΠ΅Π²Π° ΠΊΠΎΡΠΈ ΡΠ΅ ΠΊΠΎΡΠΈΡΡΠ΅ Ρ ΡΠ°ΡΠ½ΠΎΡ ΠΊΠΎΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΡΠΈ
Analyzing Small Business Strategies to Prevent External Cybersecurity Threats
Some small businessesβ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities
Analyzing Small Business Strategies to Prevent External Cybersecurity Threats
Some small businessesβ cybersecurity analysts lack strategies to prevent their organizations from compromising personally identifiable information (PII) via external cybersecurity threats. Small business leaders are concerned, as they are the most targeted critical infrastructures in the United States and are a vital part of the economic system as data breaches threaten the viability of these organizations. Grounded in routine activity theory, the purpose of this pragmatic qualitative inquiry was to explore strategies small business organizations utilize to prevent external cybersecurity threats. The participants were nine cybersecurity analysts who utilized strategies to defend small businesses from external threats. Data were collected via online semistructured interviews and the National Institute of Standards and Technology documentation as well as analyzed thematically. Six major themes emerged: (a) applying standards regarding external threats, (b) evaluation of cybersecurity strategies and effectiveness, (c) consistent awareness of the external threat landscape, (d) assessing threat security posture, (e) measuring the ability to address risk and prevent attacks related to external threats, and (f) centralizing communication across departments to provide a holistic perspective on threats. A key recommendation for cybersecurity analysts is to employ moving the target defenses to prevent external cybersecurity threats. The implications for positive social change include the potential to provide small business cybersecurity analysts with additional strategies to effectively mitigate the compromise of customer PII, creating more resilient economic infrastructures while strengthening communities