A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Securing the Internet with digital signatures

The security and reliability of the Internet are essential for many functions of a modern society. Currently, the Internet lacks efficient network level security solutions and is vulnerable to various attacks, especially to distributed denial-of-service attacks. Traditional end-to-end security solutions such as IPSec only protect the communication end-points and are not effective if the underlying network infrastructure is attacked and paralyzed. This thesis describes and evaluates Packet Level Authentication (PLA), which is a novel method to secure the network infrastructure and provide availability with public key digital signatures. PLA allows any node in the network to verify independently the authenticity and integrity of every received packet, without previously established relationships with the sender or intermediate nodes that have handled the packet. As a result, various attacks against the network and its users can be more easily detected and mitigated, before they can cause significant damage or disturbance. PLA is compatible with the existing Internet infrastructure, and can be used with complementary end-to-end security solutions, such as IPSec and HIP. While PLA was originally designed for securing current IP networks, it is also suitable for securing future data-oriented networking approaches. PLA has been designed to scale from lightweight wireless devices to Internet core network, which is a challenge since public key cryptography operations are very resource intensive. Nevertheless, this work shows that digital signature algorithms and their hardware implementations developed for PLA are scalable to fast core network routers. Furthermore, the additional energy consumption of cryptographic operations is significantly lower than the energy cost of wireless transmission, making PLA feasible for lightweight wireless devices. Digital signature algorithms used by PLA also offer small key and signature sizes and therefore PLA's bandwidth overhead is relatively low. Strong security mechanisms offered by PLA can also be utilized for various other tasks. This work investigates how PLA can be utilized for controlling incoming connections, secure user authentication and billing, and for providing a strong accountability without an extensive data retention by network service providers

Decentralized Finance: Regulating Cryptocurrency Exchanges

Global financial markets are in the midst of a transformative movement. The creation of Bitcoin and Facebook’s proposed distribution of Diem mark a watershed moment in the evolution of the financial markets ecosystem. Purportedly, peer-to-peer distributed digital ledger technology eliminates legacy financial market intermediaries such as investment banks, depository banks, exchanges, clearinghouses, and broker-dealers. Yet careful examination reveals that cryptocurrency issuers and the firms that offer secondary market cryptocurrency trading services have not quite lived up to their promise. Notwithstanding cryptoenthusiasts’ calls for disintermediation, evidence reveals that platforms that facilitate cryptocurrency trading frequently employ the long-adopted intermediation practices of their traditional counterparts. In fact, when emerging technologies fail, cryptocoin and token trading platforms partner with and rely on traditional financial services firms. As a result, these platforms face many of the risk-management threats that have plagued conventional financial institutions as well as a host of underexplored threats. Automated or algorithmic trading strategies, accelerated high frequency trading tactics, and sophisticated Ocean’s Eleven-style cyberheists leave crypto-investors vulnerable to predatory practices. Early responses to fraud, misconduct, and manipulation emphasize intervention when originators first distribute cryptocurrencies— the initial coin offerings. This Article rejects the dominant regulatory narrative that prioritizes oversight of primary market transactions. Instead, this Article proposes that regulators introduce formal registration obligations for cryptocurrency intermediaries—the exchange platforms that provide a marketplace for secondary market trading. This approach recognizes the dynamic nature of cryptocurrency secondary market actors seeking to achieve disintermediation yet balances the potential benefits of trading intermediaries with normative regulatory goals—protecting investors from fraud, theft, misconduct, and manipulation; enforcing accountability; preserving market integrity; and addressing enterprise and systemic risk-management concerns

Fair exchange in e-commerce and certified e-mail, new scenarios and protocols

We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’àmbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà, i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Així doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència física no és necessària, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermàquines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mínim nombre de transaccions necessàries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa

Towards an aligned South African National Cybersecurity Policy Framework

This thesis measured and aligned factors that contribute to the misalignment of the South African National Cybersecurity Policy Framework (SA-NCPF). The exponential growth rate of cyber-attacks and threats has caused more headaches for cybersecurity experts, law enforcement agents, organisations and the global business economy. The emergence of the global Corona Virus Disease-2019 has also contributed to the growth of cyber-attacks and threats thus, requiring concerted efforts from everyone in society to devise appropriate interventions that mitigate unacceptable user behaviour in the reality of cyberspace. In this study, various theories were identified and pooled together into an integrative theoretical framework to provide a better understanding of various aspects of the law-making process more comprehensively. The study identified nine influencing factors that contributed to misalignment of the South African National Cybersecurity Policy Framework. These influencing factors interact with each other continuously producing complex relationships, therefore, it is difficult to measure the degree of influence of each factor, hence the need to look at and measure the relationships as Gestalts. Gestalts view individual interactions between pairs of constructs only as a part of the overall pattern. Therefore, the integrative theoretical framework and Gestalts approach were used to develop a conceptual framework to measure the degree of alignment of influencing factors. This study proposed that the stronger the coherence among the influencing factors, the more aligned the South African National Security Policy Framework. The more coherent the SA-NCPF is perceived, the greater would be the degree of alignment of the country's cybersecurity framework to national, regional and global cyberlaws. Respondents that perceived a strong coherence among the elements also perceived an effective SA-NCPF. Empirically, this proposition was tested using nine constructs. Quantitative data was gathered from respondents using a survey. A major contribution of this study was that it was the first attempt in South Africa to measure the alignment of the SA-NCPF using the Gestalts approach as an effective approach for measuring complex relationships. The study developed the integrative theoretical framework which integrates various theories that helped to understand and explain the South African law making process. The study also made a significant methodological contribution by adopting the Cluster-based perspective to distinguish, describe and predict the degree of alignment of the SA-NCPF. There is a dearth of information that suggests that past studies have adopted or attempted to address the challenge of alignment of the SA-NCPF using the cluster-based and Gestalts perspectives. Practical implications from the study include a review of the law-making process, skills development strategy, a paradigm shift to address the global Covid-19 pandemic and sophisticated cybercrimes simultaneously. The study asserted the importance of establishing an independent cybersecurity board comprising courts, legal, cybersecurity experts, academics and law-makers to provide cybersecurity expertise and advice. From the research findings, government and practitioners can draw lessons to review the NCPF to ensure the country develops an effective national cybersecurity strategy. Limitations and recommendations for future research conclude the discussions of this study

Cybersecurity applications of Blockchain technologies

With the increase in connectivity, the popularization of cloud services, and the rise of the Internet of Things (IoT), decentralized approaches for trust management are gaining momentum. Since blockchain technologies provide a distributed ledger, they are receiving massive attention from the research community in different application fields. However, this technology does not provide cybersecurity by itself. Thus, this thesis first aims to provide a comprehensive review of techniques and elements that have been proposed to achieve cybersecurity in blockchain-based systems. The analysis is intended to target area researchers, cybersecurity specialists and blockchain developers. We present a series of lessons learned as well. One of them is the rise of Ethereum as one of the most used technologies. Furthermore, some intrinsic characteristics of the blockchain, like permanent availability and immutability made it interesting for other ends, namely as covert channels and malicious purposes. On the one hand, the use of blockchains by malwares has not been characterized yet. Therefore, this thesis also analyzes the current state of the art in this area. One of the lessons learned is that covert communications have received little attention. On the other hand, although previous works have analyzed the feasibility of covert channels in a particular blockchain technology called Bitcoin, no previous work has explored the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. To foster further defence-oriented research, two novel mechanisms are presented on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility and cost. Our experiments show that Zephyrus, in the best case, can embed 40 Kbits in 0.57 s. for US$1.64, and retrieve them in 2.8 s. Smart-Zephyrus, however, is able to hide a 4 Kb secret in 41 s. While being expensive (around US$ 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore, these two mechanisms can be combined to increase capacity and reduce costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la gestión de la confianza están cobrando impulso. Dado que las tecnologías de cadena de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo una atención masiva por parte de la comunidad investigadora en diferentes campos de aplicación. Sin embargo, esta tecnología no proporciona ciberseguridad por sí misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad en los sistemas basados en blockchain. Este análisis está dirigido a investigadores del área, especialistas en ciberseguridad y desarrolladores de blockchain. A su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge de Ethereum como una de las tecnologías más utilizadas. Asimismo, algunas características intrínsecas de la blockchain, como la disponibilidad permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente como canal encubierto y con fines maliciosos. Por una parte, aún no se ha caracterizado el uso de la blockchain por parte de malwares. Por ello, esta tesis también analiza el actual estado del arte en este ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones encubiertas han recibido poca atención. Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los canales encubiertos en una tecnología blockchain concreta llamada Bitcoin, ningún trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto considerando todos los campos de transacción y contratos inteligentes. Con el objetivo de fomentar una mayor investigación orientada a la defensa, en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes. En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s. Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado podría valer la pena para los atacantes. Además, estos dos mecanismos pueden combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco Alís.- Vocal: Luis Hernández Encina

Cyber Security and Critical Infrastructures

This book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles: an editorial explaining current challenges, innovative solutions, real-world experiences including critical infrastructure, 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems, and a review of cloud, edge computing, and fog's security and privacy issues