PeerJ Computer Science Preprints: Security and Privacyhttps://peerj.com/preprints/index.atom?journal=cs&subject=11200Security and Privacy articles published in PeerJ Computer Science PreprintsData security analysis based on Blockchain Recurrence Qualitative Analysis (BRQA)https://peerj.com/preprints/278202019-06-242019-06-24Mohamed A El-dosukyGamal H Eladl
There is no doubt that the Blockchain has become an important technology that imposes itself in its use. With the increasing demand for this technology it is necessary to develop and update techniques proposed to deal with other technologies, especially in the field of cyber-security, which represents a vital and important field. This paper discussed the integration of Recurrence Qualitative Analysis (RQA) technology with the blockchain as well as exciting technical details of RQA operation in increasing Blockchain security. This paper found significant improvements, remarkable and differentiated compared to previous methods
There is no doubt that the Blockchain has become an important technology that imposes itself in its use. With the increasing demand for this technology it is necessary to develop and update techniques proposed to deal with other technologies, especially in the field of cyber-security, which represents a vital and important field. This paper discussed the integration of Recurrence Qualitative Analysis (RQA) technology with the blockchain as well as exciting technical details of RQA operation in increasing Blockchain security. This paper found significant improvements, remarkable and differentiated compared to previous methodsPrioritizing computer security controls for home usershttps://peerj.com/preprints/275402019-02-152019-02-15Justin FanelliJohn Waxler
Hundreds of thousands of home users are victimized by cyber-attacks every year. Most experts agree that average home users are not doing enough to protect their computers and their information from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, loss of identity, and ransom payments; en masse attacks can act in concert to infect personal computers in business and government. Currently, home users receive conflicting guidance for a complicated terrain, often in the form of anecdotal 'Top 10' lists, that is not appropriate for their specific needs, and in many instances, users ignore all guidance. Often, these popular ‘Top 10’ lists appear to be based solely on opinion. Ultimately, we asked ourselves the following: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? In this paper, we propose a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, we identify, analyze and prioritize security controls used by government and industry to determine which controls can substantively improve home computing security. We apply our methodology using examples to demonstrate its benefits.
Hundreds of thousands of home users are victimized by cyber-attacks every year. Most experts agree that average home users are not doing enough to protect their computers and their information from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, loss of identity, and ransom payments; en masse attacks can act in concert to infect personal computers in business and government. Currently, home users receive conflicting guidance for a complicated terrain, often in the form of anecdotal 'Top 10' lists, that is not appropriate for their specific needs, and in many instances, users ignore all guidance. Often, these popular ‘Top 10’ lists appear to be based solely on opinion. Ultimately, we asked ourselves the following: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? In this paper, we propose a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, we identify, analyze and prioritize security controls used by government and industry to determine which controls can substantively improve home computing security. We apply our methodology using examples to demonstrate its benefits.A use case centric survey of Blockchain: status quo and future directionshttps://peerj.com/preprints/275292019-02-112019-02-11Srinath PereraFrank LeymannPaul Fremantle
This paper presents an assessment of blockchain technology based on the Emerging Technology Analysis Canvas (ETAC) to evaluate the drivers and potential outcomes. The ETAC is a framework to critically analyze emerging technologies.
The assessment finds that blockchain can fundamentally transform the world. It is ready for specific applications in use cases such as digital currency, lightweight financial systems, ledgers, provenance, and disintermediation.
However, Blockchain faces significant technical gaps in other use cases and needs at least 5-10 years to come to full fruition in those spaces. Sustaining the current level of effort (e.g. startups, research) for this period of time may be challenging. We also find that the need and merits of decentralized infrastructures compared to centralized and semi-centralized alternatives is not always clear. Given the risk involved and significant potential returns, we recommend a cautiously optimistic approach to blockchain with the focus on concrete use cases.
The primary contributions of this paper are a use case centric categorization of the blockchain, a detailed discussion on challenges faced by those categories, and an assessment of their future.
This paper presents an assessment of blockchain technology based on the Emerging Technology Analysis Canvas (ETAC) to evaluate the drivers and potential outcomes. The ETAC is a framework to critically analyze emerging technologies.The assessment finds that blockchain can fundamentally transform the world. It is ready for specific applications in use cases such as digital currency, lightweight financial systems, ledgers, provenance, and disintermediation.However, Blockchain faces significant technical gaps in other use cases and needs at least 5-10 years to come to full fruition in those spaces. Sustaining the current level of effort (e.g. startups, research) for this period of time may be challenging. We also find that the need and merits of decentralized infrastructures compared to centralized and semi-centralized alternatives is not always clear. Given the risk involved and significant potential returns, we recommend a cautiously optimistic approach to blockchain with the focus on concrete use cases.The primary contributions of this paper are a use case centric categorization of the blockchain, a detailed discussion on challenges faced by those categories, and an assessment of their future.Anomaly analysis on an open DNS datasethttps://peerj.com/preprints/271162018-08-142018-08-14Benjamin AzizNikolaos MenychtasAmmar Al-Bazi
The increasing availability of open data and the demand to understand better the nature of anomalies and the causes underlying them in modern systems is encouraging researchers to analyse open datasets in various ways. These include both quantitative and qualitative methods. We show here how quantitative methods, such as timeline, local averages and exponentially weighted moving average analyses, led in this work to the discovery of three anomalies in a large open DNS dataset published by the Los Alamos National Laboratory.
The increasing availability of open data and the demand to understand better the nature of anomalies and the causes underlying them in modern systems is encouraging researchers to analyse open datasets in various ways. These include both quantitative and qualitative methods. We show here how quantitative methods, such as timeline, local averages and exponentially weighted moving average analyses, led in this work to the discovery of three anomalies in a large open DNS dataset published by the Los Alamos National Laboratory.A survey on approaches to the protection of personal data gathered by IoT deviceshttps://peerj.com/preprints/264732018-07-252018-07-25Henry Tranter
Security is always at the forefront of developing technologies. One can seldom go a week without hearing of a new data breach or hacking attempt from various groups around the world, often taking advantage of a simple flaw in a system’s architecture. The Internet of Things (IoT) is one of these developing technologies which may be at risk of such attacks. IoT devices are becoming more and more prevalent in everyday life. From keeping track of an individual’s health, to suggesting meals from items available in an individual’s fridge, these technologies are taking a much larger role in the personal lives of their users. With this in mind, how is security being considered in the development of these technologies? Are these devices that monitor individual’s personal lives just additional vectors for potential data theft? Throughout this survey, various approaches to the development of security systems concerning IoT devices in the home will be discussed, compared, and contrasted in the hope of providing an ideal solution to the problems this technology may produce.
Security is always at the forefront of developing technologies. One can seldom go a week without hearing of a new data breach or hacking attempt from various groups around the world, often taking advantage of a simple flaw in a system’s architecture. The Internet of Things (IoT) is one of these developing technologies which may be at risk of such attacks. IoT devices are becoming more and more prevalent in everyday life. From keeping track of an individual’s health, to suggesting meals from items available in an individual’s fridge, these technologies are taking a much larger role in the personal lives of their users. With this in mind, how is security being considered in the development of these technologies? Are these devices that monitor individual’s personal lives just additional vectors for potential data theft? Throughout this survey, various approaches to the development of security systems concerning IoT devices in the home will be discussed, compared, and contrasted in the hope of providing an ideal solution to the problems this technology may produce.A survey on authentication methods for the Internet of Thingshttps://peerj.com/preprints/264742018-07-232018-07-23Dylan Sey
This survey focuses on authentication methods for the Internet of Things (IoT). There are many different authentication methods that are used in the IT industry but not all of these can be adapted for the IoT. Lightweight and mutual authentication methods will be covered in this paper, alongside two authentication methods that are commonly used in other areas of the industry, rather than the IoT area, which are Kerberos and Group audio-based authentication. The survey will find that Mutual authentication is vital for the IoT and, due to the constraints that are apparent within the IoT devices; the lightweight option is very useful when it comes to dealing with areas like low bandwidth. As a result, there will be gaps that could be further investigated such as the advancement of the IoT technology so that more types of authentication are feasible. A conclusion to this paper is that, by combining different methods of encryption and authentication methods, there are always possibilities to make the proposed protocols more lightweight and secure.
This survey focuses on authentication methods for the Internet of Things (IoT). There are many different authentication methods that are used in the IT industry but not all of these can be adapted for the IoT. Lightweight and mutual authentication methods will be covered in this paper, alongside two authentication methods that are commonly used in other areas of the industry, rather than the IoT area, which are Kerberos and Group audio-based authentication. The survey will find that Mutual authentication is vital for the IoT and, due to the constraints that are apparent within the IoT devices; the lightweight option is very useful when it comes to dealing with areas like low bandwidth. As a result, there will be gaps that could be further investigated such as the advancement of the IoT technology so that more types of authentication are feasible. A conclusion to this paper is that, by combining different methods of encryption and authentication methods, there are always possibilities to make the proposed protocols more lightweight and secure.Defending against the advanced persistent threat: Detection of disguised executable fileshttps://peerj.com/preprints/29982018-06-152018-06-15Ibrahim GhafirMohammad HammoudehVaclav Prenosil
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.Blockchain for healthcare records: A data perspectivehttps://peerj.com/preprints/269422018-05-172018-05-17Mian ZhangYuhong Ji
A problem facing healthcare record systems throughout the world is how to share the medical data with more stakeholders for various purposes without sacrificing data privacy and integrity. Blockchain, operating in a state of consensus, is the underpinning technology that maintains the Bitcoin transaction ledger. Blockchain as a promising technology to manage the transactions has been gaining popularity in the domain of healthcare. Blockchain technology has the potential of securely, privately, and comprehensively manage patient health records. In this work, we discuss the latest status of blockchain technology and how it could solve the current issues in healthcare systems. We evaluate the blockchain technology from the multiple perspectives around healthcare data, including privacy, security, control, and storage. We review the current projects and researches of blockchain in the domain of healthcare records and provide the insight into the design and construction of next generations of blockchain-based healthcare systems.
A problem facing healthcare record systems throughout the world is how to share the medical data with more stakeholders for various purposes without sacrificing data privacy and integrity. Blockchain, operating in a state of consensus, is the underpinning technology that maintains the Bitcoin transaction ledger. Blockchain as a promising technology to manage the transactions has been gaining popularity in the domain of healthcare. Blockchain technology has the potential of securely, privately, and comprehensively manage patient health records. In this work, we discuss the latest status of blockchain technology and how it could solve the current issues in healthcare systems. We evaluate the blockchain technology from the multiple perspectives around healthcare data, including privacy, security, control, and storage. We review the current projects and researches of blockchain in the domain of healthcare records and provide the insight into the design and construction of next generations of blockchain-based healthcare systems.Internet of Things Security: A review on the RFID contactless security protocolshttps://peerj.com/preprints/265042018-02-112018-02-11Natalie Outteridge
The advancement of technology that have been produced for Internet of Things (IoT) security has grown significantly and exponentially over the years. This has caused a major impact in the world of IoT security as technological companies have to keep up with the ever-changing security protocols. The Radio Frequency Identification (RFID) technology has recently gained popularity in the world of IoT, this is due to the RFID chips involvement within credit and debit cards to allow them to become contactless. This survey will produce an in-depth discussion about the background of RFID, the relevance of RFID in today's society, related work, the advantages and disadvantages of RFID and finally a solution to the RFID contactless.
The advancement of technology that have been produced for Internet of Things (IoT) security has grown significantly and exponentially over the years. This has caused a major impact in the world of IoT security as technological companies have to keep up with the ever-changing security protocols. The Radio Frequency Identification (RFID) technology has recently gained popularity in the world of IoT, this is due to the RFID chips involvement within credit and debit cards to allow them to become contactless. This survey will produce an in-depth discussion about the background of RFID, the relevance of RFID in today's society, related work, the advantages and disadvantages of RFID and finally a solution to the RFID contactless.Mechanism for the prevention of password reuse through Anonymized Hasheshttps://peerj.com/preprints/33222017-10-052017-10-05Junade Ali
Password authentication is an essential and widespread form of user authentication on the Internet with no other authentication system matching its dominance. When a password on one website is breached, if reused, the stolen password can be used to gain access to multiple other authenticated websites. Even amongst technically educated users, the security issues surrounding password reuse are not well understood and restrictive password composition rules have been unsuccessful in reducing password reuse. In response, the US NIST have published standards outlining that, when setting passwords, authentication systems should validate that user passwords have not already been compromised or breached. We propose a mechanism to allows for clients to anonymously validate whether or not a password has been identified in a compromised database, without needing to download the entire database or send their password to a third-party service. A mechanism is proposed whereby password hash data is generalized such that it holds the k-anonymity property. An implementation is constructed to identify to what extent the data should be generalized for it to hold k-anonymity and additionally to group password hashes by their generalized anonymous value. The implementation is run on a database of over 320 million leaked passwords and the results of the anonymization process are considered.
Password authentication is an essential and widespread form of user authentication on the Internet with no other authentication system matching its dominance. When a password on one website is breached, if reused, the stolen password can be used to gain access to multiple other authenticated websites. Even amongst technically educated users, the security issues surrounding password reuse are not well understood and restrictive password composition rules have been unsuccessful in reducing password reuse. In response, the US NIST have published standards outlining that, when setting passwords, authentication systems should validate that user passwords have not already been compromised or breached. We propose a mechanism to allows for clients to anonymously validate whether or not a password has been identified in a compromised database, without needing to download the entire database or send their password to a third-party service. A mechanism is proposed whereby password hash data is generalized such that it holds the k-anonymity property. An implementation is constructed to identify to what extent the data should be generalized for it to hold k-anonymity and additionally to group password hashes by their generalized anonymous value. The implementation is run on a database of over 320 million leaked passwords and the results of the anonymization process are considered.