Next Issue
Volume 1, December
Previous Issue
Volume 1, June
 
 

J. Cybersecur. Priv., Volume 1, Issue 3 (September 2021) – 6 articles

  • Issues are regarded as officially published after their release is announced to the table of contents alert mailing list.
  • You may sign up for e-mail alerts to receive table of contents of newly released issues.
  • PDF is the official format for papers published in both, html and pdf forms. To view the papers in pdf format, click on the "PDF Full-text" link, and use the free Adobe Reader to open them.
Order results
Result details
Section
Select all
Export citation of selected articles as:
21 pages, 538 KiB  
Review
Augmented Reality and the Digital Twin: State-of-the-Art and Perspectives for Cybersecurity
by Fabian Böhm, Marietheres Dietz, Tobias Preindl and Günther Pernul
J. Cybersecur. Priv. 2021, 1(3), 519-538; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030026 - 09 Sep 2021
Cited by 9 | Viewed by 10447
Abstract
The rapid advancements of technology related to the Internet of Things and Cyber-Physical Systems mark an ongoing industrial revolution. Digital Twins and Augmented Reality play a significant role in this technological advancement. They are highly complementary concepts enabling the representation of physical assets [...] Read more.
The rapid advancements of technology related to the Internet of Things and Cyber-Physical Systems mark an ongoing industrial revolution. Digital Twins and Augmented Reality play a significant role in this technological advancement. They are highly complementary concepts enabling the representation of physical assets in the digital space (Digital Twin) and the augmentation of physical space with digital information (Augmented Reality). Throughout the last few years, research has picked up on this and explored the possibilities of combining DT and AR. However, cybersecurity scholars have not yet paid much attention to this combined-arms approach, despite its potential. Especially, concerning contemporary security challenges, such as developing cyber situational awareness and including human factors into cybersecurity, AR and DT, offer tremendous potential for improvement. In this work, we systematize existing knowledge on AR-powered DTs and shed light on why and how cybersecurity could benefit from this combination. Full article
(This article belongs to the Special Issue Cyber Situational Awareness Techniques and Human Factors)
Show Figures

Figure 1

23 pages, 743 KiB  
Article
Tor Hidden Services: A Systematic Literature Review
by Diana L. Huete Trujillo and Antonio Ruiz-Martínez
J. Cybersecur. Priv. 2021, 1(3), 496-518; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030025 - 08 Sep 2021
Cited by 7 | Viewed by 11700
Abstract
Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s [...] Read more.
Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated. Full article
(This article belongs to the Section Security Engineering & Applications)
Show Figures

Figure 1

26 pages, 1175 KiB  
Review
Biometric Systems De-Identification: Current Advancements and Future Directions
by Md Shopon, Sanjida Nasreen Tumpa, Yajurv Bhatia, K. N. Pavan Kumar and Marina L. Gavrilova
J. Cybersecur. Priv. 2021, 1(3), 470-495; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030024 - 31 Aug 2021
Cited by 13 | Viewed by 7475
Abstract
Biometric de-identification is an emerging topic of research within the information security domain that integrates privacy considerations with biometric system development. A comprehensive overview of research in the context of authentication applications spanning physiological, behavioral, and social-behavioral biometric systems and their privacy considerations [...] Read more.
Biometric de-identification is an emerging topic of research within the information security domain that integrates privacy considerations with biometric system development. A comprehensive overview of research in the context of authentication applications spanning physiological, behavioral, and social-behavioral biometric systems and their privacy considerations is discussed. Three categories of biometric de-identification are introduced, namely complete de-identification, auxiliary biometric preserving de-identification, and traditional biometric preserving de-identification. An overview of biometric de-identification in emerging domains such as sensor-based biometrics, social behavioral biometrics, psychological user profile identification, and aesthetic-based biometrics is presented. The article concludes with open questions and provides a rich avenue for subsequent explorations of biometric de-identification in the context of information privacy. Full article
(This article belongs to the Section Privacy)
Show Figures

Figure 1

17 pages, 1852 KiB  
Article
RSSI-Based MAC-Layer Spoofing Detection: Deep Learning Approach
by Pooria Madani and Natalija Vlajic
J. Cybersecur. Priv. 2021, 1(3), 453-469; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030023 - 12 Aug 2021
Cited by 4 | Viewed by 5103
Abstract
In some wireless networks Received Signal Strength Indicator (RSSI) based device profiling may be the only viable approach to combating MAC-layer spoofing attacks, while in others it can be used as a valuable complement to the existing defenses. Unfortunately, the previous research works [...] Read more.
In some wireless networks Received Signal Strength Indicator (RSSI) based device profiling may be the only viable approach to combating MAC-layer spoofing attacks, while in others it can be used as a valuable complement to the existing defenses. Unfortunately, the previous research works on the use of RSSI-based profiling as a means of detecting MAC-layer spoofing attacks are largely theoretical and thus fall short of providing insights and result that could be applied in the real world. Our work aims to fill this gap and examine the use of RSSI-based device profiling in dynamic real-world environments/networks with moving objects. The main contributions of our work and this paper are two-fold. First, we demonstrate that in dynamic real-world networks with moving objects, RSSI readings corresponding to one fixed transmitting node are neither stationary nor i.i.d., as generally has been assumed in the previous literature. This implies that in such networks, building an RSSI-based profile of a wireless device using a single statistical/ML model is likely to yield inaccurate results and, consequently, suboptimal detection performance against adversaries. Second, we propose a novel approach to MAC-layer spoofing detection based on RSSI profiling using multi-model Long Short-Term Memory (LSTM) autoencoder—a form of deep recurrent neural network. Through real-world experimentation we prove the performance superiority of this approach over some other solutions previously proposed in the literature. Furthermore, we demonstrate that a real-world defense system using our approach has a built-in ability to self-adjust (i.e., to deal with unpredictable changes in the environment) in an automated and adaptive manner. Full article
(This article belongs to the Collection Machine Learning and Data Analytics for Cyber Security)
Show Figures

Figure 1

31 pages, 8479 KiB  
Article
A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context
by Romain Laborde, Sravani Teja Bulusu, Ahmad Samer Wazan, Arnaud Oglaza and Abdelmalek Benzekri
J. Cybersecur. Priv. 2021, 1(3), 422-452; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030022 - 13 Jul 2021
Cited by 6 | Viewed by 5525
Abstract
An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open [...] Read more.
An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods. Full article
(This article belongs to the Special Issue Cyber-Physical Security for Critical Infrastructures)
Show Figures

Figure 1

35 pages, 5600 KiB  
Article
An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
by George Karantzas and Constantinos Patsakis
J. Cybersecur. Priv. 2021, 1(3), 387-421; https://0-doi-org.brum.beds.ac.uk/10.3390/jcp1030021 - 09 Jul 2021
Cited by 16 | Viewed by 72833
Abstract
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing [...] Read more.
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack. Full article
Show Figures

Figure 1

Previous Issue
Next Issue
Back to TopTop