Security and Privacy in Information and Communication Systems

A special issue of Future Internet (ISSN 1999-5903).

Deadline for manuscript submissions: closed (30 October 2019) | Viewed by 66441

Special Issue Editors

School of IT, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia
Interests: cybercrime and cyber security; network security; data science; digital forensics; machine learning and data mining; mobile computing; cloud computing; IoT security
Special Issues, Collections and Topics in MDPI journals
School of Information Technology and Engineering, Melbourne Institute of Technology, 288 Latrobe Street, Melbourne, VIC 3000, Australia
Interests: remote sensing; sensors, smart environments; deep learning; IoT; radar (lidar); wireless power transer
Special Issues, Collections and Topics in MDPI journals
School of Architecture Computing and Engineering, University of East London, London E16 2RD, UK
Interests: cyber criminal network analysis using data-mining techniques; cybercrime prevention and detection; profiling cybercrime victims; digital forensics and stegnography techniques

Special Issue Information

Dear Colleagues,

Our increasing interconnectivity with the Internet relies on the security of the ICT infrastructures. These infrastructures are a rich source of data (both financial and confidential) and can be subject to criminal exploitation and abuse. Recent security breaches show that security and privacy protection remain ongoing research topics. It is not an exaggeration to overstate the importance of security, privacy, and risk management to individuals, organizations, and governments. However, it is clear that many challenges, with the new technology advancement, remain unaddressed, such as IoT, Cloud Computing, CPS, Edge/Fog, Mobile Computing, Blockchain. Also important, in the context of privacy and security, is the interface between humans and technology.

This Special Issue encourages the submission of manuscripts that present research frameworks, methods, methodologies, theory developments and validations, case studies, simulation results and analyses, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy-preserving initiatives.

This Special Issue focuses on the practical aspects of security and privacy in ICT and aims to capture the latest advances in this research field. The scope of this Special Issue encompasses the security, privacy, and digital forensics of mobile systems, Big Data, IoT, CPS, mobile networks, and mobile cloud. Original and unpublished contributions on novel attacks, defences, and security applications in computing are solicited.

Topics of interest include (but are not limited to) the following subject categories:

  • Security and Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
  • Communication Privacy and Anonymity
  • Secure architectures for converged communication network
  • 5G technologies, applications, and services for the Internet of Things
  • Access and Usage Control
  • Risk and Reputation Management
  • Security and Privacy in Cloud and Pervasive Computing
  • Authentication, Privacy, and Security Models
  • Security Architecture and Design Analysis
  • Security Awareness and Education
  • Security Frameworks, Architectures, and Protocols
  • Security Testing
  • Software Security Assurance
  • Threat Awareness
  • Vulnerability Analysis and Countermeasures
  • Information Hiding and Anonymity
  • Web Applications and Services
  • Biometric Technologies and Applications
  • Content Protection and Digital Rights Management
  • Cryptographic Algorithms
  • Data and Software Security
  • Data Mining and Knowledge Discovery
  • Database Security
  • Identity and Trust Management
  • Trusted Computing
  • Intrusion Detection and Response
  • Legal and Regulatory Issues
  • Malware Detection
  • Mobile Systems Security
  • Privacy Metrics and Control
  • Privacy, Security, and Trust in Social Media

Dr. Ammar Alazab
Dr. Johnson Agbinya
Dr. Mamoun Alazab
Dr. Ameer Al-Nemrat
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security
  • privacy
  • digital forensics of mobile systems
  • Big Data
  • IoT
  • CPS
  • mobile networks
  • mobile cloud

Published Papers (10 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

16 pages, 3751 KiB  
Article
Integration of LTE 230 and LTE 1800 in Power Wireless Private Networks
by Zhengyang Ding, Weiwei Miao, Mingxuan Zhang, Wei Li, Rui Liu, Jun Zou and Chen Xu
Future Internet 2019, 11(11), 221; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11110221 - 23 Oct 2019
Cited by 2 | Viewed by 3191
Abstract
Power wireless private networks (PWPNs) have been highly developed in China in recent years. They provide a basis for the energy Internet of Things, which enables the exchange of energy information between devices. Although the power wireless private network is an imitation of [...] Read more.
Power wireless private networks (PWPNs) have been highly developed in China in recent years. They provide a basis for the energy Internet of Things, which enables the exchange of energy information between devices. Although the power wireless private network is an imitation of the public cellular network, a number of special challenges remain in power private networks. Due to the lack of general standards for PWPNs at the beginning of deployment, there are now two independent PWPN systems in China: long-term evolution (LTE) 230 and LTE 1800. Each has its own core and access networks with independent hardware. In this paper, we propose a high-level design of multinetwork integration to allow LTE 230 and LTE 1800 to coexist. For core network integration, we propose a protocol controller to select the active protocol according to the user’s mode selection, since both LTE 230 and LTE 1800 evolved from the standard LTE system. For access network integration, we propose a multinetwork integration controller to help the device access the optimal cell. The simulation results show that the integrated system can retain the advantages of these two independent systems in terms of both capacity and coverage. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

18 pages, 3141 KiB  
Article
Research on SWIM Services Dynamic Migration Method
by Zhijun Wu, Shengyan Zhou, Liang Liu and Jin Lei
Future Internet 2019, 11(9), 187; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11090187 - 27 Aug 2019
Cited by 1 | Viewed by 3243
Abstract
Air traffic management (ATM) plays an important role in maintaining and promoting air traffic safety, maintaining air traffic order and ensuring smooth air traffic. As the core of air traffic management, it is essential to ensure the safe and stable operation of system-wide [...] Read more.
Air traffic management (ATM) plays an important role in maintaining and promoting air traffic safety, maintaining air traffic order and ensuring smooth air traffic. As the core of air traffic management, it is essential to ensure the safe and stable operation of system-wide information management (SWIM). Facing the complex and ever-changing network environment, a SWIM services dynamic migration method is proposed in this paper. This method combines SWIM core services to select destination nodes and migrate services. The experiment proves that the method can hide the service node while ensuring service continuity and increase the difficulty of malicious detection. By comparing with others, this method is more suitable for SWIM in terms of invulnerability. The throughput and delay performance of the method can meet the needs of SWIM. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

15 pages, 3007 KiB  
Article
Improving Forensic Triage Efficiency through Cyber Threat Intelligence
by Nikolaos Serketzis, Vasilios Katos, Christos Ilioudis, Dimitrios Baltatzis and Georgios Pangalos
Future Internet 2019, 11(7), 162; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11070162 - 23 Jul 2019
Cited by 15 | Viewed by 6742
Abstract
The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident [...] Read more.
The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

16 pages, 1362 KiB  
Article
Data Anonymization for Hiding Personal Tendency in Set-Valued Database Publication
by Dedi Gunawan and Masahiro Mambo
Future Internet 2019, 11(6), 138; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11060138 - 20 Jun 2019
Cited by 3 | Viewed by 3170
Abstract
Set-valued database publication has been increasing its importance recently due to its benefit for various applications such as marketing analysis and advertising. However, publishing a raw set-valued database may cause individual privacy breach such as the leakage of sensitive information like personal tendencies [...] Read more.
Set-valued database publication has been increasing its importance recently due to its benefit for various applications such as marketing analysis and advertising. However, publishing a raw set-valued database may cause individual privacy breach such as the leakage of sensitive information like personal tendencies when data recipients perform data analysis. Even though imposing data anonymization methods such as suppression-based methods and random data swapping methods to such a database can successfully hide personal tendency, it induces item loss from records and causes significant distortion in record structure that degrades database utility. To avoid the problems, we proposed a method based on swapping technique where an individual’s items in a record are swapped to items of the other record. Our swapping technique is distinct from existing one called random data swapping which yields much structure distortion. Even though the technique results in inaccuracy at a record level, it can preserve every single item in a database from loss. Thus, data recipients may obtain all the item information in an anonymized database. In addition, by carefully selecting a pair of records for item swapping, we can avoid excessive record structure distortion that leads to alter database content immensely. More importantly, such a strategy allows one to successfully hide personal tendency without sacrificing a lot of database utility. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

25 pages, 6074 KiB  
Article
Identity-as-a-Service: An Adaptive Security Infrastructure and Privacy-Preserving User Identity for the Cloud Environment
by Tri Hoang Vo, Woldemar Fuhrmann, Klaus-Peter Fischer-Hellmann and Steven Furnell
Future Internet 2019, 11(5), 116; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11050116 - 15 May 2019
Cited by 7 | Viewed by 6010
Abstract
In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other [...] Read more.
In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party. In this paper, we present Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two requirements: Firstly, IDaaS adapts trust between cloud services on demand. We move the trust relationship and identity propagation out of the application implementation and model them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt a platform-specific security infrastructure for the given business scenario at runtime. Secondly, we protect the confidentiality of PII in federated security domains. We propose our Purpose-based Encryption to protect the disclosure of PII from intermediary entities in a business transaction and from untrusted hosts. Our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

18 pages, 2676 KiB  
Article
Ant Colony Optimization Task Scheduling Algorithm for SWIM Based on Load Balancing
by Gang Li and Zhijun Wu
Future Internet 2019, 11(4), 90; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11040090 - 02 Apr 2019
Cited by 40 | Viewed by 5983
Abstract
This paper focuses on the load imbalance problem in System Wide Information Management (SWIM) task scheduling. In order to meet the quality requirements of users for task completion, we studied large-scale network information system task scheduling methods. Combined with the traditional ant colony [...] Read more.
This paper focuses on the load imbalance problem in System Wide Information Management (SWIM) task scheduling. In order to meet the quality requirements of users for task completion, we studied large-scale network information system task scheduling methods. Combined with the traditional ant colony optimization (ACO) algorithm, using the hardware performance quality index and load standard deviation function of SWIM resource nodes to update the pheromone, a SWIM ant colony task scheduling algorithm based on load balancing (ACTS-LB) is presented in this paper. The experimental simulation results show that the ACTS-LB algorithm performance is better than the traditional min-min algorithm, ACO algorithm and particle swarm optimization (PSO) algorithm. It not only reduces the task execution time and improves the utilization of system resources, but also can maintain SWIM in a more load balanced state. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

13 pages, 8355 KiB  
Article
Nonlinear Analysis of Built-in Sensor in Smart Device under the Condition of Voice Actuating
by Ning Zhao, Yuhe Liu and Junjie Shen
Future Internet 2019, 11(3), 81; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11030081 - 26 Mar 2019
Cited by 1 | Viewed by 3088
Abstract
A built-in sensor in a smart device, such as the accelerometer and the gyroscope, will produce an obvious nonlinear output when it receives voice signal. In this paper, based on the chaotic theory, the nonlinearity of smartphone built-in accelerometer is revealed by phase [...] Read more.
A built-in sensor in a smart device, such as the accelerometer and the gyroscope, will produce an obvious nonlinear output when it receives voice signal. In this paper, based on the chaotic theory, the nonlinearity of smartphone built-in accelerometer is revealed by phase space reconstructing after we calculate several nonlinearity characteristics, such as best delay time, embedding dimension, and the attractor of accelerometer system, under the condition of voice commands inputting. The results of theoretical calculation and experiments show that this specific nonlinearity could lay a foundation for further signal extraction and analysis. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

14 pages, 1650 KiB  
Article
eHealth Integrity Model Based on Permissioned Blockchain
by Tomasz Hyla and Jerzy Pejaś
Future Internet 2019, 11(3), 76; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11030076 - 24 Mar 2019
Cited by 27 | Viewed by 5692
Abstract
(1) Background: Large eHealth systems should have a mechanism to detect unauthorized changes in patients’ medical documentation, access permissions, and logs. This is due to the fact that modern eHealth systems are connected with many healthcare providers and sites. (2) Methods: Design-science methodology [...] Read more.
(1) Background: Large eHealth systems should have a mechanism to detect unauthorized changes in patients’ medical documentation, access permissions, and logs. This is due to the fact that modern eHealth systems are connected with many healthcare providers and sites. (2) Methods: Design-science methodology was used to create an integrity-protection service model based on blockchain technology. Based on the problem of transactional transparency, requirements were specified and a model was designed. After that, the model’s security and performance were evaluated. (3) Results: a blockchain-based eHealth integrity model for ensuring information integrity in eHealth systems that uses a permissioned blockchain with off-chain information storage was created. In contrast to existing solutions, the proposed model allows information removal, which in many countries’ eHealth systems is a legal requirement, and is based on a blockchain using the Practical Byzantine Fault Tolerant algorithm. (4) Conclusion: A blockchain can be used to store medical data or only security-related data. In the proposed model, a blockchain is mainly used to implement a data-integrity service. This service can be implemented using other mechanisms, but a blockchain provides a solution that does not require trusted third parties, works in a distributed eHealth environment, and supports document removal. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

20 pages, 9241 KiB  
Article
Smart System for Prediction of Accurate Surface Electromyography Signals Using an Artificial Neural Network
by Osama Dorgham, Ibrahim Al-Mherat, Jawdat Al-Shaer, Sulieman Bani-Ahmad and Stephen Laycock
Future Internet 2019, 11(1), 25; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11010025 - 21 Jan 2019
Cited by 8 | Viewed by 4634
Abstract
Bioelectric signals are used to measure electrical potential, but there are different types of signals. The electromyography (EMG) is a type of bioelectric signal used to monitor and recode the electrical activity of the muscles. The current work aims to model and reproduce [...] Read more.
Bioelectric signals are used to measure electrical potential, but there are different types of signals. The electromyography (EMG) is a type of bioelectric signal used to monitor and recode the electrical activity of the muscles. The current work aims to model and reproduce surface EMG (SEMG) signals using an artificial neural network. Such research can aid studies into life enhancement for those suffering from damage or disease affecting their nervous system. The SEMG signal is collected from the surface above the bicep muscle through dynamic (concentric and eccentric) contraction with various loads. In this paper, we use time domain features to analyze the relationship between the amplitude of SEMG signals and the load. We extract some features (e.g., mean absolute value, root mean square, variance and standard deviation) from the collected SEMG signals to estimate the bicep’ muscle force for the various loads. Further, we use the R-squared value to depict the correlation between the SEMG amplitude and the muscle loads by linear fitting. The best performance the ANN model with 60 hidden neurons for three loads used (3 kg, 5 kg and 7 kg) has given a mean square error of 1.145, 1.3659 and 1.4238, respectively. The R-squared observed are 0.9993, 0.99999 and 0.99999 for predicting (reproduction step) of smooth SEMG signals. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

Review

Jump to: Research

16 pages, 551 KiB  
Review
Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues
by Hussain Aldawood and Geoffrey Skinner
Future Internet 2019, 11(3), 73; https://0-doi-org.brum.beds.ac.uk/10.3390/fi11030073 - 18 Mar 2019
Cited by 84 | Viewed by 23373
Abstract
The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very [...] Read more.
The idea and perception of good cyber security protection remains at the forefront of many organizations’ information and communication technology strategy and investment. However, delving deeper into the details of its implementation reveals that organizations’ human capital cyber security knowledge bases are very low. In particular, the lack of social engineering awareness is a concern in the context of human cyber security risks. This study highlights pitfalls and ongoing issues that organizations encounter in the process of developing the human knowledge to protect from social engineering attacks. A detailed literature review is provided to support these arguments with analysis of contemporary approaches. The findings show that despite state-of-the-art cyber security preparations and trained personnel, hackers are still successful in their malicious acts of stealing sensitive information that is crucial to organizations. The factors influencing users’ proficiency in threat detection and mitigation have been identified as business environmental, social, political, constitutional, organizational, economical, and personal. Challenges with respect to both traditional and modern tools have been analyzed to suggest the need for profiling at-risk employees (including new hires) and developing training programs at each level of the hierarchy to ensure that the hackers do not succeed. Full article
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
Show Figures

Figure 1

Back to TopTop