Search Results (105)

The landscape of phishing email threats is continually evolving nowadays, making it challenging to combat effectively with traditional methods even with carrier-grade spam filters. Traditional detection mechanisms such as blacklisting, whitelisting, signature-based, and rule-based techniques could not effectively prevent phishing, spear-phishing, and zero-day attacks, as cybercriminals are using sophisticated techniques and trusted email service providers. Consequently, many researchers have recently concentrated on leveraging machine learning (ML) and deep learning (DL) approaches to enhance phishing email detection capabilities with better accuracy. To gain insights into the development of deep learning algorithms in the current research on phishing prevention, this study conducts a systematic literature review (SLR) following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. By synthesizing the 33 selected papers using the SLR approach, this study presents a taxonomy of DL-based phishing detection methods, analyzing their effectiveness, limitations, and future research directions to address current challenges. The study reveals that the adaptability of detection models to new behaviors of phishing emails is the major improvement area. This study aims to add details about deep learning used for security to the body of knowledge, and it discusses future research in phishing detection systems. Full article

This article proposes a novel method for managing usage counters within an anonymous credential system, addressing the limitation of traditional anonymous credentials in tracking repeated use. The method takes advantage of blockchain technology through Smart Contracts deployed on the Ethereum network to enforce a predetermined maximum number of uses for a given credential. Users retain control over increments by providing zero-knowledge proofs (ZKPs) demonstrating private key possession and agreement on the increment value. This approach prevents replay attacks and ensures transparency and security. A prototype implementation on a private Ethereum blockchain demonstrates the feasibility and efficiency of the proposed method, paving the way for its potential deployment in real-world applications requiring both anonymity and usage tracking. Full article

Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables. Full article

Current authentication schemes based on zero-knowledge proof (ZKP) still face issues such as high computation costs, low efficiency, and security assurance difficulty. Therefore, we propose a secure and efficient authentication scheme (SEAS) for large-scale IoT devices based on ZKP. In the initialization phase, the trusted authority creates prerequisites for device traceability and system security. Then, we propose a new registration method to ensure device anonymity. In the identity tracing and revocation phase, we revoke the real identity of abnormal devices by decrypting and updating group public keys, avoiding their access and reducing revocation costs. In the authentication phase, we check the arithmetic relationship between blind certificates, proofs, and other random data. We propose a new anonymous batch authentication method to effectively reduce computation costs, enhance authentication efficiency, and guarantee device authentication security. Security analysis and experimental results show that an SEAS can ensure security and effectively reduce verification time and energy costs. Its security and performance exceed existing schemes. Full article

As information technology continues to evolve, cloud data centres have become increasingly prominent as the preferred infrastructure for data storage and processing. However, this shift has introduced a new array of security challenges, necessitating innovative approaches distinct from traditional network security architectures. In response, the Zero Trust Architecture (ZTA) has emerged as a promising solution, with micro-segmentation identified as a crucial component for enabling continuous auditing and stringent security controls. VxLAN technology is widely utilized in data centres for tenant isolation and virtual machine interconnection within tenant environments. Despite its prevalent use, limited research has focused on its application in micro-segmentation scenarios. To address this gap, we propose a method that leverages VLAN and VxLAN many-to-one mapping, requiring that all internal data centre traffic routes through the VxLAN gateway. This method can be implemented cost-effectively, without necessitating business modifications or causing service disruptions, thereby overcoming the challenges associated with micro-segmentation deployment. Importantly, this approach is based on standard public protocols, making it independent of specific product brands and enabling a network-centric framework that avoids software compatibility issues. To assess the effectiveness of our micro-segmentation approach, we provide a comprehensive evaluation that includes network aggregation and traffic visualization. Building on the implementation of micro-segmentation, we also introduce an enhanced asset behaviour algorithm. This algorithm constructs behavioural profiles based on the historical traffic of internal network assets, enabling the rapid identification of abnormal behaviours and facilitating timely defensive actions. Empirical results demonstrate that our algorithm is highly effective in detecting anomalous behaviour in intranet assets, making it a powerful tool for enhancing security in cloud data centres. In summary, the proposed approach offers a robust and efficient solution to the challenges of micro-segmentation in cloud data centres, contributing to the advancement of secure and reliable cloud infrastructure. Full article

In the era of cloud computing, guaranteeing the safety and effectiveness of data management is of utmost importance. This investigation presents a novel approach that amalgamates the sharding concept, encryption, zero-knowledge proofs (zkp), and blockchain technology for secure data retrieval and data access control to improve data security, efficiency in cloud storage and migration. Further, we utilize user-specific digital wallets for secure encryption keys in order to encrypt the file before storing into the cloud. As Large files (greater than 50 MB) or Big data files (greater than 1 TB) require greater computational complexity, we leverage the sharding concept to enhance both space and time complexity in cloud storage. Hence, the large files are divided into shards and stored in different database servers. We also employ a blockchain smart contract to enhance secure retrieval of the file and also a secure access method, which ensures the privacy of the user. The zk-snark protocol is utilized to ensure the safe transfer of data between different cloud services. By utilizing this approach, data privacy is preserved, as only the proof of the data’s authenticity is shared with the verifier at the destination cloud, rather than the actual data themselves. The suggested method tackles important concerns related to data protection, privacy, and efficient resource utilization in cloud computing settings by ensuring it meets all the cloud policies required to store data. Since the environment maintains the privacy of the user data and the raw data of the user is not stored anywhere, the entire environment is set up as a Zero trust model. Full article

In cloud services, the zero-trust security paradigm has emerged as a key strategy to reduce the large attack surface created by the complexity of cloud systems. Service mesh is a popular practice to realize the zero-trust architecture, which relies heavily on network access control to achieve the desired security. Building a service mesh-based solution in the cloud is not straightforward because privileged adversaries (e.g., malicious cloud insiders) can easily compromise the control plane where the access control function is implemented. In this paper, we propose S-ZAC, an access control hardening technique for service mesh-based solutions in the cloud. S-ZAC uses Intel SGX to provide a trusted execution environment for the control plane, which is responsible for enforcing access control for the service mesh. By isolating all access-control-related functions within an SGX enclave, S-ZAC ensures high resilience of the service mesh solution even in the presence of privileged adversaries. Due to the design limitations of SGX, implementing S-ZAC in the cloud for zero trust faces several challenges that can lead to serious scalability and failover issues. The first challenge is to establish secure communication channels between the S-ZAC components, even in the presence of privileged attackers. The second challenge is the limited memory capacity of the SGX enclave. Finally, the third challenge is that the inherent design of SGX does not support persistent enclave states, meaning that any state of running enclaves is volatile. We address these challenges by proposing our novel solutions. By implementing a prototype of S-ZAC, we evaluate its performance in terms of security and performance. The evaluation results validate the effectiveness of S-ZAC to enhance the security of the service mesh control plane in cloud environments. Full article

The large and interconnected nature of the Internet of Things (IoT) presents unique security challenges, even as it revolutionizes various sectors. With numerous devices, often limited in resources, traditional perimeter-based security methods struggle to keep pace. The “never trust, always verify” principle of zero trust security offers a viable solution. Zero trust security is a concept that has become increasingly popular, using key exchange techniques to ensure secure and authenticated communication within the network, especially in managing risks in critical infrastructure. Authentication is a process to identify an entity, a prerequisite for authorization, and essential for granting access control. It fundamentally relies on trust management and various methods to generate and manage cryptographic keys for authentication. The aim of this study is to enhance zero trust security in the context of the Internet of Things by investigating authentication methods and discussing several potential solutions for successful implementation. This study also presents the performance evaluation criteria for authentication in IoT and introduces advanced approaches for different scenarios, including lightweight cryptography, mutual authentication, and blockchain technology. Finally, we address challenges related to implementation and future directions for research. Full article

Net-zero energy building (NZEB), an initiative to address energy conservation and emission reduction, has received widespread attention worldwide. This study aims to systematically explore recent challenges in NZEB retrofit research through a mixed-method approach and provide recommendations and future directions. A review of 106 documents (2020–2024) retrieved from the Web of Science and Scopus databases found that the globalization of NZEB retrofit research is unstoppable. Assessment methods are diverse, ranging from modeling energy efficiency (using different software such as DesignBuilder 7.0, PVsyst 7.4, EnergyPlus 24.1.0, etc.) to multi-attribute decision-making methods (e.g., DEMATEL-AHP/ANP-VIKOR) and comparative analysis. Current assessment metrics are dominated by economic benefits (e.g., net present value, dynamic payback period, and total operating cost) and energy consumption (e.g., electricity consumption and generation), with less consideration of environmental impacts (e.g., carbon reduction), as well as comfort (e.g., thermal comfort and indoor comfort). The study found that current challenges mainly include “Low economic feasibility of retrofitting”, “Building retrofit energy code irrationality”, and “Insufficient understanding, communication, and trust between stakeholders”. To overcome these challenges, the study also proposes a framework of strategies to address them, including (1) maximizing natural space, (2) introducing a tenant equity system, (3) upgrading waste management, (4) strengthening energy monitoring, (5) establishing complete life cycle mechanisms, (6) providing systemic solutions; (7) promoting the use of low-carbon building materials, and (8) increasing policy support. Full article

Managing access between large numbers of distributed medical devices has become a crucial aspect of modern healthcare systems, enabling the establishment of smart hospitals and telehealth infrastructure. However, as telehealth technology continues to evolve and Internet of Things (IoT) devices become more widely used, they are also increasingly exposed to various types of vulnerabilities and medical errors. In healthcare information systems, about 90% of vulnerabilities emerge from medical error and human error. As a result, there is a need for additional research and development of security tools to prevent such attacks. This article proposes a zero-trust-based context-aware framework for managing access to the main components of the cloud ecosystem, including users, devices, and output data. The main goal and benefit of the proposed framework is to build a scoring system to prevent or alleviate medical errors while using distributed medical devices in cloud-based healthcare information systems. The framework has two main scoring criteria to maintain the chain of trust. First, it proposes a critical trust score based on cloud-native microservices for authentication, encryption, logging, and authorizations. Second, a bond trust scoring system is created to assess the real-time semantic and syntactic analysis of attributes stored in a healthcare information system. The analysis is based on a pre-trained machine learning model that generates the semantic and syntactic scores. The framework also takes into account regulatory compliance and user consent in the creation of the scoring system. The advantage of this method is that it applies to any language and adapts to all attributes, as it relies on a language model, not just a set of predefined and limited attributes. The results show a high $F1$ score of 93.5%, which proves that it is valid for detecting medical errors. Full article

In the current context of rapid Internet of Things (IoT) and cloud computing technology development, the Single Packet Authorization (SPA) protocol faces increasing challenges, such as security threats from Distributed Denial of Service (DDoS) attacks. To address these issues, we propose the Advanced Network-Hiding Access Control (AHAC) framework, designed to enhance security by reducing network environment exposure and providing secure access methods. AHAC introduces an independent control surface as the access proxy service and combines it with a noise generation mechanism for encrypted access schemes, replacing the traditional RSA signature method used in SPA protocols. This framework significantly improves system security, reduces computational costs, and enhances key verification efficiency. The AHAC framework addresses several limitations inherent in SPA: users need to know the IP address of resources in advance, exposing the resource address to potential attacks; SPA’s one-way authentication mechanism is insufficient for multi-level authentication in dynamic environments; deploying the knocking module and protected resources on the same host can lead to resource exhaustion and service unavailability under heavy loads; and SPA often uses high-overhead encryption algorithms like RSA2048. To counter these limitations, AHAC separates the Port Knocking module from the access control module, supports mutual authentication, and implements an extensible two-way communication mechanism. It also employs ECC and ECDH algorithms, enhancing security while reducing computational costs. We conducted extensive experiments to validate AHAC’s performance, high availability, extensibility, and compatibility. The experiments compared AHAC with traditional SPA in terms of time cost and performance. Full article

The Trusted Execution Environment (TEE) is designed to establish a safe environment that prevents the execution of unauthenticated programs. The nature of TEE is a continuous verification process with hashing, signing, and verifying. Such a process is called the Chain-of-Trust, derived from the Root-of-Trust (RoT). Typically, the RoT is pre-programmed, hard-coded, or embedded in hardware, which is locally produced and checked before booting. The TEE employs various cryptographic processes throughout the boot process to verify the authenticity of the bootloader. It also validates other sensitive data and applications, such as software connected to the operating system. TEE is a self-contained environment and should not serve as the RoT or handle secure boot operations. Therefore, the issue of implementing hardware for RoT has become a challenge that requires further investigation and advancement. The main objective of this proposal is to introduce a secured RISC-V-based System-on-Chip (SoC) architecture capable of securely booting a TEE using a versatile boot program while maintaining complete isolation from the TEE processors. The suggested design has many cryptographic accelerators essential for the secure boot procedure. Furthermore, a separate 32-bit MicroController Unit (MCU) is concealed from the TEE side. This MCU manages sensitive information, such as the root key, and critical operations like the Zero Stage BootLoader (ZSBL) and key generation program. Once the RoT is integrated into the isolated sub-system, it becomes completely unavailable from the TEE side, even after booting, using any method. Besides providing a secured boot flow, the system is integrated with essential crypto-cores supporting Transport Layer Security (TLS) 1.3. The chip is finally fabricated using the Complementary Metal–Oxide–Semiconductor (CMOS) 180 nm process. Full article

For the secure deployment of network platforms tailored for IoT devices, the encryption of data transmission is equally as crucial as the process of authentication. In this context, we introduce the Secure and Scalable IoT network (SSI) network platform, designed to accommodate a diverse range of IoT devices. It provides scalability and implements effective many-to-many and end-to-end encryption across extensive regions. With the emergence of quantum computing, secure public key exchange mechanisms have become important. Among the various post-quantum cryptography (PQC) algorithms assessed, Nth Degree Truncated Polynomial Ring Units (NTRUs) have emerged as an optimally suited PQC algorithm for IoT devices constrained by limited computational capabilities. We have integrated NTRUs with SSI as a lightweight PQC solution. Moreover, SSI-PQM (Post-Quantum MACsec) enhances the SSI’s initial authentication structure to minimize PQC-TLS session attempts and protect the SSI’s important configuration information. When applying TLS with PQC for secret key exchange purposes, it was verified that this approach ensures stable performance in IoT environments. Upon the implementation of our proposed SSI-PQM on Raspberry Pi 3B+ based IoT devices, SSI-PQM exhibited acceptable performance at security levels from 80 to 128 and achieved a minimum speed improvement of 161% over RSA at security levels above 160. It can be concluded that SSI-PQM stands out as an effective Zero Trust-based IoT network platform, demonstrating its viability and efficiency in safeguarding data transmission against potential quantum computing threats. Full article

Modern supply chain systems face significant challenges, including lack of transparency, inefficient inventory management, and vulnerability to disruptions and security threats. Traditional optimization methods often struggle to adapt to the complex and dynamic nature of these systems. This paper presents a novel blockchain-based zero-trust supply chain security framework integrated with deep reinforcement learning (SAC-rainbow) to address these challenges. The SAC-rainbow framework leverages the Soft Actor–Critic (SAC) algorithm with prioritized experience replay for inventory optimization and a blockchain-based zero-trust mechanism for secure supply chain management. The SAC-rainbow algorithm learns adaptive policies under demand uncertainty, while the blockchain architecture ensures secure, transparent, and traceable record-keeping and automated execution of supply chain transactions. An experiment using real-world supply chain data demonstrated the superior performance of the proposed framework in terms of reward maximization, inventory stability, and security metrics. The SAC-rainbow framework offers a promising solution for addressing the challenges of modern supply chains by leveraging blockchain, deep reinforcement learning, and zero-trust security principles. This research paves the way for developing secure, transparent, and efficient supply chain management systems in the face of growing complexity and security risks. Full article

The green transition in the sustainable production and processing of polymers poses multifaceted challenges that demand integral comprehensive solutions. Specific problems of presences of toxic trace elements are often missed and this prevents shifting towards eco-friendly alternatives. Therefore, substantial research and the development of novel approaches is needed to discover and implement innovative, sustainable production materials and methods. This paper is focused on the most vital problems of the green transition from the aspect of establishing universally accepted criteria for the characterization and classification of eco-friendly polymers, which is essential to ensuring transparency and trust among consumers. Additionally, the recycling infrastructure needs substantial improvement to manage the end-of-life stage of polymer products effectively. Moreover, the lack of standardized regulations and certifications for sustainable polymers adds to the complexity of this problem. In this paper we propose solutions from the aspect of standardization protocols for the characterization of polymers foreseen as materials that should be used in Zero Energy Innovations in Hydrogen Storage. The role model standards originate from eco-labeling procedures for materials that come into direct or prolonged contact with human skin, and that are monitored by different methods and testing procedures. In conclusion, the challenges of transitioning to green practices in polymer production and processing demands a concerted effort from experts in the field which need to emphasize the problems of the analysis of toxic ultra trace and trace impurities in samples that will be used in hydrogen storage, as trace impurities may cause terrific obstacles due to their decreasing the safety of materials. Overcoming these obstacles requires the development and application of current state-of-the-art methodologies for monitoring the quality of polymers during their recycling, processing, and using, as well as the development of other technological innovations, financial initiatives, and a collective commitment to fostering a sustainable and environmentally responsible future for the polymer industry and innovations in the field of zero energy applications. Full article