Supersingular Isogeny Diffie–Hellman (SIDH) key exchange
Import from medium.com
December 30, 2019
When Bob and Alice Went For A New Year Walk (But not together!)Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Fake Digital?
Import from medium.com
December 28, 2019
Sometime soon, we need to admit that we have created a digital world that cannot really be trusted. In fact, most of our cybersecurity…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Blockchain, Cybersecurity
The Fractional Cipher
Import from medium.com
December 27, 2019
Morse code has a bit of a problem, as we need to insert a small pause between the letters, and between the words. In its standard form it…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
My Top 10 Things To Learn in 2020
Import from medium.com
December 27, 2019
Okay. I’m an academic, so I love learning new things, but it should be part of your world too. A healthy and active mind is one of the…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Filling-in The Details of Vitalic’s Excellent zk-SNARKs Article For QAP Processing
Import from medium.com
December 26, 2019
The demo for R1CS and QAP is given here.Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Processing Fit for 2020, and Not the 1980s
Import from medium.com
December 24, 2019
Out With The Old, and In With The New: Building A New Computational Engine for our Digital World - zk-SNARKs, and R1CSContinue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Goodbye To A Wonderful 2019
Import from medium.com
December 22, 2019
We have had a wonderful 2019, and he’s some of my memories:Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
“Go” And Do Security Access Control Properly
Import from medium.com
December 22, 2019
One of our major problems in security is that we have build systems which use role-based security, and it is flawed. Increasingly we need…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
How Does Oscar Investigate Mallory — With Peggy Finding Out He Is A Suspect?
Import from medium.com
December 21, 2019
The other day I was asked by a media correspondent, “What got you into things like cryptography and blockchain?”, and I explained that it…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
The MIRACL of IBE Signatures
Import from medium.com
December 08, 2019
As I look back over the year, I think my main “finds” have been the Go language and the MIRACL pairing library. Using these things, I have…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
RSA and Discrete Logs Crumble A Bit More!
Import from medium.com
December 07, 2019
A while back a number of RSA challenges were created, such as for RSA-240 (and which has 240 decimal digits — 795 bits) [here]:Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
“Machine Learning is Mainly Not Data Science!”
Import from medium.com
December 07, 2019
Are we creating an amazing new world of AI, or a rats-nest of problems?Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
WhatsApp From FACEBOOK!
Import from medium.com
December 07, 2019
Yesterday, I ran WhatsApp on my phone, and this appeared:Continue reading on Medium »
See publication
Tags: Privacy, Cybersecurity
CL MIRACL Magic!
Import from medium.com
December 06, 2019
One of the most privileged things in academia is being able to collaborate with some amazing researcher, and who are so helpful and open…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
How Do I Send You a Christmas Present, And Know You Won’t Open It Until Christmas Day?
Import from medium.com
December 03, 2019
How can we properly secure things? Well, we sure make the effort so large to crack them, that no-one could afford the effort to break it…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Where Would You Find Elf in Cybersecurity?
Import from medium.com
December 03, 2019
Well, we’ve all heard of the magic of Christmas, but let’s look at another magic thing … the magic of digital forensics. For this we have…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Ho, Ho, Ho … the Geekiest Christmas Cipher Quiz Ever!
Import from medium.com
December 03, 2019
Well, just in case you get bored over the Christmas break, here is my Christmas Cipher Test.Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
IoT forensics: Amazon echo as a use case
IEEE
December 01, 2019
Internet of Things (IoT) are increasingly common in our society, and can be found in civilian settings as well as sensitive applications, such as battlefields and national security. Given the potential of these devices to be targeted by attackers, they are a valuable source in digital forensic investigations. In addition, incriminating evidence may be stored on an IoT device (e.g., Amazon Echo in a home environment and Fitbit worn by the victim or an accused person). In comparison to IoT security and privacy literature, IoT forensics is relatively under-studied. IoT forensics is also challenging in practice, particularly due to the complexity, diversity, and heterogeneity of IoT devices and ecosystems. In this paper, we present an IoT-based forensic model that supports the identification, acquisition, analysis, and presentation of potential artifacts of forensic interest from IoT devices and the underpinning infrastructure. Specifically, we use the popular Amazon Echo as a use case to demonstrate how our proposed model can be used to guide forensics analysis of IoT devices.
See publication
Tags: Cybersecurity, IoT, Ecosystems
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier
IEEE
December 01, 2019
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario - the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their …
See publication
Tags: Cloud, Cybersecurity, Privacy
A Novel Trust Evaluation Process for Secure Localization Using a Decentralized Blockchain in Wireless Sensor Networks
IEEE
December 01, 2019
n this research paper, blockchain-based trust management model is proposed to enhance trust relationship among beacon nodes and to eradicate malicious nodes in Wireless Sensor Networks (WSNs). This composite trust evaluation involves behavioral-based trust as well as data-based trust. Various metrics such as closeness, honesty, intimacy and frequency of interaction are taken into account to compute behavioral-based trust of beacon nodes. Further, the composite (behavior and data) trust value of each beacon nodes is broadcast to Base Stations (BS) to generate a blockchain of trust values. Subsequently, the management model discards the beacon node with least trust value and that ensures reliability and consistency of localization in WSNs. The simulated results of the proposed algorithm are compared with the existing ones in terms of detection accuracy, False Positive Rate (FPR) and False Negative Rate (FNR) and Average Energy Consumption (AEC).
See publication
Tags: Blockchain, Cybersecurity, Privacy
Devs and Time Clock Rollovers
Import from medium.com
November 30, 2019
Let’s party like it’s 1999!Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
We Need To Get Better At Security!
Import from medium.com
November 30, 2019
Imagine if an electrical engineer found a fault in the wiring in your house, but said, “You have a fault, but it’ll take me 10 months to…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity, Security
John Napier’s “Signature” in 12 lines of Python
Import from medium.com
November 30, 2019
My university campus is in the home of John Napier, and my city (Edinburgh) and university have a strong linkage to logarithms. One of the…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
RSA Digital Signatures in 12 Lines of Python
Import from medium.com
November 29, 2019
I have been setting myself 12 line challenges for RSA encryption, so here’s one which signs a message in RSA in just 12 lines of Python…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
Congruential public key
Import from medium.com
November 26, 2019
I was honoured to speak to some government leaders today about the future of cryptography, and I was asked about the book that I would…Continue reading on ASecuritySite: When Bob Met Alice »
See publication
Tags: Cybersecurity
The Challenges of Investigating Cryptocurrencies and Blockchain Related Crime
Digital Investigation
November 01, 2019
We increasingly live in a world where there is a balance between the rights to privacy and the requirements for consent, and the rights of society to protect itself. Within this world, there is an ever-increasing requirement to protect the identities involved within financial transactions, but this makes things increasingly difficult for law enforcement agencies, especially in terms of financial fraud and money laundering. This paper reviews the state-of-the-art in terms of the methods of privacy that are being used within cryptocurrency transactions, and in the challenges that law enforcement face.
See publication
Tags: Blockchain, Cryptocurrency, Cybersecurity
Deriving ChaCha20 key streams from targeted memory analysis
Journal of Information Security and Applications
June 01, 2019
n
There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting …
See publication
Tags: Blockchain, Cybersecurity, Privacy
Next generation lightweight cryptography for smart IoT devices:: implementation, challenges and applications
IEEE
April 01, 2019
High/ultra-high speed data connections are currently being developed, and by the year 2020, it is expected that the 5th generation networking (5GN) should be much smarter. It would provide great quality of service (QoS) due to low latency, less implementation cost and high efficiency in data processing. These networks could be either a point-to-point (P2P) communication link or a point-to-multipoint (P2M) communication link, which, P2M is also known as multi-casting that addresses multiple subscribers. The P2M systems usually have diverse nodes (also called as `Things') according to services and levels of security required. These nodes need an uninterrupted network inter-connectivity as well as a cloud platform to manage data sharing and storage. However, the Internet of Things (IoT), with real-time applications like in smart cities, wearable gadgets, medical, military, connected driver-less cars, etc., includes massive data processing and transmission. Nevertheless, integrated circuits (ICs) deployed in IoT based infrastructures have strong constraints in terms of size, cost, power consumption and security. Concerning the last aspect, the main challenges identified so far are resilience of the deployed infrastructure, confidentiality, integrity of exchanged data, user privacy and authenticity. Therefore, well secured and effective cryptographic algorithms are needed that cause small hardware footprints, i.e. Lightweight Cryptography (LWC), also with the provision of robustness, long range transfer of encrypted data and acceptable level of security.In this paper, the implementation, challenges and futuristic applications of LWC algorithms for smart IoT devices have been discussed, especially the performance of Long-Range Wide Area Network (LoRaWAN) which is an open standard that defines the communication protocol for Low-Power Wide Area Network (LPWAN) technology.
See publication
Tags: Cybersecurity, IoT, Smart Cities
Top 10 Blockchain Predictions for the (Near) Future of Healthcare
Blockchain in Healthcare Today,
April 01, 2019
To review blockchain lessons learned in 2018 and near-future predictions for blockchain in healthcare, Blockchain in Healthcare Today (BHTY) asked the world's blockchain in healthcare experts to share their insights. Here, our internationally-renowned BHTY peer-review board discusses their major predictions.
See publication
Tags: Blockchain, Cybersecurity, Privacy
A Forensic Audit of the Tor Browser Bundle
Elsevier
March 01, 2019
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.
See publication
Tags: Big Data, Cybersecurity, Privacy
Decrypting live SSH traffic in virtual environments
Elsevier
March 01, 2019
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including the detection and interception of data exfiltration of confidential data.
See publication
Tags: Cloud, Cybersecurity, Privacy
Impact of cyberattacks on stock performance: a comparative study
Emerald
November 01, 2018
Purpose
The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period from January 03, 2013, to December 29, 2017.
Design/methodology/approach
The empirical analysis was performed in two ways: cross-section and industry level. The authors use statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes and skewness in the returns.
Findings
These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative; financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors; and technology firms tend to be less reactive to the announcement of a data breach. Such firms may possibly have the necessary tools and techniques to address large-scale cyberattacks …
See publication
Tags: Cloud, Cybersecurity, Privacy
Recent Progress in the Quantum-to-the-Home Networks
IntechOpen
November 01, 2018
For secure data transmission to the end users in a conventional fiber-to-the-home (FTTH) network, quantum cryptography (QC) is getting much consideration nowadays. QC or more specifically quantum key distribution (QKD) promises unconditionally secure protocol, the Holy Grail of communication and information security that is based on the fundamental laws of quantum physics. In this chapter, we discuss the design issues in a hybrid quantum-classical communication network, performance of the cost-effective off-the-shelf telecommunication equipment, our latest results on a four-state (Quadrature Phase Shift Keying,‘QPSK’) RF sub-carrier assisted continuous-variable quantum key distribution (CV-QKD) multiuser network based on ultra-low loss quantum channel (pure silica core fiber,‘PSCF’) and microelectromechanical systems (MEMS) based add/drop switch. The results are thoroughly compared with the commercially available high-cost encryption modules. It is expected that the discussed cost-effective and energy efficient QKD network can facilitate the practical applications of the CV-QKD protocol on the commercial scale in near future for smart access networks.
See publication
Tags: Cloud, Cybersecurity, Privacy
Requirements for 5G based telemetric cardiac monitoring
IEEE
November 01, 2018
Several white papers have been published on general requirements for 5G in the health vertical. As 5G research and implementation continue more detailed real world information for application research are needed. This paper is focusing on the requirements for telemetric cardiac monitoring based on real world experiences from a joint project on early geriatric rehabilitation of elderly patients in a care of the elderly department after minimal invasive and conservative treatment in a highly specialized cardiology unit in Leipzig, Germany.
See publication
Tags: Cybersecurity, HealthTech, Privacy, 5G
The Challenges of Investigating Cryptocurrencies and Blockchain Related Crime
Elsevier
December 31, 2019
We increasingly live in a world where there is a balance between the rights to privacy and the requirements for consent, and the rights of society to protect itself. Within this world, there is an ever-increasing requirement to protect the identities involved within financial transactions, but this makes things increasingly difficult for law enforcement agencies, especially in terms of financial fraud and money laundering. This paper reviews the state-of-the-art in terms of the methods of privacy that are being used within cryptocurrency transactions, and in the challenges that law enforcement face.
See publication
Tags: Blockchain, Cryptocurrency, Cybersecurity
MRC4: A Modified RC4 Algorithm using Symmetric Random Function Generator for Improved Cryptographic Features
IEEE
December 01, 2019
The Rivest Cipher 4 (RC4) has been one of the most popular stream ciphers for providing symmetric key encryption, and is now proposed as an efficient cipher within light-weight cryptography. As an algorithm it has been considered to be one of the fastest stream ciphers and one of the easiest to implement. Unfortunately, despite its simplicity of usage, a number of attacks on it have been found. Therefore, various improvements of this algorithm exist in cryptography, but none of them use proper randomness. This paper outlines modified version of RC4 and which has the desirable features of an efficient stream cipher algorithm, and which integrates the Symmetric Random Function Generator (SRFG) method. Though RC4 uses pseudorandom features with an initialisation vector and a seed value, the use of true randomness in RC4 is novel in this domain. Therefore, this paper proposes a modified RC4 as MRC4 …
See publication
Tags: Big Data, Blockchain, Cybersecurity
Deriving ChaCha20 key streams from targeted memory analysis
Journal of Information Security and Applications
September 01, 2019
There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting …
See publication
Tags: Big Data, Cybersecurity, Privacy
IoT forensics: Amazon echo as a use case
IEEE
August 31, 2019
Internet of Things (IoT) are increasingly common in our society, and can be found in civilian settings as well as sensitive applications such as battlefields and national security. Given the potential of these devices to be targeted by attackers, they are a valuable source in digital forensic investigations. In addition, incriminating evidence may be stored on an IoT device (e.g. Amazon Echo in a home environment and Fitbit worn by the victim or an accused person). In comparison to IoT security and privacy literature, IoT forensics is relatively under-studied. IoT forensics is also challenging in practice, particularly due to the complexity, diversity, and heterogeneity of IoT devices and ecosystems. In this paper, we present an IoT based forensic model that supports the identification, acquisition, analysis, and presentation of potential artifacts of forensic interest from IoT devices and the underpinning infrastructure. Specifically …
See publication
Tags: Cybersecurity, IoT, Privacy
A Forensic Audit of the Tor Browser Bundle
Elsevier
July 01, 2019
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator. This paper outlines an experimental methodology and provides results for evidence trails which can be used within real-life investigations.
See publication
Tags: Big Data, Cybersecurity, Privacy
Decrypting live SSH traffic in virtual environments
El
May 31, 2019
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including the detection and interception of data exfiltration of confidential data.
See publication
Tags: Cloud, Cybersecurity, Privacy
Next generation lightweight cryptography for smart IoT devices:: implementation, challenges and applications
IEEE
December 31, 2018
High/ultra-high speed data connections are currently being developed, and by the year 2020, it is expected that the 5th generation networking (5GN) should be much smarter. It would provide great quality of service (QoS) due to low latency, less implementation cost and high efficiency in data processing. These networks could be either a point-to-point (P2P) communication link or a point-to-multipoint (P2M) communication link, which, P2M is also known as multi-casting that addresses multiple subscribers. The P2M systems usually have diverse nodes (also called as ‘Things’) according to services and levels of security required. These nodes need an uninterrupted network inter-connectivity as well as a cloud platform to manage data sharing and storage. However, the Internet of Things (IoT), with real-time applications like in smart cities, wearable gadgets, medical, military, connected driver-less cars, etc., includes …
See publication
Tags: Cybersecurity, IoT, Smart Cities
Top 10 Blockchain Predictions for the (Near) Future of Healthcare
Blockchain in Healthcare Today
December 31, 2018
To review blockchain lessons learned in 2018 and near-future predictions for blockchain in healthcare, Blockchain in Healthcare Today (BHTY) asked the world's blockchain in healthcare experts to share their insights. Here, our internationally-renowned BHTY peer-review board discusses their major predictions.
See publication
Tags: Blockchain, Cybersecurity, HealthTech
Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier
2018 IEEE International Conference on Big Data (Big Data)
December 02, 2018
Insider threats continue to present a major challenge for the information security community. Despite constant research taking place in this area; a substantial gap still exists between the requirements of this community and the solutions that are currently available. This paper uses the CERT dataset r4.2 along with a series of machine learning classifiers to predict the occurrence of a particular malicious insider threat scenario - the uploading sensitive information to wiki leaks before leaving the organization. These algorithms are aggregated into a meta-classifier which has a stronger predictive performance than its constituent models. It also defines a methodology for performing pre-processing on organizational log data into daily user summaries for classification, and is used to train multiple classifiers. Boosting is also applied to optimise classifier accuracy. Overall the models are evaluated through analysis of their …
See publication
Tags: Big Data, Cloud, Cybersecurity
Impact of cyberattacks on stock performance: a comparative study
Information & Computer Security
November 12, 2018
Purpose
The study uses cyberattacks announcements on 96 firms that are listed on S&P 500 over the period from January 03, 2013, to December 29, 2017.
Design/methodology/approach
The empirical analysis was performed in two ways: cross-section and industry level. The authors use statistical tests that account for the effects of cross-section correlation in returns, returns series correlation, volatility changes and skewness in the returns.
Findings
These imply that studying the cumulative effects of cyberattacks on prices of listed firms without grouping them into the various sectors may be non-informative; financial sector firms tend to react cumulatively to cyberattacks over a three-day period than other sectors; and technology firms tend to be less reactive to the announcement of a data breach. Such firms may possibly have the necessary tools and techniques to address large-scale cyberattacks …
See publication
Tags: Cloud, Cybersecurity, Privacy
Recent Progress in the Quantum-to-the-Home Networks
Telecommunication Networks-Trends and Developments
November 12, 2018
For secure data transmission to the end users in a conventional fiber-to-the-home (FTTH) network, quantum cryptography (QC) is getting much consideration nowadays. QC or more specifically quantum key distribution (QKD) promises unconditionally secure protocol, the Holy Grail of communication and information security that is based on the fundamental laws of quantum physics. In this chapter, we discuss the design issues in a hybrid quantum-classical communication network, performance of the cost-effective off-the-shelf telecommunication equipment, our latest results on a four-state (Quadrature Phase Shift Keying,‘QPSK’) RF sub-carrier assisted continuous-variable quantum key distribution (CV-QKD) multiuser network based on ultra-low loss quantum channel (pure silica core fiber,‘PSCF’) and microelectromechanical systems (MEMS) based add/drop switch. The results are thoroughly compared with the commercially available high-cost encryption modules. It is expected that the discussed cost-effective and energy efficient QKD network can facilitate the practical applications of the CV-QKD protocol on the commercial scale in near future for smart access networks.
See publication
Tags: Cloud, Cybersecurity, Privacy
Open-source Data Analysis and Machine Learning for Asthma Hospitalisation Rates
GLOBAL HEALTH 2018 : The Seventh International Conference on Global Health Challenge
November 12, 2018
For secure data transmission to the end users in a conventional fiber-to-the-home (FTTH) network, quantum cryptography (QC) is getting much consideration nowadays. QC or more specifically quantum key distribution (QKD) promises unconditionally secure protocol, the Holy Grail of communication and information security that is based on the fundamental laws of quantum physics. In this chapter, we discuss the design issues in a hybrid quantum-classical communication network, performance of the cost-effective off-the-shelf telecommunication equipment, our latest results on a four-state (Quadrature Phase Shift Keying,‘QPSK’) RF sub-carrier assisted continuous-variable quantum key distribution (CV-QKD) multiuser network based on ultra-low loss quantum channel (pure silica core fiber,‘PSCF’) and microelectromechanical systems (MEMS) based add/drop switch. The results are thoroughly compared with the commercially available high-cost encryption modules. It is expected that the discussed cost-effective and energy efficient QKD network can facilitate the practical applications of the CV-QKD protocol on the commercial scale in near future for smart access networks.
See publication
Tags: Big Data, Cloud, HealthTech
Requirements for 5G based telemetric cardiac monitoring
14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
November 12, 2018
Several white papers have been published on general requirements for 5G in the health vertical. As 5G research and implementation continue more detailed real world information for application research are needed. This paper is focusing on the requirements for telemetric cardiac monitoring based on real world experiences from a joint project on early geriatric rehabilitation of elderly patients in a care of the elderly department after minimal invasive and conservative treatment in a highly specialized cardiology unit in Leipzig, Germany.
See publication
Tags: Big Data, Cloud, HealthTech, 5G
Correlation Power Analysis on the PRESENT Block Cipher on an Embedded Device
Proceedings of the 13th International Conference on Availability, Reliability and Security
November 12, 2018
Traditional cryptographic techniques have proven to work well on most modern computing devices but they are unsuitable for devices (eg IoT devices) where memory, power consumption or processing power is limited. Thus, there has been an increasing amount of work on the design and implementation of lightweight cryptographic algorithms to provide a solution for running cryptography on low resource devices. One particular cryptographic algorithm designed specifically to be used on low resource devices is the PRESENT algorithm. Although the design of PRESENT provides a small memory footprint alongside low power consumption our results show it is susceptible to information leakage when power analysis is performed against a device running this algorithm. In this paper, we present our methodology and results on performing correlation power analysis against this light weight block cipher. Our chosen …
See publication
Tags: Cybersecurity, IoT, Privacy
Privacy Parameter Variation Using RAPPOR on a Malware Dataset
17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Scien
September 02, 2018
Stricter data protection regulations and the poor application of privacy protection techniques have resulted in a requirement for data-driven companies to adopt new methods of analysing sensitive user data. The RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) method adds parameterised noise, which must be carefully selected to maintain adequate privacy without losing analytical value. This paper applies RAPPOR privacy parameter variations against a public dataset containing a list of running Android applications data. The dataset is filtered and sampled into small (10,000); medium (100,000); and large (1,200,000) sample sizes while applying RAPPOR with ? = 10; 1.0; and 0.1 (respectively low; medium; high privacy guarantees). Also, in order to observe detailed variations within high to medium privacy guarantees (? = 0.5 to 1.0), a second experiment is conducted by progressively …
See publication
Tags: Big Data, Cybersecurity, Privacy
Correlation Power Analysis on the PRESENT Block Cipher on an Embedded Device
ACM
November 01, 2018
Traditional cryptographic techniques have proven to work well on most modern computing devices but they are unsuitable for devices (eg IoT devices) where memory, power consumption or processing power is limited. Thus, there has been an increasing amount of work on the design and implementation of lightweight cryptographic algorithms to provide a solution for running cryptography on low resource devices. One particular cryptographic algorithm designed specifically to be used on low resource devices is the PRESENT algorithm. Although the design of PRESENT provides a small memory footprint alongside low power consumption our results show it is susceptible to information leakage when power analysis is performed against a device running this algorithm. In this paper, we present our methodology and results on performing correlation power analysis against this light weight block cipher. Our chosen …
See publication
Tags: Cybersecurity, IoT, Privacy
GDPR and Cyber Security for Business Information Systems
River Publishers
November 01, 2018
The General Data Protection Regulation is the latest, and one of the most stringent, regulations regarding Data Protection to be passed into law by the European Union. Fundamentally, it aims to protect the Rights and Freedoms of all the individuals included under its terms; ultimately the privacy and security of all our personal data. This requirement for protection extends globally, to all organisations, public and private, wherever personal data is held, processed, or transmitted concerning any EU citizen. Cyber Security is at the core of data protection and there is a heavy emphasis on the application of encryption and state of the art technology within the articles of the GDPR. This is considered to be a primary method in achieving compliance with the law. Understanding the overall use and scope of Cyber Security principles and tools allows for greater efficiency and more cost effective management of Information systems. GDPR and Cyber Security for Business Information Systems is designed to present specific and practical information on the key areas of compliance to the GDPR relevant to Business Information Systems in a global context. Key areas covered include:● Principles and Rights within the GDPR● Information Security● Data Protection by Design and Default● Implementation Procedures● Encryption methods● Incident Response and Management● Data Breaches
See publication
Tags: Cloud, Cybersecurity, Privacy
Privacy Parameter Variation Using RAPPOR on a Malware Dataset
IEEE
November 01, 2018
Stricter data protection regulations and the poor application of privacy protection techniques have resulted in a requirement for data-driven companies to adopt new methods of analysing sensitive user data. The RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) method adds parameterised noise, which must be carefully selected to maintain adequate privacy without losing analytical value. This paper applies RAPPOR privacy parameter variations against a public dataset containing a list of running Android applications data. The dataset is filtered and sampled into small (10,000); medium (100,000); and large (1,200,000) sample sizes while applying RAPPOR with ? = 10; 1.0; and 0.1 (respectively low; medium; high privacy guarantees). Also, in order to observe detailed variations within high to medium privacy guarantees (? = 0.5 to 1.0), a second experiment is conducted by progressively …
See publication
Tags: Cloud, Cybersecurity, Privacy
Machine learning and semantic analysis of in-game chat for cyberbullying
Elsivier
February 01, 2018
One major problem with cyberbullying research is the lack of data, since researchers are traditionally forced to rely on survey data where victims and perpetrators self-report their impressions. In this paper, an automatic data collection system is presented that continuously collects in-game chat data from one of the most popular online multiplayer games: World of Tanks. The data were collected and combined with other information about the players from available online data services. It presents a scoring scheme to enable identification of cyberbullying based on current research. Classification of the collected data was carried out using simple feature detection with SQL database queries and compared to classification from AI-based sentiment text analysis services that have recently become available and further against manually classified data using a custom-built classification client built for this paper. The simple …
See publication
Tags: Big Data, Cloud, Cybersecurity