J. Cybersecur. Priv., Volume 5, Issue 2 (June 2025) – 10 articles

Significant vulnerabilities in traditional authentication systems have been demonstrated due to the high dependence on smartphone hardware devices to execute many different and complicated tasks. PINs, passwords, and static biometric techniques have been shown to be subjected to various serious attacks, such as environmental limitations, spoofing, and brute force attacks, and this in turn mitigates the security level of the entire system. In this study, a robust framework for smartphone authentication is presented. Touch dynamic pattern recognitions, including trajectory curvature, touch pressure, acceleration, two-dimensional spatial coordinates, and velocity, have been extracted and assessed as behavioral biometric features. The TOPSIS (Technique for Order of Preference by Similarity to Ideal Solution) methodology has also been incorporated to obtain the most affected and valuable features, which are then fed as input to three different Machine Learning (ML) algorithms: Random Forest (RF), Gradient Boosting Machines (GBM), and K-Nearest Neighbors (KNN). Our analysis, supported by experimental results, ensure that the RF model outperforms the two other ML algorithms by getting F1-Score, accuracy, recall, and precision of 95.1%, 95.2%, 95.5%, and 94.8%, respectively. In order to further increase the resiliency of the proposed technique, the data perturbation approach, including temporal scaling and noise insertion, has been augmented. Also, the proposal has been shown to be resilient against both environmental variation-based attacks by achieving accuracy above 93% and spoofing attacks by obtaining a detection rate of 96%. This emphasizes that the proposed technique provides a promising solution to many authentication issues and offers a user-friendly and scalable method to improve the security of the smartphone against cybersecurity attacks. Full article

While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This article explores the challenges and opportunities of building sustainable cybersecurity capabilities in resource-constrained organizations, specifically Norwegian municipalities. The research introduces the concept of sustainable cybersecurity capabilities, emphasizing the importance of a socio-technical approach that integrates technology, people, and organizational structure. A mixed-methods study was employed, combining document analysis of relevant cybersecurity frameworks with a modified Delphi study and semi-structured interviews with municipal cybersecurity practitioners. Findings highlight six core cybersecurity capabilities within municipalities, along with key challenges in implementing and sustaining these capabilities. These challenges include ambiguities in role formalization, skills gaps, difficulties in deploying advanced security technologies, and communication barriers between central IT and functional areas. Furthermore, the potential of artificial intelligence and cooperative strategies to enhance municipal cybersecurity is considered. Ultimately, the study highlights the need for a holistic perspective in developing sustainable cybersecurity capabilities, offering implications for both research and practice within municipalities and local government. Full article

The evolution of deepfake technology has the potential to reshape the threat landscape in corporate environments by enabling highly convincing digital impersonations. In this paper, we explore how artificial media produced by AI can be misused to assume authoritative personas, leaving traditional cybersecurity programs with significant vulnerabilities. Drawing from interviews with cybersecurity professionals across various industries, we find that the majority of organizations remain vulnerable due to their adoption of broad, vendor-centric security solutions that are not specifically designed to protect against deepfake attacks. In response to the evolving threat landscape, we introduce the PREDICT framework—a cyclical, iterative theoretical model. This model combines definitive policy direction, organizational preparedness, targeted employee training, and advanced AI detection tools. Additionally, it incorporates effective incident response plans with continuous improvement and simulations. Our findings underscore the need to revise the current security protocols and offer practical suggestions for strengthening corporate defenses against the increasingly dynamic threat landscape posed by deepfakes. Full article

Small and medium-sized enterprises (SMEs) continue to face significant cybersecurity challenges due to limited financial resources, technical capacity, and awareness. This study addresses these issues by pursuing four key objectives: (1) conducting a comprehensive assessment of cybersecurity knowledge and awareness within the SME sector through a systematic literature review, (2) evaluating the impact and effectiveness of cybersecurity awareness programs on SME behaviors and risk mitigation, (3) identifying core barriers—financial, technical, and organizational—that hinder effective cybersecurity adoption, and (4) introducing and validating the enhanced ROHAN model in conjunction with the Cyber Guardian Framework (CGF) to offer a scalable roadmap for cybersecurity resilience. Drawing on secondary data from Rawindaran (2023), the research highlights critical deficiencies in SME cybersecurity practices and emphasizes the need for tailored role-specific awareness initiatives. The enhanced ROHAN model addresses this need by delivering customized cybersecurity education based on industry sector, professional role, and educational background. Integrated with the CGF, the framework promotes structured, ongoing improvements across organizational, technological, and human domains. A mixed-methods approach was used, combining quantitative survey data from Welsh SMEs with qualitative interviews involving SME stakeholders. Advanced analytical techniques, including regression testing, Principal Component Analysis (PCA), and data visualization, were employed to uncover key insights and patterns. A distinctive feature of the ROHAN model is its integration of AI-powered tools for real-time risk assessment and decision-making, reflecting the principles of Industry 5.0. By aligning technological innovation with targeted education, this study presents a practical and adaptable cybersecurity framework for SMEs. The findings aim to bridge critical knowledge gaps and provide a foundation for a more resilient, cyber-aware SME sector in Wales and comparable regions. Full article

The increasing interconnectivity of devices on the Internet of Things (IoT) introduces significant security challenges, particularly around authentication and data management. Traditional centralized approaches are not sufficient to address these risks, requiring more robust and decentralized solutions. This paper presents a decentralized authentication protocol leveraging blockchain technology and the IPFS data management framework to provide secure and real-time communication between IoT devices. Using the Ethereum blockchain, smart contracts, elliptic curve cryptography, and ASCON encryption, the proposed protocol ensures the confidentiality, integrity, and availability of sensitive IoT data. The mutual authentication process involves the use of asymmetric key pairs, public key registration on the blockchain, and the Diffie–Hellman key exchange algorithm to establish a shared secret that, combined with a unique identifier, enables secure device verification. Additionally, IPFS is used for secure data storage, with the content identifier (CID) encrypted using ASCON and integrated into the blockchain for traceability and authentication. This integrated approach addresses current IoT security challenges and provides a solid foundation for future applications in decentralized IoT environments. Full article

The automated identification and evaluation of potential attack paths within infrastructures is a critical aspect of cybersecurity risk assessment. However, existing methods become impractical when applied to complex infrastructures. While machine learning (ML) has proven effective in predicting the exploitation of individual vulnerabilities, its potential for full-path prediction remains largely untapped. This challenge stems from two key obstacles: the lack of adequate datasets for training the models and the dimensionality of the learning problem. To address the first issue, we provide a dataset of 1033 detailed environment graphs and associated attack paths, with the objective of supporting the community in advancing ML-based attack path prediction. To tackle the second, we introduce a novel Physics-Informed Graph Neural Network (PIGNN) architecture for attack path prediction. Our experiments demonstrate its effectiveness, achieving an F1 score of $0.9308$ for full-path prediction. We also introduce a self-supervised learning architecture for initial access and impact prediction, achieving F1 scores of $0.9780$ and $0.8214$, respectively. Our results indicate that the PIGNN effectively captures adversarial patterns in high-dimensional spaces, demonstrating promising generalization potential towards fully automated assessments. Full article

The implementation of Central Bank Digital Currencies (CBDCs) faces significant challenges in achieving the same level of anonymity and convenience in offline transactions as cash. This limitation imposes considerable constraints on the development and widespread adoption of CBDCs. Unlike cash, digital currencies, similar to other electronic payment methods, necessitate internet or other network connectivity to verify payment eligibility. This study proposes a secure offline payment model for CBDCs that operates independently of internet or network connections by utilizing a Trusted Platform Module (TPM) to enhance the security of digital currency transactions. Additionally, the monotonic counter, the basic component of the TPM, is integrated into this model to prevent double spending in a completely offline environment. Our research presents a protocol model that combines these easily implementable technologies to facilitate the efficient processing of transactions in CBDCs entirely offline. However, it is crucial to acknowledge the security implications associated with the TPMs and near-field communications upon which this protocol relies. Full article

The efficiency of Shor’s and Grover’s algorithms and the advancement of quantum computers implies that the cryptography used until now to protect one’s privacy is potentially vulnerable to retrospective decryption, also known as the harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post-Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully. Full article

Implementing machine learning is imperative for enhancing advanced cybersecurity practices globally. The current cybersecurity landscape needs further investigation into the potential impasse. This scientometric study aims to comprehensively analyse the study patterns and key contributions at the nexus of cybersecurity and machine learning. The analysis examines publication trends, citation analysis, and intensive research networks to discover key authors, significant organisations, major countries, and emerging research areas. The search was conducted on the Scopus database, and 3712 final documents were selected after a thorough screening from January 2016 to January 2025. The VOSviewer tool was used to map citation networks and visualise co-authorship networks, enabling the discovery of research patterns, top contributors, and hot topics in the domain. The findings uncovered the substantial growth in publications bridging cybersecurity with machine learning and deep learning, involving 2865 authors across 160 institutions and 114 countries. Saudi Arabia emerged as a top contributing nation with flaunting high productivity. IEEE and Sensors are the key publication sources instrumental in producing interdisciplinary research. Iqbal H. Sarker and N. Moustafa are notable authors, with 17 and 16 publications each. This study emphasises the significance of global partnerships and multidisciplinary research in enhancing cybersecurity posture and identifying key research areas for future studies. This study further highlights its importance by guiding policymakers and practitioners to develop advanced machine learning-based cybersecurity strategies. Full article

The growing adoption of smart grid systems presents significant advancements in the efficiency of energy distribution, along with enhanced monitoring and control capabilities. However, the interconnected and distributed nature of these systems also introduces critical security vulnerabilities that must be addressed. This study proposes a secure communication protocol specifically designed for smart grid environments, focusing on authentication, secret key establishment, symmetric encryption, and hash-based message authentication to provide confidentiality and integrity for communication in smart grid environments. The proposed protocol employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, Elliptic Curve Diffie–Hellman (ECDH) for secure key exchange, and Advanced Encryption Standard 256 (AES-256) encryption to protect data transmissions. The protocol follows a structured sequence: (1) authentication—verifying smart grid devices using digital signatures; (2) key establishment—generating and securely exchanging cryptographic keys; and (3) secure communication—encrypting and transmitting/receiving data. An experimental framework has been established to evaluate the protocol’s performance under realistic operational conditions, assessing metrics such as time, throughput, power, and failure recovery. The experimental results show that the protocol completes one server–client request in 3.469 ms for a desktop client and 41.14 ms for a microcontroller client and achieves a throughput of 288.27 requests/s and 24.30 requests/s, respectively. Furthermore, the average power consumed by the protocol is 37.77 watts. The results also show that the proposed protocol is able to recover from transient network disruptions and sustain secure communication. Full article