Special Issue "Advanced Technologies in Data and Information Security"

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 20 February 2022.

Special Issue Editors

Dr. George Drosatos
E-Mail Website
Guest Editor
Institute for Language and Speech Processing, Athena Research Centre, Kimmeria University Campus, 67100 Xanthi, Greece
Interests: privacy-enhancing technologies (PETs); information security; distributed ledger technologies (DLTs); personal data management; cryptographic protocols; health informatics; information retrieval; social networks analysis; ubiquitous computing
Prof. Dr. Konstantinos Rantos
E-Mail Website
Guest Editor
Department of Computer Science, School of Sciences, International Hellenic University, Ag. Loukas Campus, 65404 Kavala, Greece
Interests: cybersecurity; IoT security; cyber threat intelligence; authentication systems; e-Government services; electronic payment systems; mobile systems security; security awareness
Special Issues, Collections and Topics in MDPI journals
Dr. Konstantinos Demertzis
E-Mail Website
Guest Editor
Laboratory of Complex Systems, Department of Physics, Faculty of Sciences, International Hellenic University, Kavala Campus, 65404 St. Loukas, Greece
Interests: AI cybersecurity; AI big data; AI blockchain; AI DevOps; Geo AI
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The protection of personal data and privacy is a timeless challenge which has intensified in the modern era. The digitisation that has been achieved in recent decades has radically changed the way we live, communicate and work, revealing various security and privacy issues. Specifically, the explosion of new technologies and the continuous developments of technologies, such as IoT and AI, have led to the increased value of data, while it has raised demand and introduced new ways to obtain it. Techniques such as data analysis and processing provide a set of powerful tools that can be used by both governments and businesses for specific purposes. However, as with any valuable resource, as in the case of data, the phenomena of abuse, unfair practices and even criminal acts are not absent. In particular, in recent years, there have been more and more cases of sophisticated cyberattacks, data theft and leaks or even data trade, which violate the rights of individuals, but also harm competition and seriously damage the reputation of businesses.

In this Special Issue, we seek research and case studies that demonstrate the application of advanced technologies in data and information security to support applied scientific research, in any area of science and technology. Example topics include (but are not limited to) the following:

  1. Self-sovereign Identities
  2. Privacy-Preserving Solutions
  3. Blockchain-Based Security and Privacy
  4. Data Loss Prevention
  5. Deep Learning Forensics/Malware Analysis/Anomaly Detection
  6. AI-driven Security Systems
  7. Context-Aware Behavioural Analytics
  8. Security and Data Breach Detection
  9. Cyber-physical Systems Security
  10. Secure and Privacy-Preserving Health Solutions
  11. Active Defence Measures
  12. Social Networks Information Leaks
  13. Edge and Fog Computing Security
  14. Anonymization and Pseudonymization Solutions
  15. Zero-Trust Network Access Technology
  16. Dynamic Risk Management
  17. Cyber Threat Intelligence
  18. Situational Awareness

Dr. George Drosatos
Prof. Dr. Konstantinos Rantos
Dr. Konstantinos Demertzis
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2300 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • data protection
  • information security
  • cybersecurity
  • cyber threats
  • privacy
  • forensics
  • cryptography
  • blockchain
  • AI- and ML- driven security

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Article
Evaluation of Local Security Event Management System vs. Standard Antivirus Software
Appl. Sci. 2022, 12(3), 1076; https://doi.org/10.3390/app12031076 - 20 Jan 2022
Viewed by 201
Abstract
The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and [...] Read more.
The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Article
An Integrated Cybernetic Awareness Strategy to Assess Cybersecurity Attitudes and Behaviours in School Context
Appl. Sci. 2021, 11(23), 11269; https://doi.org/10.3390/app112311269 - 28 Nov 2021
Viewed by 461
Abstract
Digital exposure to the Internet among the younger generations, notwithstanding their digital abilities, has increased and raised the alarm regarding the need to intensify the education on cybersecurity in schools. Understanding of the human factor and its influence on children, namely their attitudes [...] Read more.
Digital exposure to the Internet among the younger generations, notwithstanding their digital abilities, has increased and raised the alarm regarding the need to intensify the education on cybersecurity in schools. Understanding of the human factor and its influence on children, namely their attitudes and behaviors online, is pivotal to reinforce their awareness towards cyberattacks, and to promote their digital citizenship. This paper aims to present an integrated cybersecurity and cyberawareness strategy composed of three major steps: (1) Cybersecurity attitude and behavior assessment, (2) self-diagnosis, and (3) teaching/learning activities. The following contributions are made: Two questionnaires to assess risky attitudes and behaviors regarding cybersecurity; a self-diagnosis to measure students’ skills on cybersecurity; a lesson plan addressing cyberawareness to be applied on Information and Communications Technology (ICT) and citizenship education curricular units. Cybersecurity risky attitudes and behaviors were evaluated in a junior high school population of 164 students attending the sixth and ninth grades. The assessment focused on two main subjects: To identify the attitudes and behaviors that raise the risk on cybersecurity among the participating students; to characterize the acquired students’ cybersecurity and cyberawareness skills. Global and individual scores and the histograms for attitudes and behaviors are presented. The items in which we have observed significant differences between sixth and ninth grades are depicted and quantified by their corresponding p-values obtained through the Mann–Whitney non-parametric test. Regarding the results obtained on the assessment of attitudes and behaviors, although positive, we observed that the attitudes and behaviors in ninth grade students are globally inferior compared to those attained by sixth grade students. The deployed strategy for cyberawareness was applied in a school context; however, the same approach is suitable to be applied in other types of organizations, namely enterprises, healthcare institutions and public sector. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Article
Educational Blockchain: A Secure Degree Attestation and Verification Traceability Architecture for Higher Education Commission
Appl. Sci. 2021, 11(22), 10917; https://doi.org/10.3390/app112210917 - 18 Nov 2021
Cited by 3 | Viewed by 451
Abstract
Degree attestation verification and traceability are complex one-to-one processes between the Higher Education Commission (HEC) and universities. The procedure shifted to the digitalized manner, but still, on a certain note, manual authentication is required. In the initial process, the university verified the degree [...] Read more.
Degree attestation verification and traceability are complex one-to-one processes between the Higher Education Commission (HEC) and universities. The procedure shifted to the digitalized manner, but still, on a certain note, manual authentication is required. In the initial process, the university verified the degree and stamp seal first. Then, a physical channel of degree submission to the receiving ends is activated. After that, the degree is attested while properly examining and analyzing the tamper records related to degree credentials through e-communication with the university for verification and validation. This issue poses a serious challenge to educational information integrity and privacy. Potentially, blockchain technology could become a standardized platform to perform tasks including issuing, verifying, auditing, and tracing immutable records, which would enable the HEC, universities, and Federal Education Ministry (FEM) to quickly and easily get attested and investigate the forge proof versions of certificates. Besides, decentralized distributed data blocks in chronological order provide high security between distributed ledgers, consensus engine, digital signature, smart contracts, permissioned application, and private network node transactions that guarantee degree record validation and traceability. This paper presents an architecture (HEDU-Ledger) and detail design of blockchain-enabled hyperledger fabric applications implementation for degree attestation verification and traceable direct channel design between HEC and universities. The hyperledger fabric endorses attestation records first, and then validates (committer) the degree and maintains the secure chain of tracing between stakeholder peer nodes. Furthermore, this HEDU-Ledger architecture avoids language and administrative barriers. It also provides robustness in terms of security and privacy of records and maintains integrity with secure preservation as compared to that of the other state-of-the-art methods. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Article
An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls
Appl. Sci. 2021, 11(18), 8379; https://doi.org/10.3390/app11188379 - 09 Sep 2021
Viewed by 402
Abstract
A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, [...] Read more.
A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Article
Educational Organization’s Security Level Estimation Model
Appl. Sci. 2021, 11(17), 8061; https://doi.org/10.3390/app11178061 - 31 Aug 2021
Viewed by 518
Abstract
During the pandemic, distance learning gained its necessity. Most schools and universities were forced to use e-learning tools. The fast transition to distance learning increased the digitalization of the educational system and influenced the increase of security incident numbers as there was no [...] Read more.
During the pandemic, distance learning gained its necessity. Most schools and universities were forced to use e-learning tools. The fast transition to distance learning increased the digitalization of the educational system and influenced the increase of security incident numbers as there was no time to estimate the security level change by incorporating new e-learning systems. Notably, preparation for distance learning was accompanied by several limitations: lack of time, lack of resources to manage the information technologies and systems, lack of knowledge on information security management, and security level modeling. In this paper, we propose a security level estimation model for educational organizations. This model takes into account distance learning specifics and allows quantitative estimation of an organization’s security level. It is based on 49 criteria values, structured into an AHP (Analytic Hierarchy Process) tree, and arranged to final security level metric by incorporating experts’ opinion-based criteria importance coefficients. The research proposed a criteria tree and obtained experts’ opinions lead to educational organization security level evaluation model, resulting in one quantitative metric. It can be used to model different situations and find the better alternative in case of security level, without external security experts usage. Use case analysis results and their similarity to security experts’ evaluation are presented in this paper as validation of the proposed model. It confirms the model meets experts-based information security level ranking, therefore, can be used for simpler security modeling in educational organizations. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Review

Jump to: Research

Review
Blockchain Applications in Education: A Systematic Literature Review
Appl. Sci. 2021, 11(24), 11811; https://doi.org/10.3390/app112411811 - 12 Dec 2021
Viewed by 628
Abstract
Blockchain is one of the latest technologies attracting increasing attention from different actors in diverse fields, including the educational sector. The objective of this study is to offer an overview of the current state of the art related to blockchain in education that [...] Read more.
Blockchain is one of the latest technologies attracting increasing attention from different actors in diverse fields, including the educational sector. The objective of this study is to offer an overview of the current state of the art related to blockchain in education that may serve as a reference for future initiatives in this field. For this, a systematic review of reference journals was carried out. Eleven databases were systematically searched and eligible papers that focused on blockchain in education that made significant contributions, and not only generic statements about the topic, were selected. As a result, 28 articles were analyzed. Lack of precision, and selection and analysis bias were then minimized by involving three researchers. The analysis of the selected papers provided invaluable insight and answered the research questions posed about the current state of the application of blockchain in education, about which of its characteristics can benefit this sector, and about the challenges that must be addressed. Blockchain may become a relevant technology in the educational field, and therefore many proofs of concept are being developed. However, there are still some relevant technological, regulatory and academic issues to be addressed to pave the way for the mainstream adoption of this technology. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Review
Privacy-Preserving Solutions in Blockchain-Enabled Internet of Vehicles
Appl. Sci. 2021, 11(21), 9792; https://doi.org/10.3390/app11219792 - 20 Oct 2021
Viewed by 428
Abstract
Blockchain, a promising technology that has matured and nowadays is widely used in many fields, such as supply chain management, smart grids, agriculture and logistics, has also been proposed for the Internet of Vehicles (IoV) ecosystem to enhance the protection of the data [...] Read more.
Blockchain, a promising technology that has matured and nowadays is widely used in many fields, such as supply chain management, smart grids, agriculture and logistics, has also been proposed for the Internet of Vehicles (IoV) ecosystem to enhance the protection of the data that roadside units and vehicles exchange. Blockchain technology can inherently guarantee the availability, integrity and immutability of data stored in IoV, yet it cannot protect privacy and data confidentiality on its own. As such, solutions that utilise this technology have to consider the adoption of privacy-preserving schemes to address users’ privacy concerns. This paper provides a literature review of proposed solutions that provide different vehicular services using blockchain technology while preserving privacy. In this context, it analyses existing solutions’ main characteristics and properties to provide a comprehensive and critical overview and identifies their contribution in the field. Moreover, it provides suggestions to researchers for future work in the field of privacy-preserving blockchain-enabled solutions for vehicular networks. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Review
Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance
Appl. Sci. 2021, 11(8), 3383; https://doi.org/10.3390/app11083383 - 09 Apr 2021
Cited by 9 | Viewed by 1472
Abstract
A grave concern to an organization’s information security is employees’ behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the [...] Read more.
A grave concern to an organization’s information security is employees’ behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the employees’ behavior from noncompliance to compliance. Therefore, we conducted a systematic literature review (SLR), highlighting the studies done concerning information security behavior (ISB) towards ISPC in multiple settings: research frameworks, research designs, and research methodologies over the last decade. We found that ISPC research focused more on compliance behaviors than noncompliance behaviors. Value conflicts, security-related stress, and neutralization, among many other factors, provided significant evidence towards noncompliance. At the same time, internal/external and protection motivations proved positively significant towards compliance behaviors. Employees perceive internal and external motivations from their social circle, management behaviors, and organizational culture to adopt security-aware behaviors. Deterrence techniques, management behaviors, culture, and information security awareness play a vital role in transforming employees’ noncompliance into compliance behaviors. This SLR’s motivation is to synthesize the literature on ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance. This SLR contributes to information system security literature by providing a behavior transformation process model based on the existing ISPC literature. Full article
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security)
Show Figures

Figure 1

Back to TopTop