Special Issue "Feature Papers for Future Internet—Cybersecurity Section"

A special issue of Future Internet (ISSN 1999-5903). This special issue belongs to the section "Cybersecurity".

Deadline for manuscript submissions: closed (28 February 2021) | Viewed by 12210

Special Issue Editors

Dr. Georgios Kambourakis
E-Mail Website
Guest Editor
Prof. Dr. Claude Chaudet
E-Mail Website
Guest Editor
Department of Computer Science and Mathematics, Webster University Geneva, 15, Route de Collex, 1293 Bellevue, Switzerland
Interests: Internet of things; wireless networks; graph theory; privacy; security; stochastic models
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cybersecurity can be simply defined as the practice to safeguard or defend the use of cyberspace from digital attacks. In the Internet of Everything era, cybersecurity is particularly demanding and multifaceted because, among others, the number and variety of networked devices has dramatically increased, attackers are becoming more ingenious, and the attack tools are becoming increasingly ubiquitous, low-cost, and user friendly. Even more, unforeseen sudden events like the COVID-19 pandemic have shown that the speedy, unpremeditated digitization in vital sectors, including retail, education, and healthcare, comes at a cost—that is, an increased risk and impact of cyberattacks. In this context, the Feature Issue “Feature Papers for Future Internet—Cybersecurity Section” aims to fuel research and ease the dissemination of state-of-the-art technologies, solutions, case studies, and prototypes regarding all aspects of cybersecurity, either human- or technology-oriented. The submitted articles can be either applied, theoretical, or review, and interdisciplinary manuscripts are especially welcome.

Dr. Georgios Kambourakis
Dr. Claude Chaudet
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cyber analytics and cyber threat intelligence
  • cyber-physical system security
  • cybersecurity metrics and assessment
  • advances in critical infrastructure security
  • usable security and human-centric cybersecurity solutions
  • internet measurements in aid of security
  • botnets
  • cryptography for cybersecurity
  • cyber risk management
  • malware
  • online scams
  • social engineering and human hacking
  • security awareness and training
  • interdisciplinary research topics on cybersecurity

Published Papers (5 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Article
A Multi-Tier Security Analysis of Official Car Management Apps for Android
Future Internet 2021, 13(3), 58; https://doi.org/10.3390/fi13030058 - 25 Feb 2021
Cited by 4 | Viewed by 1916
Abstract
Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the [...] Read more.
Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few. Full article
(This article belongs to the Special Issue Feature Papers for Future Internet—Cybersecurity Section)
Show Figures

Figure 1

Article
ARIBC: Online Reporting Based on Identity-Based Cryptography
Future Internet 2021, 13(2), 53; https://doi.org/10.3390/fi13020053 - 21 Feb 2021
Viewed by 968
Abstract
The reporting of incidents of misconduct, violence, sexual assault, harassment, and other types of crime that constitute a major concern in modern society is of significant value when investigating such incidents. Unfortunately, people involved in such incidents, either as witnesses or victims, are [...] Read more.
The reporting of incidents of misconduct, violence, sexual assault, harassment, and other types of crime that constitute a major concern in modern society is of significant value when investigating such incidents. Unfortunately, people involved in such incidents, either as witnesses or victims, are often reluctant to report them when such reporting demands revealing the reporter’s true identity. In this paper, we propose an online reporting system that leverages Identity-Based Cryptography (IBC) and offers data authentication, data integrity, and data confidentiality services to both eponymous and anonymous users. The system, called ARIBC, is founded on a certificate-less, public-key, IBC infrastructure, implemented by employing the Sakai–Kasahara approach and by following the IEEE 1363.3-2013 standard. We develop a proof-of-concept implementation of the proposed scheme, and demonstrate its applicability in environments with constrained human, organizational and/or computational resources. The computational overheads imposed by the scheme are found to be well within the capabilities of modern fixed or mobile devices. Full article
(This article belongs to the Special Issue Feature Papers for Future Internet—Cybersecurity Section)
Show Figures

Figure 1

Article
An Automatic Generation Approach of the Cyber Threat Intelligence Records Based on Multi-Source Information Fusion
Future Internet 2021, 13(2), 40; https://doi.org/10.3390/fi13020040 - 02 Feb 2021
Cited by 7 | Viewed by 1810
Abstract
With the progressive deterioration of cyber threats, collecting cyber threat intelligence (CTI) from open-source threat intelligence publishing platforms (OSTIPs) can help information security personnel grasp public opinions with specific pertinence, handle emergency events, and even confront the advanced persistent threats. However, due to [...] Read more.
With the progressive deterioration of cyber threats, collecting cyber threat intelligence (CTI) from open-source threat intelligence publishing platforms (OSTIPs) can help information security personnel grasp public opinions with specific pertinence, handle emergency events, and even confront the advanced persistent threats. However, due to the explosive growth of information shared on multi-type OSTIPs, manually collecting the CTI has had low efficiency. Articles published on the OSTIPs are unstructured, leading to an imperative challenge to automatically gather CTI records only through natural language processing (NLP) methods. To remedy these limitations, this paper proposes an automatic approach to generate the CTI records based on multi-type OSTIPs (GCO), combing the NLP method, machine learning method, and cybersecurity threat intelligence knowledge. The experiment results demonstrate that the proposed GCO outperformed some state-of-the-art approaches on article classification and cybersecurity intelligence details (CSIs) extraction, with accuracy, precision, and recall all over 93%; finally, the generated records in the Neo4j-based CTI database can help reveal malicious threat groups. Full article
(This article belongs to the Special Issue Feature Papers for Future Internet—Cybersecurity Section)
Show Figures

Figure 1

Article
Failure Mode and Effect Analysis for Cyber-Physical Systems
Future Internet 2020, 12(11), 205; https://doi.org/10.3390/fi12110205 - 20 Nov 2020
Cited by 6 | Viewed by 1327
Abstract
Cyber-Physical Systems (CPS) are a prominent component of the modern digital transformation, which combines the dynamics of the physical processes with those of software and networks. Critical infrastructures have built-in CPS, and assessing its risk is crucial to avoid significant losses, both economic [...] Read more.
Cyber-Physical Systems (CPS) are a prominent component of the modern digital transformation, which combines the dynamics of the physical processes with those of software and networks. Critical infrastructures have built-in CPS, and assessing its risk is crucial to avoid significant losses, both economic and social. As CPS are increasingly attached to the world’s main industries, these systems’ criticality depends not only on software efficiency and availability but also on cyber-security awareness. Given this, and because Failure Mode and Effect Analysis (FMEA) is one of the most effective methods to assess critical infrastructures’ risk, in this paper, we show how this method performs in the analysis of CPS threats, also exposing the main drawbacks concerning CPS risk assessment. We first propose a risk prevention analysis to the Communications-Based Train Control (CBTC) system, which involves exploiting cyber vulnerabilities, and we introduce a novel approach to the failure modes’ Risk Priority Number (RPN) estimation. We also propose how to adapt the FMEA method to the requirement of CPS risk evaluation. We applied the proposed procedure to the CBTC system use case since it is a CPS with a substantial cyber component and network data transfer. Full article
(This article belongs to the Special Issue Feature Papers for Future Internet—Cybersecurity Section)
Show Figures

Figure 1

Review

Jump to: Research

Review
A Systematic Review of Cybersecurity Risks in Higher Education
Future Internet 2021, 13(2), 39; https://doi.org/10.3390/fi13020039 - 02 Feb 2021
Cited by 12 | Viewed by 5350
Abstract
The demands for information security in higher education will continue to increase. Serious data breaches have occurred already and are likely to happen again without proper risk management. This paper applies the Comprehensive Literature Review (CLR) Model to synthesize research within cybersecurity risk [...] Read more.
The demands for information security in higher education will continue to increase. Serious data breaches have occurred already and are likely to happen again without proper risk management. This paper applies the Comprehensive Literature Review (CLR) Model to synthesize research within cybersecurity risk by reviewing existing literature of known assets, threat events, threat actors, and vulnerabilities in higher education. The review included published studies from the last twelve years and aims to expand our understanding of cybersecurity’s critical risk areas. The primary finding was that empirical research on cybersecurity risks in higher education is scarce, and there are large gaps in the literature. Despite this issue, our analysis found a high level of agreement regarding cybersecurity issues among the reviewed sources. This paper synthesizes an overview of mission-critical assets, everyday threat events, proposes a generic threat model, and summarizes common cybersecurity vulnerabilities. This report concludes nine strategic cyber risks with descriptions of frequencies from the compiled dataset and consequence descriptions. The results will serve as input for security practitioners in higher education, and the research contains multiple paths for future work. It will serve as a starting point for security researchers in the sector. Full article
(This article belongs to the Special Issue Feature Papers for Future Internet—Cybersecurity Section)
Show Figures

Figure 1

Back to TopTop