Journal of Cybersecurity and Privacy

Globally, 77% of the elderly aged 65 and above suffer from multiple chronic ailments, according to recent research. However, several barriers within the healthcare system in the developing world hinder the adoption of home-based patient management, hence the need for the IoMT, whose application raises security concerns, particularly in authentication. Several authentication techniques have been proposed; however, they lack a balance of security and usability. This paper proposes a Naive Bayes based adaptive user authentication app that calculates the risk associated with a login attempt on an Android device for elderly users, using their health conditions, risk score, and available authenticators. This authentication technique guided by the MAPE-K_HMT framework makes use of embedded smartphone sensors. Results indicate a 100% and 98.6% accuracy in usable-security metrics, while cross-validation and normalization results also support the accuracy, efficiency, effectiveness, and usability of our model with room for scaling it up without computational costs and generalizing it beyond SSA. The post-deployment evaluation also confirms that users found the app usable and secure. A few areas need further refinement to improve the accuracy, usability, security, and acceptance but the model shows potential to improve users’ compliance with IoMT security, thereby promoting the attainment of SDG3. Full article

In recent years, Machine Learning (ML) and Artificial Intelligence (AI) have been gaining ground in Cyber Security (CS) research in an attempt to counter increasingly sophisticated attacks. However, this paper poses the question of qualitative and quantitative data. This paper argues that scholarly research in this domain is severely impacted by the quality and quantity of available data. Datasets are disparate. There is no uniformity in (i) the dataset features, (ii) the methods of collection, or (iii) the preprocessing requirements to enable good-quality analyzed data that are suitable for automated decision-making. This review contributes to the existing literature by providing a single summary of the wider field in relation to AI, evaluating the most recent datasets, combining considerations of ethical AI, and posing a list of open research questions to guide future research endeavors. Thus, this paper contributes valuable insights to the cyber security field, fostering advancements for the application of AI/ML. Full article

Modern computing systems are primarily designed for maximum performance, which inadvertently introduces vulnerabilities at the micro-architecture level. While cache side-channel analysis has received significant attention, other Central Processing Units (CPUs) components like the Translation Lookaside Buffer (TLB) can also be exploited to leak sensitive information. This paper focuses on the TLB, a micro-architecture component that is vulnerable to side-channel attacks. Despite the coarse granularity at the page level, advancements in tools and techniques have made TLB information leakage feasible. The primary goal of this study is not to demonstrate the potential for information leakage from the TLB but to establish a comprehensive framework to reverse engineer the TLB configuration, a critical aspect of side-channel analysis attacks that have previously succeeded in extracting sensitive data. The methodology involves detailed reverse engineering efforts on Intel CPUs, complemented by analytical tools to support TLB reverse engineering. This study successfully reverse-engineered the TLB configurations for Intel CPUs and introduced visual tools for further analysis. These results can be used to explore TLB vulnerabilities in greater depth. However, when attempting to apply the same methodology to the IBM Power9, it became clear that the methodology was not transferable, as mapping functions and performance counters vary across different vendors. Full article

In this study, we investigated the expanding problem of suspicious activity when using online in-game asset trading platforms. The decentralized structures and anonymity offered by these platforms provide a basis for suspicious actions, creating a threat to the virtual economy. By evaluating 18,157 rows of anonymized transaction data from 38 unique sellers with the help of the interquartile range approach and network analysis, we were able to identify suspicious activities. The results highlight suspicious online activities of individual transactions. This research contributes by identifying new, concerning trends and unraveling complex networks by analyzing in-game asset transaction data. It also assists in informing experts and lawmakers about new suspicious activities. Full article

This paper introduces a comprehensive risk assessment of various wide area network (WAN) technologies as applied to Operational Technology (OT) infrastructures, thus uncovering which WAN technology is best suited for OT to mitigate the risks of Denial of View (DoV), Denial of Control (DoC), and Denial of Service (DoS). A new risk weight-based evaluation approach is proposed following NIST CSF and ISA/IEC 62443 standard risk scoring (RS). In this approach, RS was modified by introducing new risk metrics, namely, risk (Rn), mitigation (Mm), risk prioritization (WRn), and mitigation prioritization (WMm) to create a specialized probability formula to assess risks on OT WAN infrastructure. The proposed formula has been implemented to automate data analysis and risk scoring across nine WAN technologies. The obtained results demonstrated that software-defined wide area network (SD-WAN) has the best security features that even overshadow its vulnerabilities to perform not just as a WAN solution but as a security solution against DoV, DoC, and DoS. Furthermore, this paper identifies and highlights what to prioritize when designing and assessing an SD-WAN setup. In addition, this paper proposes an SD-WAN-based architecture to reduce DoV, DoC, and DoS risks. Full article

The number of new vulnerabilities continues to rise significantly each year. Simultaneously, vulnerability databases have challenges in promptly sharing new security events with enough information to improve protections against emerging cyberattack vectors and possible exploits. In this context, several organizations adopt strategies to protect their data, technologies, and infrastructures from cyberattacks by implementing anticipatory and proactive approaches to their system security activities. To this end, vulnerability management systems play a crucial role in mitigating the impact of cyberattacks by identifying potential vulnerabilities within an organization and alerting cyber teams. However, the effectiveness of these systems, which employ multiple methods and techniques to identify weaknesses, relies heavily on the accuracy of published security events. For this reason, we introduce a discussion concerning existing vulnerability detection methods through an in-depth literature study of several research papers. Based on the results, this paper points out some issues related to vulnerability databases handling that impact the effectiveness of certain vulnerability identification methods. Furthermore, after summarizing the existing methodologies, this study classifies them into four approaches and discusses the challenges, findings, and potential research directions. Full article

Integration of the Internet of Things (IoT) in industrial settings necessitates robust cybersecurity measures to mitigate risks such as data leakage, vulnerability exploitation, and compromised information flows. Recent cyberattacks on critical industrial systems have highlighted the lack of threat analysis in software development processes. While existing threat modeling frameworks such as STRIDE enumerate potential security threats, they often lack detailed mapping of the sequences of threats that adversaries might exploit to apply cyberattacks. Our study proposes an enhanced approach to systematic threat modeling and data flow-based attack scenario analysis for integrating cybersecurity measures early in the development lifecycle. We enhance the STRIDE framework by extending it to include attack scenarios as sequences of threats exploited by adversaries. This extension allows us to illustrate various attack scenarios and demonstrate how these insights can aid system designers in strengthening their defenses. Our methodology prioritizes vulnerabilities based on their recurrence across various attack scenarios, offering actionable insights for enhancing system security. A case study in the automotive industry illustrates the practical application of our proposed methodology, demonstrating significant improvements in system security through proactive threat modeling and analysis of attack impacts. The results of our study provide actionable insights to improve system design and mitigate vulnerabilities. Full article

In the history of access control, nearly every system designed has relied on the operating system (OS) to enforce the access control protocols. However, if the OS (and specifically root access) is compromised, there are few if any solutions that can get users back into their system efficiently. In this work, we have proposed a novel approach that allows secure and efficient rollback of file access control after an adversary compromises the OS and corrupts the access control metadata. Our key observation is that the underlying flash memory typically performs out-of-place updates. Taking advantage of this unique feature, we can extract the “stale data” specific for OS access control, by performing low-level disk forensics over the raw flash memory. This allows efficiently rolling back the OS access control to a state pre-dating the compromise. To justify the feasibility of the proposed approach, we have implemented it in a computing device using file system EXT2/EXT3 and open-sourced flash memory firmware OpenNFM. We also evaluated the potential impact of our design on the original system. Experimental results indicate that the performance of the affected drive is not significantly impacted. Full article

Ideally, in a real cyberattack, the early detection of probable hacker intent can lead to improved mitigation or prevention of exploitation. With the knowledge of basic principles of communication protocols, the reconnaissance/scanning phase intentions of a hacker can be inferred by detecting specific patterns of behavior associated with hacker tools and commands. Analyzing the reconnaissance behavior of the TCP Syn Scan between Nmap and the host, we built machine learning models incorporating the use of a filtering method we developed for labeling a dataset for detection of this behavior. We conclude that feature selection and detailed targeted labeling, based on behavior patterns, yield a high accuracy and F1 Score using Random Forest and Logistics Regression classifiers. Full article

The rising frequency and complexity of cybersecurity threats necessitate robust monitoring and rapid response capabilities to safeguard digital assets effectively. As a result, many organizations are increasingly establishing Security Operations Centers (SOCs) to actively detect and respond to cybersecurity incidents. This paper addresses the intricate process of setting up a SOC, emphasizing the need for careful planning, substantial resources, and a strategic approach. This study outlines the essential steps involved in defining the SOC’s objectives and scope, selecting appropriate technologies, recruiting skilled cybersecurity professionals, and developing processes throughout the SOC lifecycle. This paper aims to provide a comprehensive understanding of the SOC’s threat detection capabilities and use cases. It also highlights the importance of choosing technologies that integrate seamlessly with existing IT infrastructure to ensure broad coverage of SOC activities. Furthermore, this study offers actionable insights for organizations looking to enhance their SOC capabilities, including a technical overview of SOC use case coverage and a gap assessment of detection rules. This assessment is based on an alignment with the MITRE ATT&CK framework and an analysis of events generated by the company’s existing IT devices and products. The findings from this research elucidate the indispensable role that SOCs play in bolstering organizational cybersecurity and resilience. Full article

Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables. Full article

This paper examines the impact of stringent regulations on personal data protection on customer perception of data security and online shopping behavior. In the context of the rapidly expanding e-commerce landscape, ensuring the security of personal data is a complex and crucial task. The study of several legal frameworks, including Malaysia’s compliance with EU regulations and Indonesia’s Personal Data Protection Law, provides valuable insights into consumer data protection. The challenges of balancing data safeguarding and unrestricted movement and tackling misuse by external entities are significant and require careful consideration. This research elucidates the pivotal role of trust in e-commerce environments and the deployment of innovative e-commerce models designed to minimize personal data sharing. By integrating advanced privacy-enhancing technologies and adhering to stringent regulatory standards such as the GDPR, this study demonstrates effective strategies for robust data protection. The paper contributes to the academic discourse by providing a comprehensive framework that synergizes legal, technological, and procedural elements to fortify data security and enhance consumer trust in digital marketplaces. This approach aligns with international data protection standards and offers a pragmatic blueprint for achieving sustainable data security in e-commerce. Full article

The Internet has become the primary vehicle for doing almost everything online, and smartphones are needed for almost everyone to live their daily lives. As a result, cybersecurity is a top priority in today’s world. As Internet usage has grown exponentially with billions of users and the proliferation of Internet of Things (IoT) devices, cybersecurity has become a cat-and-mouse game between attackers and defenders. Cyberattacks on systems are commonplace, and defense mechanisms are continually updated to prevent them. Based on a literature review of cybersecurity vulnerabilities, attacks, and preventive measures, we find that cybersecurity problems are rooted in computer system architectures, operating systems, network protocols, design options, heterogeneity, complexity, evolution, open systems, open-source software vulnerabilities, user convenience, ease of Internet access, global users, advertisements, business needs, and the global market. We investigate common cybersecurity vulnerabilities and find that the bare machine computing (BMC) paradigm is a possible solution to address and eliminate their root causes at many levels. We study 22 common cyberattacks, identify their root causes, and investigate preventive mechanisms currently used to address them. We compare conventional and bare machine characteristics and evaluate the BMC paradigm and its applications with respect to these attacks. Our study finds that BMC applications are resilient to most cyberattacks, except for a few physical attacks. We also find that BMC applications have inherent security at all computer and information system levels. Further research is needed to validate the security strengths of BMC systems and applications. Full article

Deep learning models have demonstrated significant advantages over traditional algorithms in image processing tasks like object detection. However, a large amount of data are needed to train such deep networks, which limits their application to tasks such as biometric recognition that require more training samples for each class (i.e., each individual). Researchers developing such complex systems rely on real biometric data, which raises privacy concerns and is restricted by the availability of extensive, varied datasets. This paper proposes a generative adversarial network (GAN)-based solution to produce training data (palm images) for improved biometric (palmprint-based) recognition systems. We investigate the performance of the most recent StyleGAN models in generating a thorough contactless palm image dataset for application in biometric research. Training on publicly available H-PolyU and IIDT palmprint databases, a total of 4839 images were generated using StyleGAN models. SIFT (Scale-Invariant Feature Transform) was used to find uniqueness and features at different sizes and angles, which showed a similarity score of 16.12% with the most recent StyleGAN3-based model. For the regions of interest (ROIs) in both the palm and finger, the average similarity scores were 17.85%. We present the Frechet Inception Distance (FID) of the proposed model, which achieved a 16.1 score, demonstrating significant performance. These results demonstrated StyleGAN as effective in producing unique synthetic biometric images. Full article

The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five Thai and four non-Thai) were assessed using three vulnerability detection tools: AndroBugs, MobSF, and QARK. The results showed that both Thai and non-Thai mobile banking applications had vulnerabilities across multiple OWASP Mobile Top 10 categories, with reverse engineering, code tampering, and insufficient cryptography being the most common. Statistical analysis revealed that Thai banking applications exhibited significantly more vulnerabilities compared to non-Thai banking applications. In the context of vulnerability detection tools, AndroBugs and QARK proved more effective in detecting vulnerabilities compared to MobSF. Additionally, the study highlights critical security challenges in mobile banking applications, particularly for Thai banks, and emphasises the need for enhanced security measures. The findings also show the importance of using multiple assessment tools for comprehensive security evaluation and suggest potential areas for improvement in mobile banking applications. Full article

Some of the most deployed infrastructures nowadays are Overlay Networks (ONs). They consist of hardware and software components designed to establish private and secure communication channels, typically over the Internet. ONs are among the most reliable technologies for achieving this objective and represent the next-generation solution for secure communication. In this paper, we analyze important network performance metrics (RTT, bandwidth) while varying the type of Overlay Network used for interconnecting traffic between two or more hosts (within the same data center, in different data centers in the same building, or over the Internet). These networks establish connections between KVM (Kernel-based Virtual Machine) instances rather than the typical Docker/LXC/Podman containers. The first analysis will assess network performance as it is, without any overlay channels. The second will establish various types of channels without encryption, and the final one will encapsulate overlay traffic via IPsec (Transport mode), where encrypted channels like VTI are not already available for use. The obtained performance is demonstrated through a comprehensive set of traffic-simulation campaigns. Full article

Cyberattacks are rapidly evolving both in terms of techniques and frequency, from low-level attacks through to sophisticated Advanced Persistent Threats (APTs). There is a need to consider how testbed environments such as cyber ranges can be readily deployed to improve the examination of attack characteristics, as well as the assessment of defences. Whilst cyber ranges are not new, they can often be computationally expensive, require an extensive setup and configuration, or may not provide full support for areas such as logging or ongoing learning. In this paper, we propose GoibhniUWE, a container-based cyber range that provides a flexible platform for investigating the full lifecycle of a cyberattack. Adopting a modular approach, users can seamlessly switch out existing, containerised vulnerable services and deploying multiple different services at once, allowing for the creation of complex and realistic deployments. The range is fully instrumented with logging capabilities from a variety of sources including Intrusion Detection Systems (IDSs), service logging, and network traffic captures. To demonstrate the effectiveness of our approach, we deploy the GoibhniUWE range under multiple conditions to simulate various vulnerable environments, reporting on and comparing key metrics such as CPU and memory usage. We simulate complex attacks which span multiple services and networks, with logging at multiple levels, modelling an Advanced Persistent Threat (APT) and their associated Tactics, Techniques, and Procedures (TTPs). We find that even under continuous, active, and targeted deployment, GoibhniUWE averaged a CPU usage of less than 50%, in an environment using four single-core processors, and memory usage of less than 4.5 GB. Full article

Data breach incidents are now a regular occurrence, with millions of people affected worldwide. Few studies have examined the psychological aspects of data breach experiences, however, or the individual differences that influence how people react to these events. In this study, we examined the psychological stress associated with a personal experience with a data breach and several individual differences hypothesized to modulate such stress (age, gender, digital security awareness and expertise, trait anxiety, negative emotionality, and propensity to worry). A student sample (N = 166) and a community sample (N = 359) completed an online survey that asked participants to describe their most serious data breach and then complete the Impact of Events Scale—Revised (IES-R) to answer specific questions about the nature of the stress they experienced after the breach. Standard measures of trait anxiety, negative emotionality, and propensity to worry were also completed. A Data Breach Severity Index (DBSI) was created to quantify the invasiveness and consequences of each participant’s data breach. Hierarchical multiple regression analyses were used to identify demographic variables and psychological characteristics predictive of IES-R scores while controlling for DBSI scores. As expected, more invasive and consequential data breaches were associated with higher IES-R scores (greater data-breach-induced stress). Women had higher IES-R scores than men, and this difference persisted after controlling for gender differences in anxiety, negative emotionality, and propensity to worry. Greater daily social media use was associated with higher IES-R scores, whereas higher digital security expertise was associated with lower IES-R scores. The results illuminate several relationships between demographic and psychological characteristics and data-breach-induced stress that should be investigated further. Full article