Journal of Cybersecurity and Privacy

The implementation of Central Bank Digital Currencies (CBDCs) faces significant challenges in achieving the same level of anonymity and convenience in offline transactions as cash. This limitation imposes considerable constraints on the development and widespread adoption of CBDCs. Unlike cash, digital currencies, similar to other electronic payment methods, necessitate internet or other network connectivity to verify payment eligibility. This study proposes a secure offline payment model for CBDCs that operates independently of internet or network connections by utilizing a Trusted Platform Module (TPM) to enhance the security of digital currency transactions. Additionally, the monotonic counter, the basic component of the TPM, is integrated into this model to prevent double spending in a completely offline environment. Our research presents a protocol model that combines these easily implementable technologies to facilitate the efficient processing of transactions in CBDCs entirely offline. However, it is crucial to acknowledge the security implications associated with the TPMs and near-field communications upon which this protocol relies. Full article

The efficiency of Shor’s and Grover’s algorithms and the advancement of quantum computers implies that the cryptography used until now to protect one’s privacy is potentially vulnerable to retrospective decryption, also known as the harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post-Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully. Full article

Implementing machine learning is imperative for enhancing advanced cybersecurity practices globally. The current cybersecurity landscape needs further investigation into the potential impasse. This scientometric study aims to comprehensively analyse the study patterns and key contributions at the nexus of cybersecurity and machine learning. The analysis examines publication trends, citation analysis, and intensive research networks to discover key authors, significant organisations, major countries, and emerging research areas. The search was conducted on the Scopus database, and 3712 final documents were selected after a thorough screening from January 2016 to January 2025. The VOSviewer tool was used to map citation networks and visualise co-authorship networks, enabling the discovery of research patterns, top contributors, and hot topics in the domain. The findings uncovered the substantial growth in publications bridging cybersecurity with machine learning and deep learning, involving 2865 authors across 160 institutions and 114 countries. Saudi Arabia emerged as a top contributing nation with flaunting high productivity. IEEE and Sensors are the key publication sources instrumental in producing interdisciplinary research. Iqbal H. Sarker and N. Moustafa are notable authors, with 17 and 16 publications each. This study emphasises the significance of global partnerships and multidisciplinary research in enhancing cybersecurity posture and identifying key research areas for future studies. This study further highlights its importance by guiding policymakers and practitioners to develop advanced machine learning-based cybersecurity strategies. Full article

The growing adoption of smart grid systems presents significant advancements in the efficiency of energy distribution, along with enhanced monitoring and control capabilities. However, the interconnected and distributed nature of these systems also introduces critical security vulnerabilities that must be addressed. This study proposes a secure communication protocol specifically designed for smart grid environments, focusing on authentication, secret key establishment, symmetric encryption, and hash-based message authentication to provide confidentiality and integrity for communication in smart grid environments. The proposed protocol employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, Elliptic Curve Diffie–Hellman (ECDH) for secure key exchange, and Advanced Encryption Standard 256 (AES-256) encryption to protect data transmissions. The protocol follows a structured sequence: (1) authentication—verifying smart grid devices using digital signatures; (2) key establishment—generating and securely exchanging cryptographic keys; and (3) secure communication—encrypting and transmitting/receiving data. An experimental framework has been established to evaluate the protocol’s performance under realistic operational conditions, assessing metrics such as time, throughput, power, and failure recovery. The experimental results show that the protocol completes one server–client request in 3.469 ms for a desktop client and 41.14 ms for a microcontroller client and achieves a throughput of 288.27 requests/s and 24.30 requests/s, respectively. Furthermore, the average power consumed by the protocol is 37.77 watts. The results also show that the proposed protocol is able to recover from transient network disruptions and sustain secure communication. Full article

The increasing complexity and scale of modern software-defined networking demands advanced solutions to address security challenges, particularly distributed denial-of-service (DDoS) attacks in multi-controller environments. Traditional single-controller implementations are struggling to effectively counter sophisticated cyber threats, necessitating a faster and scalable solution. This study introduces a novel approach for attack detection and mitigation with optimized multi-controller software-defined networking (SDN) using machine learning (ML). The study focuses on the design, implementation, and assessment of the optimal placement of multi-controllers using K-means++ and OPTICS in real topologies and an intrusion detection system (IDS) using the XGBoost classification algorithm to detect and mitigate attacks efficiently with accuracy, precision, and recall of 98.5%, 97.0%, and 97.0%, respectively. Additionally, the IDS decouples from the controllers, preserves controller resources, and allows for efficient near-real-time attack detection and mitigation. The proposed solution outperforms well by autonomously identifying anomalous behaviors in networks through successfully combining the controller placement problem (CPP) and DDoS security. Full article

The increasing sophistication of fraud tactics necessitates advanced detection methods to protect financial assets and maintain system integrity. Various approaches based on artificial intelligence have been proposed to identify fraudulent activities, leveraging techniques such as machine learning and deep learning. However, class imbalance remains a significant challenge. We propose several solutions based on advanced generative modeling techniques to address the challenges posed by class imbalance in fraud detection. Class imbalance often hinders the performance of machine learning models by limiting their ability to learn from minority classes, such as fraudulent transactions. Generative models offer a promising approach to mitigate this issue by creating realistic synthetic samples, thereby enhancing the model’s ability to detect rare fraudulent cases. In this study, we introduce and evaluate multiple generative models, including Variational Autoencoders (VAEs), standard Autoencoders (AEs), Generative Adversarial Networks (GANs), and a hybrid Autoencoder–GAN model (AE-GAN). These models aim to generate synthetic fraudulent samples to balance the dataset and improve the model’s learning capacity. Our primary objective is to compare the performance of these generative models against traditional oversampling techniques, such as SMOTE and ADASYN, in the context of fraud detection. We conducted extensive experiments using a real-world credit card dataset to evaluate the effectiveness of our proposed solutions. The results, measured using the BEFS metrics, demonstrate that our generative models not only address the class imbalance problem more effectively but also outperform conventional oversampling methods in identifying fraudulent transactions. Full article

This paper presents an integrated chaos-based algorithm for image encryption that combines the chaotic Hénon map and chaotic logistic map (CLM) to enhance the security of digital image communication. The proposed method leverages chaos theory to generate cryptographic keys, utilizing a 1D key from the logistic map generator and a 2D key from the chaotic Hénon map generator. These chaotic maps produce highly unpredictable and complex keys essential for robust encryption. Extensive experiments demonstrate the algorithm’s resilience against various attacks, including chosen-plaintext, noise, clipping, occlusion, and known-plaintext attacks. Performance evaluation in terms of encryption time, throughput, and image quality metrics validates the effectiveness of the proposed integrated approach. The results indicate that the chaotic Hénon–logistic map integration provides a powerful and secure method for safeguarding digital images during transmission and storage with a key space that reaches up to $2^{200}$. Moreover, the algorithm has potential applications in secure image sharing, cloud storage, and digital forensics, inspiring new possibilities. Full article

The relationship and the interplay between the EU AI Act and the data protection law is a challenging issue. This paper focuses on exploring the interplay between legal provisions stemming from the AI Act and those stemming from the GDPR, with the ultimate goal of developing an integrated framework that simultaneously implements Fundamental Rights Impact Assessment (FRIA) and Data Protection Impact Assessment (DPIA) within the context of Artificial Intelligence (AI) systems, particularly focusing on systems that utilize personal data. This approach is designed to simplify the evaluation processes for stakeholders managing risks related to personal data protection, as well as to other fundamental rights in AI systems, enhancing both efficiency and accuracy in these assessments as well as facilitating compliance with the relevant legal provisions. The methodology adopted involves developing a holistic model that can be applied not only to specific case studies but more broadly across various sectors. Full article

Advances in deep learning have led to dramatic improvements in generative synthetic speech, eliminating robotic speech patterns to create speech that is indistinguishable from a human voice. Although these advances are extremely useful in various applications, they also facilitate powerful attacks against both humans and machines. Recently, a new type of speech attack called partial fake (PF) speech has emerged. This paper studies how well humans and machines, including speaker recognition systems and existing fake-speech detection tools, can distinguish between human voice and computer-generated speech. Our study shows that both humans and machines can be easily deceived by PF speech, and the current defences against PF speech are insufficient. These findings emphasise the urgency of increasing awareness for humans and creating new automated defences against PF speech for machines. Full article

Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other’s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider–defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry. Full article

Banking malware poses a significant threat to users by infecting their computers and then attempting to perform malicious activities such as surreptitiously stealing confidential information from them. Banking malware variants are also continuing to evolve and have been increasing in numbers for many years. Amongst these, the banking malware Zeus and its variants are the most prevalent and widespread banking malware variants discovered. This prevalence was expedited by the fact that the Zeus source code was inadvertently released to the public in 2004, allowing malware developers to reproduce the Zeus banking malware and develop variants of this malware. Examples of these include Ramnit, Citadel, and Zeus Panda. Tools such as anti-malware programs do exist and are able to detect banking malware variants, however, they have limitations. Their reliance on regular updates to incorporate new malware signatures or patterns means that they can only identify known banking malware variants. This constraint inherently restricts their capability to detect novel, previously unseen malware variants. Adding to this challenge is the growing ingenuity of malicious actors who craft malware specifically developed to bypass signature-based anti-malware systems. This paper presents an overview of the Zeus, Zeus Panda, and Ramnit banking malware variants and discusses their communication architecture. Subsequently, a methodology is proposed for detecting banking malware C&C communication traffic, and this methodology is tested using several feature selection algorithms to determine which feature selection algorithm performs the best. These feature selection algorithms are also compared with a manual feature selection approach to determine whether a manual, automated, or hybrid feature selection approach would be more suitable for this type of problem. Full article

Intrusion detection has been a vast-surveyed topic for many decades as network attacks are tremendously growing. This has heightened the need for security in networks as web-based communication systems are advanced nowadays. The proposed work introduces an intelligent semi-supervised intrusion detection system based on different algorithms to classify the network attacks accurately. Initially, the pre-processing is accomplished using null value dropping and standard scaler normalization. After pre-processing, an enhanced Deep Reinforcement Learning (EDRL) model is employed to extract high-level representations and learn complex patterns from data by means of interaction with the environment. The enhancement of deep reinforcement learning is made by associating a deep autoencoder (AE) and an improved flamingo search algorithm (IFSA) to approximate the Q-function and optimal policy selection. After feature representations, a support vector machine (SVM) classifier, which discriminates the input into normal and attack instances, is employed for classification. The presented model is simulated in the Python platform and evaluated using the UNSW-NB15, CICIDS2017, and NSL-KDD datasets. The overall classification accuracy is 99.6%, 99.93%, and 99.42% using UNSW-NB15, CICIDS2017, and NSL-KDD datasets, which is higher than the existing detection frameworks. Full article

The Zero Trust Architecture (ZTA) security system follows the “never trust, always verify” principle. The process constantly verifies users and devices trying to access resources. This paper describes how Microsoft Azure uses ZTA to enforce strict identity verification and access rules across the cloud environment to improve security. Implementation takes time and effort. Azure’s extensive services and customizations require careful design and implementation. Azure administrators need help navigating and changing configurations due to its complex user interface (UI). Each Azure ecosystem component must meet ZTA criteria. ZTAs comprehensive policy definitions, multi-factor and passwordless authentication, and other advanced features are tested in a mid-size business scenario. The document delineates several principal findings concerning the execution of Azure’s ZTA within mid-sized enterprises. Azure ZTA significantly improves security by reducing attack surfaces via ongoing identity verification, stringent access controls, and micro-segmentation. Nonetheless, its execution is resource-demanding and intricate, necessitating considerable expertise and meticulous planning. A notable disparity exists between theoretical ZTA frameworks and their practical implementation, characterized by disjointed management interfaces and user fatigue resulting from incessant authentication requests. The case studies indicate that although Zero Trust Architecture enhances organizational security and mitigates risks, it may disrupt operations and adversely affect user experience, particularly in hybrid and fully cloud-based settings. The study underscores the necessity for customized configurations and the equilibrium between security and usability to ensure effective ZTA implementation. Full article

Digital evidence is a critical component in today’s organizations, as it is the foundation on which any certification is based. This paper presents a risk assessment of evidence in the certification domain to identify the main security risks. To mitigate these risks, it also proposes an adaptation of an existing Blockchain-based audit trail system to create an evidence trustworthiness system enhancing security and usability. This system covers specific additional requirements from auditors: evidence confidentiality and integrity verification automation. The system has been validated with cloud service providers to increase the security of evidence for a cybersecurity certification process. However, it can be also extended to other certification domains. Full article

Today, IT organizations largely rely on cloud computing services to meet their infrastructure needs, making it the backbone of the industry. However, several challenges remain that need to be effectively addressed. Data breaches, identity and access management problems, unsafe interfaces and APIs, data loss, shared technology vulnerabilities, compliance and legal issues, inadequate data encryption, lack of visibility and control, delayed security patching, and the requirement to have faith in the cloud service provider’s security procedures are the primary security challenges in cloud computing. Blockchain technology has emerged as a promising technology to address many of these security issues. In this paper, an extensive study is carried out to analyze the security issues in the cloud and the categorization of gathered security issues in terms of security requirements, such as confidentiality, integrity, availability, authenticity, and privacy. Research questions are framed to dig deeper into the different blockchain-enabled solutions present to resolve cloud security issues, such as access control, identity management (IDM), and data integrity verification, along with their analysis. In-detail comparative analysis of the above blockchain-assisted solutions is also presented along with the future research directions. Full article

Globally, 77% of the elderly aged 65 and above suffer from multiple chronic ailments, according to recent research. However, several barriers within the healthcare system in the developing world hinder the adoption of home-based patient management, hence the need for the IoMT, whose application raises security concerns, particularly in authentication. Several authentication techniques have been proposed; however, they lack a balance of security and usability. This paper proposes a Naive Bayes based adaptive user authentication app that calculates the risk associated with a login attempt on an Android device for elderly users, using their health conditions, risk score, and available authenticators. This authentication technique guided by the MAPE-K_HMT framework makes use of embedded smartphone sensors. Results indicate a 100% and 98.6% accuracy in usable-security metrics, while cross-validation and normalization results also support the accuracy, efficiency, effectiveness, and usability of our model with room for scaling it up without computational costs and generalizing it beyond SSA. The post-deployment evaluation also confirms that users found the app usable and secure. A few areas need further refinement to improve the accuracy, usability, security, and acceptance but the model shows potential to improve users’ compliance with IoMT security, thereby promoting the attainment of SDG3. Full article

In recent years, Machine Learning (ML) and Artificial Intelligence (AI) have been gaining ground in Cyber Security (CS) research in an attempt to counter increasingly sophisticated attacks. However, this paper poses the question of qualitative and quantitative data. This paper argues that scholarly research in this domain is severely impacted by the quality and quantity of available data. Datasets are disparate. There is no uniformity in (i) the dataset features, (ii) the methods of collection, or (iii) the preprocessing requirements to enable good-quality analyzed data that are suitable for automated decision-making. This review contributes to the existing literature by providing a single summary of the wider field in relation to AI, evaluating the most recent datasets, combining considerations of ethical AI, and posing a list of open research questions to guide future research endeavors. Thus, this paper contributes valuable insights to the cyber security field, fostering advancements for the application of AI/ML. Full article

Modern computing systems are primarily designed for maximum performance, which inadvertently introduces vulnerabilities at the micro-architecture level. While cache side-channel analysis has received significant attention, other Central Processing Units (CPUs) components like the Translation Lookaside Buffer (TLB) can also be exploited to leak sensitive information. This paper focuses on the TLB, a micro-architecture component that is vulnerable to side-channel attacks. Despite the coarse granularity at the page level, advancements in tools and techniques have made TLB information leakage feasible. The primary goal of this study is not to demonstrate the potential for information leakage from the TLB but to establish a comprehensive framework to reverse engineer the TLB configuration, a critical aspect of side-channel analysis attacks that have previously succeeded in extracting sensitive data. The methodology involves detailed reverse engineering efforts on Intel CPUs, complemented by analytical tools to support TLB reverse engineering. This study successfully reverse-engineered the TLB configurations for Intel CPUs and introduced visual tools for further analysis. These results can be used to explore TLB vulnerabilities in greater depth. However, when attempting to apply the same methodology to the IBM Power9, it became clear that the methodology was not transferable, as mapping functions and performance counters vary across different vendors. Full article

In this study, we investigated the expanding problem of suspicious activity when using online in-game asset trading platforms. The decentralized structures and anonymity offered by these platforms provide a basis for suspicious actions, creating a threat to the virtual economy. By evaluating 18,157 rows of anonymized transaction data from 38 unique sellers with the help of the interquartile range approach and network analysis, we were able to identify suspicious activities. The results highlight suspicious online activities of individual transactions. This research contributes by identifying new, concerning trends and unraveling complex networks by analyzing in-game asset transaction data. It also assists in informing experts and lawmakers about new suspicious activities. Full article