Next Issue
Volume 4, June
Previous Issue
Volume 3, December
 
 

J. Cybersecur. Priv., Volume 4, Issue 1 (March 2024) – 7 articles

  • Issues are regarded as officially published after their release is announced to the table of contents alert mailing list.
  • You may sign up for e-mail alerts to receive table of contents of newly released issues.
  • PDF is the official format for papers published in both, html and pdf forms. To view the papers in pdf format, click on the "PDF Full-text" link, and use the free Adobe Reader to open them.
Order results
Result details
Section
Select all
Export citation of selected articles as:
27 pages, 1397 KiB  
Review
Image Encryption Algorithms: A Survey of Design and Evaluation Metrics
by Yousef Alghamdi and Arslan Munir
J. Cybersecur. Priv. 2024, 4(1), 126-152; https://doi.org/10.3390/jcp4010007 - 23 Feb 2024
Viewed by 1037
Abstract
Ensuring confidentiality and privacy is critical when it comes to sharing images over unsecured networks such as the internet. Since widely used and secure encryption methods, such as AES, Twofish, and RSA, are not suitable for real-time image encryption due to their slow [...] Read more.
Ensuring confidentiality and privacy is critical when it comes to sharing images over unsecured networks such as the internet. Since widely used and secure encryption methods, such as AES, Twofish, and RSA, are not suitable for real-time image encryption due to their slow encryption speeds and high computational requirements, researchers have proposed specialized algorithms for image encryption. This paper provides an introduction and overview of the image encryption algorithms and metrics used, aiming to evaluate them and help researchers and practitioners starting in this field obtain adequate information to understand the current state of image encryption algorithms. This paper classifies image encryption into seven different approaches based on the techniques used and analyzes the strengths and weaknesses of each approach. Furthermore, this paper provides a detailed review of a comprehensive set of security, quality, and efficiency evaluation metrics for image encryption algorithms, and provides upper and lower bounds for these evaluation metrics. Finally, this paper discusses the pros and cons of different image encryption approaches as well as the suitability of different image encryption approaches for different applications. Full article
(This article belongs to the Special Issue Multimedia Security and Privacy)
Show Figures

Figure 1

21 pages, 1824 KiB  
Article
Incidental Data: A Survey towards Awareness on Privacy-Compromising Data Incidentally Shared on Social Media
by Stefan Kutschera, Wolfgang Slany, Patrick Ratschiller, Sarina Gursch, Patrick Deininger and Håvard Dagenborg
J. Cybersecur. Priv. 2024, 4(1), 105-125; https://doi.org/10.3390/jcp4010006 - 23 Feb 2024
Viewed by 676
Abstract
Sharing information with the public is becoming easier than ever before through the usage of the numerous social media platforms readily available today. Once posted online and released to the public, information is almost impossible to withdraw or delete. More alarmingly, postings may [...] Read more.
Sharing information with the public is becoming easier than ever before through the usage of the numerous social media platforms readily available today. Once posted online and released to the public, information is almost impossible to withdraw or delete. More alarmingly, postings may carry sensitive information far beyond what was intended to be released, so-called incidental data, which raises various additional security and privacy concerns. To improve our understanding of the awareness of incidental data, we conducted a survey where we asked 192 students for their opinions on publishing selected postings on social media. We found that up to 21.88% of all participants would publish a posting that contained incidental data that two-thirds of them found privacy-compromising. Our results show that continued efforts are needed to increase our awareness of incidental data posted on social media. Full article
(This article belongs to the Special Issue Data Protection and Privacy)
Show Figures

Figure 1

29 pages, 3471 KiB  
Article
Experiential Transformation in Privacy Behavior: A New Framework for Privacy Behavior Enhancement
by Ioannis Paspatis and Aggeliki Tsohou
J. Cybersecur. Priv. 2024, 4(1), 76-104; https://doi.org/10.3390/jcp4010005 - 07 Feb 2024
Viewed by 950
Abstract
Multiple studies have demonstrated that the conventional method of learning is suboptimal when our goal is to enhance individuals’ genuine privacy behavior. This study introduces a framework for transforming privacy behavior, with the objective of enhancing individuals’ privacy practices to a higher level [...] Read more.
Multiple studies have demonstrated that the conventional method of learning is suboptimal when our goal is to enhance individuals’ genuine privacy behavior. This study introduces a framework for transforming privacy behavior, with the objective of enhancing individuals’ privacy practices to a higher level of confidentiality. We performed an experiment on a limited number of people to validate the efficacy of our suggested transformation framework. This framework combined determining aspects of privacy behavior with experiential behavior modification methodologies such as neutral stimuli (e.g., cognitive behavioral transformation—CBTx), practical assessments and motivational interviews from other disciplines. While these methods have proven effective in fields like psychology and sociology, they have not yet been applied to the realm of Information Computer and Technology (ICT). In this study, we have effectively demonstrated the efficacy of the proposed framework through a five-phase experiment. The suggested framework has the potential to be advantageous for educational institutions, including both public and private schools as well as universities, to construct new frameworks or develop new methodologies regarding individuals’ privacy behavior transformation to a more protective one. Furthermore, our framework offers a conducive environment for further investigation into privacy behavior transformation methodologies. Full article
Show Figures

Figure 1

21 pages, 535 KiB  
Article
Security Attack Behavioural Pattern Analysis for Critical Service Providers
by Elias Seid, Oliver Popov and Fredrik Blix
J. Cybersecur. Priv. 2024, 4(1), 55-75; https://doi.org/10.3390/jcp4010004 - 10 Jan 2024
Viewed by 1062
Abstract
Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis [...] Read more.
Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis must consider both strategic (social and organisational) aspects and technical (software and physical infrastructure) aspects. Studying cyberattacks and their potential impact on internal and external assets in cyberspace is essential for maintaining cyber security. The importance is reflected in the work of the Swedish Civil Contingencies Agency (MSB), which receives IT incident reports from essential service providers mandated by the NIS directive of the European Union and Swedish government agencies. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber–physical systems. This paper scrutinises security attack patterns and the corresponding security solutions for Swedish government agencies and organisations within the EU’s NIS directive. A pattern analysis was conducted on 254 security incident reports submitted by critical service providers. A total of five critical security attacks, seven vulnerabilities (commonly known as threats), ten attack patterns, and ten parallel attack patterns were identified. Moreover, we employed standard mitigation techniques obtained from recognised repositories of cyberattack knowledge, namely, CAPEC and Mitre, in order to conduct an analysis of the behavioural patterns Full article
(This article belongs to the Special Issue Secure Software Engineering)
Show Figures

Figure 1

14 pages, 990 KiB  
Article
Continued Fractions Applied to the One Line Factoring Algorithm for Breaking RSA
by Anthony Overmars and Sitalakshmi Venkatraman
J. Cybersecur. Priv. 2024, 4(1), 41-54; https://doi.org/10.3390/jcp4010003 - 10 Jan 2024
Viewed by 643
Abstract
The RSA (Rivest–Shamir–Adleman) cryptosystem is an asymmetric public key cryptosystem popular for its use in encryptions and digital signatures. However, the Wiener’s attack on the RSA cryptosystem utilizes continued fractions, which has generated much interest in developing competitive factoring algorithms. A general-purpose integer [...] Read more.
The RSA (Rivest–Shamir–Adleman) cryptosystem is an asymmetric public key cryptosystem popular for its use in encryptions and digital signatures. However, the Wiener’s attack on the RSA cryptosystem utilizes continued fractions, which has generated much interest in developing competitive factoring algorithms. A general-purpose integer factorization method first proposed by Lehmer and Powers formed the basis of the well-known Continued Fraction Factorization (CFRAC) method. Recent work on the one line factoring algorithm by Hart and its connection with Lehman’s factoring method have motivated this paper. The emphasis of this paper is to explore the representations of PQ as continued fractions and the suitability of lower ordered convergences as representations of ab. These simpler convergences are then prescribed to Hart’s one line factoring algorithm. As an illustration, we demonstrate the working of our approach with two numbers: one smaller number and another larger number occupying 95 bits. Using our method, the fourth convergence finds the factors as the solution for the smaller number, while the eleventh convergence finds the factors for the larger number. The security of the RSA public key cryptosystem relies on the computational difficulty of factoring large integers. Among the challenges in breaking RSA semi-primes, RSA250, which is an 829-bit semi-prime, continues to hold a research record. In this paper, we apply our method to factorize RSA250 and present the practical implementation of our algorithm. Our approach’s theoretical and experimental findings demonstrate the reduction of the search space and a faster solution to the semi-prime factorization problem, resulting in key contributions and practical implications. We identify further research to extend our approach by exploring limitations and additional considerations such as the difference of squares method, paving the way for further research in this direction. Full article
(This article belongs to the Section Cryptography and Cryptology)
18 pages, 1140 KiB  
Article
Security Vulnerabilities in 5G Non-Stand-Alone Networks: A Systematic Analysis and Attack Taxonomy
by Mohamad Saalim Wani, Michael Rademacher, Thorsten Horstmann and Mathias Kretschmer
J. Cybersecur. Priv. 2024, 4(1), 23-40; https://doi.org/10.3390/jcp4010002 - 02 Jan 2024
Viewed by 1672
Abstract
5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, [...] Read more.
5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks. Full article
Show Figures

Figure 1

22 pages, 690 KiB  
Article
How Close Is Existing C/C++ Code to a Safe Subset?
by Christian DeLozier
J. Cybersecur. Priv. 2024, 4(1), 1-22; https://doi.org/10.3390/jcp4010001 - 28 Dec 2023
Viewed by 877
Abstract
Using a safe subset of C++ is a promising direction for increasing the safety of the programming language while maintaining its performance and productivity. In this paper, we examine how close existing C/C++ code is to conforming to a safe subset of C++. [...] Read more.
Using a safe subset of C++ is a promising direction for increasing the safety of the programming language while maintaining its performance and productivity. In this paper, we examine how close existing C/C++ code is to conforming to a safe subset of C++. We examine the rules presented in existing safe C/C++ standards and safe C/C++ subsets. We analyze the code characteristics of 5.8 million code samples from the Exebench benchmark suite, two C/C++ benchmark suites, and five modern C++ applications using a static analysis tool. We find that raw pointers, unsafe casts, and unsafe library functions are used in both C/C++ code at large and in modern C++ applications. In general, C/C++ code at large does not differ much from modern C++ code, and continued work will be required to transition from existing C/C++ code to a safe subset of C++. Full article
(This article belongs to the Special Issue Secure Software Engineering)
Show Figures

Figure 1

Previous Issue
Next Issue
Back to TopTop