Digital Security and Privacy Protection: Trends and Applications

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: 15 June 2024 | Viewed by 11441

Special Issue Editor

Special Issue Information

Dear Colleagues, 

Since digital data such as personal information, corporate business secrets, and important national facilities are stored and utilized in the institution's server or cloud server, they are protected and managed by a high-level information protection program. Informatization and digitization in recent decades have fundamentally changed the way we work and have exposed security issues for individuals and businesses. With the technological development of new technologies such as IoT and AI, interest in the increase and utilization of data has begun. In addition, new methods of acquiring data have been introduced. Data analysis is being studied for the valuable use of data, and it is being actively studied in academia, companies, and government. However, since sensitive digital data can be used as ransomware, research is also needed to solve this problem.

This Special Issue aims to advance the state of the art by gathering original research in the field of software-intensive systems, fundamental connections between the theory of information protection and extensive research on security issues for digital assets and various IT systems and devices. There is no limit to the broad content of various computer engineering topics outside the subject of this special feature.

Prof. Dr. Cheonshik Kim
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity
  • privacy protection
  • information security
  • computing security
  • blockchain
  • big data analysis and applications
  • social network information
  • digital forensics
  • data hiding
  • watermarking

Published Papers (9 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

17 pages, 5543 KiB  
Article
Decentralized Exchange Transaction Analysis and Maximal Extractable Value Attack Identification: Focusing on Uniswap USDC3
by Nakhoon Choi and Heeyoul Kim
Electronics 2024, 13(6), 1098; https://doi.org/10.3390/electronics13061098 - 16 Mar 2024
Viewed by 334
Abstract
With the advancement of blockchain technology and growing concerns about the vulnerabilities and mistrust in centralized financial services, decentralized finance (DeFi) and decentralized exchanges (DEXs) have emerged as promising alternatives. This paper delves into the challenges and issues within DeFi, with a particular [...] Read more.
With the advancement of blockchain technology and growing concerns about the vulnerabilities and mistrust in centralized financial services, decentralized finance (DeFi) and decentralized exchanges (DEXs) have emerged as promising alternatives. This paper delves into the challenges and issues within DeFi, with a particular focus on Uniswap. We highlight the susceptibility to Maximal Extractable Value (MEV) attacks, providing a background on the current state of DeFi and DEXs. Our approach includes a detailed transaction analysis on Uniswap to identify and analyze MEV attack patterns, alongside a method for detecting bots. The results offer critical insights into the nature of various attacks in DEXs and the correlation between internal and external blockchain events and MEV attack patterns. This research provides valuable guidelines for enhancing DEX security and mitigating MEV risks, serving as an essential resource for stakeholders in the DeFi ecosystem. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

25 pages, 3555 KiB  
Article
Secure Multiparty Computation Using Secure Virtual Machines
by Danko Miladinović, Adrian Milaković, Maja Vukasović, Žarko Stanisavljević and Pavle Vuletić
Electronics 2024, 13(5), 991; https://doi.org/10.3390/electronics13050991 - 05 Mar 2024
Viewed by 559
Abstract
The development of new processor capabilities which enable hardware-based memory encryption, capable of isolating and encrypting application code and data in memory, have led to the rise of confidential computing techniques that protect data when processed on untrusted computing resources (e.g., cloud). Before [...] Read more.
The development of new processor capabilities which enable hardware-based memory encryption, capable of isolating and encrypting application code and data in memory, have led to the rise of confidential computing techniques that protect data when processed on untrusted computing resources (e.g., cloud). Before confidential computing technologies, applications that needed data-in-use protection, like outsourced or secure multiparty computation, used purely cryptographic techniques, which had a large negative impact on the processing performance. Processing data in trusted enclaves protected by confidential computing technologies promises to protect data-in-use while possessing a negligible performance penalty. In this paper, we have analyzed the state-of-the-art in the field of confidential computing and present a Confidential Computing System for Artificial Intelligence (CoCoS.ai), a system for secure multiparty computation, which uses virtual machine-based trusted execution environments (in this case, AMD Secure Encrypted Virtualization (SEV)). The security of the proposed solution, as well as its performance, have been formally analyzed and measured. The paper reveals many gaps not reported previously that still exist in the current confidential computing solutions for the secure multiparty computation use case, especially in the processes of creating new secure virtual machines and their attestation, which are tailored for single-user use cases. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

18 pages, 1632 KiB  
Article
ConGraph: Advanced Persistent Threat Detection Method Based on Provenance Graph Combined with Process Context in Cyber-Physical System Environment
by Linrui Li and Wen Chen
Electronics 2024, 13(5), 945; https://doi.org/10.3390/electronics13050945 - 29 Feb 2024
Viewed by 465
Abstract
With the wide use of Cyber-Physical Systems (CPS) in many applications, targets of advanced persistent threats (APTs) have been extended to the IoT and industrial control systems. Provenance graph analysis based on system audit logs has become a promising way for APT detection [...] Read more.
With the wide use of Cyber-Physical Systems (CPS) in many applications, targets of advanced persistent threats (APTs) have been extended to the IoT and industrial control systems. Provenance graph analysis based on system audit logs has become a promising way for APT detection and investigation. However, we cannot afford to ignore that existing provenance-based APT detection systems lack the process–context information at system runtime, which seriously limits detection performance. In this paper, we proposed ConGraph, an approach for detecting APT attacks using provenance graphs combined with process context; we presented a module for collecting process context to detect APT attacks. This module collects file access behavior, network access behavior, and interactive relationship features of processes to enrich semantic information of the provenance graph. It was the first time that the provenance graph was combined with multiple process–context information to improve the detection performance of APT attacks. ConGraph extracts process activity features from the provenance graphs and submits the features to a CNN-BiLSTM model to detect underlying APT activities. Compared to some state-of-the-art models, our model raised the average precision rate, recall rate, and F-1 score by 13.12%, 25.61%, and 24.28%, respectively. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

18 pages, 3471 KiB  
Article
Optimal Weighted Modulus: A Secure and Large-Capacity Data-Hiding Algorithm for High Dynamic Range Images
by Ku-Sung Hsieh and Chung-Ming Wang
Electronics 2024, 13(1), 207; https://doi.org/10.3390/electronics13010207 - 02 Jan 2024
Viewed by 528
Abstract
This paper presents an optimal weighted modulus (OWM) algorithm able to conceal secret messages in a high dynamic range image encoded via the RGBE format, consisting of the red, green, blue, and exponent channels. In contrast to current state-of-the-art schemes, which mainly employ [...] Read more.
This paper presents an optimal weighted modulus (OWM) algorithm able to conceal secret messages in a high dynamic range image encoded via the RGBE format, consisting of the red, green, blue, and exponent channels. In contrast to current state-of-the-art schemes, which mainly employ limited and vulnerable homogeneous representations, our OWM scheme exploits four channels and an embedding weight to conceal secret messages, thereby offering more embedding capacities and undetectability against steganalytic tools. To reduce the impact on the luminance variation, we confine the maximal change incurred in the exponent channel when embedding secret messages. In addition, we propose an SEC scheme to eliminate the pixel saturation problem, even though a pixel contains values close to the boundary extreme. As a result, the stego images produced not only exhibit high quality but also comply with the RGBE encoding format, making them able to resist malicious steganalytic detection. The experimental results show that our scheme offers larger embedding rates, between 2.8074 and 5.7549 bits per pixel, and the average PSNR value for twelve tone-mapped images is over 48 dB. In addition, the HDR VDP 3.0 metric demonstrates the high fidelity of stego HDR images, where the average Q value is close to the upper bound of 10.0. Our scheme can defeat RS steganalytic attacks and resist image compatibility attacks. A comparison result confirms that our scheme outperforms six current state-of-the-art schemes. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

35 pages, 17068 KiB  
Article
Instantiation and Implementation of HEAD Metamodel in an Industrial Environment: Non-IoT and IoT Case Studies
by Nadine Kashmar, Mehdi Adda, Hussein Ibrahim, Jean-François Morin and Tony Ducheman
Electronics 2023, 12(15), 3216; https://doi.org/10.3390/electronics12153216 - 25 Jul 2023
Viewed by 919
Abstract
Access to resources can take many forms: digital access via an onsite network, through an external site, website, etc., or physical access to labs, machines, information repositories, etc. Whether access to resources is digital or physical, it must be allowed, denied, revoked, or [...] Read more.
Access to resources can take many forms: digital access via an onsite network, through an external site, website, etc., or physical access to labs, machines, information repositories, etc. Whether access to resources is digital or physical, it must be allowed, denied, revoked, or disabled using robust and coherent access control (AC) models. What makes the process of AC more complicated is the emergence of digital transformation technologies and pervasive systems such as the internet of things (IoT) and industry 4.0 systems, especially with the growing demand for transparency in users’ interaction with various applications and services. Controlling access and ensuring security and cybersecurity in IoT and industry 4.0 environments is a challenging task. This is due to the increasing distribution of resources and the massive presence of cyber-threats and cyber-attacks. To ensure the security and privacy of users in industry sectors, we need an advanced AC metamodel that defines all the required components and attributes to derive various instances of AC models and follow the new and increasing demand for AC requirements due to continuous technology upgrades. Due to the several limitations in the existing metamodels and their inability to answer the current AC requirements, we have developed a Hierarchical, Extensible, Advanced, Dynamic (HEAD) AC metamodel with significant features that overcome the existing metamodels’ limitations. In this paper, the HEAD metamodel is employed to specify the needed AC policies for two case studies inspired by the computing environment of Institut Technologique de Maintenance Industrielle (ITMI)-Sept-Îles, QC, Canada; the first is for ITMI’s local (non-IoT) environment and the second for ITMI’s IoT environment. For each case study, the required AC model is derived using the domain-specific language (DSL) of HEAD metamodel, then Xtend notation (an expressive dialect of Java) is utilized to generate the needed Java code which represents the concrete instance of the derived AC model. At the system level, to get the needed AC rules, Cypher statements are generated and then injected into the Neo4j database to represent the Next Generation Access Control (NGAC) policy as a graph. NGAC framework is used as an enforcement point for the rules generated by each case study. The results show that the HEAD metamodel can be adapted and integrated into various local and distributed environments. It can serve as a unified framework, answer current AC requirements and follow policy upgrades. To demonstrate that the HEAD metamodel can be implemented on other platforms, we implement an administrator panel using VB.NET and SQL. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

18 pages, 3879 KiB  
Article
A New Approach for Anonymizing Transaction Data with Set Values
by Soon-Seok Kim
Electronics 2023, 12(14), 3047; https://doi.org/10.3390/electronics12143047 - 12 Jul 2023
Viewed by 566
Abstract
This article proposes a new method that can guarantee strong privacy while minimizing information loss in transactional data composed of a set of each attribute value in a relational database, which is not generally well-known structured data. The proposed scheme adopts the same [...] Read more.
This article proposes a new method that can guarantee strong privacy while minimizing information loss in transactional data composed of a set of each attribute value in a relational database, which is not generally well-known structured data. The proposed scheme adopts the same top-down partitioning algorithm as the existing k-anonymity model, using local generalization to optimize safety and CPU execution time. At the same time, the information loss rate, which is a disadvantage of the existing local generalization, is further improved by reallocating transactions through an additional bottom-up tree search process after the partitioning process. Our scheme shows a very fast processing time compared to the HgHs algorithm using generalization and deletion techniques. In terms of information loss, our scheme shows much better performance than any schemes proposed so far, such as the existing local generalization or HgHs algorithm. In order to evaluate the efficiency of our algorithm, the experiment compared its performance with the existing local generalization and the HgHs algorithm, in terms of both execution time and information loss rate. As a result of the experiment, for example, when k is 5 in k-anonymity for the dataset BMS-WebView-2, the execution time of our scheme is up to 255 times faster than the HgHs algorithm, and with regard to the information loss rate, our method showed a maximum rate of 62.37 times lower than the local generalization algorithm. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

29 pages, 8008 KiB  
Article
A New Optimal Method for the Secure Design of Combinational Circuits against Hardware Trojans Using Interference Logic Locking
by Zahra Mirmohammadi and Shahram Etemadi Borujeni
Electronics 2023, 12(5), 1107; https://doi.org/10.3390/electronics12051107 - 23 Feb 2023
Viewed by 1083
Abstract
Effective resistance to intellectual property theft, reverse engineering, and hardware Trojan insertion in integrated circuit supply chains is increasingly essential, for which many solutions have been proposed. Accordingly, strong attacks are also designed in this field. One way to achieve the above goal [...] Read more.
Effective resistance to intellectual property theft, reverse engineering, and hardware Trojan insertion in integrated circuit supply chains is increasingly essential, for which many solutions have been proposed. Accordingly, strong attacks are also designed in this field. One way to achieve the above goal is obfuscation. The hardware obfuscation method hides the primary function of the circuit and the normal Netlist from the attacker by adding several key gates in the original Netlist. The functionality circuit is correct only if the correct key is applied; otherwise, the circuit is obfuscated. In recent years, various obfuscation methods have been proposed. One is logic locking, the most prominent hardware protection technique since it can protect against untrusted items. Logic locking induces functional and structural changes to a design even before the layout generation. We secured the circuit against hardware Trojan insertion with a secure logic locking method based on the insertion of key gates in interference mode. We call our proposed method Secure Interference Logic Locking, SILL. SILL is based on minimum controllability in paths with maximum fan-out. In this method, we have reduced the number of key gates required for circuit obfuscation and created the maximum Hamming distance between normal and obscure outputs. In addition, the key gates are added to the circuit’s complete interference, and the AES algorithm is used to generate the key. Our proposed method, SILL, was simulated in the Vivado simulation environment; the algorithms used in this method were prepared in VHDL language and designed to allow parallel execution, then applied on the original Netlist of the ISCAS85 benchmark circuits. By analyzing and comparing the results of this simulation to recent works, the amount of hardware consumption has decreased (about 5% space consumption and about a 0.15-nanosecond time delay). Then, the SAT attack algorithm was tested on ISCAS85 benchmark circuits that were obfuscated with SILL. The execution time of the attack in the second attempt was 0.24 nanoseconds longer compared to similar recent works, and it timed out in the fourth attempt. The resistance of our proposed method, having less hardware overhead and higher speed is more effective against SAT attacks than the existing conventional methods. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

12 pages, 1320 KiB  
Article
E-Health Self-Help Diagnosis from Feces Images in Real Scenes
by Fengxiang Liao, Jiahao Wan, Lu Leng and Cheonshik Kim
Electronics 2023, 12(2), 344; https://doi.org/10.3390/electronics12020344 - 09 Jan 2023
Cited by 2 | Viewed by 1428
Abstract
Deep learning models and computer vision are commonly integrated for e-health self-help diagnosis. The abnormal colors and traits of feces can reveal the risks of cancer and digestive diseases. As such, this paper develops a self-help diagnostic system to conveniently analyze users’ health [...] Read more.
Deep learning models and computer vision are commonly integrated for e-health self-help diagnosis. The abnormal colors and traits of feces can reveal the risks of cancer and digestive diseases. As such, this paper develops a self-help diagnostic system to conveniently analyze users’ health conditions from feces images at home, which can reduce dependence on professional skills and examinations equipment. Unfortunately, real scenes at home suffer from several severe challenges, including the lack of labeled data, complex backgrounds, varying illumination, etc. A semi-supervised learning strategy is employed to solve the scarcity of labeled data and reduce the burden of manual labeling. The unlabeled data are classified by an initial model that is pretrained on a small number of training data. Then, the labels with high confidence are allocated to the unlabeled samples in order to extend the training data accordingly. With regard to the small feces areas in certain samples, an adaptive upsampling method is proposed to enlarge the suitable local area according to the proportion of the foreground. Synthesized feces images in real scenes are tested to confirm the effectiveness and efficiency of the proposed method. In terms of accuracy, our proposed model can achieve 100% and 99.2% on color and trait recognition in medical scenes, respectively, and 99.1% and 100% on color and trait recognition in real scenes, respectively. The related datasets and codes will be released on Github. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

26 pages, 3176 KiB  
Article
Forensic Analysis of TikTok Alternatives on Android and iOS Devices: Byte, Dubsmash, and Triller
by Yansi Keim, Shinelle Hutchinson, Apoorva Shrivastava and Umit Karabiyik
Electronics 2022, 11(18), 2972; https://doi.org/10.3390/electronics11182972 - 19 Sep 2022
Cited by 7 | Viewed by 4234
Abstract
TikTok has consistently been one of the most used mobile apps worldwide on any mobile operating system. However, despite people’s enjoyment of using the application, there have been growing concerns about the application’s origins and alleged privacy violations. These allegations have become such [...] Read more.
TikTok has consistently been one of the most used mobile apps worldwide on any mobile operating system. However, despite people’s enjoyment of using the application, there have been growing concerns about the application’s origins and alleged privacy violations. These allegations have become such a big problem that the former President of the United States, Donald Trump, expressed a desire to ban the TikTok application from being offered on US application stores like Google’s Play Store and Apple’s App Store. This remark sent TikTok users into a frenzy to find alternatives before the ban took effect. To this end, several alternative applications for TikTok have surfaced and are already garnering millions of users. In this paper, we identified three popular alternatives to the TikTok application (Byte, Dubmash, and Triller) and forensically analyzed each on smartphones of Android version 8 and iOS version 13. We focused on identifying forensically relevant artifacts that may be helpful to investigators in the event of a criminal investigation, should these or similar apps fall under scrutiny. We used Magnet AXIOM Process and Cellebrite UFED 4PC for acquisition, and Magnet AXIOM Examine and DB Browser for SQLite for analysis and reading. The investigation resulted in successful extraction of expected yet unique data points, plain text sensitive data, directories and format. These results lead to a discussion about identifying and comparing these app’s privacy concerns to that of TikTok, as formulated from the literature. Full article
(This article belongs to the Special Issue Digital Security and Privacy Protection: Trends and Applications)
Show Figures

Figure 1

Back to TopTop