A lightweight framework for cyber risk management in Western Balkan higher education institutions.

Higher education institutions (HEIs) have a significant presence in cyberspace. Data breaches in academic institutions are becoming prevalent. Online platforms in HEIs are a new learning mode, particularly in the post-COVID era. Recent studies on information security indicate a substantial increase in cybersecurity attacks in HEIs, because of their decentralized e-learning structure and diversity of users. In Western Balkans, there is a notable absence of incident response plans in universities, colleges, and academic institutions. Moreover, e-learning management systems have been implemented without considering security. This study proposes a cybersecurity methodology called a lightweight framework with proactive controls to address these challenges. The framework aims to identify cybersecurity vulnerabilities in learning management systems in Western Balkan countries and suggest proactive controls based on a penetration test approach.

What are developers talking about information security? A large-scale study using semantic analysis of Q&A posts.

Background: Digitalization and rapid technological improvement in the present day bring numerous benefits, but they also raise the complexity and diversity of cyber security risks, putting critical information security issues on the agenda. Growing issues and worries about information security endanger not only the security of individuals and organizations but also global social and economic stability. Methods: This study investigates the issues and challenges regarding information security by analyzing all the postings on ISSE (Information Security Stack Exchange), a Q&A website focused on information security. In order to identify the primary topics addressed in postings shared on the ISSE platform, we employed a probabilistic topic modeling method called latent Dirichlet allocation (LDA), which is generative in nature and relies on unsupervised machine learning processes. Results: Through this investigation, a total of 38 topics were identified, demonstrating the present state of information security issues and challenges. Considering these topics, a comprehensive taxonomy of seven categories was devised to address information security issues, taking into account their backgrounds and perspectives. Subsequently, we conducted an examination of the prevalence and complexity of the matters at hand. In addition, we have defined the prevailing technologies utilized in the realm of information security, including tasks, certifications, standards, methods, tools, threats, and defenses. We have provided a number of implications for different stakeholders, including academics, developers, educators, and practitioners, who are working towards advancing the field of information security.

Qualitative study on domestic social robot adoption and associated security concerns among older adults in Slovenia.

Introduction: Despite the increasing use of domestic social robots by older adults, there remains a significant knowledge gap regarding attitudes, concerns, and potential adoption behavior in this population. This study aims to categorize older adults into distinct technology adoption groups based on their attitudes toward domestic social robots and their behavior in using the existing technology. Methods: An exploratory qualitative research design was used, involving semi-structured interviews with 24 retired Slovenian older adults aged 65 years or older, conducted between 26 June and 14 September 2023. Results: Four distinct groups of older adults were identified: (1) Cautious Optimists, (2) Skeptical Traditionalists, (3) Positive Optimists, and (4) Technophiles based on eight characteristics. Discussion: These groups can be aligned with the categories of the Diffusion of Innovation Theory. Privacy and security concerns, influenced by varying levels of familiarity with the technology, pose barriers to adoption. Perceived utility and ease of use vary considerably between groups, highlighting the importance of taking into account the different older adults. The role of social influence in the adoption process is complex, with some groups being more receptive to external opinions, while others exhibit more autonomous decision-making.

Field-Programmable Gate Array-Based Implementation of Zero-Trust Stream Data Encryption for Enabling 6G-Narrowband Internet of Things Massive Device Access.

With the advent of 6G Narrowband IoT (NB-IoT) technology, IoT security faces inevitable challenges due to the application requirements of Massive Machine-Type Communications (mMTCs). In response, a 6G base station (gNB) and User Equipment (UE) necessitate increased capacities to handle a larger number of connections while maintaining reasonable performance during operations. To address this developmental trend and overcome associated technological hurdles, this paper proposes a hardware-accelerated and software co-designed mechanism to support streaming data transmissions and secure zero-trust inter-endpoint communications. The proposed implementations aim to offload processing efforts from micro-processors and enhance global system operation performance by hardware and software co-design in endpoint communications. Experimental results demonstrate that the proposed secure mechanism based on the use of non-repeating keys and implemented in FPGA, can save 85.61%, 99.71%, and 95.68% of the micro-processor's processing time in key block generations, non-repeating checks, and data block transfers, respectively.

In Situ Fabrication of Photoluminescent Hydrogen-Bonded Organic Framework-Functionalized Ca (II) Hydrogel Film for the Tetracyclines Visual Sensor and Information Security.

A facilely in situ fabricated hydrogen-bonded organic framework (HOF) hydrogel film with perfect photoluminescent performance was designed for visual sensing of tetracycline antibiotics (TCs) and information security. Luminescent HOF (MA-IPA) was combined with sodium alginate (SA) through hydrogen bonding actions and electrostatic interactions, then cross-linked with Ca2+ ions to form HOF hydrogel film (Ca@MA-IPA@SA). The HOF hydrogel film exhibited exceptional mechanical robustness along with stable blue fluorescence and ultralong green phosphorescence. After exposure to TCs, Ca2+ was combined with TCs to generate a new green fluorescence exciplex (TC-Ca2+) in hydrogel films. Due to fluorescence resonance energy transfer, the fluorescence of MA-IPA was quenched, and the fluorescent color of the HOF hydrogel film was changed from blue to green. This dichromatic fluorescent response is convenient for the visual and rapid detection of TCs. The detection limits of tetracycline (TC), oxytetracycline (OTC), and chlortetracycline (CTC) were 5.1, 7.7, and 32.7 ng mL-1, respectively. Importantly, this hydrogel sensing platform was free of tedious operation and enabled the ultrasensitive and selective detection of TCs within 6 min. It has been successfully applied to TC detection in pork and milk samples. Based on the stable photoluminescence performance of HOF hydrogel films and fluorescent-responsive properties to TCs, two types of anticounterfeiting arrays were fabricated for information encryption and decryption. This work provides a novel approach for on-site detection of TCs and offers valuable insights into information security.

Assessing and Improving Data Integrity in Web-Based Surveys: Comparison of Fraud Detection Systems in a COVID-19 Study.

BACKGROUND: Web-based surveys increase access to study participation and improve opportunities to reach diverse populations. However, web-based surveys are vulnerable to data quality threats, including fraudulent entries from automated bots and duplicative submissions. Widely used proprietary tools to identify fraud offer little transparency about the methods used, effectiveness, or representativeness of resulting data sets. Robust, reproducible, and context-specific methods of accurately detecting fraudulent responses are needed to ensure integrity and maximize the value of web-based survey research. OBJECTIVE: This study aims to describe a multilayered fraud detection system implemented in a large web-based survey about COVID-19 attitudes, beliefs, and behaviors; examine the agreement between this fraud detection system and a proprietary fraud detection system; and compare the resulting study samples from each of the 2 fraud detection methods. METHODS: The PhillyCEAL Common Survey is a cross-sectional web-based survey that remotely enrolled residents ages 13 years and older to assess how the COVID-19 pandemic impacted individuals, neighborhoods, and communities in Philadelphia, Pennsylvania. Two fraud detection methods are described and compared: (1) a multilayer fraud detection strategy developed by the research team that combined automated validation of response data and real-time verification of study entries by study personnel and (2) the proprietary fraud detection system used by the Qualtrics (Qualtrics) survey platform. Descriptive statistics were computed for the full sample and for responses classified as valid by 2 different fraud detection methods, and classification tables were created to assess agreement between the methods. The impact of fraud detection methods on the distribution of vaccine confidence by racial or ethnic group was assessed. RESULTS: Of 7950 completed surveys, our multilayer fraud detection system identified 3228 (40.60%) cases as valid, while the Qualtrics fraud detection system identified 4389 (55.21%) cases as valid. The 2 methods showed only "fair" or "minimal" agreement in their classifications (κ=0.25; 95% CI 0.23-0.27). The choice of fraud detection method impacted the distribution of vaccine confidence by racial or ethnic group. CONCLUSIONS: The selection of a fraud detection method can affect the study's sample composition. The findings of this study, while not conclusive, suggest that a multilayered approach to fraud detection that includes conservative use of automated fraud detection and integration of human review of entries tailored to the study's specific context and its participants may be warranted for future survey research.

2D Information Security System Based on Polyurethane Inverse Photonic Glass Structure.

Information security has become a major global problem in recent years. Thus, people continue to exert much effort in developing new information security technologies based on encryption and storage. In this study, a 2D information security technology based on polyurethane optical devices with inverse photonic glass structure (PU-IPG) is introduced. Based on 1) the swelling and plasticizing effects of various solvents on PU-IPG and 2) the capillary force that can produce geometric deformation on micro/nanostructures when solvents evaporate, a 2D information security system with two modules of decryption (structural color information display) and anticounterfeiting (structural color transformation) is successfully constructed. The spraying method adopted can be simple and fast and can provide a large area to build photonic glass templates, which greatly improves the capacity and category of information in the encryption system. The prepared PU-IPG optical devices can produce large-area multicolor output capability of information. These devices also have excellent mechanical properties, strong cycle stability, environmental friendliness, and low price. Therefore, the preparation strategy has great reference value and application prospects in the field of information security.

Cross Relaxation Enables Spatiotemporal Color-Switchable Upconversion in a Single Sandwich Nanoparticle for Information Security.

Smart control of ionic interaction dynamics offers new possibilities for tuning and editing luminescence properties of lanthanide-based materials. However, it remains a daunting challenge to achieve the dynamic control of cross relaxation mediated photon upconversion, and in particular the involved intrinsic photophysics is still unclear. Herein, this work reports a conceptual model to realize the color-switchable upconversion of Tm3+ through spatiotemporal control of cross relaxation in the design of NaYF4:Gd@NaYbF4:Tm@NaYF4 sandwich nanostructure. It shows that cross relaxation plays a key role in modulating upconversion dynamics and tuning emission colors of Tm3+. Interestingly, it is found that there is a short temporal delay for the occurrence of cross relaxation in contrast to the spontaneous emission as a result of the slight energy mismatch between relevant energy levels. This further enables a fine emission color tuning upon non-steady state excitation. Moreover, a characteristic quenching time is proposed to describe the temporal evolution of cross relaxation quantitatively. These findings present a deep insight into the physics of ionic interactions in heavy doping systems, and also show great promise in frontier applications including information security, anti-counterfeiting and nanophotonics.

A compact and efficient AES-32GF for encryption in small IoT devices.

The phenomenal growth of resource constrained devices in IoT set ups has motivated the researchers to develop solutions for securing information flow. In this paper, we present a compact and efficient field programmable gate array (FPGA) implementation of AES with 32-bit data-path named, AES-32GF. The implementation is carried out on different Xilinx FPGAs. In FPGAs, utilization of slices and look up tables (LUTs) reflect on the compactness of the design. Numerical results show that lesser resources are required with smaller data path in comparison with the original standard. With the help of data path compression and Galois field implementation of the s-box resource consumption is minimized. S-box is the most resource consuming component in the AES structure. In our implementation, Artix-7 series FPGA for the same. It results in significant resource savings. In comparison to unrolled AES-128 architecture, it achieves 87 % resource savings. With 595 slices and 2.004 Gbps throughput, AES-32GF cipher achieves an efficiency of 3.37 Mbps/slice. It outperforms other designs in terms of efficiency. •A compact and efficient FPGA implementation of AES with 32-bit data-path has been proposed.•The proposed design utilizes data path compression and Galois field implementation of the s-box to minimize resource consumption.•With 595 slices and 2.004 Gbps throughput, AES-32GF cipher achieves an efficiency of 3.37 Mbps/slice.

Tripartite evolutionary game study on coordination information security in prescription circulation.

To further reform the medical and health care system, regulating multi-level treatment and rationalizing the use of medicine, and securing prescription circulation information, this study explores the evolutionary behavior of three players in terms of information security collaboration under the prescription circulation policy, analyzes the evolutionary paths, and examines the influence of key parameters on evolutionary outcomes by constructing a tripartite evolutionary game model consisting of hospitals, retail pharmacies, and healthcare service platforms. The study shows the following: (1) When the information security costs of prescription circulation increase, the willingness of hospitals to promote information collaboration weakens, the probability of control and regulation by healthcare platforms will be enhanced, and the incentive for retail pharmacies to undertake prescription circulation increases and then decreases. (2) The increased profitability of prescription drug sales can cause a decrease in the likelihood of both parties working together to promote information security. Increasing the collaborative space between hospitals and retail pharmacies is conducive to improving information security in the circulation of prescriptions. (3) A bi-directional constraint relationship exists between the circulation and control subjects. The shorter the technology spillover time from the healthcare service platform is, the higher the probability that hospitals and retail pharmacies will maintain the security of prescription information. (4) In the early stages of prescription circulation, the external regulatory action of the healthcare service platform is essential to improve the coordination of information security. Finally, combined with the tripartite evolutionary game model and simulation analysis results, it offers countermeasures and suggestions for the government to realize the prescription circulation information security collaboration.

The de-perimeterisation of information security: The Jericho Forum, zero trust, and narrativity.

This article analyses the transformation of information security induced by the Jericho Forum, a group of security professionals who argued for a new 'de-perimeterised' security model. Having focused on defensive perimeters around networks, early 2000s information security faced a growing set of pressures: the maintainability of firewalls given increasing traffic volume and variety, the vulnerability of interior network domains, and the need to cope with and enable new working arrangements and ways of doing business. De-perimeterisation was a radical rethinking of the nature of security and created the conditions for the rise of 'Zero Trust' architectures. This shift has radical implications for the architectures of digital infrastructures that undergird many aspects of contemporary life, the risks to which people and societies are exposed, and the nature of work and business in a digital economy. We develop a semiotic analysis of the Jericho Forum's interventions. Using insights from material semiotics, security theory and the theory of narrativity, we argue that de-perimeterisation can be understood as a shift in security logic, or, a shift in how security can (be made to) make sense. We examine a cluster of images used by the Jericho Forum, and analyse how they challenged the coherence of perimeter-based thinking and provided the materials for constructing a new model. We argue that a focus on the narrative dimension of security provides a window into fundamental semantic transformations, reciprocal historical relations between semantics and technical change, the agencement of security technologies, and determinations of value (what is worth securing).

Random Number Generation Based on Heterogeneous Entropy Sources Fusion in Multi-Sensor Networks.

The key system serves as a vital foundation for ensuring the security of information systems. In the presence of a large scale of heterogeneous sensors, the use of low-quality keys directly impacts the security of data and user privacy within the sensor network. Therefore, the demand for high-quality keys cannot be underestimated. Random numbers play a fundamental role in the key system, guaranteeing that generated keys possess randomness and unpredictability. To address the issue of random number requirements in multi-sensor network security, this paper introduces a new design approach based on the fusion of chaotic circuits and environmental awareness for the entropy pool. By analyzing potential random source events in the sensor network, a high-quality entropy pool construction is devised. This construction utilizes chaotic circuits and sensor device awareness technology to extract genuinely random events from nature, forming a heterogeneous fusion of a high-quality entropy pool scheme. Comparatively, this proposed scheme outperforms traditional random entropy pool design methods, as it can meet the quantity demands of random entropy sources and significantly enhance the quality of entropy sources, ensuring a robust security foundation for multi-sensor networks.

Electrically function-switchable magnetic domain-wall memory.

Versatile memory is strongly desired for end users, to protect their information in the information era. In particular, bit-level switchable memory that can be switched from rewritable to read-only function would allow end users to prevent important data being tampered with. However, no such switchable memory has been reported. We demonstrate that the rewritable function can be converted into read-only function by applying a sufficiently large current pulse in a U-shaped domain-wall memory, which comprises an asymmetric Pt/Co/Ru/AlOx heterostructure with strong Dzyaloshinskii-Moriya interaction. Wafer-scale switchable magnetic domain-wall memory arrays on 4-inch Si/SiO2 substrate are demonstrated. Furthermore, we confirm that the information can be stored in rewritable or read-only states at bit level according to the security needs of end users. Our work not only provides a solution for personal confidential data, but also paves the way for developing multifunctional spintronic devices.

Cryptographic Algorithms with Data Shorter than the Encryption Key, Based on LZW and Huffman Coding.

Modern, commonly used cryptosystems based on encryption keys require that the length of the stream of encrypted data is approximately the length of the key or longer. In practice, this approach unnecessarily complicates strong encryption of very short messages commonly used for example in ultra-low-power and resource-constrained wireless network sensor nodes based on microcontrollers (MCUs). In such cases, the data payload can be as short as a few bits of data while the typical length of the key is several hundred bits or more. The article proposes an idea of employing a complex of two algorithms, initially applied for data compression, acting as a standard-length encryption key algorithm to increase the transmission security of very short data sequences, even as short as one or a few bytes. In this article, we present and evaluate an approach that uses LZW and Huffman coding to achieve data transmission obfuscation and a basic level of security.

Authentication, access, and monitoring system for critical areas with the use of artificial intelligence integrated into perimeter security in a data center.

Perimeter security in data centers helps protect systems and the data they store by preventing unauthorized access and protecting critical resources from potential threats. According to the report of the information security company SonicWall, in 2021, there was a 66% increase in the number of ransomware attacks. In addition, the message from the same company indicates that the total number of cyber threats detected in 2021 increased by 24% compared to 2019. Among these attacks, the infrastructure of data centers was compromised; for this reason, organizations include elements Physical such as security cameras, movement detection systems, authentication systems, etc., as an additional measure that contributes to perimeter security. This work proposes using artificial intelligence in the perimeter security of data centers. It allows the automation and optimization of security processes, which translates into greater efficiency and reliability in the operations that prevent intrusions through authentication, permit verification, and monitoring critical areas. It is crucial to ensure that AI-based perimeter security systems are designed to protect and respect user privacy. In addition, it is essential to regularly monitor the effectiveness and integrity of these systems to ensure that they function correctly and meet security standards.

Demographic Comparison of Information Security Behavior Toward Health Information System Protection: Survey Study.

BACKGROUND: The health information system (HIS) functions are getting wider with more diverse users. Information security in the health industry is crucial because it involves comprehensive and strategic information that might harm human life. The human factor is one of the biggest security threats to HIS. OBJECTIVE: This study aims to investigate the information security behavior (ISB) of HIS users using a comprehensive assessment scale suited to the information security concerns in health care. Patients are increasingly being asked to submit their own data into HIS systems. As a result, this study examines the security behavior of health workers and patients, as well as their demographic variables. METHODS: We used a quantitative approach using surveys of health workers and patients. We created a research instrument from 4 existing measurement scales to measure prosecurity and antisecurity behavior. We analyzed statistical differences to test the hypotheses, that is, the Kruskal-Wallis test and the Mann-Whitney test. The descriptive analysis was used to determine whether the group exhibited exemplary behavior when processing the survey results. A correlational test using the Spearman correlation coefficient was performed to establish the significance of the relationship between ISB and age as well as level of education. RESULTS: We analyzed 421 responses from the survey. According to demographic factors, the hypotheses tested for full and partial security behavior reveal substantial differences. Education levels most significantly affect security behavior differences, followed by user type, gender, and age. The health workers' ISB is higher than that of the patients. Women are more likely than men to engage in prosecurity actions while avoiding antisecurity behaviors. The older the HIS user, the more likely it is that they will participate in prosecurity behavior and the less probable it is that they will engage in antisecurity behavior. According to this study, differences in prosecurity behavior are mostly impacted by education level. Higher education, on the other hand, does not guarantee improved ISB for HIS users. All demographic characteristics, particularly concerning user type, show discrepancies that are caused mainly by antisecurity behavior rather than prosecurity behavior. CONCLUSIONS: Since patients engage in antisecurity behavior more frequently than health workers and may pose security risks, health care facilities should start to consider information security education for patients. More comprehensive research on ISB in health care facilities is required to better understand the patient's perspective, which is currently understudied.

Cyber hygiene concepts for nursing education.

BACKGROUND: The healthcare industry has increasingly been targeted by cybercrime putting patients, organizations, and employees at risk for financial loss and breach of privacy. Malware events compromise system integrity and patient privacy which could lead to delays in treatment, loss of patient data, inability to provide care, and increase in patient harm. In addition, these attacks may also compromise private and personal information for those targeted. OBJECTIVE: Nurses represent a large portion of frontline healthcare workers and are uniquely positioned to help prevent cyber-attacks. Nursing curriculum should include education about the risks to patient safety from cybercrime and the nurse's role in preventing cybercrime. Nursing education has focused on hygiene for patient safety. Adding cyber hygiene to the essential practices of pre-licensure and advanced practice nurses is a first step to protecting patients, organizations, and employees from the repercussions of a healthcare cyber-attack.

Multimorphological Remoldable Silver Nanomaterials from Multimode and Multianalyte Colorimetric Sensing to Molecular Information Technology.

Inspired by life's interaction networks, ongoing efforts are to increase complexity and responsiveness of multicomponent interactions in the system for sensing, programmable control, or information processing. Although exquisite preparation of single uniform-morphology nanomaterials has been extremely explored, the potential value of facile and one-pot preparation of multimorphology nanomaterials has been seriously ignored. Here, multimorphological silver nanomaterials (M-AgN) prepared by one pot can form interaction networks with various analytes, which can be successfully realized from multimode and multianalyte colorimetric sensing to molecular information technology (logic computing and security). The interaction of M-AgN with multianalytes not only induces multisignal responses (including color, absorbance, and wavelength shift) for sensing metal ions (Cr3+, Hg2+, and Ni2+) but also can controllably reshape its four morphologies (nanodots, nanoparticles, nanorods, and nanotriangles). By abstracting binary relationships between analytes and response signals, multicoding parallel logic operations (including simple logic gates and cascaded circuits) can be performed. In addition, taking advantage of natural concealment and molecular response characteristics of M-AgN nanosystems can also realize molecular information encoding, encryption, and hiding. This research not only promotes the construction and application of multinano interaction systems based on multimorphology and multicomponent nanoset but also provides a new imagination for the integration of sensing, logic, and informatization.

Pulmonary nodule detection on lung parenchyma images using hyber-deep algorithm.

The incidence of lung cancer has seen a significant increase in recent times, leading to a rise in fatalities. The detection of pulmonary nodules from CT images has emerged as an effective method to aid in the diagnosis of lung cancer. Ensuring information security holds utmost significance in the detection of nodules, with particular attention given to safeguarding patient privacy within the context of the Internet of Things (IoT). In this regard, migration learning emerges as a potent technique for preserving the confidentiality of patient data. Firstly, we applied several data-preprocessing steps such as lung segmentation based on K-Means, denoising methods, and lung parenchyma extraction through a dedicated medical IoT network. We used the Microsoft Common Object in Context (MS-COCO) dataset to pre-train the detection framework and fine-tuned it with the Lung Nodule Analysis 16 (LUNA16) dataset to adapt to nodule detection tasks. To evaluate the effectiveness of our proposed pipeline, we conducted extensive experiments that included subjective evaluation of detection results and quantitative data analysis. The results of these experiments demonstrated the efficacy of our approach in accurately detecting pulmonary nodules. Our study provides a promising framework for trustworthy pulmonary nodule detection on lung parenchyma images using a secured hyper-deep algorithm, which has the potential to improve lung cancer diagnosis and reduce fatalities associated with it.

Constructing an architecture-based cybersecurity solution for a system.

Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a systemic and exhaustive risk management process. The architecture approach produces an integral set of security policies and controls that can be fully maintained during the entire system life-cycle. Furthermore, architecture models support automation and high scalability, thus providing an innovative way for constructing and maintaining the cybersecurity for very large systems or even for system of systems. This work describes details, technical aspects, and examples for the risk management process of the architecture, including the establishment of the system representation, the security goals, going through risk identification and analysis, up to the policies and control definition. Some highlighting points of the methodology follow. •System representation is simple because it focuses only on aspects relevant to security purposes.•Security objectives behave as an end-to-end guidance of the security, for the whole system and also during its life-cycle.•Risk management can be done with existing methods and standards, but additionally supported with the comprehensive capability provided by the system representation and the security objectives.