RESUMO
Information security has become a major global problem in recent years. Thus, people continue to exert much effort in developing new information security technologies based on encryption and storage. In this study, a 2D information security technology based on polyurethane optical devices with inverse photonic glass structure (PU-IPG) is introduced. Based on 1) the swelling and plasticizing effects of various solvents on PU-IPG and 2) the capillary force that can produce geometric deformation on micro/nanostructures when solvents evaporate, a 2D information security system with two modules of decryption (structural color information display) and anticounterfeiting (structural color transformation) is successfully constructed. The spraying method adopted can be simple and fast and can provide a large area to build photonic glass templates, which greatly improves the capacity and category of information in the encryption system. The prepared PU-IPG optical devices can produce large-area multicolor output capability of information. These devices also have excellent mechanical properties, strong cycle stability, environmental friendliness, and low price. Therefore, the preparation strategy has great reference value and application prospects in the field of information security.
RESUMO
To simulate life's emergent functions, mining the multiple sensing capabilities of nanosystems, and digitizing networks of transduction signals and molecular interactions, is an ongoing endeavor. Here, multifunctional antimonene-silver nanocomposites (AM-Ag NCs) are synthesized facilely and fused for molecular sensing and digitization applications (including ultra-multi-mode and multi-analyte sensing, parallel and batch logic computing, long-text information protection). By mixing surfactant, AM, Ag+ and Sodium borohydride (NaBH4) at room temperature for 5 min, the resulting NCs are comprised of Ag nanoparticles scattered within AM nanosheets and protected by the surfactant. Interestingly, AM-Ag NCs exhibit ultra-multi-mode sensing ability for multiplex metal ions (Hg2+, Fe3+, or Al3+), which significantly improved selectivity (≈2 times) and sensitivity (≈400 times) when analyzing the combined channels. Moreover, multiple sensing capabilities of AM-Ag NCs enable diverse batch and parallel molecular logic computations (including advanced cascaded logic circuits). Ultra-multi-mode selective patterns of AM-Ag NCs to 18 kinds of metal ions can be converted into a series of binary strings by setting the thresholds, and realized high-density, long-text information protection for the first time. This study provides new ideas and paradigms for the preparation and multi-purpose application of 2D nanocomposites, but also offers new directions for the fusion of molecular sensing and informatization.
RESUMO
BACKGROUND: Art. 50 of the proposal for a Regulation on the European Health Data Space (EHDS) states that "health data access bodies shall provide access to electronic health data only through a secure processing environment, with technical and organizational measures and security and interoperability requirements". OBJECTIVE: To identify specific security measures that nodes participating in health data spaces shall implement based on the results of the IMPaCT-Data project, whose goal is to facilitate the exchange of electronic health records (EHR) between public entities based in Spain and the secondary use of this information for precision medicine research in compliance with the General Data Protection Regulation (GDPR). DATA AND METHODS: This article presents an analysis of 24 out of a list of 72 security measures identified in the Spanish National Security Scheme (ENS) and adopted by members of the federated data infrastructure developed during the IMPaCT-Data project. RESULTS: The IMPaCT-Data case helps clarify roles and responsibilities of entities willing to participate in the EHDS by reconciling technical system notions with the legal terminology. Most relevant security measures for Data Space Gatekeepers, Enablers and Prosumers are identified and explained. CONCLUSION: The EHDS can only be viable as long as the fiduciary duty of care of public health authorities is preserved; this implies that the secondary use of personal data shall contribute to the public interest and/or to protect the vital interests of the data subjects. This condition can only be met if all nodes participating in a health data space adopt the appropriate organizational and technical security measures necessary to fulfill their role.
Assuntos
Segurança Computacional , Registros Eletrônicos de Saúde , Medicina de Precisão , Medicina de Precisão/métodos , Humanos , Espanha , Europa (Continente) , ConfidencialidadeRESUMO
With the advent of 6G Narrowband IoT (NB-IoT) technology, IoT security faces inevitable challenges due to the application requirements of Massive Machine-Type Communications (mMTCs). In response, a 6G base station (gNB) and User Equipment (UE) necessitate increased capacities to handle a larger number of connections while maintaining reasonable performance during operations. To address this developmental trend and overcome associated technological hurdles, this paper proposes a hardware-accelerated and software co-designed mechanism to support streaming data transmissions and secure zero-trust inter-endpoint communications. The proposed implementations aim to offload processing efforts from micro-processors and enhance global system operation performance by hardware and software co-design in endpoint communications. Experimental results demonstrate that the proposed secure mechanism based on the use of non-repeating keys and implemented in FPGA, can save 85.61%, 99.71%, and 95.68% of the micro-processor's processing time in key block generations, non-repeating checks, and data block transfers, respectively.
RESUMO
We refine and extend Ziv's model and results regarding perfectly secure encryption of individual sequences. According to this model, the encrypter and the legitimate decrypter share a common secret key that is not shared with the unauthorized eavesdropper. The eavesdropper is aware of the encryption scheme and has some prior knowledge concerning the individual plaintext source sequence. This prior knowledge, combined with the cryptogram, is harnessed by the eavesdropper, who implements a finite-state machine as a mechanism for accepting or rejecting attempted guesses of the plaintext source. The encryption is considered perfectly secure if the cryptogram does not provide any new information to the eavesdropper that may enhance their knowledge concerning the plaintext beyond their prior knowledge. Ziv has shown that the key rate needed for perfect secrecy is essentially lower bounded by the finite-state compressibility of the plaintext sequence, a bound that is clearly asymptotically attained through Lempel-Ziv compression followed by one-time pad encryption. In this work, we consider some more general classes of finite-state eavesdroppers and derive the respective lower bounds on the key rates needed for perfect secrecy. These bounds are tighter and more refined than Ziv's bound, and they are attained using encryption schemes that are based on different universal lossless compression schemes. We also extend our findings to the case where side information is available to the eavesdropper and the legitimate decrypter but may or may not be available to the encrypter.
RESUMO
The key system serves as a vital foundation for ensuring the security of information systems. In the presence of a large scale of heterogeneous sensors, the use of low-quality keys directly impacts the security of data and user privacy within the sensor network. Therefore, the demand for high-quality keys cannot be underestimated. Random numbers play a fundamental role in the key system, guaranteeing that generated keys possess randomness and unpredictability. To address the issue of random number requirements in multi-sensor network security, this paper introduces a new design approach based on the fusion of chaotic circuits and environmental awareness for the entropy pool. By analyzing potential random source events in the sensor network, a high-quality entropy pool construction is devised. This construction utilizes chaotic circuits and sensor device awareness technology to extract genuinely random events from nature, forming a heterogeneous fusion of a high-quality entropy pool scheme. Comparatively, this proposed scheme outperforms traditional random entropy pool design methods, as it can meet the quantity demands of random entropy sources and significantly enhance the quality of entropy sources, ensuring a robust security foundation for multi-sensor networks.
RESUMO
Modern, commonly used cryptosystems based on encryption keys require that the length of the stream of encrypted data is approximately the length of the key or longer. In practice, this approach unnecessarily complicates strong encryption of very short messages commonly used for example in ultra-low-power and resource-constrained wireless network sensor nodes based on microcontrollers (MCUs). In such cases, the data payload can be as short as a few bits of data while the typical length of the key is several hundred bits or more. The article proposes an idea of employing a complex of two algorithms, initially applied for data compression, acting as a standard-length encryption key algorithm to increase the transmission security of very short data sequences, even as short as one or a few bytes. In this article, we present and evaluate an approach that uses LZW and Huffman coding to achieve data transmission obfuscation and a basic level of security.
RESUMO
Demand for data security is increasing as information technology advances. Encryption technology based on biometrics has advanced significantly to meet more convenient and secure needs. Because of the stability of face traits and the difficulty of counterfeiting, the iris method has become an essential research object in data security research. This study proposes a revolutionary face feature encryption technique that combines picture optimization with cryptography and deep learning (DL) architectures. To improve the security of the key, an optical chaotic map is employed to manage the initial standards of the 5D conservative chaotic method. A safe Crypto General Adversarial neural network and chaotic optical map are provided to finish the course of encrypting and decrypting facial images. The target field is used as a "hidden factor" in the machine learning (ML) method in the encryption method. An encrypted image is recovered to a unique image using a modernization network to achieve picture decryption. A region-of-interest (ROI) network is provided to extract involved items from encrypted images to make data mining easier in a privacy-protected setting. This study's findings reveal that the recommended implementation provides significantly improved security without sacrificing image quality. Experimental results show that the proposed model outperforms the existing models in terms of PSNR of 92%, RMSE of 85%, SSIM of 68%, MAP of 52%, and encryption speed of 88%.
RESUMO
iBeacon systems have been increasingly established in public areas to assist users in terms of indoor location navigation and positioning. People receive the services through the Bluetooth Low Energy (BLE) installed on their mobile phones. However, the positioning and navigation functions of an iBeacon system may be compromised when faced with cyberattacks issued by hackers. In other words, its security needs to be further considered and enhanced. This study took the iBeacon system of Taipei Main Station, the major transportation hub with daily traffic of at least three hundred thousand passengers, as an example for exploring its potential attacks and further studying the defense technologies, with the assistance of AI techniques and human participation. Our experiments demonstrate that in the early stage of iBeacon system information security planning, information security technology and a rolling coding encryption should be included, representing the best defense methods at present. In addition, we believe that the adoption of rolling coding is the most cost-effective defense. However, if the security of critical infrastructure is involved, the most secure defense method should be adopted, namely a predictable and encrypted rolling coding method.
RESUMO
Digitization of most of the services that people use in their everyday life has, among others, led to increased needs for cybersecurity. As digital tools increase day by day and new software and hardware launch out-of-the box, detection of known existing vulnerabilities, or zero-day as they are commonly known, becomes one of the most challenging situations for cybersecurity experts. Zero-day vulnerabilities, which can be found in almost every new launched software and/or hardware, can be exploited instantly by malicious actors with different motives, posing threats for end-users. In this context, this study proposes and describes a holistic methodology starting from the generation of zero-day-type, yet realistic, data in tabular format and concluding to the evaluation of a Neural Network zero-day attacks' detector which is trained with and without synthetic data. This methodology involves the design and employment of Generative Adversarial Networks (GANs) for synthetically generating a new and larger dataset of zero-day attacks data. The newly generated, by the Zero-Day GAN (ZDGAN), dataset is then used to train and evaluate a Neural Network classifier for zero-day attacks. The results show that the generation of zero-day attacks data in tabular format reaches an equilibrium after about 5000 iterations and produces data that are almost identical to the original data samples. Last but not least, it should be mentioned that the Neural Network model that was trained with the dataset containing the ZDGAN generated samples outperformed the same model when the later was trained with only the original dataset and achieved results of high validation accuracy and minimal validation loss.
Assuntos
Aprendizado Profundo , Humanos , Segurança Computacional , Decoração de Interiores e Mobiliário , Motivação , Redes Neurais de ComputaçãoRESUMO
Thermal activation of upconversion luminescence in nanocrystals opens up new opportunities in biotechnology and nanophotonics. However, it remains a daunting challenge to achieve a smart control of luminescence behavior in the thermal field with remarkable enhancement and ultrahigh sensitivity. Moreover, the physical picture involved is also debatable. Here we report a novel mechanistic design to realize an ultrasensitive thermally activated upconversion in an erbium sublattice core-shell nanostructure. By enabling a thermosensitive property into the intermediate 4I11/2 level of Er3+ through an energy-migration-mediated surface interaction, the upconverted luminescence was markedly enhanced in the thermal field together with a striking thermochromic feature under 1530 nm irradiation. Importantly, the use of non thermally coupled red and green emissions contributes to the thermal sensitivity up to 5.27% K-1, 3 times higher than that obtained by using conventional thermally coupled green emissions. We further demonstrate that the controllable surface interaction is a general approach to the thermal enhancement of upconversion for a series of lanthanide-based nanomaterials. Our findings pave a new way for the development of smart luminescent materials toward emerging applications such as noncontact nanothermometry, information security, and anticounterfeiting.
RESUMO
Carbon dots (CDs) have aroused widespread interest in the construction of room-temperature phosphorescent (RTP) materials. However, it is a great challenge to obtain simultaneous multicolor long-wavelength RTP emission and excellent stability in CD-based RTP materials. Herein, a novel and universal "CDs-in-YOHF" strategy is proposed to generate multicolor and long-wavelength RTP by confining various CDs in the Y(OH)xF3-x (YOHF) matrix. The mechanism of the triplet emission of CDs is related to the space confinement, the formation of hydrogen bonds and C-F bonds, and the electron-withdrawing fluorine atoms. Remarkably, the RTP lifetime of orange-emissive CDs-o@YOHF is the longest among the reported single-CD-matrix composites for emission above 570 nm. Furthermore, CDs-o@YOHF exhibited higher RTP performance at long wavelength in comparison to CDs-o@matrix (matrix = PVA, PU, urea, silica). The resulting CDs@YOHF shows excellent photostability, thermostability, chemical stability, and temporal stability, which is rather favorable for information security, especially in a complex environment.
Assuntos
Carbono , Pontos Quânticos , Carbono/química , Corantes Fluorescentes/química , Fluoretos , Pontos Quânticos/química , TemperaturaRESUMO
As businesses have had to change how they operate due to the coronavirus pandemic, the need for remote work has risen. With the continuous advancements in technology and increases in typical job demands, employees need to increase their work productivity beyond regular work hours in the office. This type of work environment creates even more opportunities for security breaches due to employees intentionally violating information security policy violations. Although explicitly prohibited by information security policies (ISP), organizations have observed that employees bring critical data out of the office to complete their work responsibilities remotely. Consequently, developing a deeper understanding of how work pressure may influence employees to violate ISPs intentionally is crucial for organizations to protect their critical information better. Based upon the fraud triangle theory, this study proposes the opportunity to copy critical data, work pressure, and work completion justification as the primary motivational factors behind why employees copy critical company data to unsecured storage devices to work at home. A survey was conducted of 207 employees from a marketing research firm. The results suggest that opportunity, work pressure, and work completion justification are positively related to nonmalicious ISP violation intentions. Furthermore, the interaction effect between work completion justification and work pressure on the ISP violation intention is significant and positive. This study provides new insights into our understanding of the roles of work pressure and work completion justification on intentional nonmalicious ISP violation behaviors.
RESUMO
This paper aims to identify and understand factors affecting insiders' intention to disclose patients' medical information and to investigate how these factors affect the intention to disclose. Based on the literature review on deterrence theory and health information security awareness (HISA), we identify relevant factors and develop a research model explaining insiders' intention to disclose patients' health information. We collect data (N = 105) through scenario-based experiments. Results show that two personal factors, collectivism, and IT proficiency, play a significant role in the model. While collectivism affects two components (health information security regulation awareness and punishment severity awareness) of HISA which influences intention to disclose, IT proficiency moderates the relationship between HISA and intention to disclose. In addition, HISA negatively affects reporting assessment and intention to disclose. This paper aims to fill a research gap in understanding factors affecting insiders' intentions to disclose protected health information. We identify and investigate factors (e.g., collectivism, HISA, reporting assessment, and IT proficiency) that may affect insiders' disclosing intentions. We find that collectivism affects two components of HISA which influence reporting assessment and disclosing intention. We also discover that IT proficiency moderates the relationship between HISA and intention to disclose. Our findings suggest that we need to carefully consider personal factors such as collectivistic nature and IT proficiency in managing insiders' security breaches.
RESUMO
The adversarial attack is crucial to improving the robustness of deep learning models; they help improve the interpretability of deep learning and also increase the security of the models in real-world applications. However, existing attack algorithms mainly focus on image classification tasks, and they lack research targeting object detection. Adversarial attacks against image classification are global-based with no focus on the intrinsic features of the image. In other words, they generate perturbations that cover the whole image, and each added perturbation is quantitative and undifferentiated. In contrast, we propose a global-to-local adversarial attack based on object detection, which destroys important perceptual features of the object. More specifically, we differentially extract gradient features as a proportion of perturbation additions to generate adversarial samples, as the magnitude of the gradient is highly correlated with the model's point of interest. In addition, we reduce unnecessary perturbations by dynamically suppressing excessive perturbations to generate high-quality adversarial samples. After that, we improve the effectiveness of the attack using the high-frequency feature gradient as a motivation to guide the next gradient attack. Numerous experiments and evaluations have demonstrated the effectiveness and superior performance of our from global to Local gradient attacks with high-frequency momentum guidance (GLH), which is more effective than previous attacks. Our generated adversarial samples also have excellent black-box attack ability.
RESUMO
Privacy and security require not only strong algorithms but also reliable and readily available sources of randomness. To tackle this problem, one of the causes of single-event upsets is the utilization of a non-deterministic entropy source, specifically ultra-high energy cosmic rays. An adapted prototype based on existing muon detection technology was used as the methodology during the experiment and tested for its statistical strength. Our results show that the random bit sequence extracted from the detections successfully passed established randomness tests. The detections correspond to cosmic rays recorded using a common smartphone during our experiment. Despite the limited sample, our work provides valuable insights into the use of ultra-high energy cosmic rays as an entropy source.
RESUMO
Cyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there is a lack of modelling approaches that focus on the tail behaviour and adequately account for extreme losses. In this paper, we introduce a novel 'tempered' generalised extreme value (GEV) approach. Based on a stratified random sample of 5000 interviewed German organisations, we model different loss distributions and compare them to our empirical data using graphical analysis and goodness-of-fit tests. We differentiate various subsamples (industry, size, attack type, loss type) and find our modified GEV outperforms other distributions, such as the lognormal and Weibull distributions. Finally, we calculate losses for the German economy, present application examples, derive implications as well as discuss the comparison of loss estimates in the literature.
RESUMO
Society has become increasingly dependent on IT infrastructure and services. Additionally, the pandemic of COVID-19 forced the transition of the traditional way of working (i.e., physical presence) into a more modern and flexible one (i.e., working remotely). This has led to an increase of cyberattacks, as a direct consequence of the increase of the attack surface but subsequently also led to an increased necessity for the protection of information systems. Toward the protection of information systems, cyber insurance is considered as a strategy for risk management, where necessary. Cyber insurance is emerging as an important tool to protect organizations against cyberattack-related losses. In this work, we extensively examine the relevant literature on cybersecurity insurance, research and practice, in order to draft the current landscape and present the trends.
RESUMO
Hundreds of image encryption schemes have been conducted (as the literature review indicates). The majority of these schemes use pixels as building blocks for confusion and diffusion operations. Pixel-level operations are time-consuming and, thus, not suitable for many critical applications (e.g., telesurgery). Security is of the utmost importance while writing these schemes. This study aimed to provide a scheme based on block-level scrambling (with increased speed). Three streams of chaotic data were obtained through the intertwining logistic map (ILM). For a given image, the algorithm creates blocks of eight pixels. Two blocks (randomly selected from the long array of blocks) are swapped an arbitrary number of times. Two streams of random numbers facilitate this process. The scrambled image is further XORed with the key image generated through the third stream of random numbers to obtain the final cipher image. Plaintext sensitivity is incorporated through SHA-256 hash codes for the given image. The suggested cipher is subjected to a comprehensive set of security parameters, such as the key space, histogram, correlation coefficient, information entropy, differential attack, peak signal to noise ratio (PSNR), noise, and data loss attack, time complexity, and encryption throughput. In particular, the computational time of 0.1842 s and the throughput of 3.3488 Mbps of this scheme outperforms many published works, which bears immense promise for its real-world application.
RESUMO
Internet of Things (IoT) device security is one of the crucial topics in the field of information security. IoT devices are often protected securely through firmware update. Traditional update methods have their shortcomings, such as bandwidth limitation and being attackers' easy targets. Although many scholars proposed a variety of methods that are based on the blockchain technology to update the firmware, there are still demerits existing in their schemes, including large storage space and centralized stored firmware. In summary, this research proposes a highly secure and efficient protection mechanism that is based on the blockchain technology to improve the above disadvantages. Therefore, this study can reduce the need of storage space and improve system security. The proposed system has good performance in some events, including firmware integrity, security of IoT device connection, system security, and device anonymity. Furthermore, we confirm the high security and practical feasibility of the proposed system by comparing with the existing methods.