Current Issue : January - March Volume : 2020 Issue Number : 1 Articles : 5 Articles
Cyber risk assessment requires defined and objective methodologies; otherwise, its results cannot be considered reliable. The lack\nof quantitative data can be dangerous: if the assessment is entirely qualitative, subjectivity will loom large in the process. Too much\nsubjectivity in the risk assessment process can weaken the credibility of the assessment results and compromise risk management\nprograms. On the other hand, obtaining a sufficiently large amount of quantitative data allowing reliable extrapolations and\nprevisions is often hard or even unfeasible. In this paper, we propose and study a quantitative methodology to assess a potential\nannualized economic loss risk of a company. In particular, our approach only relies on aggregated empirical data, which can be\nobtained from several sources. We also describe how the method can be applied to real companies, in order to customize the initial\ndata and obtain reliable and specific risk assessments....
With the rapid development of sensor technology and wireless network technology, wireless sensor network (WSN) has been\nwidely applied in many resource-constrained environments and application scenarios. As there are a large number of sensor nodes\nin WSN, node failures are inevitable and have a significant impact on task execution. In this paper, considering the vulnerability,\nunreliability, and dynamic characteristics of sensor nodes, node failures are classified into two categories including unrecoverable\nfailures and recoverable failures. Then, the traditional description of the interaction results is extended to the trinomial distribution.\nAccording to the Bayesian cognitive model, the global trust degree is aggregated by both direct and indirect interaction\nrecords, and a novel trust model based on node recovery technique for WSNs is proposed to reduce the probability of failure for\ntask execution. Simulation results show that compared with existing trust models, our proposed TMBNRT (trust model based on\nnode recovery technique) algorithm can effectively meet the security and the reliability requirements of WSN....
Nowadays, remote user authentication protocol plays a great role in ensuring the security of data transmission and protecting the\nprivacy of users for various network services. In this study, we discover two recently introduced anonymous authentication schemes\nare not as secure as they claimed, by demonstrating they suffer from offline password guessing attack, desynchronization attack,\nsession key disclosure attack, failure to achieve user anonymity, or forward secrecy. Besides, we reveal two environment-specific\nauthentication schemes have weaknesses like impersonation attack. To eliminate the security vulnerabilities of existing schemes,\nwe propose an improved authentication scheme based on elliptic curve cryptosystem. We use BAN logic and heuristic analysis to\nprove our scheme provides perfect security attributes and is resistant to known attacks. In addition, the security and performance\ncomparison show that our scheme is superior with better security and low computation and communication cost....
Social Internet of Things (SIoT) integrates social network schemes into Internet of Things (IoT), which provides opportunities for\nIoT objects to form social communities. Existing social network models have been adopted by SIoT paradigm. The wide distribution\nof IoT objects and openness of social networks, however, make it more challenging to preserve privacy of IoT users. In\nthis paper, we present a novel framework that preserves privacy against inference attacks on social network data through ranked\nretrieval models. We propose PVS, a privacy-preserving framework that involves the design of polymorphic value sets and ranking\nfunctions. PVS enables polymorphism of private attributes by allowing them to respond to different queries in different ways. We\nbegin this work by identifying two classes of adversaries, authenticity-ignorant adversary, and authenticity-knowledgeable\nadversary, based on their knowledge of the distribution of private attributes. Next, we define the measurement functions of utility\nloss and propose PVSV and PVST that preserve privacy against authenticity-ignorant and authenticity-knowledgeable adversaries,\nrespectively. We take into account the utility loss of query results in the design of PVSV and PVST. Finally, we show that\nPVSV and PVST meet the privacy guarantee with acceptable utility loss in extensive experiments over real-world datasets....
The number of cyberattacks on organizations is growing. To increase cyber resilience,\norganizations need to obtain foresight to anticipate cybersecurity vulnerabilities, developments, and\npotential threats. This paper describes a tool that combines state of the art text mining and information\nretrieval techniques to explore the opportunities of using these techniques in the cybersecurity domain.\nOur tool, the Horizon Scanner, can scrape and store data from websites, blogs and PDF articles, and\nsearch a database based on a user query, show textual entities in a graph, and provide and visualize\npotential trends. The aim of the Horizon Scanner is to help experts explore relevant data sources\nfor potential threats and trends and to speed up the process of foresight. In a requirements session\nand user evaluation of the tool with cyber experts from the Dutch Defense Cyber Command, we\nexplored whether the Horizon Scanner tool has the potential to fulfill its aim in the cybersecurity\ndomain. Although the overall evaluation of the tool was not as good as expected, some aspects of\nthe tool were found to have added value, providing us with valuable insights into how to design\ndecision support for forecasting analysts....
Loading....