Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 10 4 incidents can be carried out in just 2.1 seconds, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.
Security issues are becoming critical in modern smart systems. Particularly, ensuring that only legitimate users get access to them is essential. New access control systems must rely on continuous authentication (CA) to provide higher security level. To achieve this, recent research has shown how biological signals, such as electroencephalograms (EEGs) or electrocardiograms (ECGs), can be useful for this purpose. In this paper, we introduce a new CA scheme that, contrarily to previous works in this area, considers ECG signals as continuous data streams. The data stream paradigm is suitable for this scenario since algorithms tailored for data streams can cope with continuous data of a theoretical infinite length and with a certain variability. The proposed ECG-based CA system is intended for real-time applications and is able to offer an accuracy up to 96%, with an almost perfect system performance (kappa statistic >80%).
Nowadays, a signiFicant amount of free online cybersecurity training courses are offered. When preparing further courses, the designer has to decide what to teach and how to do it. In this paper, we provide with a set of recommendations for both issues. Concerning topic selection, 35 free online courses are analysed using NIST's NICE reference framework. Thus, several training gaps are discovered. Concerning the way of preparing the course (or reFming it after the First edition), a set of good practices is proposed based on students' performance and commitment in a cybersecurity MOOC with +2,000 initially active students. To foster further research in this area, an open-source framework is released to enable the analysis of students' performance in EdX MOOCs.
Smartphones are equipped with a set of sensors that describe the environment (e.g., GPS, noise, etc.) and their current status and usage (e.g., battery consumption, accelerometer readings, etc.). Several works have already addressed how to leverage such data for user-in-a-context continuous authentication, i.e., determining if the porting user is the authorized one and resides in his regular physical environment. This can be useful for an early reaction against robbery or impersonation. However, most previous works depend on assisted sensors, i.e., they rely upon immutable elements (e.g., cell towers, satellites, magnetism), thus being ineffective in their absence. Moreover, they focus on accuracy aspects, neglecting usability ones. For this purpose, in this paper, we explore the use of four non-assisted sensors, namely battery, transmitted data, ambient light and noise. Our approach leverages data stream mining techniques and offers a tunable security-usability trade-off. We assess the accuracy, immediacy, usability and readiness of the proposal. Results on 50 users over 24 months show that battery readings alone achieve 97.05% of accuracy and 81.35% for audio, light and battery all together. Moreover, when usability is at stake, robbery is detected in 100 s for the case of battery and in 250 s when audio, light and battery are applied. Remarkably, these figures are obtained with moderate training and storage needs, thus making the approach suitable for current devices.
HIGHLIGHTS• Security and privacy issues must be addressed in the Internet ofThings (loT).• We have focused on the use of ElectroCardioGram (ECG) signals for Continuous Authentication (CA).• We have explored different ECG-based CA techniques for th ree attacker settings.• Our results exhibit promising accu racy figures, which support the use of ECG as identifier in the loT.
Cities are growing as a result of the worldwide urbanization process. With the aim to become more efficient and manage their citizens' needs, governments have had to take action and, as a result, smart cities are no longer a fancy idea but a real issue in most political agendas. Most smart cities are equipped with sets of sensors and actuators that form an Internet of Things (IoT) ecosystem. IoT devices enable the collection of sheer amounts of data, which can be used to provide citizens with services in a more efficient, sustainable and economically-friendly way. Amongst those services, the provision of healthcare is especially relevant, and smart health (s-health) models have been already proposed. Despite its benefits, s-health services pose privacy problems related to the large amounts of sensitive data that they manage. In this article we advocate for the use of attribute-based credentials (ABCs) to cope with privacy issues arising from the collection of health-related data through IoT devices in smart cities. We analyze several s-health applications and show that ABCs could be properly used to address those privacy problems. With this research we set the ground for the further study and application of ABCs in smart health and other privacy-aware IoT-based smart cities' services.Local governments struggle to provide citizens with efficient services and to transform cities into more livable places. With the aim to become smarter, cities adopt information and communication technologies (ICTs) that help them make better decisions. Thus, ICTs are the linchpin of the infrastructure that allows the transformation of cities into smart cities. Many definitions of the concept of smart city have been suggested, each of which emphasizing a specific dimension of the overall idea. A commonly accepted definition of a smart city was proposed by Caragliu et al., augmented by Pérez et al. and served as inspiration to define the concept of smart health in [1]: "Smart cities are cities strongly founded on information and communication technologies that invest in human and social capital to improve the quality of life of their citizens by fostering economic growth, participatory governance, wise management of resources, sustainability, and efficient mobility, whilst they guarantee the privacy and security of their citizens"
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.