Subject of research: procedures of asymmetric authentication of Internet of Things nodes to ensure the highest level of security using cryptographic chips. The aim of the article is to study the ways of potential use of cryptographic chips to ensure secure authentication of Internet of Things sites using asymmetric cryptography procedures. The article solves the following tasks: analysis of hardware support technologies for asymmetric cryptography of the Internet of Things; definition of secure procedures for asymmetric authentication of Internet of Things sites and their constituent elements: creation of certificates, verification of public and private keys. Research methods: method of structural and functional analysis and design of complex systems, methods of identification and authentication of information objects, cryptographic methods of information protection, methods of security analysis of distributed information systems. The novelty of the study is the analysis of hardware support technologies for asymmetric cryptography of Internet of Things with cryptographic chips and the definition of structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things. Distinctive features of the provided asymmetric authentication schemes and procedures are: ensuring an increased level of information security through secure storage of cryptographic keys, digital signatures, certificates, confidential data in a novelty security environment protected from external attacks and no need to store private keys on the host side. The results of the work are procedures and schemes of application of cryptomicrops of asymmetric authentication to ensure the protection of Internet of Things. Analysis of the functioning of the presented schemes allowed to draw the following conclusions. The proposed structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things using cryptographic chips give the user an easy opportunity to implement cryptography without expertise in this field. These chips use the ECDSA digital signature computing and verification hardware with elliptical curve advantages, as a proven and reliable authentication algorithm, and the ECDH symmetric encryption session key generation unit. The provided schemes and procedures support three components of information security, namely: confidentiality, integrity and authenticity of data. Examples of potential applications of the provided schemes and procedures can be implemented using any asymmetric authentication chip, but it is recommended that they be used to generate encryption session keys and where digital signatures are required to verify data and code for integrity and authenticity.
The analysis of separate tools for the visualization of movement of cryptocurrency values, and also identification of users who carried out the corresponding transactions has been carried out. The advantages and disadvantages of cryptocurrency from the point of view of offenders and law enforcement agencies have been studied. The main directions of using cryptocurrency in a criminal environment have been determined. The current state and perspectives of normative and legal regulation of cryptocurrency in Ukraine have been analyzed. Theoretical principles of cryptocurrency functioning have been studied. The basic concepts used in this area have been revealed. The properties of cryptocurrency have been described. The mechanism of its issuance of guaranteeing pseudo-anonymity while working with cryptocurrency has been outlined. Some features of blockchain technology and formation of cryptocurrency addresses have been revealed. It has been noted that one of the first and most well-known cryptocurrency is bitcoin. The format of bitcoin address presentation has been described. It has been emphasized that bitcoin wallet software can operate with any number of addresses or each address can be served by a separate wallet. The technology of mixing transactions and the method of increasing the anonymity of CoinJoin have been described. The authors have revealed the possibilities of separate services intended for the analysis of cryptocurrency transactions (Maltego, Bitconeview, Bitiodine, OpReturnTool, Blockchain.info, Anyblockanalytics.com, Chainalysis, Elliptic, Ciphertrace, Blockchain Inspector). The process of risk assessment and construction of visual chains of cryptocurrency transactions has been demonstrated on the example of the “Crystal Expert” service. Different types of bitcoin addresses’ holders and risk levels have been described. The main and additional investigation tools used on the “Crystal Expert” platform have been revealed. Based on the conducted analysis, the authors have defined the main tasks for law enforcement agencies at the current stage of development of cryptocurrency. The basic requirements for tools designed for cryptocurrency analysis have been outlined. The authors have suggested some measures of law enforcement agencies’ respond to threats related to cryptocurrency.
Оперативні підрозділи відповідних спеціальних служб і органів державної влади при здійсненні своїх повноважень часто стикаються із задачею здійснення криптоаналізу отриманих зашифрованих даних. На практиці оперативне криптографічне розкриття таких даних зазвичай має дві суттєві обставини: відсутність спеціалізованих обчислювальних ресурсів та наявність лише обмеженої кількості персональних комп'ютерів з ОС Windows. Одним із актуальних способів підвищення ефективності криптоаналізу в таких умовах є реалізація паралельних розподілених клієнт-серверних обчислень на базі локальної мережі персональних комп'ютерів з ОС Windows, де сервер через деякий інтервал часу розподіляє виділені підмножини простору можливих ключів шифрування між агентами в локальній мережі, які в свою чергу передають задачу перебору ключів відповідній локальній програмі. Здійснений перший етап практичної оцінки застосунку Hashtopolis як інструмента розподіленого криптоаналізу в умовах обмежених ресурсів. Hashtopolis є працездатним у локальній мережі персональних Windows комп'ютерів і може бути використаний на практиці. Зростання швидкості паралельних обчислень не є прямо пропорційним кількості агентів, оскільки витрачається час на формування підмножин простору ключів, їхнього доставлення агентам та отриманням результатів перебору ключів. Практична оцінка Hashtopolis потребує подальшого дослідження зростання продуктивності його роботи у залежності від кількості агентів, інших типів ґешів і типів криптоаналізу (за словником, комбінований) та контролю температури процесорів на агентських машинах. Ідентифікована задача оптимального вибору для агентів розміру підмножини простору можливих ключів в залежності від кількості агентів, їх поточної швидкості перебору, алгоритму ґешу і типу перебору.
The mechanism of Ethereum transactions analysis during the prevention and investigation of criminal offenses based on the study of modern experience in this area has been proposed. The directions of cryptocurrency use by offenders have been revealed. The relationship between the decrease of the cash market and the increase in the use of cryptocurrencies has been described. The state of legal regulation of cryptocurrencies in Ukraine has been studied. The insufficient regulation of the issue of handling cryptocurrencies in criminal proceedings has been emphasized. The issue of impossibility to seize cryptocurrency assets during criminal investigation has been raised. The problematic issues faced by law enforcement agencies in other countries when seizing cryptocurrencies have been outlined. The structure and peculiarities of the cryptocurrency Ethereum circulation have been revealed. The features of the Ethereum platform and its distinctive features have been studied. The key standards that characterize the work of the Ethereum platform have been analyzed, explanations of key terms have been provided. The essential data in the blockchain for analysis have been highlighted, the procedure for accessing the Ethereum blockchain transactions has been described. Various web resources which one can access the Ethereum transaction blockchain through have been provided. The purpose of email mixing, the conditions under which the anonymity of the email address is lost have been revealed. Some software tools used to analyze ethereum transactions have been evaluated by experiment. Automation of searching and building a schema of relations of different identifiers of e-transactions on the example of Maltego Community Edition and Crystal Expert have been demonstrated. Additional modules that need to be installed in Maltego Community Edition to analyze the relevant transactions effectively have been described. It has been emphasized that when analyzing ethereum transactions, it is necessary to use not only ready-made tools, but also various scientific methods, such as identifying key criminal groups and wallets, identifying cases of money laundering using cryptocurrencies, additional address profiling, prevention of illegal behavior on the trading ethereum platform. The importance of effective analysis of cryptocurrencies for investigation has been described. The effectiveness of the Crystal Blockchain platform as a tool for analyzing Ethereum transactions in criminal investigations has been evaluated. The technical side of law enforcement training on the seizure of cryptocurrency assets has been revealed. For this purpose, it is recommended to use the so-called test networks. The mechanism of controlled transfer of cryptocurrency assets for custodial and non-custodial wallets has been proposed.
A modern city is a complex system that requires a unified systematic approach to ensuring public safety, law and order and environmental safety in the face of high levels of both man-made and natural risks. Due to the growing role of information technology in the functioning of a modern city, the threat of cyberattacks on critical municipal infrastructure has increased. The cost of such cyber-attacks can be very high, both for individual victims and for society as a whole. Cyberattacks can lead to the theft of sensitive information, data destruction or the disclosure of personal data. In addition, such attacks can lead to loss of working time and suspension of systems, which can have serious consequences for the city’s viability. The experience of other countries in protecting critical municipal infrastructure from cyber threats has been studied, analysed and summarised. The impact of the latest information technologies (such as the Internet of Things, artificial intelligence, blockchain) on the development of municipal infrastructure, the use of these technologies to protect critical infrastructure from cyberattacks, their advantages and disadvantages compared to classical security technologies have been considered. Particular attention has been paid to the problems of safe automation of modern city management processes such as automation of traffic control systems, environmental monitoring systems, financial systems, power grids, water and gas supply systems, communication systems, and control systems for wastewater treatment plants. The features of cyber attacks and the use of methods for protecting critical infrastructure in the context of hybrid warfare have been examined. Recommendations for a comprehensive increase in the level of protection of municipal critical infrastructure from cyber threats have been provided, taking into account the latest global trends in cybersecurity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.