Search results
1 – 10 of 178Embedded systems, Internet of Things (IoT) and mobile computing devices are used in various domains which include public-private infrastructure, industrial installation and…
Abstract
Embedded systems, Internet of Things (IoT) and mobile computing devices are used in various domains which include public-private infrastructure, industrial installation and critical environment. Generally, information handled by these devices is private and critical. Therefore, it must be appropriately secured from different attacks and hackers. Lightweight cryptography is an aspiring field which investigates the implementation of cryptographic primitives and algorithms for resource constrained devices. In this paper, a new compact hybrid lightweight encryption technique has been proposed. Proposed technique uses the fastest bit permutation instruction PERMS with S-box of PRESENT block cipher for non-linearity. An arbitrary n-bit permutation is performed using PERMS instruction in less than log (n) number of instructions. This new hybrid system has been analyzed for software performance on Advanced RISC Machine (ARM) and Intel processor whereas Cadens tool is used to analyze the hardware performance. The result of the proposed technique is improved by the factor of eight as compared to the PRESENT-GRP hybrid block cipher. Moreover, PERMS instruction bit permutation properties result a very good avalanche effect and compact implementation in the both hardware and software environment.
Details
Keywords
Abstract
Details
Keywords
The innovation of cryptography technique and blockchain has made cryptocurrency an alternative medium of exchange due to its safety, transparency and cost effectiveness. But its…
Abstract
Purpose
The innovation of cryptography technique and blockchain has made cryptocurrency an alternative medium of exchange due to its safety, transparency and cost effectiveness. But its main feature cannot be separated from the users who use cryptocurrency for their illegal transactions. There are several arguments related to the legality of cryptocurrency. The purpose of this paper is to analyze the nature of cryptocurrency based on characteristics of money, legal perspective, economic perspective and Sharia perspective.
Design/methodology/approach
In this study, the methodology used is descriptive with a qualitative approach. The object of this research is cryptocurrency. The data are secondary data obtained from peer-reviewed journal articles, conference papers review, working paper and Sharia consultant reports addressing the legality of cryptocurrency. The literature review analysis includes the following steps: material collection, descriptive analysis, discussion with people in Sharia competency and intuitive-subjective material evaluation.
Findings
Regarding the characteristic of money, cryptocurrency is acceptable. But in terms of the legal perspectives, cryptocurrency does not meet the criteria as currency. From the economic perspective, cryptocurrency does not fully meet the characteristic currency due to high price volatility, and from the Sharia perspective, cryptocurrency can be considered property (mal) but not as a monetary value (thamanniyah).
Research limitations/implications
The research findings are based on the journal articles, working paper and Sharia consultant report, and it may lack Sharia’s opinion. Any further discussion related to Sharia perspectives will be a great input to enrich the study.
Practical implications
This study also includes the implications related to the opportunities and the risks of cryptocurrency that can be discussed for the development of the cryptocurrency in the future.
Social implications
This study includes the implication cryptocurrency is using as nature of money and not as speculative instrument.
Originality/value
This study argued the legality of cryptocurrency in four perspectives such as the nature of money, legal, economy and Sharia perspective.
Details
Keywords
Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger and Roberto Maldonado
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software…
Abstract
Purpose
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.
Design/methodology/approach
An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.
Findings
Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.
Practical implications
A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.
Originality/value
Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.
Details
Keywords
- Software development
- Blockchain
- Cybersecurity
- Operational flight program
- Secure development environment
- Secure virtual machine
- Zero trust
- Embedded systems
- Mission-critical systems
- OFP
- DevOps
- DevSecOps
- Software support activity
- SSA
- SDE
- Permissioned blockchain
- Cryptocurrency
- Time-limited authorization for developer action
- TADA
- Code signing
- Trusted software guard
- SGX
- Trusted eXecution technology
- TXT
- Trusted platform module
- Self-hosting
- Controlled access blockchain
- CABlock
- Role-based access control
- RBAC
Yong Ding, Peixiong Huang, Hai Liang, Fang Yuan and Huiyong Wang
Recently, deep learning (DL) has been widely applied in various aspects of human endeavors. However, studies have shown that DL models may also be a primary cause of data leakage…
Abstract
Purpose
Recently, deep learning (DL) has been widely applied in various aspects of human endeavors. However, studies have shown that DL models may also be a primary cause of data leakage, which raises new data privacy concerns. Membership inference attacks (MIAs) are prominent threats to user privacy from DL model training data, as attackers investigate whether specific data samples exist in the training data of a target model. Therefore, the aim of this study is to develop a method for defending against MIAs and protecting data privacy.
Design/methodology/approach
One possible solution is to propose an MIA defense method that involves adjusting the model’s output by mapping the output to a distribution with equal probability density. This approach effectively preserves the accuracy of classification predictions while simultaneously preventing attackers from identifying the training data.
Findings
Experiments demonstrate that the proposed defense method is effective in reducing the classification accuracy of MIAs to below 50%. Because MIAs are viewed as a binary classification model, the proposed method effectively prevents privacy leakage and improves data privacy protection.
Research limitations/implications
The method is only designed to defend against MIA in black-box classification models.
Originality/value
The proposed MIA defense method is effective and has a low cost. Therefore, the method enables us to protect data privacy without incurring significant additional expenses.
Details
Keywords
Lemma Lessa and Daniel Gebrehawariat
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an…
Abstract
Purpose
This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.
Design/methodology/approach
Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.
Findings
The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.
Originality/value
This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.
Details
Keywords
Zhizhao Zhang, Tianzhi Yang and Yuan Liu
The purpose of this work is to bridge FL and blockchain technology through designing a blockchain-based smart agent system architecture and applying in FL. and blockchain…
Abstract
Purpose
The purpose of this work is to bridge FL and blockchain technology through designing a blockchain-based smart agent system architecture and applying in FL. and blockchain technology through designing a blockchain-based smart agent system architecture and applying in FL. FL is an emerging collaborative machine learning technique that trains a model across multiple devices or servers holding private data samples without exchanging their data. The locally trained results are aggregated by a centralized server in a privacy-preserving way. However, there is an assumption where the centralized server is trustworthy, which is impractical. Fortunately, blockchain technology has opened a new era of data exchange among trustless strangers because of its decentralized architecture and cryptography-supported techniques.
Design/methodology/approach
In this study, the author proposes a novel design of a smart agent inspired by the smart contract concept. Specifically, based on the proposed smart agent, a fully decentralized, privacy-preserving and fair deep learning blockchain-FL framework is designed, where the agent network is consistent with the blockchain network and each smart agent is a participant in the FL task. During the whole training process, both the data and the model are not at the risk of leakage.
Findings
A demonstration of the proposed architecture is designed to train a neural network. Finally, the implementation of the proposed architecture is conducted in the Ethereum development, showing the effectiveness and applicability of the design.
Originality/value
The author aims to investigate the feasibility and practicality of linking the three areas together, namely, multi-agent system, FL and blockchain. A blockchain-FL framework, which is based on a smart agent system, has been proposed. The author has made several contributions to the state-of-the-art. First of all, a concrete design of a smart agent model is proposed, inspired by the smart contract concept in blockchain. The smart agent is autonomous and is able to disseminate, verify the information and execute the supported protocols. Based on the proposed smart agent model, a new architecture composed by these agents is formed, which is a blockchain network. Then, a fully decentralized, privacy-preserving and smart agent blockchain-FL framework has been proposed, where a smart agent acts as both a peer in a blockchain network and a participant in a FL task at the same time. Finally, a demonstration to train an artificial neural network is implemented to prove the effectiveness of the proposed framework.
Details