https://www.mdu.se/

mdu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
Link to record
Permanent link

Direct link
Publications (10 of 18) Show all publications
Eklund, D., Iacovazzi, A., Wang, H., Pyrgelis, A. & Raza, S. (2024). BMI: Bounded Mutual Information for Efficient Privacy-Preserving Feature Selection. In: Lecture Notes in Computer Science, Vol. 14983: . Paper presented at 29th European Symposium on Research in Computer Security, ESORICS 2024, Bydgoszcz 16 September 2024 through 20 September 2024 (pp. 353-373). Springer Science and Business Media Deutschland GmbH
Open this publication in new window or tab >>BMI: Bounded Mutual Information for Efficient Privacy-Preserving Feature Selection
Show others...
2024 (English)In: Lecture Notes in Computer Science, Vol. 14983, Springer Science and Business Media Deutschland GmbH , 2024, p. 353-373Conference paper, Published paper (Refereed)
Abstract [en]

We introduce low complexity bounds on mutual information for efficient privacy-preserving feature selection with secure multi-party computation (MPC). Considering a discrete feature with N possible values and a discrete label with M possible values, our approach requires O(N) multiplications as opposed to O(NM) in a direct MPC implementation of mutual information. Our experimental results show that for regression tasks, we achieve a computation speed up of over 1,000× compared to a straightforward MPC implementation of mutual information, while achieving similar accuracy for the downstream machine learning model. 

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2024
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 14983 LNCS
Keywords
Feature Selection, Mutual Information, Privacy, Secure Multi-party Computation, Differential privacy, Complexity bounds, Computation speed, Features selection, Lower complexity, Multiparty computation, Mutual informations, Privacy preserving, Speed up
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-68577 (URN)10.1007/978-3-031-70890-9_18 (DOI)001331819600018 ()2-s2.0-85204610017 (Scopus ID)9783031708893 (ISBN)
Conference
29th European Symposium on Research in Computer Security, ESORICS 2024, Bydgoszcz 16 September 2024 through 20 September 2024
Available from: 2024-10-02 Created: 2024-10-02 Last updated: 2024-12-04Bibliographically approved
Yasin, A., Fatima, R., JiangBin, Z., Afzal, W. & Raza, S. (2024). Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security. Information and Software Technology, 170, Article ID 107426.
Open this publication in new window or tab >>Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security
Show others...
2024 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 170, article id 107426Article in journal (Refereed) Published
Abstract [en]

Context: In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Objectives: Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. Methodology: To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Results: Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Conclusion: Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.

Place, publisher, year, edition, pages
Elsevier B.V., 2024
Keywords
Education, Human factor in security, Information security, Phishing attack, Scam, Serious game, Computer crime, Cybersecurity, Digital devices, Ethical technology, Game design, Sensitive data, Digital age, Game-based Learning, Phishing, Phishing attacks, Serious gaming, Social engineering, Spear phishing, Serious games
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-66282 (URN)10.1016/j.infsof.2024.107426 (DOI)001224413000001 ()2-s2.0-85187177892 (Scopus ID)
Available from: 2024-03-20 Created: 2024-03-20 Last updated: 2024-05-29Bibliographically approved
Karlsson, A., Höglund, R., Wang, H., Iacovazzi, A. & Raza, S. (2024). Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT. In: 2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR: . Paper presented at 4th IEEE Annual International Conference on Cyber Security and Resilience (IEEE CSR), SEP 02-04, 2024, London, ENGLAND (pp. 82-89). IEEE
Open this publication in new window or tab >>Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT
Show others...
2024 (English)In: 2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, IEEE, 2024, p. 82-89Conference paper, Published paper (Refereed)
Abstract [en]

Cyber Threat Intelligence (CTI) development has largely overlooked the IoT - network-connected devices like sensors. These devices' heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations.

Place, publisher, year, edition, pages
IEEE, 2024
Keywords
Cyber Threat Intelligence, STIX, TAXII, Internet of Things, Indicator of Compromise, MISP
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-69172 (URN)10.1109/CSR61664.2024.10679511 (DOI)001327167900013 ()2-s2.0-85206142400 (Scopus ID)979-8-3503-7536-7 (ISBN)
Conference
4th IEEE Annual International Conference on Cyber Security and Resilience (IEEE CSR), SEP 02-04, 2024, London, ENGLAND
Available from: 2024-11-20 Created: 2024-11-20 Last updated: 2024-11-20Bibliographically approved
Kianpour, M. & Raza, S. (2024). More than malware: unmasking the hidden risk of cybersecurity regulations. International Cybersecurity Law Review
Open this publication in new window or tab >>More than malware: unmasking the hidden risk of cybersecurity regulations
2024 (English)In: International Cybersecurity Law Review, ISSN 2662-9720Article in journal (Refereed) Epub ahead of print
Abstract [en]

Cybersecurity investments are made within a complex and ever-evolving environment, where regulatory changes represent a significant risk factor. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies. This paper explores the determinants and implications of regulatory risks associated with cybersecurity, aiming to provide a deeper understanding of how these risks influence strategic decision-making. The study delves into the suggestion of preventive and mitigative controls that enable businesses to adapt to and mitigate potential disruptions caused by regulatory changes, thereby preserving their established cybersecurity practices. Another key contribution of this study is the introduction of a stochastic econometric model that illustrates how regulatory risks and uncertainties can affect investment behaviors, often prompting a “wait-and-see” stance. This model synthesizes the complex relationship among investment choices, regulatory changes, and cybersecurity risks, providing insights into the dynamic nature of cybersecurity investment strategies. The research findings offer valuable guidance for risk management and strategic planning in cybersecurity investments. By comprehensively understanding the drivers and impacts of regulatory risks, businesses and policymakers can develop more effective risk evaluation and management approaches. This is essential for sustaining a strong cybersecurity posture while navigating the changing regulatory environment. 

Place, publisher, year, edition, pages
Springer, 2024
National Category
Natural Sciences Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-65870 (URN)10.1365/s43439-024-00111-7 (DOI)
Projects
H2020 ARCADIAN-IoT
Available from: 2024-02-03 Created: 2024-02-03 Last updated: 2024-02-05Bibliographically approved
Khurshid, A. & Raza, S. (2023). AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance. Computers & security (Print), 124, 102952-102952, Article ID 102952.
Open this publication in new window or tab >>AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance
2023 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 124, p. 102952-102952, article id 102952Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) network is comprised of heterogeneous devices which are part of critical infrastructures throughout the world. To enable end-to-end security, the Public Key Infrastructure (PKI) is undergoing advancements to incorporate IoT devices globally which primarily provides device authen-tication. In addition to this, integrity of the software-state is vital, where Remote Attestation (RA) and Integrity Certificates play an important role. Though, Integrity Certificate verifies the software-state in-tegrity of the device at the time of execution of the remote attestation process, it does not provide mechanisms to validate that the current software-state corresponds to the attested state. This issue is referred to as the Time-Of-Check to Time-Of-Use (TOCTOU) problem and remains unsolved in the con-text of Integrity Certificates.In this paper, we propose AutoCert, the first TOCTOU-secure mechanism to combine software-state in-tegrity with PKI for IoT which resolves the TOCTOU problem in RA and Integrity Certificates. To this end, we utilize the IETF Remote Attestation Procedures architecture and standard X509 IoT profile certificates to ensure both device authentication and software assurance for IoT. We implement and evaluate the per-formance of the AutoCert proof-of-concept on a real IoT device, the OPTIGA TPM Evaluation Kit, to show its practicality and usability. AutoCert can validate the attested state of an IoT device in approximately 4746 milliseconds, with a minimal network overhead of 350 bytes.

National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-64232 (URN)10.1016/j.cose.2022.102952 (DOI)000882529500002 ()2-s2.0-85141299890 (Scopus ID)
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-09-29Bibliographically approved
Höglund, J., Furuhed, M. & Raza, S. (2023). Lightweight certificate revocation for low-power IoT with end-to-end security. Journal of Information Security and Applications, 73, 103424-103424, Article ID 103424.
Open this publication in new window or tab >>Lightweight certificate revocation for low-power IoT with end-to-end security
2023 (English)In: Journal of Information Security and Applications, ISSN 2214-2126, Vol. 73, p. 103424-103424, article id 103424Article in journal (Refereed) Published
Abstract [en]

Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-64231 (URN)10.1016/j.jisa.2023.103424 (DOI)000925935000001 ()2-s2.0-85146599883 (Scopus ID)
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-09-29Bibliographically approved
Ramadan, M. & Raza, S. (2023). Secure Equality Test Technique Using Identity-Based Signcryption for Telemedicine Systems. IEEE Internet of Things Journal, 10(18), 16594-16604
Open this publication in new window or tab >>Secure Equality Test Technique Using Identity-Based Signcryption for Telemedicine Systems
2023 (English)In: IEEE Internet of Things Journal, E-ISSN 2327-4662, Vol. 10, no 18, p. 16594-16604Article in journal (Refereed) Published
Abstract [en]

For telemedicine, wireless body area network (WBAN) offers enormous benefits where a patient can be remotely monitored without compromising the mobility of remote treatments. With the advent of high capacity and reliable wireless networks, WBANs are used in several remote monitoring systems, limiting the COVID-19 spread. The sensitivity of telemedicine applications mandates confidentiality and privacy requirements. In this article, we propose a secure WBAN-19 telemedicine system to overcome the pervasiveness of contagious deceases utilizing a novel aggregate identity-based signcryption scheme with an equality test feature. We demonstrate a security analysis regarding indistinguishable adaptive chosen-ciphertext attack (IND-CCA2), one-way security against adaptive chosen-ciphertext attack (OW-CCA2), and unforgeability against adaptive chosen-message attack (EUF-CMA) under the random oracle model. The security analysis of the scheme is followed by complexity evaluations where the computation cost and communication overhead are measured. The evaluation demonstrates that the proposed model is efficient and applicable in telemedicine systems with high-performance capacities.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-64230 (URN)10.1109/jiot.2023.3269222 (DOI)001085214200067 ()2-s2.0-85162875459 (Scopus ID)
Funder
Vinnova, 2021-01690
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-11-15Bibliographically approved
Khurshid, A., Yalew, S. D., Aslam, M. & Raza, S. (2023). ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software Stack. IEEE Transactions on Dependable and Secure Computing, 20(2), 1031-1047
Open this publication in new window or tab >>ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software Stack
2023 (English)In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 20, no 2, p. 1031-1047Article in journal (Refereed) Published
Abstract [en]

Securing IoT devices is gaining attention as the security risks associated with these devices increase rapidly. TrustZone-M, a Trusted Execution Environment (TEE) for Cortex-M processors, ensures stronger security within an IoT device by allowing isolated execution of security-critical operations, without trusting the entire software stack. However, TrustZone-M does not guarantee secure cross-world communication between applications in the Normal and Secure worlds. The cryptographic protection of the communication channel is an obvious solution; however, within a low-power IoT device, it incurs high overhead if applied to each cross-world message exchange. We present ShieLD, a framework that enables a secure communication channel between the two TrustZone-M worlds by leveraging the Memory Protection Unit (MPU). ShieLD guarantees confidentiality, integrity and authentication services without requiring any cryptographic operations. We implement and evaluate ShieLD using a Musca-A test chip board with Cortex-M33 that supports TrustZone-M. Our empirical evaluation shows, among other gains, the cross-zone communication protected with ShieLD is 5 times faster than the conventional crypto-based communication.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-64233 (URN)10.1109/tdsc.2022.3147262 (DOI)000967266100001 ()2-s2.0-85124184486 (Scopus ID)
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-11-15Bibliographically approved
Wang, H., Muñoz-González, L., Hameed, M. Z., Eklund, D. & Raza, S. (2023). SparSFA: Towards robust and communication-efficient peer-to-peer federated learning. Computers & security (Print), 129, Article ID 103182.
Open this publication in new window or tab >>SparSFA: Towards robust and communication-efficient peer-to-peer federated learning
Show others...
2023 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 129, article id 103182Article in journal (Refereed) Published
Abstract [en]

Federated Learning (FL) has emerged as a powerful paradigm to train collaborative machine learning (ML) models, preserving the privacy of the participants’ datasets. However, standard FL approaches present some limitations that can hinder their applicability in some applications. Thus, the need of a server or aggregator to orchestrate the learning process may not be possible in scenarios with limited connectivity, as in some IoT applications, and offer less flexibility to personalize the ML models for the different participants. To sidestep these limitations, peer-to-peer FL (P2PFL) provides more flexibility, allowing participants to train their own models in collaboration with their neighbors. However, given the huge number of parameters of typical Deep Neural Network architectures, the communication burden can also be very high. On the other side, it has been shown that standard aggregation schemes for FL are very brittle against data and model poisoning attacks. In this paper, we propose SparSFA, an algorithm for P2PFL capable of reducing the communication costs. We show that our method outperforms competing sparsification methods in P2P scenarios, speeding the convergence and enhancing the stability during training. SparSFA also includes a mechanism to mitigate poisoning attacks for each participant in any random network topology. Our empirical evaluation on real datasets for intrusion detection in IoT, considering both balanced and imbalanced-dataset scenarios, shows that SparSFA is robust to different indiscriminate poisoning attacks launched by one or multiple adversaries, outperforming other robust aggregation methods whilst reducing the communication costs through sparsification.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-64229 (URN)10.1016/j.cose.2023.103182 (DOI)000961304800001 ()2-s2.0-85151480655 (Scopus ID)
Funder
European Commission
Available from: 2023-09-11 Created: 2023-09-11 Last updated: 2023-10-20Bibliographically approved
Raza, S., Duquennoy, S., Höglund, J., Roedig, U. & Voigt, T. (2014). Secure Communication for the Internet of Things - A Comparison of Link-Layer Security and IPsec for 6LoWPAN. Security and Communication Networks, 7(12), 2654-2668
Open this publication in new window or tab >>Secure Communication for the Internet of Things - A Comparison of Link-Layer Security and IPsec for 6LoWPAN
Show others...
2014 (English)In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, Vol. 7, no 12, p. 2654-2668Article in journal (Refereed) Published
Abstract [en]

The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as security mechanism for the IoT. Smart objects are generally added to the Internet using 6LoWPAN which defines IP communication for resource constrained networks. Thus, to provide security for the IoT based on the trusted and tested IPsec mechanism it is necessary to define an IPsec extension of 6LoWPAN. In this paper we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation which we evaluate and compare with our implementation of IEEE 802.15.4 link-layer security. We also show that it is possible to reuse crypto hardware within existing IEEE 802.15.4 transceivers for 6LoWPAN/IPsec. The evaluation results show that IPsec is a feasible option for securing the IoT in terms of packet size, energy consumption, memory usage, and processing time. Furthermore, we demonstrate that in contrast to common belief IPsec scales better than link-layer security as the data size and the number of hops grow, resulting in time and energy savings. 

Place, publisher, year, edition, pages
John Wiley & Sons, 2014
Keywords
Security; Internet of Things; 6LoWPAN; IPsec; IEEE 802.15.4 Security
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-18865 (URN)10.1002/sec.406 (DOI)000345633500035 ()2-s2.0-84911865485 (Scopus ID)
Available from: 2013-04-30 Created: 2013-04-30 Last updated: 2021-12-01Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-8192-0893

Search in DiVA

Show all publications