International Computer Security Day 2021: A Day to Strengthen Our Cyber Defences

Something that most businesses are beginning to understand is that, in today’s hyper connected age, robust cybersecurity is no longer an option, it’s a necessity.  In the UK alone, 39% of all businesses have suffered a data breach within the past 12 months, and this figure increases substantially for medium (65%) and large enterprises (64%). So, this Computer Security Day, what should organisations be doing to better protect their most valuable assets from cyber threats?

Read more...

Black Friday 2021: Top tips to keep your business safe and maximise sales

Black Friday has gathered momentum in the UK over the past decade, becoming the peak Christmas shopping day. This year, customers are expected to spend £9.2 billion over the weekend – 15% more than last year.
However, while retailers are looking to ramp up their offerings and optimise sales, businesses and consumers alike must protect themselves against the cyber-criminals poised to take advantage of the spike in online-spending – from ‘too good to be true’ phishing emails, to online fraud.
This Black Friday weekend, we spoke to a range of industry experts, who offered their advice on getting ready for the busy period – and protecting against the increased threat.

Read more...

Identifying the Phishing Websites Using the Patterns of TLS Certificates

With the recent rise of HTTPS adoption on the Web, attackers have begun “HTTPSifying” phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet.

Read more...

Authentication Mechanisms in the 5G System

The 5G system introduces multiple new authentication mechanisms. The initial 5G specification in 3GPP Release 15 defines the initial security solution including primary and secondary authentication. Further enhancements and additional security features are added in Release 16; some of them introduce new types of authentication. As a result, the scope and meaning of ‘authentication’ has expanded. This is a new trend in the 5G system as it introduces new concepts that did not exist in the preceding generation systems. One such example is the slice authentication for which the authentication is performed at the network slice level. As a result, the authentication mechanisms become more complex. This paper clarifies the details of each of these different authentication mechanisms.

Read more...

Blockchain-based Trusty Buyer Coalition Scheme Using A Group Signature

Without trust, buyers may not join a coalition. Despite the tremendous need for trustworthy relationships in buyer coalitions, no current buyer coalition scheme explicitly tackles confidence issues with blockchain technology. This study proposes an algorithmic design, the blockchain-based trusty buyer coalition scheme, to satisfy the trust requirement among different actors while forming the coalition. All activities forming a coalition through a decentralized public ledger can be explicitly examined. Consequently, the proposed algorithm can ensure anonymity within a community, resulting in trusting relationships. Furthermore, the proposed algorithm can ensure correctness and accountability by recognizing misbehavior and enforcing alternative forms of punishment. Additionally, the discovered algorithm can be applied to mobile commerce applications.

Read more...

Data Tamper Detection from NoSQL Database in Forensic Environment

Abstract: The growth of service sector is increasing the usage of digital applications worldwide. These digital applications are making use of database to store the sensitive and secret information. As the database has distributed over the internet, cybercrime attackers may tamper the database to attack on such sensitive and confidential information. In such scenario, maintaining the integrity of database is a big challenge. Database tampering will change the database state by any data manipulation operation like insert, update or delete. Tamper detection techniques are useful for the detection of such data tampering which play an important role in database forensic investigation process. Use of NoSQL database has been attracted by big data requirements. Previous research work has limited to tamper detection in relational database and very less work has been found in NoSQL database. So there is a need to propose a mechanism to detect the tampering of NoSQL database systems. Whereas this article proposes an idea of tamper detection in NoSQL database such as MongoDB and Cassandra, which are widely used document-oriented and column-based NoSQL database respectively. This research work has proposed tamper detection technique which works in forensic environment to give more relevant outcome on data tampering and distinguish between suspicious and genuine tampering.

Read more...

Database Security Enhancement by Eliminating the Redundant and Incorrect Spelled Data Entries

Database is used for storing the data in an easy and efficient format. In recent days large size of data has been generated through number of applications and same has been stored in the database. Considering the importance of data in every sector of digitized world, it is foremost important to secure the data. Hence, database security has been given a prime importance in every organization. Redundant data entries may stop the functioning of the database.

Read more...

What exactly is Security Assurance?

If you are a regular reader of Cybersecurity Magazine, you may have come across Security Assurance before. In this article, we take a look at what is behind this abstract term and why it is so important.
Security assurance is an umbrella term for several processes aimed at ensuring individual system components can adequately protect themselves from attacks. Doing so requires not just a one-time effort, but actually spans the complete system lifecycle. After all, what is considered an acceptable security posture may change over time depending on, for example, newly emerging threats or changes to how the system itself is utilized.

Read more...

A Secure Trust-aware Cross-layer Routing Protocol for Vehicular Ad hoc Networks

VANETs currently represent one of the most prominent solutions that aim to reduce the number of road accident victims and congestion problems while improving the quality of driving. VANETs form a very dynamic open network in which vehicles exchange information and warnings about road situations and other traffic information through several routing protocols, without any intermediate control.

Read more...

A Boosted Performances of NTRUencrypt Post-Quantum Cryptosystem

Abstract: The bottleneck of all cryptosystems is the difficulty of the computational complexity of the polynomials multiplication, vectors multiplication, etc. Thus most of them use some algorithms to reduce the complexity of the multiplication like NTT, Montgomery, CRT, and Karatsuba algorithms, etc. We contribute by creating a new release of NTRUencrypt1024 with great improvement, by using our own polynomials multiplication algorithm operate in the ring of the form Rq=Zq[X]/(XN+1), combined to Montgomery algorithm rather than using the NTT algorithm as used by the original version.

Read more...