Cyber Security in Parallel and Distributed Computing
Description
The main objective of this book is to explore the concept of cybersecurity in parallel and distributed computing along with recent research developments in the field. Also included are various real-time/offline applications and case studies in the fields of engineering and computer science and the modern tools and technologies used. Information concerning various topics relating to cybersecurity technologies is organized within the sixteen chapters of this book.
Some of the important topics covered include:
* Research and solutions for the problem of hidden image detection
* Security aspects of data mining and possible solution techniques
* A comparative analysis of various methods used in e-commerce security and how to perform secure payment transactions in an efficient manner
* Blockchain technology and how it is crucial to the security industry
* Security for the Internet of Things
* Security issues and challenges in distributed computing security such as heterogeneous computing, cloud computing, fog computing, etc.
* Demonstrates the administration task issue in unified cloud situations as a multi-target enhancement issue in light of security
* Explores the concepts of cybercrime and cybersecurity and presents the statistical impact it is having on organizations
* Security policies and mechanisms, various categories of attacks (e.g., denial-of-service), global security architecture, along with distribution of security mechanisms
* Security issues in the healthcare sector with existing solutions and emerging threats.
More details
Other editions
Additional editions
Persons
Dac-Nhuong Le obtained his PhD in computer science from Vietnam National University, Vietnam in 2015. He is Deputy-Head of Faculty of Information Technology, Haiphong University, Vietnam. His area of research includes: evaluation computing and approximate algorithms, network communication, security and vulnerability, network performance analysis and simulation, cloud computing, IoT and image processing in biomedicine. He has authored 4 computer science books and has multiple research articles in international journals.
Raghvendra Kumar completed his PhD in the Faculty of Engineering and Technology, Jodhpur National University, India. He has authored several research papers in Scopus indexed and impact factor research journals\international conferences as well as 6 authored and 9 edited books on computer science. His areas of interest include wireless sensor network (WSN), Internet of Things, mobile application programming, ad hoc networks, cloud computing, big data, mobile computing, data mining and software engineering.
Brojo Kishore Mishra is an Associate Professor at the C. V. Raman College of Engineering (Autonomous), Bhubaneswar, India. He received his PhD degree in Computer Science from the Berhampur University in 2012. He has published more than 40 research papers in peer-reviewed journals. His research interests include data mining and big data analysis, machine learning, soft computing, and evolutionary computation.
Jyotir Moy Chatterjee is working as an Assistant Professor in the Department of Computer Science and Engineering at GD-RCET, Bhilai, C.G, India. He received his M.Tech from KIIT University, Bhubaneswar, Odisha and B.Tech in Computer Science & Engineering from Dr. MGR Educational & Research Institute University, Chennai, (Tamil Nadu). His research interests include cloud computing, big data, privacy preservation and data mining.
Manju Khari is an Assistant Professor at the Ambedkar Institute of Advanced Communication Technology and Research, Delhi, India. She holds a PhD in Computer Science & Engineering from the National Institute of Technology Patna. She has published 60 papers in refereed national and international journals and conferences. Her research interests are in software testing, software quality, software metrics, information security and nature-inspired algorithms.
Content
List of Figures xv
List of Tables xvii
Foreword xix
Preface xxi
Acknowledgments xxv
Acronyms xxvii
Part 1 Cybersecurity Concept
1 Introduction on Cybersecurity 3
Ishaani Priyadarshini
1.1 Introduction to Cybersecurity 5
1.2 Cybersecurity Objectives 6
1.3 Cybersecurity Infrastructure and Internet Architecture (NIST) 8
1.4 Cybersecurity Roles 10
1.5 Cybercrimes 17
1.5.1 Overview 17
1.5.2 Traditional Computer Crime and Contemporary Computer Crime 18
1.5.3 Combating Crimes 21
1.6 Security Models 23
1.7 Computer Forensics 25
1.8 Cyber Insurance 27
1.8.1 Digital Citizenship 29
1.8.2 Information Warfare and its Countermeasures 31
1.8.3 Network Neutrality 33
1.8.4 Good Practices and Policies 34
1.8.5 Cybersecurity and Human Rights 35
1.9 Future of Cybersecurity 36
1.10 Conclusion 36
References 37
2 Steganography and Steganalysis 39
Ho Thi Huong Thom, Nguyen Kim Anh
2.1 Introduction 40
2.2 Steganography 41
2.2.1 Method for Evaluating Hidden Information Schema Security 41
2.2.2 Peak Signal-to-Noise Ratio 42
2.3 Steganalysis 42
2.3.1 Blind Detection Based on LSB 43
2.3.2 Constraint Steganalysis 45
2.4 Conclusion 46
References 46
3 Security Threats and Vulnerabilities in E-business 51
Satya Narayan Tripathy, Sisira Kumar Kapat, Susanta Kumar Das
3.1 Introduction to e-Business 52
3.1.1 Benefits of e-Business 52
3.1.2 Business Revolution 53
3.2 Security Issues in e-Business 54
3.2.1 Vulnerabilities 54
3.2.2 Security Attacks 55
3.2.3 Malware as a Threat 55
3.3 Common Vulnerabilities in e-Business 55
3.3.1 Phishing 55
3.3.2 Cross-Site Scripting (XSS) 56
3.4 Threats in e-Business 56
3.4.1 Ransomware 56
3.4.2 Spyware 56
3.4.3 Worms 57
3.4.4 Trojan Horse 57
3.5 Prevention Mechanism 57
3.6 Conclusion 58
References 58
4 e-Commerce Security: Threats, Issues, and Methods 61
Prerna Sharma, Deepak Gupta, Ashish Khanna
4.1 Introduction 62
4.2 Literature Review 63
4.3 e-Commerce 63
4.3.1 Characteristics of e-Commerce Technology 63
4.3.2 Architectural Framework of e-Commerce 64
4.3.3 Advantages and Disadvantages of e-Commerce 66
4.4 Security Overview in e-Commerce 67
4.4.1 Purpose of Security in e-Commerce 67
4.4.2 Security Element at Different Levels of e-Commerce System 67
4.5 Security Issues in e-Commerce 68
4.5.1 Client Level 68
4.5.2 Front-End Servers and Software Application Level 68
4.5.3 Network and Server Level 68
4.6 Security Threats in e-Commerce 69
4.7 Security Approaches in e-Commerce 72
4.8 Comparative Analysis of Various Security Threats in e-Commerce 73
4.9 e-Commerce Security Life-Cycle Model 73
4.10 Conclusion 75
References 76
5 Cyberwar is Coming 79
T. Manikandan, B. Balamurugan, C. Senthilkumar, R. Rajesh Alias Harinarayan, R. Raja Subramanian
5.1 Introduction 80
5.2 Ransomware Attacks 82
5.2.1 Petya 83
5.2.2 WannaCry 83
5.2.3 Locky 84
5.3 Are Nations Ready? 85
5.4 Conclusion 88
References 88
Part 2 Cybersecurity in Parallel and Distributed Computing Techniques
6 Introduction to Blockchain Technology 93
Ishaani Priyadarshini
6.1 Introduction 94
6.2 Need for Blockchain Security 95
6.3 Characteristics of Blockchain Technology 96
6.4 Types of Blockchains 97
6.5 The Architecture of Blockchain Technology 97
6.6 How Blockchain Technology Works 100
6.7 Some Other Case Studies for Blockchain Technology 102
6.8 Challenges Faced by Blockchain Technology 103
6.9 The Future of Blockchain Technology 105
6.10 Conclusion 106
References 106
7 Cyber-Security Techniques in Distributed Systems, SLAs and other Cyber Regulations 109
Soumitra Ghosh, Anjana Mishra, Brojo Kishore Mishra
7.1 Introduction 110
7.1.1 Primary Characteristics of a Distributed System 110
7.1.2 Major Challenges for Distributed Systems 111
7.2 Identifying Cyber Requirements 112
7.3 Popular security mechanisms in Distributed Systems 113
7.3.1 Secure Communication 113
7.3.2 Message Integrity and Confidentiality 115
7.3.3 Access Controls 116
7.4 Service Level Agreements 118
7.4.1 Types of SLAs 118
7.4.2 Critical Areas for SLAs 119
7.5 The Cuckoo's Egg in the Context of IT Security 122
7.6 Searching and Seizing ComputerRelated Evidence 124
7.6.1 Computerized Search Warrants 124
7.6.2 Searching and Seizing 125
7.7 Conclusion 126
References 126
8 Distributed Computing Security: Issues and Challenges 129
Munmun Saha, Sanjaya Kumar Panda and Suvasini Panigrahi
8.1 Introduction 130
8.2 Security Issues and Challenges 131
8.2.1 Confidentiality, Integrity and Availability 131
8.2.2 Authentication and Access Control Issue 132
8.2.3 Broken Authentication, Session and Access 132
8.3 Security Issues and Challenges in Advanced Areas 133
8.4 Conclusion 136
References 136
9 Organization Assignment in Federated Cloud Environments based on Multi-Target Optimization of Security 139
Abhishek Kumar, Palvadi Srinivas Kumar, T.V.M. Sairam
9.1 Introduction 140
9.2 Background Work Related to Domain 141
9.2.1 Basics on Cloud computing 141
9.2.2 Clouds Which are Federated 141
9.2.3 Cloud Resource Management 141
9.3 Architectural-Based Cloud Security Implementation 142
9.4 Expected Results of the Process 144
9.5 Conclusion 146
References 146
10 An On-Demand and User-friendly Framework for Cloud Data Centre Networks with Performance Guarantee 149
P. Srinivas Kumar, Abhishek Kumar, Pramod Singh Rathore, Jyotir Moy Chatterjee
10.1 Introduction 150
10.1.1 Key Research Problems in This Area 150
10.1.2 Problems with Interoperability 151
10.2 Difficulties from a Cloud Adoption Perspective 151
10.3 Security and Privacy 151
10.3.1 Resource Provisioning 152
10.3.2 How Do We Define Cloud? 153
10.3.3 Public vs Private Cloud-Based Services 153
10.3.4 Traffic-Aware VM Migration to Load Balance Cloud Servers 154
10.4 Conclusion and Future Work 157
References 157
Part 3 Cybersecurity Applications and Case Studies
11 Cybersecurity at Organizations: A Delphi Pilot Study of Expert Opinions About Policy and Protection 163
Holly Reitmeier, Jolanda Tromp, John Bottoms
11.1 Introduction 164
11.1.1 What is Cybercrime? 164
11.1.2 What is Cybersecurity? 165
11.1.3 Purpose of This Cybersecurity Pilot Study 165
11.1.4 Methods of Cybersecurity Professionals 165
11.2 Shocking Statistics of Cybercrime 166
11.2.1 Role of the Internet Crime Complaint Center 166
11.2.2 2016 Global Economic Crime Survey Report 168
11.2.3 Inadequate Preparation at Organizations 168
11.2.4 Organizations: Be Aware, Be Secure 168
11.3 Cybersecurity Policies for Organizations 169
11.3.1 Classification of Cybersecurity at an Organization 171
11.3.2 Pyramid of Cybersecurity 171
11.4 Blockchain Technology 172
11.5 Research Methodology 173
11.5.1 Quantitative and Qualitative Data Collection 173
11.5.2 Design of the Study 174
11.5.3 Selection of the Delphi Method 174
11.5.4 Procedure of Utilization of the Delphi Method 175
11.5.5 Delphi Activities (Iteration Rounds) of This Pilot Study 175
11.6 Results of the Cybersecurity Delphi Study 176
11.6.1 Results from Round One 176
11.6.2 Results of Round Two 178
11.6.3 Discussion and Limitations Based on the Results 181
11.7 Conclusion 183
11.7.1 The Literature in the Field 183
11.7.2 Next Steps for Future Research 184
References 184
12 Smartphone Triggered Security Challenges - Issues, Case Studies and Prevention 187
Saurabh Ranjan Srivastava, Sachin Dube, Gulshan Shrivastava, Kavita Sharma
12.1 Introduction 188
12.2 Classification of Mobile Security Threats 188
12.2.1 Physical Threats 189
12.2.2 Web-Based Threats 189
12.2.3 Application-Based Threats 189
12.2.4 Network-Based Threats 190
12.2.5 Data Transfer-Based Threats 191
12.2.6 Improper Session Management-Based Threats 191
12.2.7 Bluetooth-Based Threats 191
12.2.8 Application Platform-Based Threats 192
12.3 Smartphones as a Tool of Crime 192
12.4 Types of Mobile Phone-Related Crimes 193
12.5 Types of Mobile Fraud 196
12.6 Case Studies 198
12.6.1 Mobile Identity Theft 198
12.6.2 Data Theft by Applications 200
12.6.3 SIM Card Fraud 200
12.7 Preventive Measures and Precautions 201
12.7.1 Against Physical Loss and Theft of the Mobile Device 201
12.7.2 Against SMiShing Attacks 202
12.7.3 Against App-Based Attacks 203
12.7.4 Against Identity Theft and SIM Card Fraud 203
12.8 Conclusion 204
References 205
13 Cybersecurity: A Practical Strategy Against Cyber Threats, Risks with Real World Usages 207
Anjana Mishra, Soumitra Ghosh, Brojo Kishore Mishra
13.1 Introduction 208
13.2 Cyberwar 209
13.3 Arms Control in Cyberwar 210
13.4 Internet Security Alliance 211
13.5 Cybersecurity Information Sharing Act 212
13.6 Market for Malware 214
13.7 Mobile Cybersecurity 215
13.8 Healthcare 216
13.9 Human Rights 217
13.10 Cybersecurity Application in Our Life 218
13.11 Conclusion 219
References 219
14 Security in Distributed Operating System: A Comprehensive Study 221
Sushree Bibhuprada B. Priyadarshini, Amiya Bhusan Bagjadab, Brojo Kishore Mishra
14.1 Introduction to Security and Distributed Systems 222
14.2 Relevant Terminology 225
14.3 Types of External Attacks 225
14.4 Globus Security Architecture 228
14.5 Distribution of Security Mechanism 229
14.6 Conclusions 230
References 230
15 Security in Healthcare Applications based on Fog and Cloud Computing 231
Rojalina Priyadarshini, Mohit Ranjan Panda, Brojo Kishore Mishra
15.1 Introduction 232
15.2 Security Needs of Healthcare Sector 233
15.2.1 Data Integrity 233
15.2.2 Data Confidentiality 233
15.2.3 Authentication and Authorization 233
15.2.4 Availability 234
15.2.5 Access Control 234
15.2.6 Dependability 234
15.2.7 Flexibility 234
15.3 Solutions to Probable Attacks in e-Healthcare 234
15.3.1 Jamming Attack 235
15.3.2 Data Collision Attack 235
15.3.3 Desynchronization Attack 235
15.3.4 Spoofing Attack 236
15.3.5 Man-in-the-Middle Attack 236
15.3.6 Denial-of-Service (DoS) Attack 237
15.3.7 Insider Attack 238
15.3.8 Masquerade Attack 238
15.3.9 Attacks on Virtual Machine and Hypervisor 239
15.4 Emerging Threats in Cloud- and Fog-Based Healthcare System 240
15.4.1 Software Supply Chain Attacks 240
15.4.2 Ransomware Attacks 240
15.4.3 Crypto-Mining and Crypto-Jacking Malware 240
15.5 Conclusion 241
References 241
16 Mapping of e-Wallets with Features 245
Alisha Sikri, Surjeet Dalal, N.P Singh, Dac-Nhuong Le
16.1 Introduction 246
16.1.1 e-Wallet 246
16.1.2 Objectives 247
16.2 Review of Literature 250
16.3 Market Share of e-Wallet 251
16.3.1 Technical Features 252
16.3.2 Legal Features 252
16.3.3 Operational Features 253
16.3.4 Security Features 253
16.4 Research Methodology 253
16.5 Result Analysis 255
16.6 Conclusions and future work 256
References 256
Chapter 1
Introduction on Cybersecurity
Ishaani Priyadarshini
University of Delaware, Newark, Delaware, USA
Email: IshaaniPriyadarshini@udel.edu
Abstract
In a world ruled by speed and perfection, technology relies primarily on computer science. Be it a simple act of sending an email or a critical act of conveying billions of dollars, almost everything is merely a click away. The world of computer science keeps people engaged in activities like gaming, website surfing, social media, banking, digital citizenship, etc., with a grip spanning many domains such as hardware, software, network, data, etc. Because so many activities rely on computers, they attract criminals, which ultimately leads to cybercrime, which could be as elementary as basic hacking or as elaborate as ransomware attacks or financial cybercrimes. The consequences may vary from loss of personal or sensitive information to loss of massive amounts of money. Thus, the need to ensure cybersecurity is paramount. In this chapter, we will take a look at the concept of cybersecurity, its causes, consequences and principles. The idea of cybersecurity is not only limited to small firms and educational institutions, but also spreads across various industries and governments, making it one of the most significant areas of study. In the past, certain objectives have been proposed to safeguard such critical cyber infrastructures. Certain standards, guidelines and practices have found their place in cybersecurity frameworks to ensure that the cyber infrastructure and architecture is secure. Since the operations are multiple as well as insightful, they must be carried out by accountable personnel, such as the security administrator or incident response team, who are usually given roles in the cyber infrastructure depending on the nature of their work. Some of the anticipated roles of accountable personnel are defined in this chapter. The nature of cybercrimes over the last few years has changed drastically owing to the change in motives behind the crimes, tools and techniques involved and the overall consequences. We have observed the contrast between traditional and contemporary computer crimes over the last few years. The general evolution of cybercrimes has led to internet-based risks affecting businesses, organizations, etc,. which are potential liabilities that are harmful to property. The concept of cyber insurance is recent and promises coverage when organizations suffer internet based risks, which we have essayed in this chapter. In the later part of the chapter we will familiarize ourselves with the concept of security policies and various security models that enforce them. Few security models like the Bell La Padula and the Biba model will be discussed in this section. Further, we will acquaint ourselves with the concept of network neutrality and human rights as they go hand in hand. Keeping in mind the risks and after effects of cybercrimes, we will also explore the the legal aspect of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures for information warfare have also been discussed.
In a world ruled by speed and perfection, technology relies primarily on computer science. Be it a simple act of sending an email or a critical act of conveying billions of dollars, almost everything is merely a click away. The world of computer science keeps people engaged in activities like gaming, website surfing, social media, banking, digital citizenship, etc., with a grip spanning many domains such as hardware, software, network, data, etc. Because so many activities rely on computers, they attract criminals, which ultimately leads to cybercrime, which could be as elementary as basic hacking or as elaborate as ransomware attacks or financial cybercrimes. The consequences may vary from loss of personal or sensitive information to loss of massive amounts of money. Thus, the need to ensure cybersecurity is paramount. In this chapter, we will take a look at the concept of cybersecurity, its causes, consequences and principles. The idea of cybersecurity is not only limited to small firms and educational institutions, but also spreads across various industries and governments, making it one of the most significant areas of study. In the past, certain objectives have been proposed to safeguard such critical cyber infrastructures. Certain standards, guidelines and practices have found their place in cybersecurity frameworks to ensure that the cyber infrastructure and architecture is secure. Since the operations are multiple as well as insightful, they must be carried out by accountable personnel who are usually given roles in the cyber infrastructure depending on their nature of their work such as the security administrator or the incident response team. We will look forward to some of the roles in this chapter. The nature of cybercrimes over the last few years has changed drastically owing to the change in motive behind the crimes, tools and techniques involved and the overall consequences. We observe the contrast between traditional computer crimes and contemporary computer crimes over the last few years. General evolution of cybercrimes has led to internet based risks affecting businesses, organizations etc. which have the potential to harm liability and properties. Therefore, cyber insurance is discussed in this chapter, which is a recent concept that promises coverage when organizations suffer internet-based risks. Later on in the chapter, security policies and various security models that enforce them are explained. A few security models, such as the Bell-LaPadula and Biba models, will be discussed in this section. Furthermore, the reader will become acquainted with the concepts of network neutrality and human rights, as they go hand in hand. Keeping in mind the risks and aftereffects of cybercrimes, we also explore the legal aspects of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures for information warfare are also discussed.
Keywords: Cyber infrastructure, cybercrimes, cyber insurance, computer forensics, security models
1.1 Introduction to Cybersecurity
Cybersecurity may be defined as the ability to defend against and recover from cyberattacks. According to the National Institute of Standards and Technology (NIST), cybersecurity is the ability to protect or defend the use of cyberspace from cyberattacks [1]. The entire cyberspace consists of several interdependent networks of the information systems infrastructure which could be the internet, telecommunications network, computer systems, embedded systems or controllers. Thus, cybersecurity is concerned with critical infrastructure, network security, cloud security, application security, the internet of things and several other domains where the need to ensure security is paramount.
- Critical infrastructure: Security in critical infrastructure deals with cyber physical systems and real-world deployments. Industries like automation, aviation, healthcare, traffic lights, electricity grids etc are prone to cyberattacks like eavesdropping, compromised key attacks, man-in-the-middle attacks and denial-of-service attacks [2].
- Network security: Network security deals with measures and concerns to protect information systems. It guards against unauthorized intrusions and protects the usability and integrity of network and data. cyberattacks on networks could be passive like port scanning, wiretapping and encryption, and active, like phishing, cross-site scripting and denial of service attacks.
- Cloud security: Cloud security takes into account several control-based technologies and policies to protect information, data applications and infrastructure within the cloud. Since cloud is a shared resource, cyberattacks on clouds may lead to data breaches, system vulnerabilities, malicious insiders, data loss and shared technology vulnerabilities. Some attacks on the cloud computing environment are account hijacking, phishing, denial-of-service attacks and compromised credentials.
- Application security: Security of an application is ensured by mitigating security vulnerabilities. Since an application development has several stages, like design, development, deployment, upgrade and maintenance, each stage being susceptible to cyberattacks. Common attacks pertaining to web application security are cross-site scripting, SQL injection, buffer overflows and distributed denial-of-service attacks. In mobile applications, attacks like spyware, botnets, ad hoc and click fraud and malware infections take place.
- Internet of Things security: The internet of things (IoT) consists of computing, mechanical and digital devices with unique identifiers capable of transferring data over the network without human interference. IoT security safeguards these connected devices and networks in IoT. The attacks include spyware and botnets.
The CIA (Confidentiality, Integrity, Availability) triad is the unifying attribute for cybersecurity which is used to evaluate security of an organization using the three key areas related to security namely confidentiality, integrity and availability. These three attributes have specific requirements and operations.
- Confidentiality: Fairly similar to privacy, confidentiality ensures that information is accessed by authorized personnel. The idea is to prevent sensitive information from being accessed by unathorized people. Attacks on confidentiality could be credit card fraud, identity theft, wiretapping, phishing, and social engineering. User IDs, passwords, encrypted data, access...
