Information Security: Foundations, Technologies and Applications
2: School of Engineering and Digital Arts, University of Kent, Kent, UK
The rapid advancements in telecommunications, computing hardware and software, and data encryption, and the widespread use of electronic data processing and electronic business conducted through the Internet have led to a strong increase in information security threats. The latest advances in information security have increased practical deployments and scalability across a wide range of applications to better secure and protect our information systems and the information stored, processed and transmitted. This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security. Information Security: Foundations, technologies and applications is a comprehensive review of cutting-edge algorithms, technologies, and applications, and provides new insights into a range of fundamentally important topics in the field. This up-to-date body of knowledge is essential reading for researchers and advanced students in information security, and for professionals in sectors where information security is required.
Inspec keywords: security of data
Other keywords: information security
Subjects: Data security; General and management topics
- Book DOI: 10.1049/PBSE001E
- Chapter DOI: 10.1049/PBSE001E
- ISBN: 9781849199742
- e-ISBN: 9781849199766
- Page count: 406
- Format: PDF
-
Front Matter
- + Show details - Hide details
-
p.
(1)
-
Part I. Theories and foundations
1 Introduction to information security foundations and applications
- + Show details - Hide details
-
p.
3
–11
(9)
Information security has extended to include several research directions like user authentication and authorization, network security, hardware security, software security, and data cryptography. Information security has become a crucial need for protecting almost all information transaction applications. Security is considered as an important science discipline whose many multifaceted complexities deserve the synergy of the computer science and engineering communities.
2 Information security foundation, theories and future vision
- + Show details - Hide details
-
p.
13
–39
(27)
The aim of this chapter is to establish some of the baseline principles and to show the breadth of the topic. Other chapters will then build upon this by exploring at least some of the issues in further depth. As will become apparent, there is not a single and simple way to look at security that easily captures all the various dimensions of interest. As such, much of this chapter is devoted to considering the issue from different angles, with the intention that by doing so a sufficiently comprehensive picture will ultimately have been presented to set the scene for the various discussions in later chapters.
3 Information systems security issues in the context of developing countries
- + Show details - Hide details
-
p.
41
–55
(15)
This chapter explores the current state of information systems security (ISS) in developing countries and suggests a way forward. A systematic literature review is conducted applying the approach suggested in reference [1]. In total, 41 articles were evaluated, 17 of which were analysed as part of the review. The review shows that the proliferation of technology in developing countries is increasing; however, ISS risk is also increasing in tandem. The reasons are lack of robust infrastructure, security education and skilled manpower. The review also revealed that while most of the technologies created are for the organizations in the developed world, developing countries are blindly implementing the same technology without considering their own limitations resulting from lack of resources combined with unique cultural and social set-ups.
4 Biometric systems, modalities and attacks
- + Show details - Hide details
-
p.
57
–92
(36)
This chapter will present a detailed overview of biometric systems and how they work. The system attributes, performance metrics, modalities are all discussed, alongside an analysis of attacks that exist against biometric systems. Given the limitations that exist in all biometric systems, a trend in biometric research is towards the use of multibiometric systems, which seek to overcome the issues through the application of multiple modalities, algorithms, instances or samples. These systems and the approaches that exist are presented. The chapter ends with a discussion of the efforts being made with the standardization of the domain - which has been the essential factor in bringing biometrics from a niche into the mainstream.
5 Foundation of healthcare cybersecurity
- + Show details - Hide details
-
p.
93
–120
(28)
Healthcare automation has brought significant benefits to health care in terms of operational cost reduction, quality of care, patient convenience and initiation of personalized care. It has also brought new and increasing security and privacy challenges. The recent spate of successful cyberattacks against healthcare systems demonstrate that the security and privacy threats in health care are more varied and capable of undermining patient care and diminish revenues of healthcare sector. Considering the role that the healthcare sector plays within our society, the importance of protecting this critical infrastructure cannot be overstated. In this chapter the foundation of healthcare cybersecurity is presented. Major components of the healthcare systems and the associated requirements in terms of security and privacy are discussed. The threat landscape, vulnerabilities exploited to perpetrate cyberattacks against healthcare organizations and the various cyberattack types are identified and presented. Countermeasures and tools to defend and mitigate cyberattacks are also discussed.
6 Security challenges and solutions for e-business
- + Show details - Hide details
-
p.
121
–147
(27)
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyberattacks. This chapter outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are (1) biometrics for authentication, (2) parallel processing to increase power and speed of defenses, (3) data mining and machine learning to identify attacks, (4) peer-to-peer security using blockchains, (5) enterprise security modeling and security as a service, and (6) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated.
7 Recent security issues in Big Data: from past to the future of information systems
- + Show details - Hide details
-
p.
149
–171
(23)
It is a reality, we live in the world of Big Data. The use of Big Data creates new issues in different ways as the volume, velocity, and variety of the data that processes. However, many other problems are related to how to secure the data privacy and the data itself. In this chapter, we will describe a full perspective of the problematic. Furthermore, we will explain the main international proposals that address the security and privacy in Big Data environments.
8 Recent advances in unconstrained face recognition
- + Show details - Hide details
-
p.
173
–187
(15)
Many face recognition systems have demonstrated promising results under well-controlled conditions with cooperative users. However, face recognition in real-world scenarios is still a challenging problem due to dramatic facial variations caused by different poses, lighting conditions, expressions, occlusion and so on. In this chapter, we summarize recent advances in unconstrained face recognition. We begin by introducing existing unconstrained face databases or benchmarks. We then provide an overview of recent techniques specifically developed for this task, including advanced face representations, metric learning approaches, background information investigation and pose-invariant approaches. Finally, we highlight some open issues to be addressed.
-
Part II. Technologies and applications
9 Hardware security: side-channel attacks and hardware Trojans
- + Show details - Hide details
-
p.
191
–214
(24)
In this chapter, we try to highlight the importance of hardware security in modern systems. Increasingly we are connected to loosely controlled networking infrastructures such as IoT and intelligent transportation networks. In such networks, users are connected in an ad hoc style, which makes users'authentication and identity management a very complex problem. Modern security frameworks, especially in battery-based devices, rely on hardware security to protect confidential information and secret data. The ICs used in such systems must be protected against different hardware attacks, such as side-channel attacks and HT insertion.
10 Cybersecurity: timeline malware analysis and classification
- + Show details - Hide details
-
p.
215
–239
(25)
In this chapter, we address the introduction to cybersecurity and problems associated with cybersecurity in particular malicious activities in cyber space. The proliferation and exponential increase of malware has continued to present a serious threat to the security of information systems. Furthermore, with the development of evermore sophisticated methods of evading detection, malware has posed serious challenges to combat it. Moreover, due to the continuous changes in malware design, antimalware (AM) strategy that has been successful in a given time period will not work at a much later date. In this chapter, we propose the challenges of malware in cyberspace and its detection approach called cumulative timeline analysis (CTA) that retains high accuracy over an extended time period. The effectiveness of the proposed approach is tested on malware executables collected over a span of 10 years with almost constant accuracy.
11 Recent trends in the cryptanalysis of block ciphers
- + Show details - Hide details
-
p.
241
–277
(37)
In this chapter, we focus on symmetric cryptographic primitives in general and, in particular, block ciphers which are crucial primitives that can be used to build other symmetric cryptographic primitives.
12 Image provenance inference through content-based device fingerprint analysis
- + Show details - Hide details
-
p.
279
–310
(32)
We have introduced different intrinsic device fingerprints and their applications in image provenance inference. Although with varying levels of accuracy, the device fingerprints arising from optical aberration, CFA interpolation, CRF, and in-device image compression are effective in differentiating devices of different brands or models. Although they cannot uniquely identify the source device of an image, they do provide useful information about the image provenance and are effective at narrowing down the image source to a smaller set of possible devices. More than half of the chapter was spent on SPN, which is the only fingerprint that distinguishes devices of the same model. Because of its merits, such as the uniqueness to individual device and the robustness against common image operations, it has attracted much attention from researches and been successfully used for source device identification, device linking, source-oriented image clustering, and image forgery detection. In spite of the effectiveness of SPN, it is by nature a very weak signal and may have been contaminated by image content and other interferences. Its successful application requires jointly processing a large number of pixels, which results in very high dimensionality of SPN. This may bring huge difficulties in practice, e.g., in large-scale source-oriented image clustering based on SPN, so it is essential to conduct research on the compact representation of SPN for fast search and clustering.
13 EEG-based biometrics for person identification and continuous authentication
- + Show details - Hide details
-
p.
311
–346
(36)
In this chapter, we will provide an overview of EEG biometrics and discuss some of the salient research issues that need to be addressed for making EEG biometric an effective tool for providing information security. We introduce brain signals, especially EEG signals and its analysis methods, before we discuss brainwave biometrics from four aspects, namely the criteria, the elicitation protocols, the feature extraction methods and the classification algorithms. The chapter is then concluded with discussions on how to integrate EEG biometrics with other biometric modalities for continuous authentication, followed by open research questions on the design of EEG-based biometric systems.
14 Data security and privacy in the Internet-of-Things
- + Show details - Hide details
-
p.
347
–373
(27)
IoT is an example of the interplay of security and privacy and society. The concept of IoT opens doors to new applications, which can contribute to the citizens'security and safety. Simultaneously, it presents a risk for the society as a whole if no dedicated efficient solutions are proposed. In this chapter, we have highlighted the potential risks of IoT by addressing different threats to privacy and security incurred by currently available devices. Note that our selection is by no means exhaustive and additional risks may be brought to light in future. Providing security and privacy in this context is therefore mandatory, but is made difficult by different challenges, especially the resource constraints when working in the IoT context. We have classified and presented a selection of different solutions, which can be applied at different layers of the IoT architecture, namely things, communication, and services and application layers. For example, it includes methods proposed for, e.g., authentication, data access control, confidentiality, and anonymity and privacy. We have finally highlighted the importance of the human factors in IoT privacy and security, which should not be ignored in the design of future solutions to prevent voiding their effects due to their inappropriateness to be applied or used by people.
15 Information security algorithm on embedded hardware
- + Show details - Hide details
-
p.
375
–392
(18)
This chapter will provide an overview to all these security requirements, applying them to different platforms used to implement embedded hardware. In order to provide a better understanding, Section 15.2 will cover a taxonomy of the technologies used to develop embedded systems. Then the security requirements and their mechanisms will be covered in Section 15.3 in order to provide the basis for the explanation of how to implement such security mechanisms discussed in Section 15.4, finishing with conclusion and future trends.
-
Back Matter
- + Show details - Hide details
-
p.
(1)