A Literature Review: Potential Effects That Health Apps on Mobile Devices May Have on Patient Privacy and Confidentiality

Purpose: This research aims to evaluate the potential threats to patient privacy and confidentiality posed by mHealth applications on mobile devices. Methodology: A comprehensive literature review was conducted, selecting eighty-eight articles published over the past fifteen years. The study assessed data gathering and storage practices, regulatory adherence, legal structures, consent procedures, user education, and strategies to mitigate risks. Results: The findings reveal significant advancements in technologies designed to safeguard privacy and facilitate the widespread use of mHealth apps. However, persistent ethical issues related to privacy remain largely unchanged despite these technological strides.

The Confidentiality of Coding Video Games with Cheat Code and Bots for Cheating in a Virtual World

Video games have been around for several decades and have had many advancements from the original start of video games. Video games started as virtual games that were advertised towards children, and these virtual games created a virtual reality of a variety of genres. These genres included sports games, such as tennis, football, baseball, war games, fantasy, puzzles, etc. The start of these games was derived from a sports genre and now has a popularity in multiplayer-online-shooting games. The purpose of this paper is to investigate different types of tools available for cheating in virtual world making players have undue advantage over other players in a competition. With the advancement in technology, these video games have become more expanded in the development aspects of gaming. Video game developers have created long lines of codes to create a new look of video games. As video games have progressed, the coding, bugs, bots, and errors of video games have changed throughout the years. The coding of video games has branched out from the original video games, which have given many benefits to this virtual world, while simultaneously creating more problems such as bots. Analysis of tools available for cheating in a game has disadvantaged normal gamer in a fair contest.

Confidential Procedure Model：a Method for Quantifying Confidentiality Leakage

In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.

Utilizing blockchains in opportunistic networks for integrity and confidentiality

Opportunistic networks(OppNets)are usually a set of smart,wearable,and portable devices or entities with mobility that connect wirelessly without requiring infrastructure.Such a network is of great importance in data transmission,particularly in incidents and disasters,whether man-made or natural.However,message integrity and confidentiality are of concern when dealing with vital and physiological data transmission under strict privacy regulations.In this work,we propose a structure to classify messages based on their priority in different queues.Furthermore,due to the decentralized architecture of OppNets,we propose a blockchain-based structure for providing security for high-priority messages.It contains three sequences of functional blocks with a light and simplified implementation that make it suitable for battery-powered wearable devices that are limited in energy consumption and computational units.The simulation results show that by increasing the number of nodes in the network,the average of the changes in block sizes is neglectable,which addresses the computation bottleneck.Furthermore,we analyze the performance of the proposed structure in terms of message delivery and network overhead compared with the Epidemic and Prophet routing algorithms.These results indicate advancing the overall performance of the proposed algorithm.

An efficient confidentiality protection solution for pub/sub system

Publish/subscribe(pub/sub)systems are widely used in large-scale messaging systems due to their asynchronous and decoupled nature.With the population of pub/sub cloud services,the privacy protection problem of pub/sub systems has started to emerge,and events and subscriptions are exposed when executing event matching on untrustworthy cloud brokers.However,as the number of subscriptions increases,the effectiveness of the previous confidentiality protection approaches declines drastically.In this paper,we propose SBM(scalable blind matching),an effective confidentiality protection scheme for pub/sub systems.To the best of our knowledge,SBM is the first scheme that applies order-preserving encryption algorithm to protect the system’s confidentiality and ensure its scalability.In this scheme,SBM-I is highly effective in subscription matching but is unable to achieve ideal security IND-OCPA,whereas SBM-II is suggested to ensure system security and SGX is used to reduce interaction and boost ciphertext matching performance.The experiment demonstrates that this method has better matching performance compared to others:the average matching time of SBM-I is 3–4 orders of magnitude faster than the matching algorithm MP and SGX-based algorithm SCBR when the number of subscriptions is 500,000,and the average matching time of SBM-II is 40 times faster than MP and 24 times than SCBR.

Ensuring data confidentiality via plausibly deniable encryption and secure deletion-a survey

Ensuring confidentiality of sensitive data is of paramount importance,since data leakage may not only endanger data owners’privacy,but also ruin reputation of businesses as well as violate various regulations like HIPPA and Sarbanes-Oxley Act.To provide confidentiality guarantee,the data should be protected when they are preserved in the personal computing devices(i.e.,confidentiality during their lifetime);and also,they should be rendered irrecoverable after they are removed from the devices(i.e.,confidentiality after their lifetime).Encryption and secure deletion are used to ensure data confidentiality during and after their lifetime,respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of the data in personal computing devices,including both encryption and secure deletion.Especially for encryption,we mainly focus on the novel plausibly deniable encryption(PDE),which can ensure data confidentiality against both a coercive(i.e.,the attacker can coerce the data owner for the decryption key)and a non-coercive attacker.

Novel virtual user scheme to increase data confidentiality against eavesdropping in OCDMA network

We propose a novel technique to increase the confidentiality of an optical code division multiple access （OCDMA） system. A virtual user technique is analyzed and implemented to make an OCDMA system secure. Using this technique, an eavesdropper will never find an isolated authorized user＇s signal. When authorized users and virtual users transmit data synchronously and asynehronously, network security increases by 25% and 37.5%, respectively.

Security Test Case Prioritization through Ant Colony Optimization Algorithm

Security testing is a critical concern for organizations worldwide due to the potential financial setbacks and damage to reputation caused by insecure software systems.One of the challenges in software security testing is test case prioritization,which aims to reduce redundancy in fault occurrences when executing test suites.By effectively applying test case prioritization,both the time and cost required for developing secure software can be reduced.This paper proposes a test case prioritization technique based on the Ant Colony Optimization(ACO)algorithm,a metaheuristic approach.The performance of the ACO-based technique is evaluated using the Average Percentage of Fault Detection(APFD)metric,comparing it with traditional techniques.It has been applied to a Mobile Payment Wallet application to validate the proposed approach.The results demonstrate that the proposed technique outperforms the traditional techniques in terms of the APFD metric.The ACO-based technique achieves an APFD of approximately 76%,two percent higher than the second-best optimal ordering technique.These findings suggest that metaheuristic-based prioritization techniques can effectively identify the best test cases,saving time and improving software security overall.

Intrusion Detection in 5G Cellular Network Using Machine Learning

Attacks on fully integrated servers,apps,and communication networks via the Internet of Things(IoT)are growing exponentially.Sensitive devices’effectiveness harms end users,increases cyber threats and identity theft,raises costs,and negatively impacts income as problems brought on by the Internet of Things network go unnoticed for extended periods.Attacks on Internet of Things interfaces must be closely monitored in real time for effective safety and security.Following the 1,2,3,and 4G cellular networks,the 5th generation wireless 5G network is indeed the great invasion of mankind and is known as the global advancement of cellular networks.Even to this day,experts are working on the evolution’s sixth generation(6G).It offers amazing capabilities for connecting everything,including gadgets and machines,with wavelengths ranging from 1 to 10 mm and frequencies ranging from 300 MHz to 3 GHz.It gives you the most recent information.Many countries have already established this technology within their border.Security is the most crucial aspect of using a 5G network.Because of the absence of study and network deployment,new technology first introduces new gaps for attackers and hackers.Internet Protocol(IP)attacks and intrusion will become more prevalent in this system.An efficient approach to detect intrusion in the 5G network using a Machine Learning algorithm will be provided in this research.This research will highlight the high accuracy rate by validating it for unidentified and suspicious circumstances in the 5G network,such as intruder hackers/attackers.After applying different machine learning algorithms,obtained the best result on Linear Regression Algorithm’s implementation on the dataset results in 92.12%on test data and 92.13%on train data with 92%precision.

Proof-of-Improved-Participation:A New Consensus Protocol for Blockchain Technology

The Internet of Things(IoT)is converting today’s physical world into a complex and sophisticated network of connected devices on an enormous scale.The existing malicious node detection mechanism in traditional approaches lacks in transparency,availability,or traceability of the detection phase.To overcome these concerns,we provide a decentralized technique using blockchain technology.Despite the fact that blockchain technology is applicable to create that type of models,existing harmony set of instructions are susceptible to do violence to such as DoS and Sybil,making blockchain systems unfeasible.Here,a new Proof-of-Improved-Participation(PoIP)harmony instruction was suggested that benefits the participation rules to select honest peers for mining while limiting malicious peers.Under an evaluation the PoIP outperforms the Proof-of-Work(PoW)instructions are demonstrated,Proof of Stake(PoS)instructions in terms of energy consumption,accuracy,and bandwidth.To compare the three consensus protocols with respect to efficiency,we build a lightweight mining model andfind that PoIP consensus has greater efficiency than PoW and PoS.PoIP has 25%lower attack risk than existing consensus.As a consequence,our suggested methodology can provide the needed security with minimal attack risk and high accuracy,according to the analysis results.As a result,suggested consensus is more efficient than existing methods in terms of block generation time.Hence we suggest that suggested consensus is very suitable for IoT-based applications especially in healthcare.

Securing Stock Transactions Using Blockchain Technology: Architecture for Identifying and Reducing Vulnerabilities Linked to the Web Applications Used (MAHV-BC)

This paper deals with the security of stock market transactions within financial markets, particularly that of the West African Economic and Monetary Union (UEMOA). The confidentiality and integrity of sensitive data in the stock market being crucial, the implementation of robust systems which guarantee trust between the different actors is essential. We therefore proposed, after analyzing the limits of several security approaches in the literature, an architecture based on blockchain technology making it possible to both identify and reduce the vulnerabilities linked to the design, implementation work or the use of web applications used for transactions. Our proposal makes it possible, thanks to two-factor authentication via the Blockchain, to strengthen the security of investors’ accounts and the automated recording of transactions in the Blockchain while guaranteeing the integrity of stock market operations. It also provides an application vulnerability report. To validate our approach, we compared our results to those of three other security tools, at the level of different metrics. Our approach achieved the best performance in each case.

国家标准项目《信息安全技术 机密计算通用框架》试点实践

Data security and privacy protection have become the focus of cybersecurity protection in many countries.The utilization of confidential computing technology can significantly enhance data security.However,there are a variety of confidential computing technology routes,with significant differences in the principles and interfaces of implementation.There is an urgent need to develop relevant standards and specifications and guide the design,development,deployment and application of confidential computing related products.This paper introduces the development progress of the national standard project“Information security techniques—General framework for the confidential computing”and its pilot application scenarios across various industries.Additionally,it proposes suggestions on modifying and improving the standard to promote the healthy development of the confidential computing industry ecosystem.

CGFNS考试中的保密性、警告义务及题例

目的--报告CGFNS考试中法律和伦理知识。方法--对保密性及警告义务的相关知识加以介绍和讨论，并相应举出有关的CGFNS考试试题实例说明。结果--CGFNS考试是针对美国以外的进入美国工作护士的资格考试，其中渗透着美国的法律和伦理问题。结论--为通过CGFNS考试应对此方面的内容加以重视。

A Data Assured Deletion Scheme in Cloud Storage

In order to provide a practicable solution to data confidentiality in cloud storage service,a data assured deletion scheme,which achieves the fine grained access control,hopping and sniffing attacks resistance,data dynamics and deduplication,is proposed.In our scheme,data blocks are encrypted by a two-level encryption approach,in which the control keys are generated from a key derivation tree,encrypted by an All-OrNothing algorithm and then distributed into DHT network after being partitioned by secret sharing.This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an ownerspecified data lifetime.Besides confidentiality,data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption.The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.

User location privacy protection mechanism for location-based services

With the rapid development of the Internet of Things(IoT),Location-Based Services(LBS)are becoming more and more popular.However,for the users being served,how to protect their location privacy has become a growing concern.This has led to great difficulty in establishing trust between the users and the service providers,hindering the development of LBS for more comprehensive functions.In this paper,we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem.This mechanism not only guarantees the confidentiality of the user s information during the subsequent information interaction and dynamic data transmission,but also meets the service provider's requirements for related data.

Multi-Receiver Signcryption Scheme with Multiple Key Generation Centers through Public Channel in Edge Computing

The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.

A Hybrid Encryption Algorithm for Security Enhancement of Wireless Sensor Networks:A Supervisory Approach to Pipelines

Transmission pipelines are vulnerable to various accidents and acts of vandalism.Therefore,a reliable monitoring system is needed to secure the transmission pipelines.A wireless sensor network is a wireless network consisting of distributed devices distributed at various distances,which monitors the physical and environmental conditions using sensors.Wireless sensor networks have many uses,including the built-in sensor on the outside of the pipeline or installed to support bridge structures,robotics,healthcare,environmental monitoring,etc.Wireless Sensor networks could be used to monitor the temperature,pressure,leak detection and sabotage of transmission lines.Wireless sensor networks are vulnerable to various attacks.Cryptographic algorithms have a good role in information security for wireless sensor networks.Now,various types of cryptographic algorithms provide security in networks,but there are still some problems.In this research,to improve the power of these algorithms,a new hybrid encryption algorithm for monitoring energy transmission lines and increasing the security of wireless sensor networks is proposed.The proposed hybrid encryption algorithm provides the security and timely transmission of data in wireless sensor networks to monitor the transmission pipelines.The proposed algorithm fulfills three principles of cryptography:integrity,confidentiality and authentication.The details of the algorithm and basic concepts are presented in such a way that the algorithm can be operational.

Novel Ransomware Hiding Model Using HEVC Steganography Approach

Ransomware is considered one of the most threatening cyberattacks.Existing solutions have focused mainly on discriminating ransomware by analyzing the apps themselves,but they have overlooked possible ways of hiding ransomware apps and making them difficult to be detected and then analyzed.Therefore,this paper proposes a novel ransomware hiding model by utilizing a block-based High-Efficiency Video Coding(HEVC)steganography approach.The main idea of the proposed steganography approach is the division of the secret ransomware data and cover HEVC frames into different blocks.After that,the Least Significant Bit(LSB)based Hamming Distance(HD)calculation is performed amongst the secret data’s divided blocks and cover frames.Finally,the secret data bits are hidden into the marked bits of the cover HEVC frame-blocks based on the calculated HD value.The main advantage of the suggested steganography approach is the minor impact on the cover HEVC frames after embedding the ransomware while preserving the histogram attributes of the cover video frame with a high imperceptibility.This is due to the utilization of an adaptive steganography cost function during the embedding process.The proposed ransomware hiding approach was heavily examined using subjective and objective tests and applying different HEVC streams with diverse resolutions and different secret ransomware apps of various sizes.The obtained results prove the efficiency of the proposed steganography approach by achieving high capacity and successful embedding process while ensuring the hidden ransomware’s undetectability within the video frames.For example,in terms of embedding quality,the proposed model achieved a high peak signal-to-noise ratio that reached 59.3 dB and a low mean-square-error of 0.07 for the examined HEVC streams.Also,out of 65 antivirus engines,no engine could detect the existence of the embedded ransomware app.

Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.

Privacy Protection for Big Data Linking using the Identity Correlation Approach

Privacy protection for big data linking is discussed here in relation to the Central Statistics Office （CSO）, Ireland＇s, big data linking project titled the ＇Structure of Earnings Survey - Administrative Data Project＇ （SESADP）. The result of the project was the creation of datasets and statistical outputs for the years 2011 to 2014 to meet Eurostat＇s annual earnings statistics requirements and the Structure of Earnings Survey （SES） Regulation. Record linking across the Census and various public sector datasets enabled the necessary information to be acquired to meet the Eurostat earnings requirements. However, the risk of statistical disclosure （i.e. identifying an individual on the dataset） is high unless privacy and confidentiality safe-guards are built into the data matching process. This paper looks at the three methods of linking records on big datasets employed on the SESADP, and how to anonymise the data to protect the identity of the individuals, where potentially disclosive variables exist.