Information and Future Internet Security, Trust and Privacy

A special issue of Future Internet (ISSN 1999-5903). This special issue belongs to the section "Cybersecurity".

Deadline for manuscript submissions: closed (30 May 2021) | Viewed by 38911

Special Issue Editors


E-Mail Website
Guest Editor
Department of Applied Mathematics and Computer Science; Danmarks Tekniske Universitet, Lyngby, Denmark

E-Mail Website
Guest Editor
Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Kongens Lyngby, Denmark
Interests: security in ubiquitous computing; secure collaboration in open dynamic systems; pervasive computing environments; sensor networks and the Internet of Things (IoT)
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Currently, the Internet of things (IoT) enables billions of Internet-connected devices, e.g., smart sensors, to communicate and interact with each other over the network/internet worldwide. It can offer remote monitoring and control, and is being adopted in many domains. For example, it is the basis for smart cities, helping achieve better quality of life and lower consumption of resources. In addition, smartphones should be the most commonly used IoT devices, which can help control washing machines, refrigerators, or cars. However, IoT also faces many challenges concerning information and internet security. For example, attackers can impersonate a relay node to compromise the information integrity during the communications. When they control or infect several internal nodes in an IoT network, the security of the whole distributed environment would be greatly threatened. Hence, there is a need to safeguard information and the Internet environment against the plethora of modern external and internal threats.

This Special Issue will focus on information and Internet security with the attempt to solicit the latest technologies, solutions, case studies, and prototypes on this topic. This Special Issue is open to all submissions, while some outstanding papers from the 22nd International Conference on Information and Communications Security (ICICS 2020, Copenhagen, Denmark, 24-27 August 2020, https://icics2020.compute.dtu.dk/) will be invited to this Special Issue.

Topics of interest include, but are limited to, the following:

  • Access control
  • Social networks security, privacy, and trust
  • Key management and key recovery
  • Software-defined networking security
  • Anonymity
  • Embedded systems security
  • Language-based security
  • Security management
  • Applied cryptography
  • Security models, metrics, and policies
  • Malware and anti-malware
  • Fraud and cyber-crime
  • Authentication and authorization
  • Security and privacy of Big Data
  • Mobile computing security and privacy
  • Hardware security
  • Biometrics security
  • Security of critical infrastructures
  • Network security
  • Trusted and trustworthy computing technologies
  • Blockchain security and privacy
  • Trust and reputation systems
  • Operating systems security
  • Usable security and privacy
  • Computer and digital forensics
  • Insider threat detection
  • Cyber-physical systems security
  • Underground economy
  • Privacy protection
  • Intellectual property protection
  • Data and system integrity
  • Verification of security protocols
  • Privacy-preserving data mining
  • Intrusion detection
  • Database security
  • Web security
  • Risk assessment
  • IoT security and privacy
  • Distributed systems security
  • Wireless security
  • Identity access management
  • Cloud and edge computing security

Dr. Weizhi Meng
Prof. Dr. Thanassis Giannetsos Giannetsos
Prof. Dr. Christian D. Jensen
Guest Editors

Manuscript Submission Information

All submitted papers must contain only original work, which has not been published by or is currently under review for any other journal or conference. Previously published or accepted conference papers must contain at least 40% new material to be considered for the Special Issue. Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the Special Issue website. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website. Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Related Special Issues

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

2 pages, 162 KiB  
Editorial
Information and Future Internet Security, Trust and Privacy
by Weizhi Meng, Thanassis Giannetsos and Christian D. Jensen
Future Internet 2022, 14(12), 372; https://doi.org/10.3390/fi14120372 - 12 Dec 2022
Cited by 2 | Viewed by 1999
Abstract
The Internet has rapidly grown into a distributed and collaborative network with over one billion users, e.g., the Internet of Things (IoT). The future Internet will become the core of the next information infrastructure in regard to computation and communication, being capable of [...] Read more.
The Internet has rapidly grown into a distributed and collaborative network with over one billion users, e.g., the Internet of Things (IoT). The future Internet will become the core of the next information infrastructure in regard to computation and communication, being capable of extensibility, survivability, mobility, and adaptability. However, with the increasing complexity of the future Internet and boost in information sharing, there is a threat to such infrastructure in the aspects of security, trust, and privacy. This editorial discusses the state-of-the-art advancements in information and the future internet. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)

Research

Jump to: Editorial

15 pages, 337 KiB  
Article
Towards Lightweight URL-Based Phishing Detection
by Andrei Butnaru, Alexios Mylonas and Nikolaos Pitropakis
Future Internet 2021, 13(6), 154; https://doi.org/10.3390/fi13060154 - 13 Jun 2021
Cited by 42 | Viewed by 5366
Abstract
Nowadays, the majority of everyday computing devices, irrespective of their size and operating system, allow access to information and online services through web browsers. However, the pervasiveness of web browsing in our daily life does not come without security risks. This widespread practice [...] Read more.
Nowadays, the majority of everyday computing devices, irrespective of their size and operating system, allow access to information and online services through web browsers. However, the pervasiveness of web browsing in our daily life does not come without security risks. This widespread practice of web browsing in combination with web users’ low situational awareness against cyber attacks, exposes them to a variety of threats, such as phishing, malware and profiling. Phishing attacks can compromise a target, individual or enterprise, through social interaction alone. Moreover, in the current threat landscape phishing attacks typically serve as an attack vector or initial step in a more complex campaign. To make matters worse, past work has demonstrated the inability of denylists, which are the default phishing countermeasure, to protect users from the dynamic nature of phishing URLs. In this context, our work uses supervised machine learning to block phishing attacks, based on a novel combination of features that are extracted solely from the URL. We evaluate our performance over time with a dataset which consists of active phishing attacks and compare it with Google Safe Browsing (GSB), i.e., the default security control in most popular web browsers. We find that our work outperforms GSB in all of our experiments, as well as performs well even against phishing URLs which are active one year after our model’s training. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
Show Figures

Figure 1

43 pages, 2760 KiB  
Article
IoT Security Risk Management Strategy Reference Model (IoTSRM2)
by Traian Mihai Popescu, Alina Madalina Popescu and Gabriela Prostean
Future Internet 2021, 13(6), 148; https://doi.org/10.3390/fi13060148 - 4 Jun 2021
Cited by 11 | Viewed by 6096
Abstract
Nowadays, Internet of Things (IoT) adoptions are burgeoning and deemed the lynchpin towards achieving ubiquitous connectivity. In this context, defining and leveraging robust IoT security risk management strategies are paramount for secure IoT adoptions. Thus, this study aims to support IoT adopters from [...] Read more.
Nowadays, Internet of Things (IoT) adoptions are burgeoning and deemed the lynchpin towards achieving ubiquitous connectivity. In this context, defining and leveraging robust IoT security risk management strategies are paramount for secure IoT adoptions. Thus, this study aims to support IoT adopters from any sector to formulate or reframe their IoT security risk management strategies to achieve robust strategies that effectively address IoT security issues. In a nutshell, this article relies on a mixed methods research methodology and proposes a reference model for IoT security risk management strategy. The proposed IoT security risk management strategy reference model (IoTSRM2) relies on the 25 selected IoT security best practices which are outlined using a proposed taxonomic hierarchy, and on the proposed three-phased methodology that consists of nine steps and outputs. The main contribution of this work is the proposed IoTSRM2 which consists of six domains, 16 objectives, and 30 prioritized controls. Furthermore, prior to providing the related work, this article provides a critical evaluation of selected informative references of IoTSRM2 based on their percentage-wise linkage to the IoTSRM2 domains and to the entire IoTSRM2. The findings of the critical evaluation illustrate, inter alia, the selected informative references that are the top three most and least linked to the entire IoTSRM2. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
Show Figures

Figure 1

34 pages, 3854 KiB  
Article
A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly
by Dimitrios Papamartzivanos, Sofia Anna Menesidou, Panagiotis Gouvas and Thanassis Giannetsos
Future Internet 2021, 13(2), 30; https://doi.org/10.3390/fi13020030 - 27 Jan 2021
Cited by 10 | Viewed by 4314
Abstract
As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this [...] Read more.
As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
Show Figures

Figure 1

17 pages, 236 KiB  
Article
Comparing Blockchain Standards and Recommendations
by Lukas König, Yuliia Korobeinikova, Simon Tjoa and Peter Kieseberg
Future Internet 2020, 12(12), 222; https://doi.org/10.3390/fi12120222 - 7 Dec 2020
Cited by 34 | Viewed by 5888
Abstract
Since the introduction of Bitcoin, the term “blockchain” has attracted many start-ups and companies over the years, especially in the financial sector. However, technology is evolving faster than standardization frameworks. This left the industry in the position of having to use this emerging [...] Read more.
Since the introduction of Bitcoin, the term “blockchain” has attracted many start-ups and companies over the years, especially in the financial sector. However, technology is evolving faster than standardization frameworks. This left the industry in the position of having to use this emerging technology, without being backed by any international standards organization regarding for neither the technology itself, nor for a blockchain specific information security framework. In times of the General Data Protection Regulation and growing international trade conflicts, protecting information is more relevant than ever. Standardization of blockchains is an appeal to raise the development of information technologies to the next level. Therefore, this paper shall provide an overview of standardization organization’s publications about blockchains/distributed ledger technologies, a set of comparison criteria for future work and a comparison of the existing standards work itself. With that information, aligning to existing standardization efforts becomes easier, and might even present the possibility to create frameworks where there are none at the moment. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
17 pages, 873 KiB  
Article
Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage
by Furkan Paligu and Cihan Varol
Future Internet 2020, 12(11), 184; https://doi.org/10.3390/fi12110184 - 28 Oct 2020
Cited by 11 | Viewed by 9764
Abstract
Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, [...] Read more.
Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, an emerging browser technology, can be a source of digital evidence to provide additional and correlating support for traditional investigation methods. It particularly focuses on the artifacts of the worldwide popular application, WhatsApp. A single case pretest–posttest quasi experiment is applied with WhatsApp Messenger and Web Application to populate and investigate artifacts in IndexedDB storage of Google Chrome. The findings are characterized and presented with their potential to be utilized in forensic investigation verifications. The storage locations of the artifacts are laid out and operations of extraction, conversion and presentation are systematized. Additionally, a proof of concept tool is developed for demonstration. The results show that WhatsApp Web IndexedDB storage can be employed for time frame analysis, demonstrating its value in evidence verification. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
Show Figures

Figure 1

22 pages, 1299 KiB  
Article
A PEKS-Based NDN Strategy for Name Privacy
by Kyi Thar Ko, Htet Htet Hlaing and Masahiro Mambo
Future Internet 2020, 12(8), 130; https://doi.org/10.3390/fi12080130 - 31 Jul 2020
Cited by 11 | Viewed by 4132
Abstract
Named Data Networking (NDN), where addressable content name is used, is considered as a candidate of next-generation Internet architectures. NDN routers use In-Network cache to replicate and store passing packets to make faster content delivery. Because NDN uses a human-readable name, it is [...] Read more.
Named Data Networking (NDN), where addressable content name is used, is considered as a candidate of next-generation Internet architectures. NDN routers use In-Network cache to replicate and store passing packets to make faster content delivery. Because NDN uses a human-readable name, it is easy for an adversary to guess what kind of content is requested. To solve this issue, we develop a PEKS-based strategy for forwarding packets, where PEKS stands for public key encryption with keyword search. We implement the PEKS-based strategy based on the best route strategy and multicast strategy of NDN and show the performance of the PEKS-based NDN strategy. We also discuss the issues of the PEKS-based NDN strategy. Full article
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy)
Show Figures

Figure 1

Back to TopTop