Top Banner
30

Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

May 31, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 2: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 3: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Cyber Security in Parallel and

Distributed Computing

Page 4: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Scrivener Publishing

100 Cummings Center, Suite 541J

Beverly, MA 01915-6106

Publishers at Scrivener

Martin Scrivener ([email protected])

Phillip Carmical ([email protected])

Page 5: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Cyber Security in Parallel and Distributed

Computing

DacNhuong LeHaiphong University, Haiphong, Vietnam

Raghvendra KumarLNCT College, India

Brojo Kishore MishraC. V. Raman College of Engineering, Bhubaneswar, India

Manju Khari Ambedkar Institute of Advance Communication Technologies & Research, India

Jyotir Moy ChatterjeeAsia Pacifi c University of Technology & Innovation, Kathmandu, Nepal

Concepts, Techniques, Applications and Case Studies

Edited by

Page 6: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Th is edition fi rst published 2019 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and

Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA

© 2019 Scrivener Publishing LLC

For more information about Scrivener publications please visit www.scrivenerpublishing.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted,

in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted

by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/

go/permissions.

Wiley Global Headquarters

111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offi ces, customer services, and more information about Wiley products visit us at

www.wiley.com.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best eff orts in preparing this work, they make no representations

or warranties with respect to the accuracy or completeness of the contents of this work and specifi cally disclaim

all warranties, including without limitation any implied warranties of merchantability or fi tness for a particular

purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional

statements for this work. Th e fact that an organization, website, or product is referred to in this work as a citation

and/or potential source of further information does not mean that the publisher and authors endorse the informa-

tion or services the organization, website, or product may provide or recommendations it may make. Th is work

is sold with the understanding that the publisher is not engaged in rendering professional services. Th e advice

and strategies contained herein may not be suitable for your situation. You should consult with a specialist where

appropriate. Neither the publisher nor authors shall be liable for any loss of profi t or any other commercial dam-

ages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be

aware that websites listed in this work may have changed or disappeared between when this work was written and

when it is read.

Library of Congress Cataloging-in-Publication Data

ISBN 978-1-119-48805-7

Cover images: Pixabay.Com

Cover design by: Russell Richardson

Set in size of 11pt and Minion Pro by Exeter Premedia Services Private Ltd., Chennai, India

Printed in the USA

10 9 8 7 6 5 4 3 2 1

Page 7: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

To our parents

Page 8: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 9: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

vii

Contents

List of Figures xv

List of Tables xvii

Foreword xix

Preface xxi

Acknowledgments xxv

Acronyms xxvii

Part 1 Cybersecurity Concept

1 Introduction on Cybersecurity 3

Ishaani Priyadarshini 1.1 Introduction to Cybersecurity 5 1.2 Cybersecurity Objectives 6 1.3 Cybersecurity Infrastructure and Internet Architecture (NIST) 8 1.4 Cybersecurity Roles 10 1.5 Cybercrimes 17

1.5.1 Overview 171.5.2 Traditional Computer Crime and Contemporary

Computer Crime 181.5.3 Combating Crimes 21

1.6 Security Models 23 1.7 Computer Forensics 25 1.8 Cyber Insurance 27

1.8.1 Digital Citizenship 291.8.2 Information Warfare and Its Countermeasures 311.8.3 Network Neutrality 331.8.4 Good Practices and Policies 341.8.5 Cybersecurity and Human Rights 35

1.9 Future of Cybersecurity 361.10 Conclusion 36References 37

Page 10: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

viii Contents

2 Steganography and Steganalysis 39

Ho Th i Huong Th om, Nguyen Kim Anh2.1 Introduction 402.2 Steganography 41

2.2.1 Method for Evaluating Hidden Information Schema Security 41

2.2.2 Peak Signal-to-Noise Ratio 422.3 Steganalysis 42

2.3.1 Blind Detection Based on LSB 432.3.2 Constraint Steganalysis 45

2.4 Conclusion 46References 46

3 Security Th reats and Vulnerabilities in E-business 51

Satya Narayan Tripathy, Sisira Kumar Kapat, Susanta Kumar Das3.1 Introduction to e-Business 52

3.1.1 Benefi ts of e-Business 523.1.2 Business Revolution 53

3.2 Security Issues in e-Business 543.2.1 Vulnerabilities 543.2.2 Security Attacks 553.2.3 Malware as a Th reat 55

3.3 Common Vulnerabilities in e-Business 553.3.1 Phishing 553.3.2 Cross-Site Scripting (XSS) 56

3.4 Th reats in e-Business 563.4.1 Ransomware 563.4.2 Spyware 563.4.3 Worms 573.4.4 Trojan Horse 57

3.5 Prevention Mechanism 573.6 Conclusion 58References 58

4 e-Commerce Security: Th reats, Issues, and Methods 61

Prerna Sharma, Deepak Gupta, Ashish Khanna4.1 Introduction 624.2 Literature Review 634.3 e-Commerce 63

4.3.1 Characteristics of e-Commerce Technology 634.3.2 Architectural Framework of e-Commerce 644.3.3 Advantages and Disadvantages of e-Commerce 66

4.4 Security Overview in e-Commerce 674.4.1 Purpose of Security in e-Commerce 674.4.2 Security Element at Diff erent Levels of e-Commerce System 67

Page 11: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Contents ix

4.5 Security Issues in e-Commerce 684.5.1 Client Level 684.5.2 Front-End Servers and Soft ware Application Level 684.5.3 Network and Server Level 68

4.6 Security Th reats in e-Commerce 69 4.7 Security Approaches in e-Commerce 72 4.8 Comparative Analysis of Various Security Th reats in e-Commerce 73 4.9 e-Commerce Security Life-Cycle Model 734.10 Conclusion 75References 76

5 Cyberwar is Coming 79

T. Manikandan, B. Balamurugan, C. Senthilkumar,

R. Rajesh Alias Harinarayan, R. Raja Subramanian5.1 Introduction 805.2 Ransomware Attacks 82

5.2.1 Petya 835.2.2 WannaCry 835.2.3 Locky 84

5.3 Are Nations Ready? 855.4 Conclusion 88References 88

Part 2 Cybersecurity in Parallel and Distributed Computing Techniques

6 Introduction to Blockchain Technology 93

Ishaani Priyadarshini 6.1 Introduction 94 6.2 Need for Blockchain Security 95 6.3 Characteristics of Blockchain Technology 96 6.4 Types of Blockchains 97 6.5 Th e Architecture of Blockchain Technology 97 6.6 How Blockchain Technology Works 100 6.7 Some Other Case Studies for Blockchain Technology 102 6.8 Challenges Faced by Blockchain Technology 103 6.9 Th e Future of Blockchain Technology 1056.10 Conclusion 106References 106

7 Cyber-Security Techniques in Distributed Systems, SLAs and other Cyber Regulations 109

Soumitra Ghosh, Anjana Mishra, Brojo Kishore Mishra7.1 Introduction 110

7.1.1 Primary Characteristics of a Distributed System 1107.1.2 Major Challenges for Distributed Systems 111

Page 12: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

x Contents

7.2 Identifying Cyber Requirements 1127.3 Popular security mechanisms in Distributed Systems 113

7.3.1 Secure Communication 1137.3.2 Message Integrity and Confi dentiality 1157.3.3 Access Controls 116

7.4 Service Level Agreements 1187.4.1 Types of SLAs 1187.4.2 Critical Areas for SLAs 119

7.5 Th e Cuckoo’s Egg in the Context of IT Security 1227.6 Searching and Seizing ComputerRelated Evidence 124

7.6.1 Computerized Search Warrants 1247.6.2 Searching and Seizing 125

7.7 Conclusion 126References 126

8 Distributed Computing Security: Issues and Challenges 129

Munmun Saha, Sanjaya Kumar Panda and Suvasini Panigrahi8.1 Introduction 1308.2 Security Issues and Challenges 131

8.2.1 Confi dentiality, Integrity and Availability 1318.2.2 Authentication and Access Control Issue 1328.2.3 Broken Authentication, Session and Access 132

8.3 Security Issues and Challenges in Advanced Areas 1338.4 Conclusion 136References 136

9 Organization Assignment in Federated Cloud Environments based on Multi-Target Optimization of Security 139

Abhishek Kumar, Palvadi Srinivas Kumar, T.V.M. Sairam9.1 Introduction 1409.2 Background Work Related to Domain 141

9.2.1 Basics on Cloud computing 1419.2.2 Clouds Which are Federated 1419.2.3 Cloud Resource Management 141

9.3 Architectural-Based Cloud Security Implementation 1429.4 Expected Results of the Process 1449.5 Conclusion 146References 146

10 An On-Demand and User-friendly Framework for Cloud Data Centre Networks with Performance Guarantee 149

P. Srinivas Kumar, Abhishek Kumar, Pramod Singh Rathore,

Jyotir Moy Chatterjee10.1 Introduction 150

10.1.1 Key Research Problems in Th is Area 150 10.1.2 Problems with Interoperability 151

Page 13: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Contents xi

10.2 Diffi culties from a Cloud Adoption Perspective 15110.3 Security and Privacy 151

10.3.1 Resource Provisioning 15210.3.2 How Do We Defi ne Cloud? 15310.3.3 Public vs Private Cloud-Based Services 15310.3.4 Traffi c-Aware VM Migration to Load Balance

Cloud Servers 15410.4 Conclusion and Future Work 157References 157

Part 3 Cybersecurity Applications and Case Studies

11 Cybersecurity at Organizations: A Delphi Pilot Study of Expert Opinions About Policy and Protection 163

Holly Reitmeier, Jolanda Tromp, John Bottoms11.1 Introduction 164

11.1.1 What is Cybercrime? 16411.1.2 What is Cybersecurity? 16511.1.3 Purpose of Th is Cybersecurity Pilot Study 16511.1.4 Methods of Cybersecurity Professionals 165

11.2 Shocking Statistics of Cybercrime 16611.2.1 Role of the Internet Crime Complaint Center 16611.2.2 2016 Global Economic Crime Survey Report 16811.2.3 Inadequate Preparation at Organizations 16811.2.4 Organizations: Be Aware, Be Secure 168

11.3 Cybersecurity Policies for Organizations 16911.3.1 Classifi cation of Cybersecurity at an Organization 17111.3.2 Pyramid of Cybersecurity 171

11.4 Blockchain Technology 17211.5 Research Methodology 173

11.5.1 Quantitative and Qualitative Data Collection 17311.5.2 Design of the Study 17411.5.3 Selection of the Delphi Method 17411.5.4 Procedure of Utilization of the Delphi Method 17511.5.5 Delphi Activities (Iteration Rounds) of Th is Pilot Study 175

11.6 Results of the Cybersecurity Delphi Study 17611.6.1 Results from Round One 17611.6.2 Results of Round Two 17811.6.3 Discussion and Limitations Based on the Results 181

11.7 Conclusion 18311.7.1 Th e Literature in the Field 18311.7.2 Next Steps for Future Research 184

References 184

Page 14: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xii Contents

12 Smartphone Triggered Security Challenges - Issues, Case Studies and Prevention 187

Saurabh Ranjan Srivastava, Sachin Dube, Gulshan Shrivastava,

Kavita Sharma12.1 Introduction 18812.2 Classifi cation of Mobile Security Th reats 188

12.2.1 Physical Th reats 18912.2.2 Web-Based Th reats 18912.2.3 Application-Based Th reats 18912.2.4 Network-Based Th reats 19012.2.5 Data Transfer-Based Th reats 19112.2.6 Improper Session Management-Based Th reats 19112.2.7 Bluetooth-Based Th reats 19112.2.8 Application Platform-Based Th reats 192

12.3 Smartphones as a Tool of Crime 19212.4 Types of Mobile Phone-Related Crimes 19312.5 Types of Mobile Fraud 19612.6 Case Studies 198

12.6.1 Mobile Identity Th eft 19812.6.2 Data Th eft by Applications 20012.6.3 SIM Card Fraud 200

12.7 Preventive Measures and Precautions 20112.7.1 Against Physical Loss and Th eft of the Mobile Device 20112.7.2 Against SMiShing Attacks 20212.7.3 Against App-Based Attacks 20312.7.4 Against Identity Th eft and SIM Card Fraud 203

12.8 Conclusion 204References 205

13 Cybersecurity: A Practical Strategy Against Cyber Th reats, Risks with Real World Usages 207

Anjana Mishra, Soumitra Ghosh, Brojo Kishore Mishra 13.1 Introduction 208 13.2 Cyberwar 209 13.3 Arms Control in Cyberwar 210 13.4 Internet Security Alliance 211 13.5 Cybersecurity Information Sharing Act 212 13.6 Market for Malware 214 13.7 Mobile Cybersecurity 215 13.8 Healthcare 216 13.9 Human Rights 21713.10 Cybersecurity Application in Our Life 21813.11 Conclusion 219References 219

Page 15: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Contents xiii

14 Security in Distributed Operating System: A Comprehensive Study 221

Sushree Bibhuprada B. Priyadarshini, Amiya Bhusan Bagjadab,

Brojo Kishore Mishra14.1 Introduction to Security and Distributed Systems 22214.2 Relevant Terminology 22514.3 Types of External Attacks 22514.4 Globus Security Architecture 22814.5 Distribution of Security Mechanism 22914.6 Conclusions 230References 230

15 Security in Healthcare Applications based on Fog and Cloud Computing 231

Rojalina Priyadarshini, Mohit Ranjan Panda,

Brojo Kishore Mishra15.1 Introduction 23215.2 Security Needs of Healthcare Sector 233

15.2.1 Data Integrity 23315.2.2 Data Confi dentiality 23315.2.3 Authentication and Authorization 23315.2.4 Availability 23415.2.5 Access Control 23415.2.6 Dependability 23415.2.7 Flexibility 234

15.3 Solutions to Probable Attacks in e-Healthcare 23415.3.1 Jamming Attack 23515.3.2 Data Collision Attack 23515.3.3 Desynchronization Attack 23515.3.4 Spoofi ng Attack 23615.3.5 Man-in-the-Middle Attack 23615.3.6 Denial-of-Service (DoS) Attack 23715.3.7 Insider Attack 23815.3.8 Masquerade Attack 23815.3.9 Attacks on Virtual Machine and Hypervisor 239

15.4 Emerging Th reats in Cloud- and Fog-Based Healthcare System 24015.4.1 Soft ware Supply Chain Attacks 24015.4.2 Ransomware Attacks 24015.4.3 Crypto-Mining and Crypto-Jacking Malware 240

15.5 Conclusion 241References 241

Page 16: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xiv Contents

16 Mapping of e-Wallets with Features 245

Alisha Sikri, Surjeet Dalal, N.P Singh, Dac-Nhuong Le16.1 Introduction 246

16.1.1 e-Wallet 246 16.1.2 Objectives 247

16.2 Review of Literature 25016.3 Market Share of e-Wallet 251

16.3.1 Technical Features 252 16.3.2 Legal Features 252 16.3.3 Operational Features 253 16.3.4 Security Features 253

16.4 Research Methodology 25316.5 Result Analysis 25516.6 Conclusions and future work 256References 256

Page 17: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xv

List of Figures

2.1 Classifi cation of Steganography 40 3.1 Product fl ow structure in traditional business 53 3.2 Communication cycle in e-business, from manufacturer to customer 54 4.1 Two-tier e-commerce architecture 65 4.2 Th ree-tier e-commerce architecture 65 4.3 DDOS attack 69 4.4 SQL injection attack 70 4.5 Price manipulation 71 4.6 Session hijacking attack 71 4.7 Cross-site scripting attack 72 4.8 Security engineering life cycle 75 5.1 Virus alert! 80 5.2 Petya ransomware 83 5.3 WannaCry ransomware 84 5.4 Motives of the attackers over the years 85 6.1 Blockchain architecture diagram 98 6.2 Network architecture of blockchain 99 6.3 How transactions get converted to blocks 99 6.4 Cryptocurrency transaction using blockchain technology 101 6.5 How double spending may occur 102 6.6 Blockchain generation from unordered transactions 102 7.1 Challenges of a distributed system 111 7.2 Shared secret key-based authentication 113 7.3 Role of KDC in authentication 114 7.4 Public key encryption based on mutual authentication 115 7.5 Digital signature 116 7.6 Schematic of a sandbox and a playground 117 9.1 Overview of MQMCE 142 9.2 MQMCE scheduler process 143 9.3 Obtained non-dominated solutions for the parallel workfl ow 144 9.4 Obtained non-dominated solutions for the hybrid workfl ow 145 9.5 Obtained non-dominated solutions for the synthetic workfl ow 14511.1 Internet Crime Complaint Center( IC3) public value of

overall statistics 2016 16711.2 Pyramid of cybersecurity 2017 17111.3 Expert-level-awareness of cybersecurity 17711.4 Eff ective incident response plans 177

Page 18: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xvi List of Figures

11.5 Federal government cybersecurity initiatives 17711.6 Blockchain secure Internet transactions 17812.1 Classifi cation of mobile security threats 18812.2 Various mobile phone-related crimes 19312.3 Th e schematic sequence of a SMiShing attack 19512.4 Types of mobile frauds 19713.1 Issues of cybersecurity [4] 20813.2 Cybersecurity attacks occurring in diff erent years [8] 20813.3 Malware attacks on smartphone OSes 21514.1 Logical organization of distributed systems into various layers 22214.2 Basic elements of information system security 22214.3 Schematic showing the exchange of information

in distributed systems 22314.4 Types of external attacks 22514.5 Types of DoS attacks 22714.6 Globus security policy architecture 22915.1 General architecture of healthcare monitoring systems 23215.2 Categorization of attacks in healthcare system 23515.3 Schematic diagram of a captured communication by

an eavesdropper in fog environment 23715.4 Schematic diagram of a distributed denial of service attack 23815.5 Masquerade attack 23916.1 Ecosystem for setting up of an Open, closed and semi-closed

e-wallet respectively [2] 24716.2 Research Model for the mapping of features of E-wallets with

the types of e-wallets 255

Page 19: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xvii

List of Tables

2.1 Relationship between PSNR and MOS values 42 4.1 Advantages of e-commerce 66 4.2 Disadvantages of e-commerce 66 4.3 Comparative analysis of various security threats in e-commerce 73 9.1 Reasons for the federation of cloud 14210.1 Graph theory in computer networks 15510.2 Grap theory in cloud 15611.1 Th e major fi ndings from Round 1 and the 4 key insights presented

to the respondents 17811.2 Cybersecurity policy within an organization 17911.3 Eff ective cyber incident response plan mandates 17911.4 Federal government cybersecurity initiatives 18011.5 Blockchain technology for secure Internet transactions 18013.1 A contrast of the smartphone oses market share over

the era of 2011-2017 21515.1 Security attacks and their existing solutions 24016.1 Examples of types of e-wallets 24716.2 Electronic cash payment systems 24916.3 Technological features of e-wallets in India 25216.4 Legal features of e-wallets in India 25216.5 Operational features of e-wallets in India 25316.6 Security features of e-wallets in India 25316.7 Mapping framework of e-wallet features 254

Page 20: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 21: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xix

Foreword

With the widespread applicability of cyberspace in today’s world, malefi c activi-ties like hacking, cracking or other malicious use of cyberspace have become more sophisticated and so critical that, absent a proper and organized plan to protect against such activities, overcoming them is impossible.

Today cybersecurity is one of the prime concerns for any organization, whether governmental or private sector; and for the sake of security and safety, it may be considered of national importance for a country. Many components of cyberspace are disreputable and therefore vulnerable to an expanding range of attacks by a spectrum of hackers, criminals, terrorists, and state actors. For example, both government agencies as well as private sector companies, irrespec-tive of their size and nature, may suff er from cyber theft s, cyber vandalism and attacks like denial-of-service or other service-related attacks, since they incor-porate sensitive information. Many of a nation’s critical infrastructures, like the electric power grid, air traffi c control system, fi nancial systems, and communica-tion networks, depend extensively on information technology for their opera-tion. Nowadays, threats posed by the vulnerabilities of information technology and its malicious use have increased along with technological advancements. Following the infamous September 11, 2001 attacks against the United States, the importance of maintaining a properly fashioned security environment has been realized in light of increased cyber espionage directed at private companies and government agencies. National policy makers have become increasingly con-cerned that adversaries backed by considerable resources will attempt to exploit cyber vulnerabilities in the critical infrastructure, thereby infl icting substantial harm on a nation.

Numerous policy proposals have been suggested in the past and a number of bills have been introduced to tackle the challenges of cybersecurity. Although the larger public discourse sometimes treats the topic of cybersecurity as a new one, the Computer Science and Telecommunications Board (CSTB) of the National Research Council has extensively recognized cybersecurity as being a major chal-lenge for public policy. Th erefore, for over more than two decades the CSTB has off ered a wealth of information on practical measures, technical and nontechnical challenges, as well as potential policy concerning cybersecurity. Drawing on past insights developed in the body of work of the CSTB, a committee has produced a

Page 22: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xx Foreword

report entitled Cybersecurity Primer: Leveraging Two Decades of National Academies Work, which acts as a concise primer on the fundamentals of cybersecurity and the nexus between cybersecurity and public policy.

Full Professor Valentina E. BalasDepartment of Automatics and Applied Soft ware

Aurel Vlaicu University of Arad, Romania

Page 23: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xxi

Preface

Th e main objective of this book is to explore the concept of cybersecurity in paral-lel and distributed computing along with recent research developments in the fi eld. Also included are various real-time/offl ine applications and case studies in the fi elds of engineering and computer science and the modern tools and technologies used. Information concerning various topics relating to cybersecurity technologies is organized within the sixteen chapters of this book.

Chapter 1 discusses the diff erence between traditional and contemporary com-puter crimes observed over the last few years. Th e general evolution of cybercrimes has led to internet-based risks aff ecting businesses, organizations, etc., exposing them to potential liability. Th e recent concept of cyber insurance, which promises coverage when organizations suff er as a result of internet-based risk, is discussed in this chapter. Later on in the chapter, readers will become familiarized with security policies and various security models, such as the Bell-LaPadula and Biba models, that enforce them. Furthermore, readers will also become acquainted with the con-cepts of network neutrality and human rights, as they go hand in hand. With the risks and aft ereff ects of cybercrimes in mind, we also explore the legal aspect of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures to information warfare are also discussed.

Chapter 2 presents an overview of the research and solutions relating to the problem of hidden image detection.

Chapter 3 focuses on the security aspects of data mining and possible techniques to prevent it. Moreover, some privacy issues due to data mining, such as intrusion detection, are also highlighted.

Chapter 4 addresses diff erent types of specifi c security threats, security chal-lenges, and vulnerabilities at various levels of the system. Furthermore, it throws light on how to deal with these various security threats and issues, and presents a comparative analysis of various methods used in e-commerce security, including how to perform secure payment transactions in an effi cient manner.

Chapter 5 notes that although the likelihood of conventional warfare has been reduced due to diplomatic eff orts, the fear of reduced resources and monetary greed are still very much in evidence. With resources becoming increasingly digitalized due to the development of technologies like 5G, the internet of things, smartphones, smarter cities, etc., cyberattacks from ransomware such as WannaCry, NotPetya, Bad Rabbit, etc., are also on the rise. With everything connected to the internet, it has become a battlefi eld on which the civilians of all nations are connected, unwit-tingly placing them on the battlefi eld. Th is connectivity is a bigger threat, as it

Page 24: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xxii Preface

can cause massive devastation in rising digital economies, aff ecting everyone and everything, even our brains, which, along with the internet’s ever-encroaching war on human emotions, is evidence that a war is coming – a cyberwar.

Chapter 6 introduces the concept of blockchain technology and how it is cru-cial to the security industry. We delve into the details concerning the characteris-tics of blockchain technology, its structure, types, architecture and workings. Since Bitcoin is one of the most widespread applications of blockchain technology, this chapter also highlights its workings. Th e chapter concludes with a few of the chal-lenges facing this technology and its future scope.

Chapter 7 focuses on the need for service level agreements (SLAs) to prevail between a service provider and a client in relation to certain aspects of the ser-vice such as quality, availability and responsibilities. Th e Cuckoo’s Egg lessons on cybersecurity by Cliff ord Stoll, as well as various amendments to curb fraud, data breaches, dishonesty, deceit and other such cybercrimes, are also thoroughly discussed.

Chapter 8 examines various security issues and challenges in distributed comput-ing security, along with security issues in advanced areas like heterogeneous com-puting, cloud computing, fog computing, etc. Moreover, we present the methods/schemes/protocols used to address various security issues and possible methods of implementation.

Chapter 9 demonstrates the administration task issue in unifi ed cloud situations as a multi-target enhancement issue in light of security. Th e model enables shop-pers to consider an exchange between three security factors—cost, execution, and hazard—when appointing their administrations to CSPs. Th e cost and execution of the conveyed security administrations are assessed utilizing an arrangement of quantitative measurements which we propose. We then address utilization of the preemptive streamlining technique to assess clients’ needs. Reproductions have demonstrated that this model aides in decreasing the infringement rate of security and execution.

Chapter 10 investigates chart hypothesis applications in PC systems with a par-ticular spotlight on diagram hypothesis applications in distributed computing. Included in this chapter are the fundamental asset provisioning issues that emerge in distributed computing situations along with some applied hypothetical diagram recommendations to address these issues.

Chapter 11 explores the concepts of cybercrime and cybersecurity, and presents the statistical impact they have on organizations, demonstrating the importance of an eff ective cybersecurity policy manual. It also describes the methodology used for this research, analyzes the data provided by expert testimonials, and introduces the development of a new innovative technological method (blockchain) to mini-mize the risks of the cyber world. Th e analyses cover the extent to which Blockchain applications could help strengthen cybersecurity and protect organizations against cyberattacks, and what kind of research directions are essential for the future.

Chapter 12 classifi es and details the various types of smartphone device security threats. Further case studies about the exploitation of smartphones by terrorists, user data theft and smartphone-based fraud are presented. Th e chapter concludes

Page 25: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

Preface xxiii

with measures to improve the security of mobile devices and prevent user data from being exploited by attacks.

Chapter 13 highlights some strategies for maintaining the privacy, integrity, con-fi dentiality and availability of cyber information and its real-world impacts such as mobile security soft ware for secure email and online banking, cyber health check programs for business, cyber incident response management, cybersecurity risk management and cyber security schemes and services.

Chapter 14 discusses security policies and mechanisms, various categories of attacks (e.g., denial-of-service) and Globus security architecture, along with distri-bution of security mechanisms. Furthermore, the various attack strategies that fre-quently occur in any information system under consideration are also investigated.

Chapter 15 lists some of the security issues which have arisen in the healthcare sector and also discusses existing solutions and emerging threats.

Chapter 16 presents and analyzes various types of models operating in the e-commerce/ebusiness domains in India. Th is chapter tries to give a brief insight into the various technological, operational, legal and security features available in diff erent types of e-Wallets. It can be concluded from the information presented that all three wallets have the same security features, which include Anti-fraud, 3D SET or SSL, P2P, data encryption and OTP.

Among those who have infl uenced this project are our family and friends, who have sacrifi ced a lot of their time and attention to ensure that we remained moti-vated throughout the time devoted to the completion of this crucial book.

Dac-Nhuong LeRaghvendra Kumar

Brojo Kishore MishraManju Khari

Jyotir Moy Chatterjee

Page 26: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 27: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xxv

Acknowledgments

We would like to acknowledge the most important people in our lives, our grandfathers and grandmothers, and thank our wives. Th is book has been our long- cherished dream which would not have been turned into reality without the support and love of these amazing people. Th ey have encouraged us despite our failing to give them the proper time and attention. We are also grateful to our best friends, who have encouraged and blessed this work with their unconditional love and patient.

Dr. Dac-Nhuong LeDeputy Head, Faculty of Information Technology

Haiphong University, Haiphong, Vietnam

Page 28: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business
Page 29: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xxvii

Acronyms

APIs Application Programming InterfacesAR Post-Traumatic Stress DisorderAES Advance Encryption AlgorithmACL Access Control ListsAPT Advanced Persistent Th reatsATM Automated Teller MachineAS Autonomous SystemACE Access Control EntriesB2B Business-to-BusinessB2C Business-to-ConsumerBAN Body Area NetworksCA Certifying AuthorityC2B Consumer-to-BusinessC2C Consumer-to-ConsumerC2G Consumer-to-GovernmentCSPs Cloud Service ProvidersCV Consumer VersionCPPS Cyber-Physical Production SystemCOMSEC Communications SecurityCDI Constrained Data ItemCOI Confl ict of InterestCDMA Code-Division Multiple AccessCDC Cloud Data CenterCISA Cybersecurity Information Sharing ActC3I Command, Control, Communications and IntelligenceCFOs Chief Financial Offi cersCPU Central Processing UnitCoF Cloud based Card-on FileCRC Cyclic Redundancy ChecksumDAC Discretionary Access ControlDAO Decentralized Autonomous OrganizationsDMZ Demilitarized ZoneDFD Degree of Security Defi ciencyDDoS Distributed Denial of ServiceDoS Denial of ServiceDSC Digital Signature Certifi cateDHS Department of Homeland Security

Page 30: Cyber Security in Parallel and€¦ · C. V. Raman College of Engineering, Bhubaneswar, India ... Susanta Kumar Das 3.1 Introduction to e-Business 52 3.1.1 Benefi ts of e-Business

xxviii Acronyms

ETG Enterprise Topology GraphsECMA European Computer Manufacturers AssociationECDA Elliptic Curve Diffi e-HellmanECC Elliptic Curve CryptographyESN Electronic Serial NumberEPROM Erasable Programmable Read-Only MemoryEWF Energy Web FoundationFBI Federal Bureau of InvestigationFIPB Foreign Investment Promotion BoardFC Fog ComputingFI Financial InstitutionFEMA Foreign Exchange Management ActGUI Graphical User InterfaceGPS Global Positioning SystemHTML Hypertext Markup LanguageHMI Human-Machine InterfaceHAIL High-Availability and Integrity LayerHTTPS Hypertext Transfer Protocol SecureIoT Internet of Th ingsICCPR International Covenant on Civil and Political RightsICMP Internet Control Message ProtocolIPS Intrusion Prevention SystemsIDS Intrusion Detection SystemIMPS Immediate Payment ServiceIP Internet ProtocolISP Internet Service ProviderIT Information TechnologyIC3 Internet Crime Complaint CenterISA Instruction Set ArchitectureIaaS Infrastructure as a ServiceICERT Indian Computer Emergency Response TeamIE Internet ExplorerIEEE Institute of Electrical and Electronics EngineersKDC Key Distribution CenterKYC Know Your CustomerLAN Local-Area NetworkLSB Least Signifi cant BitMAC Mandatory Access ControlMBR Master Boot RecordMTBF Mean Time Between FailuresMTTR Mean Time to Recovery, Response, or ResolutionMIN Mobile Identifi cation NumberMiM Man-in-the-middle AttackNCSA National Cyber Security AllianceNCP Network Control ProtocolNFC Near Field CommunicationNBFC Non-Banking Financial Companie