Scrivener Publishing
100 Cummings Center, Suite 541J
Beverly, MA 01915-6106
Publishers at Scrivener
Martin Scrivener (martin@scrivenerpublishing.com)
Phillip Carmical (pcarmical@scrivenerpublishing.com)
Managing Editors: Sachin Mishra, S. Patra and Anshuman Mishra
Edited by
This edition first published 2019 by John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA and Scrivener Publishing LLC, 100 Cummings Center, Suite 541J, Beverly, MA 01915, USA
© 2019 Scrivener Publishing LLC
For more information about Scrivener publications please visit www.scrivenerpublishing.com.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.
Wiley Global Headquarters
111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Limit of Liability/Disclaimer of Warranty
While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials, or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.
Library of Congress Cataloging-in-Publication Data
ISBN 978-1-119-48805-7
To our parents
2.1 Classification of Steganography
3.1 Product flow structure in traditional business
3.2 Communication cycle in e-business, from manufacturer to customer
4.1 Two-tier e-commerce architecture
4.2 Three-tier e-commerce architecture
4.3 DDOS attack
4.4 SQL injection attack
4.5 Price manipulation
4.6 Session hijacking attack
4.7 Cross-site scripting attack
4.8 Security engineering life cycle
5.1 Virus alert!
5.2 Petya ransomware
5.3 WannaCry ransomware
5.4 Motives of the attackers over the years
6.1 Blockchain architecture diagram
6.2 Network architecture of blockchain
6.3 How transactions get converted to blocks
6.4 Cryptocurrency transaction using blockchain technology
6.5 How double spending may occur
6.6 Blockchain generation from unordered transactions
7.1 Challenges of a distributed system
7.2 Shared secret key-based authentication
7.3 Role of KDC in authentication
7.4 Public key encryption based on mutual authentication
7.5 Digital signature
7.6 Schematic of a sandbox and a playground
9.1 Overview of MQMCE
9.2 MQMCE scheduler process
9.3 Obtained non-dominated solutions for the parallel workflow
9.4 Obtained non-dominated solutions for the hybrid workflow
9.5 Obtained non-dominated solutions for the synthetic workflow
11.1 Internet Crime Complaint Center(IC3) public value of overall statistics 2016
11.2 Pyramid of cybersecurity 2017
11.3 Expert-level-awareness of cybersecurity
11.4 Effective incident response plans
11.5 Federal government cybersecurity initiatives
11.6 Blockchain secure Internet transactions
12.1 Classification of mobile security threats
12.2 Various mobile phone-related crimes
12.3 The schematic sequence of a SMiShing attack
12.4 Types of mobile frauds
13.1 Issues of cybersecurity [4]
13.2 Cybersecurity attacks occurring in different years [8]
13.3 Malware attacks on smartphone OSes
14.1 Logical organization of distributed systems into various layers
14.2 Basic elements of information system security
14.3 Schematic showing the exchange of information in distributed systems
14.4 Types of external attacks
14.5 Types of DoS attacks
14.6 Globus security policy architecture
15.1 General architecture of healthcare monitoring systems
15.2 Categorization of attacks in healthcare system
15.3 Schematic diagram of a captured communication by an eavesdropper in fog environment
15.4 Schematic diagram of a distributed denial of service attack
15.5 Masquerade attack
16.1 Ecosystem for setting up of an Open, closed and semi-closed e-wallet respectively [2]
16.2 Research Model for the mapping of features of E-wallets with the types of e-wallets
2.1 Relationship between PSNR and MOS values
4.1 Advantages of e-commerce
4.2 Disadvantages of e-commerce
4.3 Comparative analysis of various security threats in e-commerce
9.1 Reasons for the federation of cloud
10.1 Graph theory in computer networks
10.2 Grap theory in cloud
11.1 The major findings from Round 1 and the 4 key insights presented to the respondents
11.2 Cybersecurity policy within an organization
11.3 Effective cyber incident response plan mandates
11.4 Federal government cybersecurity initiatives
11.5 Blockchain technology for secure Internet transactions
13.1 A contrast of the smartphone oses market share over the era of 2011-2017
15.1 Security attacks and their existing solutions
16.1 Examples of types of e-wallets
16.2 Electronic cash payment systems
16.3 Technological features of e-wallets in India
16.4 Legal features of e-wallets in India
16.5 Operational features of e-wallets in India
16.6 Security features of e-wallets in India
16.7 Mapping framework of e-wallet features
With the widespread applicability of cyberspace in today’s world, malefic activities like hacking, cracking or other malicious use of cyberspace have become more sophisticated and so critical that, absent a proper and organized plan to protect against such activities, overcoming them is impossible.
Today cybersecurity is one of the prime concerns for any organization, whether governmental or private sector; and for the sake of security and safety, it may be considered of national importance for a country. Many components of cyberspace are disreputable and therefore vulnerable to an expanding range of attacks by a spectrum of hackers, criminals, terrorists, and state actors. For example, both government agencies as well as private sector companies, irrespective of their size and nature, may suffer from cyber thefts, cyber vandalism and attacks like denial-of-service or other service-related attacks, since they incorporate sensitive information. Many of a nation’s critical infrastructures, like the electric power grid, air traffic control system, financial systems, and communication networks, depend extensively on information technology for their operation. Nowadays, threats posed by the vulnerabilities of information technology and its malicious use have increased along with technological advancements. Following the infamous September 11, 2001 attacks against the United States, the importance of maintaining a properly fashioned security environment has been realized in light of increased cyber espionage directed at private companies and government agencies. National policy makers have become increasingly concerned that adversaries backed by considerable resources will attempt to exploit cyber vulnerabilities in the critical infrastructure, thereby inflicting substantial harm on a nation.
Numerous policy proposals have been suggested in the past and a number of bills have been introduced to tackle the challenges of cybersecurity. Although the larger public discourse sometimes treats the topic of cybersecurity as a new one, the Computer Science and Telecommunications Board (CSTB) of the National Research Council has extensively recognized cybersecurity as being a major challenge for public policy. Therefore, for over more than two decades the CSTB has offered a wealth of information on practical measures, technical and nontechnical challenges, as well as potential policy concerning cybersecurity. Drawing on past insights developed in the body of work of the CSTB, a committee has produced a report entitled Cybersecurity Primer: Leveraging Two Decades of National Academies Work, which acts as a concise primer on the fundamentals of cybersecurity and the nexus between cybersecurity and public policy.
Full Professor Valentina E. Balas
Department of Automatics and Applied Software Aurel Vlaicu University of Arad, Romania
The main objective of this book is to explore the concept of cybersecurity in parallel and distributed computing along with recent research developments in the field. Also included are various real-time/offline applications and case studies in the fields of engineering and computer science and the modern tools and technologies used. Information concerning various topics relating to cybersecurity technologies is organized within the sixteen chapters of this book.
Chapter 1 discusses the difference between traditional and contemporary computer crimes observed over the last few years. The general evolution of cybercrimes has led to internet-based risks affecting businesses, organizations, etc., exposing them to potential liability. The recent concept of cyber insurance, which promises coverage when organizations suffer as a result of internet-based risk, is discussed in this chapter. Later on in the chapter, readers will become familiarized with security policies and various security models, such as the Bell-LaPadula and Biba models, that enforce them. Furthermore, readers will also become acquainted with the concepts of network neutrality and human rights, as they go hand in hand. With the risks and aftereffects of cybercrimes in mind, we also explore the legal aspect of cybercrimes by analyzing the concept of computer forensics. Some best practices pertaining to countermeasures to information warfare are also discussed.
Chapter 2 presents an overview of the research and solutions relating to the problem of hidden image detection.
Chapter 3 focuses on the security aspects of data mining and possible techniques to prevent it. Moreover, some privacy issues due to data mining, such as intrusion detection, are also highlighted.
Chapter 4 addresses different types of specific security threats, security challenges, and vulnerabilities at various levels of the system. Furthermore, it throws light on how to deal with these various security threats and issues, and presents a comparative analysis of various methods used in e-commerce security, including how to perform secure payment transactions in an efficient manner.
Chapter 5 notes that although the likelihood of conventional warfare has been reduced due to diplomatic efforts, the fear of reduced resources and monetary greed are still very much in evidence. With resources becoming increasingly digitalized due to the development of technologies like 5G, the internet of things, smartphones, smarter cities, etc., cyberattacks from ransomware such as WannaCry, NotPetya, Bad Rabbit, etc., are also on the rise. With everything connected to the internet, it has become a battlefield on which the civilians of all nations are connected, unwittingly placing them on the battlefield. This connectivity is a bigger threat, as it can cause massive devastation in rising digital economies, affecting everyone and everything, even our brains, which, along with the internet’s ever-encroaching war on human emotions, is evidence that a war is coming – a cyberwar.
Chapter 6 introduces the concept of blockchain technology and how it is crucial to the security industry. We delve into the details concerning the characteristics of blockchain technology, its structure, types, architecture and workings. Since Bitcoin is one of the most widespread applications of blockchain technology, this chapter also highlights its workings. The chapter concludes with a few of the challenges facing this technology and its future scope.
Chapter 7 focuses on the need for service level agreements (SLAs) to prevail between a service provider and a client in relation to certain aspects of the service such as quality, availability and responsibilities. The Cuckoo’s Egg lessons on cybersecurity by Clifford Stoll, as well as various amendments to curb fraud, data breaches, dishonesty, deceit and other such cybercrimes, are also thoroughly discussed.
Chapter 8 examines various security issues and challenges in distributed computing security, along with security issues in advanced areas like heterogeneous computing, cloud computing, fog computing, etc. Moreover, we present the methods/schemes/protocols used to address various security issues and possible methods of implementation.
Chapter 9 demonstrates the administration task issue in unified cloud situations as a multi-target enhancement issue in light of security. The model enables shoppers to consider an exchange between three security factors—cost, execution, and hazard—when appointing their administrations to CSPs. The cost and execution of the conveyed security administrations are assessed utilizing an arrangement of quantitative measurements which we propose. We then address utilization of the preemptive streamlining technique to assess clients’ needs. Reproductions have demonstrated that this model aides in decreasing the infringement rate of security and execution.
Chapter 10 investigates chart hypothesis applications in PC systems with a particular spotlight on diagram hypothesis applications in distributed computing. Included in this chapter are the fundamental asset provisioning issues that emerge in distributed computing situations along with some applied hypothetical diagram recommendations to address these issues.
Chapter 11 explores the concepts of cybercrime and cybersecurity, and presents the statistical impact they have on organizations, demonstrating the importance of an effective cybersecurity policy manual. It also describes the methodology used for this research, analyzes the data provided by expert testimonials, and introduces the development of a new innovative technological method (blockchain) to minimize the risks of the cyber world. The analyses cover the extent to which Blockchain applications could help strengthen cybersecurity and protect organizations against cyberattacks, and what kind of research directions are essential for the future.
Chapter 12 classifies and details the various types of smartphone device security threats. Further case studies about the exploitation of smartphones by terrorists, user data theft and smartphone-based fraud are presented. The chapter concludes with measures to improve the security of mobile devices and prevent user data from being exploited by attacks.
Chapter 13 highlights some strategies for maintaining the privacy, integrity, confidentiality and availability of cyber information and its real-world impacts such as mobile security software for secure email and online banking, cyber health check programs for business, cyber incident response management, cybersecurity risk management and cyber security schemes and services.
Chapter 14 discusses security policies and mechanisms, various categories of attacks (e.g., denial-of-service) and Globus security architecture, along with distribution of security mechanisms. Furthermore, the various attack strategies that frequently occur in any information system under consideration are also investigated.
Chapter 15 lists some of the security issues which have arisen in the healthcare sector and also discusses existing solutions and emerging threats.
Chapter 16 presents and analyzes various types of models operating in the e-commerce/ebusiness domains in India. This chapter tries to give a brief insight into the various technological, operational, legal and security features available in different types of e-Wallets. It can be concluded from the information presented that all three wallets have the same security features, which include Anti-fraud, 3D SET or SSL, P2P, data encryption and OTP.
Among those who have influenced this project are our family and friends, who have sacrificed a lot of their time and attention to ensure that we remained motivated throughout the time devoted to the completion of this crucial book.
Dac-Nhuong Le
Raghvendra Kumar
Brojo Kishore Mishra
Manju Khari
Jyotir Moy Chatterjee
We would like to acknowledge the most important people in our lives, our grandfathers and grandmothers, and thank our wives. This book has been our longcherished dream which would not have been turned into reality without the support and love of these amazing people. They have encouraged us despite our failing to give them the proper time and attention. We are also grateful to our best friends, who have encouraged and blessed this work with their unconditional love and patient.
Dr. Dac-Nhuong Le
Deputy Head, Faculty of Information Technology Haiphong University, Haiphong, Vietnam
| APIs | Application Programming Interfaces |
| AR | Post-Traumatic Stress Disorder |
| AES | Advance Encryption Algorithm |
| ACL | Access Control Lists |
| APT | Advanced Persistent Threats |
| ATM | Automated Teller Machine |
| AS | Autonomous System |
| ACE | Access Control Entries |
| B2B | Business-to-Business |
| B2C | Business-to-Consumer |
| BAN | Body Area Networks |
| CA | Certifying Authority |
| C2B | Consumer-to-Business |
| C2C | Consumer-to-Consumer |
| C2G | Consumer-to-Government |
| CSPs | Cloud Service Providers |
| CV | Consumer Version |
| CPPS | Cyber-Physical Production System |
| COMSEC | Communications Security |
| CDI | Constrained Data Item |
| COI | Conflict of Interest |
| CDMA | Code-Division Multiple Access |
| CDC | Cloud Data Center |
| CISA | Cybersecurity Information Sharing Act |
| C3I | Command, Control, Communications and Intelligence |
| CFOs | Chief Financial Officers |
| CPU | Central Processing Unit |
| CoF | Cloud based Card-on File |
| CRC | Cyclic Redundancy Checksum |
| DAC | Discretionary Access Control |
| DAO | Decentralized Autonomous Organizations |
| DMZ | Demilitarized Zone |
| DFD | Degree of Security Deficiency |
| DDoS | Distributed Denial of Service |
| DoS | Denial of Service |
| DSC | Digital Signature Certificate |
| DHS | Department of Homeland Security |
| ETG | Enterprise Topology Graphs |
| ECMA | European Computer Manufacturers Association |
| ECDA | Elliptic Curve Diffie-Hellman |
| ECC | Elliptic Curve Cryptography |
| ESN | Electronic Serial Number |
| EPROM | Erasable Programmable Read-Only Memory |
| EWF | Energy Web Foundation |
| FBI | Federal Bureau of Investigation |
| FIPB | Foreign Investment Promotion Board |
| FC | Fog Computing |
| FI | Financial Institution |
| FEMA | Foreign Exchange Management Act |
| GUI | Graphical User Interface |
| GPS | Global Positioning System |
| HTML | Hypertext Markup Language |
| HMI | Human-Machine Interface |
| HAIL | High-Availability and Integrity Layer |
| HTTPS | Hypertext Transfer Protocol Secure |
| IoT | Internet of Things |
| ICCPR | International Covenant on Civil and Political Rights |
| ICMP | Internet Control Message Protocol |
| IPS | Intrusion Prevention Systems |
| IDS | Intrusion Detection System |
| IMPS | Immediate Payment Service |
| IP | Internet Protocol |
| ISP | Internet Service Provider |
| IT | Information Technology |
| IC3 | Internet Crime Complaint Center |
| ISA | Instruction Set Architecture |
| IaaS | Infrastructure as a Service |
| ICERT | Indian Computer Emergency Response Team |
| IE | Internet Explorer |
| IEEE | Institute of Electrical and Electronics Engineers |
| KDC | Key Distribution Center |
| KYC | Know Your Customer |
| LAN | Local-Area Network |
| LSB | Least Significant Bit |
| MAC | Mandatory Access Control |
| MBR | Master Boot Record |
| MTBF | Mean Time Between Failures |
| MTTR | Mean Time to Recovery, Response, or Resolution |
| MIN | Mobile Identification Number |
| MiM | Man-in-the-middle Attack |
| NCSA | National Cyber Security Alliance |
| NCP | Network Control Protocol |
| NFC | Near Field Communication |
| NBFC | Non-Banking FinancialCompanie |
| NIST | National Institute of Standards and Technology |
| OS | Operating System |
| OTP | One-Time Password |
| PLC | Programmable Logic Controller |
| PIN | Personal Identification Number |
| PGP | Pretty Good Privacy |
| PwC | PricewaterhouseCoopers |
| PC | Personal Computer |
| POS | Point-on Scale |
| PKI | Public Key Infrastructure |
| P2P | Peer-to-Peer |
| PPI | Prepaid Payment Instruments |
| PaaS | Platform as a Service |
| PDA | Personal Digital Assistant |
| QoS | Quality of Service |
| RFID | Radio-Frequency Identification |
| RBAC | Role-Based Access Control |
| RBI | Reserve Bank of India |
| RSA | Rivest-Shamir-Adleman |
| SCADA | Supervisory Control and Data Acquisition |
| SET | Secure Electronic Transaction |
| SLA | Service Level Agreement |
| SMB | Server Message Block |
| SYN | Synchronization |
| SSID | Service Set Identifier |
| SQL | Structured Query Language |
| SSL | Secure Sockets Layer |
| SMS | Short Message Service |
| SIM | Subscriber Identity Module |
| SPV | Simple Payment Verification |
| TCPAC | Trusted Computing Platform Alliance |
| TCB | Trusted Computing Base |
| UDI | Unconstrained Data Item |
| UDP | User Datagram Protocol |
| UDHR | Universal Declaration of Human Rights |
| VM | Virtual Machine |
| VPN | Virtual Private Network |
| XSS | Cross-Site Scripting |
| XML | eXtensible Markup Language |
| XACML | eXtensible Access Control Markup Language |