Springer Series in Wireless Technology
Series Editor
Ramjee Prasad, Ctr for TeleInFrastruktur, C1-107, Aalborg University Ctr forTeleInFrastruktur, C1-107, Aalborg, Denmark
Springer Series in Wireless Technology is a series of monographs, contributedtitles and advanced textbooks exploring the cutting edge of mobile telecommuni-cation technologies and promulgating them for the benefit of academic researchers,practicing engineers and students. The series encourages contributions in thetheoretical, experimental and practical engineering aspects of wireless communi-cations—voice, data and image transmission. Topics of interest to the series includebut are not limited to:
• coding and modulation;• cognitive radio;• full-duplex wireless communication;• model-free design;• multiple access;• resource allocation;• uses of digital signal processing in wireless systems;• wireless energy transfer;• wireless networks: 4G, 5G and beyond and next-generation WiFi; adhoc
wireless networks, device-to-device networks; heterogeneous mobile networks;wireless sensor networks;
• wireless optical communications.
Proposals for this series (please use the proposal form that can be downloaded fromthis page), can be submitted by e-mail to either the:
Series Editor
Professor Ramjee Prasad Department of Business Development and Technology,Aarhus University, Birk Centerpark 15,8001, Innovatorium, CGC, 7400 Herning,Denmark e-mail: [email protected]
or the
In-house Editor
Mr. Oliver Jackson Springer London, 4 Crinan Street, London, N1 9XW, UnitedKingdom e-mail: [email protected]
More information about this series at http://www.springer.com/series/14020
Ramjee Prasad • Vandana Rohokale
Cyber Security:The Lifeline of Informationand CommunicationTechnology
123
Ramjee PrasadDepartment of Business Developmentand Technology, CTIF Global CapsuleAarhus UniversityHerning, Denmark
Vandana RohokaleDepartment of Electronicsand TelecommunicationSinhgad Institute of Technologyand SciencePune, India
ISSN 2365-4139 ISSN 2365-4147 (electronic)Springer Series in Wireless TechnologyISBN 978-3-030-31702-7 ISBN 978-3-030-31703-4 (eBook)https://doi.org/10.1007/978-3-030-31703-4
© Springer Nature Switzerland AG 2020This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or partof the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmissionor information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilarmethodology now known or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in thispublication does not imply, even in the absence of a specific statement, that such names are exempt fromthe relevant protective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in thisbook are believed to be true and accurate at the date of publication. Neither the publisher nor theauthors or the editors give a warranty, expressed or implied, with respect to the material containedherein or for any errors or omissions that may have been made. The publisher remains neutral with regardto jurisdictional claims in published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Switzerland AGThe registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
ToMy grandchildrenSneha, Ruchika, Akash, Arya, and Ayush—Ramjee Prasad
My supportive husband, Milind andMy lovely daughters Madhura and Mugdha—Vandana Rohokale
Preface
Yastvindriyāṇi manasā niyamyārabhate'rjuna|
Karmendriyaiḥ karmayogamasaktaḥsa viśiṣyate||
The person who has control over his/her senses by his/her mind excels in every aspect oflife, he/she can perform any task without any attachment with the power of karmyoga.—The Bhagvad Gita Shloka (3.7)
Cyber security is becoming very hot topic with the huge growth and population ofinformation and communication technology (ICT) and the mobile devices associ-ated with our everyday life. Mobile communication generations from 1G to 4Ghave changed our lives in many ways. It has brought easiness and comfort in oureveryday activities. We are on the verge of welcoming fifth generation of mobilecommunication that is 5G which is visualized to be converged version of allexisting, wired, wireless and next-generation networks. With this luxury, threats arealso growing exponentially. Everybody is worried about their economic or intel-lectual assets. The whole world is looking towards cyber security to provide robustsecurity against the scams or malwares which have penetrated almost everywherefrom small sensors to big networks.
Considering the need of in-depth research in cyber security, we have establisheda strong research group in this field. We decided to write a state of the art on thistopic as a book. There are several books available in this field, but none of them hascovered broad areas as we have planned to do in this book. This book addresses thecyber security issues starting from cybercrimes to machine-to-machine communi-cation, Internet of things (IoT) and data mining, cyber-physical systems, infectednetworks called Botnets, E-commerce, social networking, incident handling, smartdevice security, cloud computing, copyright infringement, artificial intelligence forcyber security and blockchain technology till cyber forensics.
vii
Tab
le1
Com
parisonof
availablecybersecurity
book
contents
Sr.
no.
Titleof
thebo
okYearof
publication
Autho
rsPu
blisher
Con
tents
1Cyb
erSecurity:The
Lifelineof
Inform
ation
andCom
mun
ication
Techn
olog
y(ICT)
2019
Ram
jeePrasad
andVandana
Roh
okale
Spring
erVarious
threatsandattacks,ph
ishing
,M2M
commun
icationandIoT,
cyber-ph
ysical
system
s,bo
tnet,
E-com
merce,sm
artgrid
security,social
networking
,incident
hand
ling,
copy
righ
tinfringement,faulttolerance,
cybercrime,
smartdevice
security,AI
andMLfornext
levelcybersecurity,
blockchain
techno
logy
andits
usagefor
prov
idingcybersecurity,etc.
2Hacking
Exp
osed
7:NetworkSecurity
SecretsandSo
lutio
ns
2018
StuartMcC
lure,JoeScam
bray
and
GeorgeKurtz
Osborne/M
cGraw-H
illFo
ot-printing,
scanning
,enum
eration,
hackingWindo
ws95
/98andME,
hackingWindo
wsNT,hacking
Windo
ws20
00,Nov
ell,NetWare
hacking,
hackingUNIX
,dial-up,
PBX,
voicem
ailandVPN
hacking,
network
devices,firewalls,DoS
attack,remote
controlinsecurities,advanced
techniqu
es,Web
hacking,
hackingthe
Internet
user,etc.
3StayingAhead
inthe
Cyb
erSecurity
Gam
e20
14ErikvanOmmeren
andMarinus
Kuivenh
oven
from
theSo
getiL
abstrend
team
andMartin
Borrettfrom
theIBM
Institu
teforAdv
ancedSecurity
Europ
e
CapgeminiGroup
and
IBM
Security
Unequ
albalanceof
power
between
attackersandtheirvictim
s,thethreats
onindu
strial
system
s,thefuture
ofencryp
tion,
theim
plem
entatio
nof
security
governance
anddataprotectio
n.Fo
cuson
therole
data
scientistswill
play
mov
ingforw
ard
(con
tinued)
viii Preface
Tab
le1
(con
tinued)
Sr.
no.
Titleof
thebo
okYearof
publication
Autho
rsPu
blisher
Con
tents
4NetworkScienceand
Cyb
erSecurity
2014
Rob
insonE.Pino
Spring
erIntrusiondetectionsystem
s,behaviou
rin
networktraffic,
cyberwarfare
5Bio-inspiring
Cyb
erSecurity
andCloud
Services:Trend
sand
Inno
vatio
ns
2014
Abo
ulElla
Hassanien,Tai-H
oonKim
,Janu
szKacprzykandAliIsmailAwad
Spring
erPart-I:Bio-inspiring
system
incyber
security;Part-II:mob
ilead
hoc
networks
andkeymanagem
ents;
Part-III:biom
etrics
techno
logy
and
applications;P
art-IV
:cloud
security
and
data
services
6Cou
nterterrorism
and
Cyb
ersecurity
2013
New
tonLee
Spring
erCou
nterterrorism
inRetrospect:Then
andNow
,Cou
nterterrorism
Techn
olog
ies:Total
Inform
ation
AwarenessandDataMining,
Cou
nterterrorism
Techn
olog
ies:So
cial
Media
andCyb
ersecurity,
Cou
nterterrorism
Strategies:C
ausesand
Cures,War
andPeace
7The
Cyb
erIndex
InternationalSecurity
Trend
sandRealities
2013
James
And
rew
Lew
isandGötz
Neuneck
UnitedNations
Publication
Cyb
ersecurity
andcyberw
arfare:
assessmentof
natio
naldo
ctrine
and
organizatio
n,assessmentof
internationalandregion
alorganizatio
nsandactiv
ities,transparency
and
confi
dence-bu
ildingmeasures:
applicability
tothecybersph
ere
8Cyb
erSecurity
Standards,Practices
andIndu
strial
App
lications:Sy
stem
sandMetho
dologies
2012
Junaid
Ahm
edZub
airiandAthar
Mahbo
obIG
IGlobal
Mob
ileandwirelesssecurity,social
media,bo
tnetsandintrusiondetection,
form
almetho
dsandqu
antum
compu
ting,
embedd
edsystem
sand
SCADA
security,indu
strial
and
applicationsecurity
(con
tinued)
Preface ix
Tab
le1
(con
tinued)
Sr.
no.
Titleof
thebo
okYearof
publication
Autho
rsPu
blisher
Con
tents
9Und
erstanding
Cyb
ercrim
e:Ph
enom
ena,Challeng
esandLegal
Respo
nse
2012
ITU
ITU
The
phenom
enaof
cybercrime,
challeng
esof
figh
tingcybercrime,
overview
ofactiv
ities
ofregion
aland
internationalorganizatio
ns,
anti-cybercrimestrategies,legal
respon
se
10StrategicCyb
erSecurity
2011
Kenneth
Geers
Kenneth
Geers
Cyb
ersecurity
andnatio
nalsecurity,
history,
atechnicalprim
er,real-w
orld
impact,natio
nstatecyberattack
mitigatio
nstrategies
x Preface
There are many books available on cyber security with variety of contents. Outof them we have selected only nine books which are more relevant to the subject ofour book. As shown in Table 1, the other books have covered various threats,attacks and victims and cyber security for various applications such as biometrictechnology, cloud security and bio-inspired systems. From the table, it is clear thatnone of these existing books on cyber security have covered so many diverse topicsand issues as compared to our book.
We have tried our best to address the latest topics in this book. The authors aredelighted for the diversity of the cyber security issues considered in building thisbook and the timeliness of these topics. Further suggestions and comments toenhance the book are highly appreciated.
Herning, Denmark Ramjee PrasadPune, India Vandana Rohokale
Preface xi
Acknowledgements
Special thanks to Dr. Anand Raghawa Prasad and Dr. Sivabalan Arumugam fromRakuten, Japan, for their visionary inputs towards the completion of the cybersecurity book. We would like to express our thankfulness to the researchers in theCyber Security Group for contributing research insights towards diverse cybersecurity issues.
We are also thankful to the colleagues of GISFI, India, for their untiring efforts.We are falling short of words for the support from the cyber security research teamincluding Supriya, Abhijit, Priyanka, Kirti, Karuna, Javed, Varsha, Swati, Mahesh,Sushma and Jigar for their valuable inputs.
Finally, we would like to acknowledge the support from our family members,CGC, Aarhus University, Vishwaniketan and Sinhgad Institutes.
August 2019 Ramjee PrasadVandana Rohokale
xiii
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Emerging Cyber Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Cyber Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 Mobile Communication and Cyber Security . . . . . . . . . . . . . . 41.4 Purpose and Structure of the Book . . . . . . . . . . . . . . . . . . . . . 81.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Cyber Threats and Attack Overview . . . . . . . . . . . . . . . . . . . . . . . 152.1 Cyber Attack Categorization . . . . . . . . . . . . . . . . . . . . . . . . . 162.2 Typical Attack Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.3 Types of Cyber-attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.3.1 Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.3.2 Denial-of-service Attack . . . . . . . . . . . . . . . . . . . . . 192.3.3 Eavesdropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192.3.4 Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192.3.5 Tampering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.3.6 Repudiation Attack . . . . . . . . . . . . . . . . . . . . . . . . . 202.3.7 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . 202.3.8 Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3.9 Ransomware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3.10 Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3.11 Scareware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3.12 Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.3.13 Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.4 Footprinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.4.1 Footprinting Methods . . . . . . . . . . . . . . . . . . . . . . . 23
2.5 Wiretapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
xv
2.6 Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.6.1 Types of Social Engineering . . . . . . . . . . . . . . . . . . 24
2.7 Packet Sniffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252.8 Well Known Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.8.1 Port Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262.9 Password Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262.10 Track Covering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272.11 Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282.12 Viruses and Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282.13 Logic Bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282.14 BOT and BOTNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.15 Trojan Horse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.16 Cryptojacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.17 Supply Chain Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.18 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3 Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.2 Phishing Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.3 Phishing Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363.4 Motivation for Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373.5 Phishing Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383.6 Evaluation of State-of-the-Art Detection Techniques . . . . . . . . 393.7 Insights for the Attack Prevention . . . . . . . . . . . . . . . . . . . . . 393.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4 BOTNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434.1 Introduction to BOTNETs . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.1.1 Understanding Botnets . . . . . . . . . . . . . . . . . . . . . . 444.1.2 Botnet Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2 BOTNET Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464.2.1 Bot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464.2.2 Botmaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474.2.3 Command and Control Channel . . . . . . . . . . . . . . . 48
4.3 BOTNET Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484.3.1 BOTNET Conception, Recruitment,
and Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494.3.2 BOTNET Marketing . . . . . . . . . . . . . . . . . . . . . . . . 50
4.4 BOTNET Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504.4.1 Centralized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504.4.2 Decentralized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514.4.3 Hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
xvi Contents
4.5 Botnet Detection Techniques . . . . . . . . . . . . . . . . . . . . . . . . . 524.5.1 Bot Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524.5.2 C and C Detection . . . . . . . . . . . . . . . . . . . . . . . . . 544.5.3 Botmaster Detection . . . . . . . . . . . . . . . . . . . . . . . . 55
4.6 Detection Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554.6.1 Honeypots and Honeynets . . . . . . . . . . . . . . . . . . . . 564.6.2 Signature Based Detection Techniques . . . . . . . . . . . 564.6.3 Anomaly Based Detection Techniques . . . . . . . . . . . 574.6.4 Data Mining Based Detection Techniques . . . . . . . . 574.6.5 Dedicated Laws for Botnet . . . . . . . . . . . . . . . . . . . 59
4.7 Botnet Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624.8 Practical Botnet Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
4.8.1 Defense Mechanisms for Botnets . . . . . . . . . . . . . . . 634.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
5 Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675.2 Malware Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695.3 Malicious Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
5.3.1 Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705.3.2 Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725.3.3 Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725.3.4 Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725.3.5 Exploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 725.3.6 Rootkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735.3.7 Trojan-Spy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735.3.8 Trojan-Ransom . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735.3.9 Bots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
5.4 Malware Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755.5 Deception Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5.5.1 Anti-emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755.5.2 Anti-online Analysis . . . . . . . . . . . . . . . . . . . . . . . . 765.5.3 Anti-hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765.5.4 Anti-debugger . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765.5.5 Anti-disassemblers . . . . . . . . . . . . . . . . . . . . . . . . . 765.5.6 Anti-tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.6 Malware Detection and Analysis . . . . . . . . . . . . . . . . . . . . . . 775.6.1 Static Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775.6.2 Dynamic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 775.6.3 Mounted Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 785.6.4 Booted Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 785.6.5 Network Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Contents xvii
5.7 Virtualization to Eliminate Malware . . . . . . . . . . . . . . . . . . . . 795.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
6 Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836.2 Owner’s Rights and Copyright Infringement . . . . . . . . . . . . . . 84
6.2.1 Examples of Copyright Infringement . . . . . . . . . . . . 856.3 Digital Watermarking: Promising Security Solution
for Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . . . . . 856.3.1 Digital Watermarking . . . . . . . . . . . . . . . . . . . . . . . 856.3.2 Overview of Digital Watermarking System . . . . . . . 866.3.3 Properties of Digital Watermark . . . . . . . . . . . . . . . 87
6.4 Classification of Digital Watermarking Techniques . . . . . . . . . 886.4.1 According to Watermark Embedding Domain . . . . . 896.4.2 Based on Type of Document . . . . . . . . . . . . . . . . . . 916.4.3 Rest on Perceptivity . . . . . . . . . . . . . . . . . . . . . . . . 916.4.4 Depending on Use at . . . . . . . . . . . . . . . . . . . . . . . 92
6.5 Digital Watermarking Based on Robustness . . . . . . . . . . . . . . 926.5.1 Robust Watermarking Scheme . . . . . . . . . . . . . . . . . 926.5.2 Fragile Watermarking Scheme . . . . . . . . . . . . . . . . . 936.5.3 Semi-fragile Watermarking Scheme . . . . . . . . . . . . . 93
6.6 State of the Art Security Measures . . . . . . . . . . . . . . . . . . . . . 936.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
7 Cyber Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017.2 Cyber Crime—Threat Scenarios . . . . . . . . . . . . . . . . . . . . . . . 1037.3 Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037.4 Incident Response and Cyber Forensics . . . . . . . . . . . . . . . . . 1037.5 Network Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057.6 Cloud Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067.7 Memory Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067.8 Evidence Collection and Analysis . . . . . . . . . . . . . . . . . . . . . 1077.9 Data Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1087.10 Standardization Activities for Client Side Analysis . . . . . . . . . 1087.11 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
8 Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118.2 Threats to Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . 1138.3 Cloud Computing Architecture . . . . . . . . . . . . . . . . . . . . . . . 1148.4 Cyber Attacks on Cloud Computing . . . . . . . . . . . . . . . . . . . 1168.5 Fault Tolerance—An Overview . . . . . . . . . . . . . . . . . . . . . . . 117
xviii Contents
8.6 Fault Tolerance Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 1188.7 State of the Art in Cloud Security . . . . . . . . . . . . . . . . . . . . . 1228.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
9 Internet of Things (IoT) and Machine to Machine (M2M)Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259.1 Introduction to IoT and M2M . . . . . . . . . . . . . . . . . . . . . . . . 1259.2 Use Cases of M2M and IoT . . . . . . . . . . . . . . . . . . . . . . . . . 128
9.2.1 M2M Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 1289.2.2 IoT Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
9.3 Security Issues in M2M Communication . . . . . . . . . . . . . . . . 1309.3.1 Practical Attacks Scenarios of M2M . . . . . . . . . . . . 132
9.4 M2M Security-State of the Art . . . . . . . . . . . . . . . . . . . . . . . 1329.5 M2M Security Standardization Activities . . . . . . . . . . . . . . . . 1339.6 Security and Privacy Issues of IoT . . . . . . . . . . . . . . . . . . . . . 134
9.6.1 IoT Security Threats and Challenges . . . . . . . . . . . . 1349.6.2 Practical Attack Scenarios of IoT . . . . . . . . . . . . . . 136
9.7 IoT Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1369.8 Standardization Activities for IoT Security . . . . . . . . . . . . . . . 1399.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
10 Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14310.1 Introduction to Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . 14310.2 Smart Grid Network Architecture . . . . . . . . . . . . . . . . . . . . . . 144
10.2.1 Smart Grid Components . . . . . . . . . . . . . . . . . . . . . 14410.2.2 Smart Grid Model Layers . . . . . . . . . . . . . . . . . . . . 146
10.3 Threats to Smart Grid Cyber Physical System . . . . . . . . . . . . 14610.4 Attacks on Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14810.5 Attack Detection Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . 15110.6 Cyber Security in Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . 151
10.6.1 Smart Grid Cyber Security Needs . . . . . . . . . . . . . . 15310.6.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15310.6.3 Smart Grid AMI Security Techniques . . . . . . . . . . . 155
10.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
11 Bluetooth Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16111.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16211.2 Bluetooth and Cyber Crime . . . . . . . . . . . . . . . . . . . . . . . . . . 163
11.2.1 Bluetooth v1.0 and v1.0B . . . . . . . . . . . . . . . . . . . . 16311.2.2 Key Steps for Bluetooth Security . . . . . . . . . . . . . . 164
11.3 Attacks on Bluetooth Communication . . . . . . . . . . . . . . . . . . 16511.3.1 Identifying Types of Attacks . . . . . . . . . . . . . . . . . . 16511.3.2 Classification of Bluetooth Attacks . . . . . . . . . . . . . 167
Contents xix
11.4 State of the Art in Bluetooth Security Techniques . . . . . . . . . . 16911.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
12 E-commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17512.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17512.2 Cyber Threats to E-commerce . . . . . . . . . . . . . . . . . . . . . . . . 177
12.2.1 Types of Security Threats . . . . . . . . . . . . . . . . . . . . 17812.2.2 Denial of Services (DOS) . . . . . . . . . . . . . . . . . . . . 17812.2.3 Unauthorized Access . . . . . . . . . . . . . . . . . . . . . . . 17912.2.4 Theft and Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
12.3 Security Issues in E-commerce . . . . . . . . . . . . . . . . . . . . . . . 17912.3.1 Client-Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17912.3.2 Server-Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18012.3.3 Transaction Security Issues . . . . . . . . . . . . . . . . . . . 180
12.4 Security Threats to E-commerce . . . . . . . . . . . . . . . . . . . . . . 18012.5 Modern Security Needs for E-commerce . . . . . . . . . . . . . . . . 18212.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
13 Social Networking Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18713.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18713.2 Social Networking and Cyber Security . . . . . . . . . . . . . . . . . . 18813.3 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
13.3.1 Basic Security Requirements . . . . . . . . . . . . . . . . . . 19013.3.2 Algorithms Used for the Protection
Against Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19113.4 Identifying Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
13.4.1 Viruses—Lethal Weapon . . . . . . . . . . . . . . . . . . . . 19213.4.2 Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19313.4.3 Web Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19413.4.4 Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . 19413.4.5 Denial of Service (DOS) . . . . . . . . . . . . . . . . . . . . . 194
13.5 Protection Against Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 19513.6 Hijacking of Social Networking Sites . . . . . . . . . . . . . . . . . . . 19713.7 Social Media Security Threats . . . . . . . . . . . . . . . . . . . . . . . . 19913.8 Recent Social Media Cyber Attacks . . . . . . . . . . . . . . . . . . . . 20013.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
14 Secure Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20314.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20314.2 Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
14.2.1 Events and Incidents . . . . . . . . . . . . . . . . . . . . . . . . 20414.2.2 Incident Definition and Examples . . . . . . . . . . . . . . 20514.2.3 Need for Incident Response . . . . . . . . . . . . . . . . . . 206
xx Contents
14.2.4 Incident Response Policy, Plan, and ProcedureCreation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
14.2.5 Incident Response Team Structure . . . . . . . . . . . . . . 20714.3 Handling an Incident Securely . . . . . . . . . . . . . . . . . . . . . . . . 208
14.3.1 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20914.3.2 Detection and Analysis . . . . . . . . . . . . . . . . . . . . . . 20914.3.3 Containment, Eradication, and Recovery . . . . . . . . . 21014.3.4 Post-incident Activity . . . . . . . . . . . . . . . . . . . . . . . 211
14.4 Information Security Incident Response Team (ISIRT) . . . . . . 21214.4.1 Functions of the ISIRT . . . . . . . . . . . . . . . . . . . . . . 21214.4.2 ISIRT Formation . . . . . . . . . . . . . . . . . . . . . . . . . . 21314.4.3 Roles of the ISIRT . . . . . . . . . . . . . . . . . . . . . . . . . 213
14.5 Types of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21414.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
15 Mobile Device Cyber Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21715.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21715.2 Capabilities of Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . 21815.3 Mobile Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
15.3.1 Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21815.3.2 Apple Mobile OS . . . . . . . . . . . . . . . . . . . . . . . . . . 21915.3.3 Java ME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21915.3.4 Symbian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22015.3.5 Windows Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
15.4 Mobile Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22115.4.1 Malicious Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . 22115.4.2 Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22115.4.3 WiFi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22215.4.4 Lack of End-to-End Encryption . . . . . . . . . . . . . . . . 22215.4.5 Inactive Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22315.4.6 IoT Mobile Security Threats . . . . . . . . . . . . . . . . . . 22315.4.7 No Password Protection . . . . . . . . . . . . . . . . . . . . . 22315.4.8 Phishing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 22415.4.9 Cryprojacking Attacks . . . . . . . . . . . . . . . . . . . . . . 22415.4.10 Pop up Ads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22415.4.11 Botnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22515.4.12 Filtering with Black Listing and White Listing . . . . . 22515.4.13 Malware Injection . . . . . . . . . . . . . . . . . . . . . . . . . . 22515.4.14 Lock Bypassing . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
15.5 Cyber Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22615.5.1 Password Protection . . . . . . . . . . . . . . . . . . . . . . . . 22615.5.2 Recovery of Lost Data . . . . . . . . . . . . . . . . . . . . . . 22615.5.3 Malware Detection . . . . . . . . . . . . . . . . . . . . . . . . . 226
Contents xxi
15.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
16 Artificial Intelligence and Machine Learning in Cyber Security . . . 23116.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23116.2 Machine Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
16.2.1 Supervised Machine Learning . . . . . . . . . . . . . . . . . 23216.2.2 Unsupervised Machine Learning . . . . . . . . . . . . . . . 23316.2.3 Semi-supervised Machine Learning . . . . . . . . . . . . . 23316.2.4 Reinforcement Machine Learning . . . . . . . . . . . . . . 233
16.3 Behavioral Pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23316.4 AI Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
16.4.1 K-means . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23416.4.2 K-nearest Neighbors (KNN) . . . . . . . . . . . . . . . . . . 23516.4.3 Support Vector Machine (SVM) . . . . . . . . . . . . . . . 23616.4.4 Naive Bayes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23616.4.5 Decision Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23616.4.6 Logistic Reasoning . . . . . . . . . . . . . . . . . . . . . . . . . 23616.4.7 Gradient Boosting . . . . . . . . . . . . . . . . . . . . . . . . . 23716.4.8 Dimensionality Reduction . . . . . . . . . . . . . . . . . . . . 23716.4.9 Linear Regression . . . . . . . . . . . . . . . . . . . . . . . . . . 23716.4.10 Random Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
16.5 Applications of AI in Cyber Security . . . . . . . . . . . . . . . . . . . 23816.5.1 Spam Filter Applications (Spam Assassin) . . . . . . . . 23916.5.2 Fraud Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . 23916.5.3 Botnet Detection . . . . . . . . . . . . . . . . . . . . . . . . . . 23916.5.4 User Secure Authentication . . . . . . . . . . . . . . . . . . . 24016.5.5 Cyber Security Ratings . . . . . . . . . . . . . . . . . . . . . . 24016.5.6 Hacking Incident Forecasting . . . . . . . . . . . . . . . . . 24116.5.7 Network Intrusion Detection . . . . . . . . . . . . . . . . . . 24116.5.8 Credit Scoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
16.6 AI Related Open Source Tools . . . . . . . . . . . . . . . . . . . . . . . 24216.6.1 Microsoft Cognitive Toolkit . . . . . . . . . . . . . . . . . . 24216.6.2 Theano . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24316.6.3 Accord.Net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24316.6.4 TensorFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24316.6.5 Caffe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24316.6.6 Keras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24416.6.7 Torch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24416.6.8 Scikit-Learn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
16.7 Improved Cyber Security with AI . . . . . . . . . . . . . . . . . . . . . 24416.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
xxii Contents
17 Blockchain Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24917.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24917.2 Blockchain Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
17.2.1 Evolution of the Blockchain . . . . . . . . . . . . . . . . . . 25017.2.2 Blockchain Working . . . . . . . . . . . . . . . . . . . . . . . . 251
17.3 Blockchain Systems and Cryptocurrencies . . . . . . . . . . . . . . . 25217.3.1 Public (Permissionless) Blockchain . . . . . . . . . . . . . 25217.3.2 Private (Permissioned) Blockchain . . . . . . . . . . . . . . 25317.3.3 Consortium Blockchain . . . . . . . . . . . . . . . . . . . . . . 25417.3.4 Blockchain Cryptocurrencies . . . . . . . . . . . . . . . . . . 254
17.4 Applications of Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . 25517.5 Threats and Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
17.5.1 Selfish Mining Attack . . . . . . . . . . . . . . . . . . . . . . . 25817.5.2 Stubborn Mining Attack . . . . . . . . . . . . . . . . . . . . . 25817.5.3 Eclipse Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25817.5.4 The Balance Attack . . . . . . . . . . . . . . . . . . . . . . . . 25917.5.5 The Sybil Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 25917.5.6 The Stalker Mining Attack . . . . . . . . . . . . . . . . . . . 259
17.6 Cyber Security Revolutions with Blockchain . . . . . . . . . . . . . 26017.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
18 Research Challenges and Future Scope . . . . . . . . . . . . . . . . . . . . . 26318.1 Cyber Threats and Attack Overview . . . . . . . . . . . . . . . . . . . 26318.2 Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26318.3 BOTNETs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26418.4 Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26518.5 Copyright Infringement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26518.6 Cyber Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26518.7 Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26618.8 IoT and M2M. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26618.9 Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26618.10 Bluetooth Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . 26718.11 E-commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26718.12 Social Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26818.13 Secure Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . 26818.14 Smart Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26918.15 AI and ML in Cyber Security . . . . . . . . . . . . . . . . . . . . . . . . 26918.16 Blockchain Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26918.17 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Contents xxiii
About the Authors
Dr. Ramjee Prasad (Fellow IEEE, IET, IETE andWWRF) is Professor of Future Technologies forBusiness Ecosystem Innovation (FT4BI) in theDepartment of Business Development and Technology,Aarhus University, Herning, Denmark. He is FounderPresident of the CTIF Global Capsule (CGC). He is alsoFounder Chairman of the Global ICT StandardizationForum for India, established in 2009. GISFI has thepurpose of increasing of the collaboration betweenEuropean, Indian, Japanese, North American and otherworldwide standardization activities in the area ofinformation and communication technology (ICT) andrelated application areas.
He has been honoured by the University of Rome “TorVergata”, Italy, as Distinguished Professor in theDepartment of Clinical Sciences and TranslationalMedicine on 15 March 2016. He is Honorary Professorof University of Cape Town, South Africa, andUniversity of KwaZulu-Natal, South Africa.
He has received Ridderkorset af Dannebrogordenen(Knight of the Dannebrog) in 2010 from the DanishQueen for the internationalization of top-class telecom-munication research and education.
He has received several international awards such as:IEEE Communications Society WirelessCommunications Technical Committee RecognitionAward in 2003 for making contribution in the field of“Personal,Wireless andMobile Systems andNetworks”,Telenor’s ResearchAward in 2005 for impressivemerits,both academic and organizational within the field ofwireless and personal communication, 2014 IEEE AESS
xxv
Outstanding Organizational Leadership Award for:“Organizational Leadership in developing and globaliz-ing the CTIF (Center for TeleInFrastruktur) ResearchNetwork” and so on.
He has been Project Coordinator of several ECprojects, namely MAGNET, MAGNET Beyond,eWALL and so on.
He has published more than 50 books, 1000 plusjournal and conference publications, more than 15patents, over 140 Ph.D. graduates and larger number ofmasters (over 250). Several of his students are todayworldwide telecommunication leaders themselves.
Dr. Vandana Rohokale received her B.E. degree inelectronics engineering in 1997 from Pune University,Maharashtra, India. She received her master's degree inelectronics in 2007 from Shivaji University, Kolhapur,Maharashtra, India. She has received her Ph.D. degreein wireless communication in 2013 from CTIF,University of Aalborg, Denmark. She is presentlyworking as Professor, in Sinhgad Institute ofTechnology and Science, Pune, Maharashtra, India.Her teaching experience is around 22 years. She haspublished one book of international publication. Shehas published around 35 plus papers in variousinternational journals and conferences. Her researchinterests include cooperative wireless communications,ad hoc and cognitive networks, physical layer security,digital signal processing, information theoretic securityand its applications, and cyber security.
xxvi About the Authors
Acronyms
AMI Advanced Metering InfrastructureAMPS Advanced Mobile Phone SystemAPT Advanced persistent threatARP Address Resolution ProtocolC and C Command and controlCASE Control, Automation and Systems EngineeringCCDCOE Co-operative Cyber Defense Center of ExcellenceCCIE Control and Industrial EngineeringCD Cochlear delayCDMA Code-division multiple accessCERT Computer emergency response teamCFS Correlation-based feature selectionCGH Computer-generated hologramCII Critical Information InfrastructureCOE Convention on CybercrimeCOMSEC Communications securityCPM Cross-platform malwareCPS Cyber-physical systemCRM Customer relationship managementCRN Cognitive radio networkCRTM Core Root of Trust for MeasurementCSE Consistency-based subset evaluationCSIRC Computer Security Incident Response CapabilityCSIRT Computer security incident response teamDCT Discrete cosine transformDDOS Distributed denial of serviceDFRWS Digital Forensic Research WorkshopDFT Discrete Fourier transformDITSO Defense Information Technology Services OrganizationDLP Data loss prevention
xxvii
DR Demand responseDWT Discrete wavelet transformDYWT Dimensional Dyadic Wavelet TransformECC Elliptic-curve cryptographyERP Enterprise resource planningETCM Ecuador Technical Chapters MeetingFDI False data injectionFDMA Frequency-division multiple accessFFT Fast Fourier transformationFTM Fault tolerance managerGAN Generative adversarial networkGIMCV Global Information Multimedia Communication VillageGMSK Gaussian Minimum Shift KeyingGOZ Gameover ZeuSGP Genetic programmingGPRS General Packet Radio ServiceGSM Global System for Mobile CommunicationsHAN Home area networkHIL Hardware in the loopHVS Human visual systemIAAS Infrastructure as a serviceICANN Internet Corporation for Assigned Names and NumbersIBC Identity-based cryptographyIBG Industry Botnet GroupICEOE International Conference on Electronics and OptoelectronicsICMP Internet Control Message ProtocolICMT International Conference on Multimedia TechnologyICNSC International Conference on Networking, Sensing and ControlICRCC International Conference on Radar, Communication and ComputingICT Information and communications technologyIDAACS International Conference on Intelligent Data Acquisition and
Advanced Computing SystemIDS Intrusion detection systemIJCSE International Journal on Computer Science and EngineeringIOCE International Organization on Digital EvidenceIOT Internet of thingsIPR Intellectual property rightsIRC Internet relay controlIRS Internal Revenue ServiceIRT Incident response teamISCIT International Symposium on Communications and Information
TechnologiesISIRT Information Security Incident Response TeamISM Industrial, scientific and medicalISSA IEEE Information Security for South Africa
xxviii Acronyms
ISSRE International Symposium on Software Reliability EngineeringIT Information technologyITS Intelligent transport systemITU International Telecommunication UnionLALR Look-ahead left to rightLAN Local area networkLE Law Enforcement InvestigativeLi-Fi Light fidelityLLFT Low Latency Fault ToleranceLLP Lower-level problemLPWAN Low-power wide-area networkLSB Least significant bitMAB Multi-armed banditMAC Media access controlMIC Measurement, Information and ControlMITM Man-in-the-middle attackMoWNeT Mobile and Wireless NetworkingMPI Message Passing InterfaceMTC Machine-type communicationNAN Neighbourhood area networkNDSS Network and Distributed System Security SymposiumNFC Near-field communicationNIDS Network intrusion detection systemNIST National Institute of Standards and TechnologyNMT Nordic Mobile TelephoneNOMS Network Operations and Management SymposiumNR Network reliabilitynslookup Name Server LookupOAuth Open AuthenticationOIDC OpenID ConnectOTPS One-time passwordsP2P Peer-to-peerPAAS Platform as a servicePCA Principal Component AnalysisPCFG Probabilistic Context-Free GrammarPIN Personal identification numberPLM Product lifecycle managementQOE Quality of ExperienceQOL Quality of lifeQOS Quality of serviceRAdAC Risk Adaptable Access ControlRAT Remote access TrojanRCFL Regional Computer Forensics LaboratoryRFID Radio-frequency identificationRTR Root of Trust for Reporting
Acronyms xxix
RTS Root of Trust for StorageSAAS Software as a serviceSAML Security Assertion Markup LanguageSDN Software-defined networkingSDR Software-defined radioSEM State estimation modelSFD Self-tuning failure detectorSIEM Security information and event management systemSIG Special Interest GroupSMI Smart metering infrastructureSOP Standard operating procedureSV Sampled valueSVM Supervised Machine LearningSWGDE Scientific Working Group on Digital EvidenceTC Trusted ComputingTCG Trusted Computing GroupTPM Trusted Platform ModuleULP Upper-level problemVANET Vehicular ad hoc networkVBN Virtual Business PortalsVBR Volume boot recordVFT Virtualization and Fault ToleranceVLAN Virtual local area networkVLC Visible light communicationVM Virtual machineWAN Wide-area networkWISDOM Wireless Innovative System for Dynamically Operating
Mega-communicationsWSN Wireless sensor network
xxx Acronyms
List of Figures
Fig. 1.1 Emerging cyber security threats . . . . . . . . . . . . . . . . . . . . . . . . . 2Fig. 1.2 Visualization of 5G network with cyber crimes and security
provision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Fig. 1.3 WISDOM concepts (Prasad et al. 2009) . . . . . . . . . . . . . . . . . . 8Fig. 1.4 5G with provision of cyber security is WISDOM . . . . . . . . . . . 8Fig. 1.5 Organization of the book with different cyber security
issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Fig. 2.1 Virus categorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Fig. 3.1 Increase in phishing attack frequency during 2018
(Egan 2019) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Fig. 3.2 Phishing concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Fig. 3.3 System approach for detection . . . . . . . . . . . . . . . . . . . . . . . . . . 41Fig. 3.4 System approach for prevention. . . . . . . . . . . . . . . . . . . . . . . . . 41Fig. 4.1 Botnet evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Fig. 4.2 Components of BOTNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Fig. 4.3 Life cycles of BOTNETs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Fig. 4.4 Botnet detection tree (Valeur et al. 2004) . . . . . . . . . . . . . . . . . 52Fig. 5.1 Types of malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Fig. 5.2 Evolution of malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Fig. 6.1 Digital watermarking system . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Fig. 6.2 Properties trade-off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Fig. 6.3 Digital watermarking classification chart . . . . . . . . . . . . . . . . . . 89Fig. 6.4 Domain based watermarking classification. . . . . . . . . . . . . . . . . 89Fig. 7.1 Various cyber forensics activities. . . . . . . . . . . . . . . . . . . . . . . . 102Fig. 7.2 Cyber security threat management . . . . . . . . . . . . . . . . . . . . . . . 105Fig. 7.3 Evidence collection guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 107Fig. 7.4 Forensic investigation process . . . . . . . . . . . . . . . . . . . . . . . . . . 108Fig. 8.1 Cloud computing model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Fig. 8.2 Security threats to cloud computing. . . . . . . . . . . . . . . . . . . . . . 114Fig. 8.3 Layered architecture of cloud computing . . . . . . . . . . . . . . . . . . 115Fig. 8.4 Possible attacks on cloud computing . . . . . . . . . . . . . . . . . . . . . 117
xxxi
Fig. 8.5 Classification of fault tolerance mechanisms . . . . . . . . . . . . . . . 118Fig. 8.6 Check-pointing strategies. a Full check-pointing strategy,
b incremental check-pointing strategy, c hybridcheck-pointing strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Fig. 8.7 Classification of check-pointing fault tolerance mechanism . . . . 120Fig. 9.1 Internet of Things (IoT) conceptual view. . . . . . . . . . . . . . . . . . 126Fig. 9.2 M2M communication conceptual view . . . . . . . . . . . . . . . . . . . 127Fig. 9.3 Various possible attacks on M2M . . . . . . . . . . . . . . . . . . . . . . . 130Fig. 9.4 Layer wise attack scenario in M2M. . . . . . . . . . . . . . . . . . . . . . 131Fig. 9.5 IoT security threats and challenges . . . . . . . . . . . . . . . . . . . . . . 135Fig. 9.6 IoT fundamental security procedures . . . . . . . . . . . . . . . . . . . . . 137Fig. 9.7 IoT security dealings and good practices . . . . . . . . . . . . . . . . . . 138Fig. 10.1 Smart grid system components . . . . . . . . . . . . . . . . . . . . . . . . . 145Fig. 10.2 Layer wise model of smart grid . . . . . . . . . . . . . . . . . . . . . . . . . 147Fig. 10.3 Cyber security threats to smart grid CPS . . . . . . . . . . . . . . . . . . 149Fig. 10.4 Cyber attacks in smart grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Fig. 10.5 Cyber security requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Fig. 11.1 Evolution of IEEE802.11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Fig. 11.2 Classification of Bluetooth attacks . . . . . . . . . . . . . . . . . . . . . . . 167Fig. 11.3 Blue jacking attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Fig. 11.4 Blue sniffing attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Fig. 11.5 Procedure of RFcomm authentication function . . . . . . . . . . . . . 171Fig. 12.1 E-commerce chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Fig. 12.2 E-commerce transaction phases and necessary security
measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Fig. 12.3 Types of security threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Fig. 12.4 Security threats to E-commerce . . . . . . . . . . . . . . . . . . . . . . . . . 181Fig. 12.5 Security needs for robust E-commerce. . . . . . . . . . . . . . . . . . . . 183Fig. 13.1 Some of the social network sites. Source Google images . . . . . 189Fig. 13.2 Security parameter wheel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Fig. 13.3 Privacy trust model for SNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Fig. 13.4 CIA triad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Fig. 13.5 Illustration of man-in-the-middle attack . . . . . . . . . . . . . . . . . . . 198Fig. 13.6 Security threats to social media . . . . . . . . . . . . . . . . . . . . . . . . . 199Fig. 14.1 Different types of risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Fig. 14.2 Incident response life cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Fig. 15.1 Types of mobile operating systems . . . . . . . . . . . . . . . . . . . . . . 219Fig. 15.2 Layers of symbian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Fig. 15.3 Classification of threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Fig. 15.4 Data leakage to attacker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222Fig. 15.5 Worst passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Fig. 15.6 Four phases of data recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Fig. 15.7 Techniques of malware detection. . . . . . . . . . . . . . . . . . . . . . . . 227Fig. 16.1 AI Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
xxxii List of Figures
Fig. 16.2 AI applications for cyber security . . . . . . . . . . . . . . . . . . . . . . . 238Fig. 16.3 Purpose of cyber rating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Fig. 16.4 Open source tools for AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Fig. 16.5 Improved cyber security with AI . . . . . . . . . . . . . . . . . . . . . . . . 245Fig. 17.1 Blockchain evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Fig. 17.2 Cryptocurrency transaction in a Blockchain. . . . . . . . . . . . . . . . 253Fig. 17.3 Various Blockchain cryptocurrencies . . . . . . . . . . . . . . . . . . . . . 255Fig. 17.4 Applications of Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Fig. 17.5 Attacks on Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Fig. 17.6 Cyber security revolutions with Blockchain. . . . . . . . . . . . . . . . 260
List of Figures xxxiii
List of Tables
Table 1.1 Parametric comparison of 1G–5G . . . . . . . . . . . . . . . . . . . . . . 6Table 2.1 Cyber attack categorization . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Table 2.2 Port numbers with necessary information . . . . . . . . . . . . . . . . 26Table 3.1 Summary for different phishing techniques . . . . . . . . . . . . . . . 38Table 3.2 State-of-the-art techniques for detection of phishing
attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Table 4.1 Comparison of botnet detection techniques . . . . . . . . . . . . . . . 59Table 4.2 Rules and regulations implanted by different countries . . . . . . 60Table 4.3 Different detection methodologies and future scope . . . . . . . . 60Table 4.4 Botnet activities (Zombie computer) (Stawowski 2014) . . . . . 62Table 5.1 Latest malware activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Table 5.2 Research on anti-malware activities . . . . . . . . . . . . . . . . . . . . 79Table 6.1 Classification of watermarking techniques. . . . . . . . . . . . . . . . 89Table 6.2 Comparison between spatial domain and frequency
domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Table 6.3 State of the art security measures for copyright
infringement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Table 6.4 Future research directions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Table 7.1 Common scenario of cyber victims . . . . . . . . . . . . . . . . . . . . . 104Table 8.1 Data breaches and records compromised (Lord 2017;
Kuranda 2016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Table 8.2 Comparative state of the art for fault tolerance in cloud
computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Table 9.1 Difference between M2M and IoT . . . . . . . . . . . . . . . . . . . . . 127Table 9.2 Use Cases of M2M and IoT . . . . . . . . . . . . . . . . . . . . . . . . . . 129Table 9.3 Latest IoT attack incidences . . . . . . . . . . . . . . . . . . . . . . . . . . 137Table 9.4 Standardization activities related to IoT and its security,
privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Table 10.1 Threats to smart grid cyber physical system . . . . . . . . . . . . . . 148Table 10.2 Smart grid cyber attack detection techniques
(El Mrabet et al. 2018) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
xxxv
Table 10.3 Security needs and targets to be protected . . . . . . . . . . . . . . . 154Table 11.1 Description of different Blue tooth versions (Doon 2014) . . . . 164Table 11.2 Different types of attacks on Bluetooth communication
(Minar and Tarique 2012) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Table 11.3 Mechanisms used for Bluetooth security . . . . . . . . . . . . . . . . . 171Table 13.1 Recent social media cyber attacks . . . . . . . . . . . . . . . . . . . . . . 201Table 14.1 Planning and preparation activities . . . . . . . . . . . . . . . . . . . . . 210Table 14.2 Detection and analysis activities . . . . . . . . . . . . . . . . . . . . . . . 210Table 14.3 Containment activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Table 14.4 Eradication activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Table 14.5 Recovery activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212Table 14.6 Types of incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215Table 15.1 Java ME layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
xxxvi List of Tables