Network eavesdropping

Last updated

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. [1] Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. [1] Internet users use eavesdropping via the Internet to improve information security. [2]

Contents

A typical network eavesdropper may be called a Black-hat hacker and is considered a low-level hacker as it is simple to network eavesdrop successfully. [1] The threat of network eavesdroppers is a growing concern. Research and discussions are brought up in the public's eye, for instance, types of eavesdropping, open-source tools, and commercial tools to prevent eavesdropping. [3] Models against network eavesdropping attempts are built and developed as privacy is increasingly valued. Sections on cases of successful network eavesdropping attempts and its laws and policies in the National Security Agency are mentioned. [4] Some laws include the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act. [4]

Types of attacks

Types of network eavesdropping include intervening in the process of decryption of messages on communication systems, attempting to access documents stored in a network system, and listening on electronic devices. Types include electronic performance monitoring and control systems, keystroke logging, man-in-the-middle attacks, observing exit nodes on a network, and Skype & Type. [5] [6] [7] [8] [9] [10] [11]

Electronic performance monitoring and control systems (EPMCSs)

Electronic performance monitoring and control systems are used by employees or companies and organizations to collect, store, analyze, and report actions or performances of employers when they are working. [5] The beginning of this system is used to increase the efficiency of workers, but instances of unintentional eavesdropping can occur, for example, when employees' casual phone calls or conversations would be recorded. [5]

Keystroke logging

Keystroke logging is a program that can oversee the writing process of the user. It can be used to analyze the user's typing activities, as keystroke logging provides detailed information on activities like typing speed, pausing, deletion of texts, and more behaviors. [6] By monitoring the activities and sounds of the keyboard strikes, the message typed by the user can be translated. Although keystroke logging systems do not explain reasons for pauses or deletion of texts, it allows attackers to analyze text information. [6] Keystroke logging can also be used with eye-tracking devices which monitor the movements of the user's eyes to determine patterns of the user's typing actions which can be used to explain the reasons for pauses or deletion of texts. [6]

Man-in-the-middle attack (MitM)

A Man-in-the-middle attack is an active eavesdropping method that intrudes on the network system. [7] It can retrieve and alter the information sent between two parties without anyone noticing. [7] The attacker hijacks the communication systems and gains control over the transport of data, but cannot insert voice messages that sound or act like the actual users. [7] Attackers also create independent communications through the system with the users acting as if the conversation between users is private. [7]

The “man-in-the-middle” can also be referred to as lurkers in a social context. A lurker is a person who rarely or never posts anything online, but the person stays online and observes other users' actions. [8] Lurking can be valuable as it lets people gain knowledge from other users. [8] However, like eavesdropping, lurking into other users' private information violates privacy and social norms. [8]

Observing exit nodes

Distributed networks including communication networks are usually designed so that nodes can enter and exit the network freely. [9] However, this poses a danger in which attacks can easily access the system and may cause serious consequences, for example, leakage of the user’s phone number or credit card number. [9] In many anonymous network pathways, the last node before exiting the network may contain actual information sent by users. [10] Tor exit nodes are an example. Tor is an anonymous communication system that allows users to hide their IP addresses. [10] It also has layers of encryption that protect information sent between users from eavesdropping attempts trying to observe the network traffic. [10] However, Tor exit nodes are used to eavesdrop at the end of the network traffic. [10] The last node in the network path flowing through the traffic, for instance, Tor exit nodes, can acquire original information or messages that were transmitted between different users. [10]

Skype & Type (S&T)

Skype & Type (S&T) is a new keyboard acoustic eavesdropping attack that takes advantage of Voice-over IP (VoIP). [11] S&T is practical and can be used in many applications in the real world, as it does not require attackers to be close to the victim and it can work with only some leaked keystrokes instead of every keystroke. [11] With some knowledge of the victim’s typing patterns, attackers can gain a 91.7% accuracy typed by the victim. [11] Different recording devices including laptop microphones, smartphones, and headset microphones can be used for attackers to eavesdrop on the victim's style and speed of typing. [11] It is especially dangerous when attackers know what language the victim is typing in. [11]

Tools to prevent eavesdropping attacks

Computer programs where the source code of the system is shared with the public for free or for commercial use can be used to prevent network eavesdropping. They are often modified to cater to different network systems, and the tools are specific in what task it performs. In this case, Advanced Encryption Standard-256, Bro, Chaosreader, CommView, Firewalls, Security Agencies, Snort, Tcptrace, and Wireshark are tools that address network security and network eavesdropping.

Advanced encryption standard-256 (AES-256)

It is a cipher block chaining (CBC) mode for ciphered messages and hash-based message codes. The AES-256 contains 256 keys for identifying the actual user, and it represents the standard used for securing many layers on the internet. [12] AES-256 is used by Zoom Phone apps that help encrypt chat messages sent by Zoom users. [13] If this feature is used in the app, users will only see encrypted chats when they use the app, and notifications of an encrypted chat will be sent with no content involved. [13]

Bro

Bro is a system that detects network attackers and abnormal traffic on the internet. [14] It emerged at the University of California, Berkeley that detects invading network systems. [3] The system does not apply to the detection of eavesdropping by default, but can be modified to an offline analyzing tool for eavesdropping attacks. [3] Bro runs under Digital Unix, FreeBSD, IRIX, SunOS, and Solaris operating systems, with the implementation of approximately 22,000 lines of C++ and 1,900 lines of Bro. [14] It is still in the process of development for real-world applications. [3]

Chaosreader

Chaosreader is a simplified version of many open-source eavesdropping tools. [3] It creates HTML pages on the content of when a network intrusion is detected. [3] No actions are taken when an attack occurs and only information such as time, network location on which system or wall the user is trying to attack will be recorded. [3]

CommView

CommView is specific to Windows systems which limits real-world applications because of its specific system usage. [3] It captures network traffic and eavesdropping attempts by using packet analyzing and decoding. [3]

Firewalls

Firewall technology filters network traffic and blocks malicious users from attacking the network system. [15] It prevents users from intruding into private networks. Having a firewall in the entrance to a network system requires user authentications before allowing actions performed by users. [15] There are different types of firewall technologies that can be applied to different types of networks.

Security agencies

A Secure Node Identification Agent is a mobile agent used to distinguish secure neighbor nodes and informs the Node Monitoring System (NMOA). [16] The NMOA stays within nodes and monitors the energy exerted, and receives information about nodes including node ID, location, signal strength, hop counts, and more. [16] It detects nodes nearby that are moving out of range by comparing signal strengths. [16] The NMOA signals the Secure Node Identification Agent (SNIA) and updates each other on neighboring node information. [16] The Node BlackBoard is a knowledge base that reads and updates the agents, acting as the brain of the security system. [16] The Node Key Management agent is created when an encryption key is inserted to the system. [16] It is used to protect the key and is often used between Autonomous Underwater Vehicles (AUVs), which are underwater robots that transmit data and nodes. [16]

Snort

Snort is used in many systems, and it can be run in an offline mode using stream4. Stream4 reassembles preprocessors with another stream option. The snort-reply patch feature is often used to reconstruct executions. [3] It is currently developed by Cisco and acts as a free network intrusion detection system. [3]

Tcptrace

Tcptrace is used to analyze pcap-based network intercepts, which is a packeting capture network application that detects network traffic. It has an important feature that monitors eavesdropping attacks and can reconstruct captured TCP streams. [3]

Wireshark

Wireshark, or also named Ethereal, is a widely used open-source eavesdropping tool in the real world. Most of the features in Ethereal are packet-oriented and contain a TCP reassembly option for experiments on tracking intrusion attempts. [3]

Models against the attacks

Models are built to secure system information stored online and can be specific towards certain systems, for example, protecting existing documents, preventing attacks on the processing of instant messages on the network, and creating fake documents to trace malicious users.

Beacon-bearing decoy documents

Documents containing fake but private information such as made-up social security numbers, bank account numbers, and passport information will be purposely posted on a web server. [17] These documents have beacons that will be triggered when a user attempts to open them, which then alarms another site that records the time accessed of the documents and IP address of the user. [17] The information collected from the beacons is then regularly sent to Tor exit nodes which then the user will be caught in the malicious act. [17]

Butterfly encryption scheme

The Butterfly encryption scheme uses timestamps and updates pseudorandom number generators (PRNG) seeds in a network system to generate authentication keys and parameters for encrypted messages to be sent out. [18] This scheme can perform in entities that are searching for a relatively low cost but efficient security scheme, and can work in different systems as it has a simple design that is easy to modify for specific purposes. The Butterfly encryption scheme is effective because it uses a changing parameter and has an unpredictable timestamp that creates a high-level security system. [18]

Crypto phones (Cfones)

Cfones is a model built to protect VoIP communications. It uses Short Authenticated Strings (SAS) protocol that requires users to exchange keys to ensure no network intruders are in the system. [7] This is specific to communication systems that involve both voice messages and text messages. In this model, a string is given to actual users, and to connect with another user, strings have to be exchanged and have to match. [7] If another user tries to invade the system, the string will not match, and Cfones blocks attackers from entering the network. [7] This model is specific to preventing man-in-the-middle attacks. [7]

Friendly-jamming schemes (DFJ and OFJ)

Friendly-jamming schemes (DFJ and OFJ) are models that can decrease the eavesdropping risk by purposely interfering the network when an unknown user is near the area of the protected area. [1] [19] The models are tested by the probability of eavesdrop attacks in a testing environment, and are found that there is a lower probability of attacks compared to a system with no friendly-jamming schemes installed. [1] A feature of the DFJ and OFJ schemes is that the models offer a large coverage secure area that is protected from eavesdroppers effectively. [1]

Honey encryption scheme (HE)

A honey encryption scheme is used to strengthen the protection of private information of instant messaging systems, including WhatsApp and Snapchat, as well as tracking down the eavesdropper’s information. [12] HE contains fake but similar plaintext during the decryption phase of the process of instant messaging with an incorrect key. [12] This makes messages that the eavesdropper is trying to decrypt to be gibberish messages. [12] HE schemes are used in specific systems not limited to instant messaging systems, passwords, and credit cards. [12] However, applying it to other systems is still a difficult task as changes inside the scheme have to be made to fit the system. [12]

Internet of Things framework (IoT)

The Internet of Things framework involved four layers of security measures that are management layer, cloud layer, gateway layer, and IoT device layer. [20] The management layer handles web and mobile applications. [20] The cloud layer looks over the service and resource management. It acts as an access point for users to connect to other internet services. [20] The gateway layer manages the packet filtering module. It links the endpoint network of the services, processes the documents or information, and contains security tasks including authentication, authorization, and encryption. [20] The two main tasks of the gateway layer are to detect users and perform filtering of the actual user and malicious users. [20] The IoT device layer looks over the gateway layer’s performance and double-checks whether all malicious users are removed from the network, specifically, attestation is a mechanism to measure the end-point integrity and removes nodes from the network if necessary. [20]

Cases of network eavesdropping

Completely trusting network devices or network companies can be risky. Users of devices are oftentimes unaware of the threats on the internet and choose to ignore the importance of protecting their personal information. [21] This paves the way for malicious hackers to gain access to private data that users may not be aware of. [21] A few cases of network eavesdropping discussed include Alipay and Cloud computing.

Alipay

Private information from a user of mobile payment apps, in this case, Alipay, is retrieved using a hierarchical identification specific to mobile payment apps. [22] The system first recognizes the app used from traffic data, then categorizes the user’s distinct actions on the app, and lastly distinguishes comprehensive steps within each action. [22] Distinct actions on mobile payment apps are generalized in a few groups including making a payment, transfer money between banks, scanning checks, and looking at previous records. [22] By classifying and observing the user’s specific steps within each group of actions, the attacker intercepts the network traffic using and obtains private information of app users. [22] Strategies to prevent incidents are made such as fingerprint or facial identification, and email or text confirmation of actions performed on the app. [22]

Cloud computing

Cloud computing is a computing model that provides access to many different configurable resources, including servers, storage, applications, and services. [23] The nature of the Cloud makes it vulnerable to security threats, and attackers can easily eavesdrop on the Cloud. [23] Particularly, an attacker can simply identify the data center of the Virtual Machine used by cloud computing, and retrieve information on the IP address and domain names of the data center. [23] It becomes dangerous when the attacker gains access to private cryptographic keys for specific servers which they may get data stored in the cloud. [23] For example, the Amazon EC2 platform based in Seattle, Washington, WA, USA, was once at risk of such issues but has now used Amazon Web Service (AWS) to manage their encryption keys. [23]

Medical records

Sometimes users can choose what they put online and should be responsible for their actions, including whether or not a user should take a photo of their social security number and send it through a messaging app. However, data like medical records or bank accounts are stored in a network system in which companies are also responsible for securing user’s data. [21] Medical records of patients can be stolen by insurance companies, medical laboratories, or advertising companies for their interests. [24] Information such as name, social security number, home address, email address, and diagnosis history can be used to track down a person. [24] Eavesdropping reports of a patient’s medical history is illegal and is dangerous. To deal with network threats, many medical institutes have been using endpoint authentication, cryptographic protocols and data encryption. [24]

Electronic Communications Privacy Act (ECPA)

In Title III of the Electronic Communications Privacy Act (ECPA), it states that it is a “federal crime to engage in wiretapping or electronic eavesdropping; to possess wiretapping or electronic eavesdropping equipment; to use to disclose information obtained through illegal wiretapping or electronic eavesdropping, or to disclose information secured through court-ordered wiretapping or electronic eavesdropping, to obstruct justice.” [4] Federal and state law enforcement officials may be allowed to intercept with the wire, oral, and electronic communications if and only if a court order is issued, consent of the parties, or when a malicious user is trying to access the system. [4] If the law is violated, there may be a criminal penalty, civil liability, administrative and professional disciplinary action, and or exclusion of evidence. [4] A general penalty is not more than five years of imprisonment and no more than $250,000 for individuals and not more than $500,000 for organizations. [4] If damages are created, there may be a $100 fine per day of violation or $10,000 in total. [4]

Foreign Intelligence Surveillance Act (FISA)

The Foreign Intelligence Surveillance Act gives out court orders for “electronic surveillance, physical searches, installation, and use of pen registers and traps and trace devices, and orders to disclose tangible items.” [4] Court orders issued on electronic surveillance allow the federal officials to use electronic surveillance which includes eavesdropping without violating the Electronic Communications Privacy Act or Title III specifically. [4]

Organization of Economic Cooperation and Development (OECD)

A guideline to protecting the privacy of data of health patients is issued by the Organization of Economic Cooperation and Development (OECD). [24] The policy states that individual patient data or personal data should be secure, and patients will not face any arbitrary losses related to invading their personal information or health conditions. [24] The policy acts as a minimum standard for eHealth usages and it should be followed by all medical institutes for protecting the privacy of patient’s data. [24]

See also

Related Research Articles

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, network switches, servers, workstations, printers, and more.

<span class="mw-page-title-main">Instant messaging</span> Form of computer communication over the internet or locally

Instant messaging (IM) technology is a type of synchronous computer-mediated communication involving the immediate (real-time) transmission of messages between two or more parties over the Internet or another computer network. Originally involving simple text message exchanges, modern IM applications and services tend to also feature the exchange of multimedia, emojis, file transfer, VoIP, and video chat capabilities.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

<span class="mw-page-title-main">Eavesdropping</span> Act of secretly listening to the private conversation of others

Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. This is one of the lower-tier versions of a man-in-the-middle attack. Replay attacks are usually passive in nature.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some protocols and optional in others (TLS).

Privacy software, also called privacy platform, is software built to protect the privacy of its users. The software typically works in conjunction with Internet usage to control or limit the amount of information made available to third parties. The software can apply encryption or filtering of various kinds.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Computer surveillance in the workplace is the use of computers to monitor activity in a workplace. Computer monitoring is a method of collecting performance data which employers obtain through digitalised employee monitoring. Computer surveillance may nowadays be used alongside traditional security applications, such as closed-circuit television.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Soft privacy technologies fall under the category of PETs, Privacy-enhancing technologies, as methods of protecting data. Soft privacy is a counterpart to another subcategory of PETs, called hard privacy. Soft privacy technology has the goal of keeping information safe, allowing services to process data while having full control of how data is being used. To accomplish this, soft privacy emphasizes the use of third-party programs to protect privacy, emphasizing auditing, certification, consent, access control, encryption, and differential privacy. Since evolving technologies like the internet, machine learning, and big data are being applied to many long-standing fields, we now need to process billions of datapoints every day in areas such as health care, autonomous cars, smart cards, social media, and more. Many of these fields rely on soft privacy technologies when they handle data.

References

  1. 1 2 3 4 5 6 Li, Xuran; Wang, Qiu; Dai, Hong-Ning; Wang, Hao (2018-06-14). "A Novel Friendly Jamming Scheme in Industrial Crowdsensing Networks against Eavesdropping Attack". Sensors. 18 (6): 1938. Bibcode:2018Senso..18.1938L. doi: 10.3390/s18061938 . ISSN   1424-8220. PMC   6022160 . PMID   29904003.
  2. Gultom, Rudy Agus Gemilang (2017-12-18). "Internet Eavesdropping: Information Security Challenge in the Cyberspace". Jurnal Pertahanan. 3 (3): 243. doi: 10.33172/jp.v3i3.236 (inactive 2024-11-12). ISSN   2549-9459.{{cite journal}}: CS1 maint: DOI inactive as of November 2024 (link)
  3. 1 2 3 4 5 6 7 8 9 10 11 12 13 Cronin, Eric; Sherr, Micah; Blaze, Matthew (2006), "On the Reliability of Network Eavesdropping Tools", IFIP Advances in Information and Communication Technology, Boston, MA: Springer New York, pp. 199–213, doi: 10.1007/0-387-36891-4_16 , ISBN   0-387-36891-4
  4. 1 2 3 4 5 6 7 8 9 "- Wiretapping and Eavesdropping", The Law of Cybercrimes and Their Investigations, Routledge, pp. 266–309, 2011-08-09, doi:10.1201/b13651-13, ISBN   978-0-429-24858-0 , retrieved 2020-10-29
  5. 1 2 3 "Effects of Electronic Monitoring Types on Perceptions of Procedural Justice, Interpersonal Justice, and Privacy1 | Request PDF". ResearchGate. Retrieved 2020-10-31.
  6. 1 2 3 4 de Smet, Milou J. R.; Leijten, Mariëlle; Van Waes, Luuk (2018-07-19). "Exploring the Process of Reading During Writing Using Eye Tracking and Keystroke Logging". Written Communication. 35 (4): 411–447. doi:10.1177/0741088318788070. ISSN   0741-0883. S2CID   149659209.
  7. 1 2 3 4 5 6 7 8 9 Shirvanian, Maliheh; Saxena, Nitesh; Mukhopadhyay, Dibya (2018-04-09). "Short voice imitation man-in-the-middle attacks on Crypto Phones: Defeating humans and machines1". Journal of Computer Security. 26 (3): 311–333. doi:10.3233/jcs-17970. ISSN   1875-8924.
  8. 1 2 3 4 Hagen, Christina S.; Bighash, Leila; Hollingshead, Andrea B.; Shaikh, Sonia Jawaid; Alexander, Kristen S. (2018-04-03). "Why are you watching? Video surveillance in organizations". Corporate Communications. 23 (2): 274–291. doi:10.1108/ccij-04-2017-0043. ISSN   1356-3289.
  9. 1 2 3 Li, Dengke; Zhou, Han; Yang, Wen (2019-08-30). "Privacy-Preserving Consensus over a Distributed Network against Eavesdropping Attacks". Electronics. 8 (9): 966. doi: 10.3390/electronics8090966 . ISSN   2079-9292.
  10. 1 2 3 4 5 6 Murtala, I.; Tiamiyu, O.A. (2018). "Comparative Analysis of Low Latency Anonymous Communication Systems". Proceedings of Telecommunication Universities. 4 (3): 85–97. doi: 10.31854/1813-324x-2018-4-3-85-97 (inactive 2024-11-11). ISSN   1813-324X.{{cite journal}}: CS1 maint: DOI inactive as of November 2024 (link)
  11. 1 2 3 4 5 6 Cecconello, Stefano; Compagno, Alberto; Conti, Mauro; Lain, Daniele; Tsudik, Gene (2019-12-17). "Skype & Type". ACM Transactions on Privacy and Security. 22 (4): 1–34. doi:10.1145/3365366. ISSN   2471-2566. S2CID   209393317.
  12. 1 2 3 4 5 6 Abiodun, Esther Omolara; Jantan, Aman; Abiodun, Oludare Isaac; Arshad, Humaira (2020-01-31). "Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp". Wireless Personal Communications. 112 (4): 2533–2556. doi:10.1007/s11277-020-07163-y. ISSN   0929-6212. S2CID   213474315.
  13. 1 2 "Advanced chat encryption". Zoom Help Center. Retrieved 2020-11-17.
  14. 1 2 Paxson, V. (1999). "Bro: a system for detecting network intruders in real-time". Computer Networks. 31 (23–24): 2435–2463. doi:10.1016/S1389-1286(99)00112-7. S2CID   215753449.
  15. 1 2 Bergstrom, Laura; J. Grahn, Kaj; Karlstrom, Krister; Pulkkis, Göran; Åström, Peik (2004). "Teaching Network Security in a Virtual Learning Environment". Journal of Information Technology Education: Research. 3: 189–217. doi: 10.28945/297 . ISSN   1547-9714.
  16. 1 2 3 4 5 6 7 Bharamagoudra, Manjula R.; Manvi, Sunilkumar S. (2017-02-01). "Agent-based secure routing for underwater acoustic sensor networks". International Journal of Communication Systems. 30 (13): e3281. doi:10.1002/dac.3281. ISSN   1074-5351. S2CID   37172239.
  17. 1 2 3 Chakravarty, Sambuddho; Portokalidis, Georgios; Polychronakis, Michalis; Keromytis, Angelos D. (2014-08-18). "Detection and analysis of eavesdropping in anonymous communication networks". International Journal of Information Security. 14 (3): 205–220. doi:10.1007/s10207-014-0256-7. ISSN   1615-5262. S2CID   13911713.
  18. 1 2 Sampangi, Raghav; Sampalli, Srinivas (2015-09-15). "Butterfly Encryption Scheme for Resource-Constrained Wireless Networks". Sensors. 15 (9): 23145–23167. Bibcode:2015Senso..1523145S. doi: 10.3390/s150923145 . ISSN   1424-8220. PMC   4610504 . PMID   26389899.
  19. Zou, Yulong; Zhu, Jia; Wang, Xianbin; Hanzo, Lajos (2016-05-10). "A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends". Proceedings of the IEEE. 104 (9): 1727–1765. arXiv: 1505.07919 . doi: 10.1109/JPROC.2016.2558521 . ISSN   1558-2256. S2CID   6779551.
  20. 1 2 3 4 5 6 Bica, Ion; Chifor, Bogdan-Cosmin; Arseni, Ștefan-Ciprian; Matei, Ioana (2019-09-19). "Multi-Layer IoT Security Framework for Ambient Intelligence Environments". Sensors. 19 (18): 4038. Bibcode:2019Senso..19.4038B. doi: 10.3390/s19184038 . ISSN   1424-8220. PMC   6767328 . PMID   31546782.
  21. 1 2 3 Talal, Mohammed; Zaidan, A. A.; Zaidan, B. B.; Albahri, O. S.; Alsalem, M. A.; Albahri, A. S.; Alamoodi, A. H.; Kiah, M. L. M.; Jumaah, F. M.; Alaa, Mussab (2019-05-14). "Comprehensive review and analysis of anti-malware apps for smartphones". Telecommunication Systems. 72 (2): 285–337. doi:10.1007/s11235-019-00575-7. ISSN   1018-4864. S2CID   181787513.
  22. 1 2 3 4 5 Wang, Yaru; Zheng, Ning; Xu, Ming; Qiao, Tong; Zhang, Qiang; Yan, Feipeng; Xu, Jian (2019-07-11). "Hierarchical Identifier: Application to User Privacy Eavesdropping on Mobile Payment App". Sensors. 19 (14): 3052. Bibcode:2019Senso..19.3052W. doi: 10.3390/s19143052 . ISSN   1424-8220. PMC   6678344 . PMID   31373286.
  23. 1 2 3 4 5 Bonguet, Adrien; Bellaiche, Martine (2017-08-05). "A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing". Future Internet. 9 (3): 43. doi: 10.3390/fi9030043 . ISSN   1999-5903.
  24. 1 2 3 4 5 6 Chauhan, Ritu; Kaur, Harleen; Chang, Victor (2020-02-19). "An Optimized Integrated Framework of Big Data Analytics Managing Security and Privacy in Healthcare Data". Wireless Personal Communications. 117: 87–108. doi:10.1007/s11277-020-07040-8. ISSN   0929-6212. S2CID   213146160.