Digital systems have changed our world and will continue to change it. Supportive government policy, a strong research base and history of industrial success place the benefits of an emerging digital society. Protecting benefits and minimizing risks requires reliable and robust cyber security, backed by a robust research and translation system. Trust is essential for growth and maintenance of participation in the digital community. Organizations gain trust by acting in a trustworthy way leading to building reliable and secure systems, treating people, their privacy and their data with respect, and providing reliable and understandable information to help people understand how safe they are. Research and revolution in industry and academia will continue to make important contributions to create flexible and reliable digital environment. Cyber Security has a main role in the field of information technology because securing information has become one of the greatest challenges today. When we think about the cyber security, the first thing that comes to our mind is “cyber crimes” which are increasing exponentially day by day. Many governments and firms are taking many measures to prevent these cybercrimes. Besides the various measures, cyber security remains a major concern. This paper intended to give a deep overview of the concepts and principles of cyber security that affect the safety and security in an international context. It mainly focuses on challenges faced by cyber security on the latest technologies and focuses also on introducing security types, cyber security techniques, cyber security ethics, trends that change the face of cyber security and finally attempting to solve one of the most serious cyber security crimes of violating privacy on the internet by improving the security of sensitive personal information (SPI) in Cyber-physical systems using a selected proposed algorithm that analyzes the user’s information resources and determines the valid data to be encrypted, then uses adaptive acquisition methods to collect the information and finally a new cryptographic method is used to complete SPI secure encryption according to acquisition results as described in details in Section 4.
Today a person can send and receive any form of data that may be an e-mail, voice or video with just one click of a button, but has he ever thought about how safe it is to send his data ID or send it to the other person safely without any leakage of information? The answer could be found in cyber security. Today the Internet is the fastest growing infrastructure in everyday life. In current technical environment, many modern technologies are changing the face of humanity. But due to these emerging technologies, we are not able to protect our private information in a very effective way and hence these days’ cybercrime is increasing day by day. Today more than 60 percent of all commercial transactions take place over the internet, so this field requires a high quality of security for transparent transactions and best transactions. Hence cyber security becomes a recent issue. The scope of cyber security is not only limited to securing the information in the IT industry, but also includes many other areas such as cyberspace etc. Even the latest technologies like cloud computing, mobile computing, E-commerce, internet banking, etc. need a lot of security. Since these technologies contain some important information regarding a person, it has safely become a must. Strengthening cyber security and protecting critical information infrastructures is essential to every nation’s security and economic well-being. Making the Internet safer (and protecting Internet users) has become an integral part of developing new services as well as government policy. Many countries and governments today enforce strict laws on electronic securities in order to prevent the loss of some important information. Everyone must also be trained on this cyber security and save themselves from these increasing cybercrimes [
Cybercrime is a term that refers to any illegal activity that uses computers as the primary method for commission and theft [
Here are some of the trends that have a major impact on cyber security [
• Web Servers
The warning of attacks on web applications to extract deduction or to distribute malicious code continues. Cyber criminals distribute their malicious code via the legitimate web servers that they hacked. But data theft attacks, many of which attract media attention, also pose a significant threat [
• Cloud Computing and Its Services
These days, all small, medium and large businesses are slowly adopting cloud services [
• APT’s and Targeted Attacks
APT (Advanced Persistent Threat) is a whole new level of cybercrime tool. For many years, network security capabilities such as web filtering or IPS have played a major role in identifying such targeted attacks (often after the initial hack) [
• Mobile Networks
Today we are able to contact anyone in any part of the world. But for these mobile networks, security is a very big concern [
• IPv6: New Internet Protocol
IPv6 is the new Internet protocol that replaces IPv4 (the older version), which was the backbone of networks in general and the Internet at large [
• Encryption of the Code
Encryption is the process of encoding messages (or information) in a way that an intruder or hackers cannot read [
Whether it occurs as an interstate conflict between states, terrorist or a criminal
act, it is an attack in cyberspace with the aim of endangering a computer system or network, but also damaging physical systems as was the case with the Stuxnet worm [
1) The first phase of the attack is to uncover potential victims. By monitoring the implementation of the target’s normal operations, and useful information that is gathered and identified by the applications and devices used;
2) The second phase of the attack is the storming. Until the attacker enters the system, there is not much that can be done against the target except for disrupting availability or accessing specific services provided by the target;
3) The third phase is to identify and deploy internal opportunities by examining the resources and the right to access restricted and important parts of the system;
4) In the fourth phase, the intruder destroys the system or steals certain data; Moreover they point out that today’s cyber-attacks consist mainly of:
• Malignant software via attachments in the Internet browser, e-mail or other system vulnerabilities;
• Denial of service (DoS) to prevent the use of computer systems and networks;
• Deletion or transfer (leaving a message) to government and commercial sites for advertising purposes or to disable the media;
• Unauthorized intrusion into systems to steal confidential and/or private Information, compromise data or use the system to launch attacks.
In such circumstances of transformation and different perspectives and understandings of security in general and international security, cyber threats are definitely redefining these terms. In line with the efforts made to ensure security on the one hand and the peculiarities of cyber threats and the motives of the actors who started them on the other hand, it will be necessary to create a new international security paradigm for the cyber age.
Let us quickly take a look at some of the potential threats you may face while working remotely [
• There is no physical security
• Communication gap
• Concurrent VPN connections are not supported
• Lack of appropriate access, authorization, documentation policies for implementation
• Poor data backup implementation
• Disk encryption for endpoints
• Wi-Fi connections are not secure
• Easy logins and passwords
Could be defined as the actions that could be taken to secure applications [
Other countermeasures include:
• Traditional firewalls,
• programs or algorithms for encryption or decryption processes,
• anti-virus programs, spyware detection and removal programs,
• Biometric authentication systems.
1) Communication Security: Communication security is also known as COMSEC [
• Cryptographic Security: It encrypts the data on the sender side and makes it unreadable until the data is decrypted by receiver side.
• Emission Security: Used to prevent the release or capture emission of equipment to prevent information from unauthorized interception.
• Physical Security: It ensures by preventing unauthorized access to encryption information, documents and equipment on the network.
• Transmission Security: It is used to protect unauthorized access when data is physically transferred from one side to another or one medium to another to prevent issues such as service interruption, data theft by a malicious person.
• Security Information Security: Used to protect information or data and its crucial elements, including systems program and hardware that are used to store or transmit that information. Information security is also known as Infosec. Infosec is a set of strategies for managing processes and tools used in software and program policies that are primarily for security purpose and are necessary to prevent, detect and combat threats to digital and non-digital information [
Infosec responsibilities include a set of business processes that will protect the information assets of how information is formatted, whether or not it is transmitted, processed, or in a storage state. Infosec programs follow the basic objectives of CIA confidentiality, integrity and availability: they maintain confidentiality and ensure that sensitive information is not disclosed except to authorized parties, and integrity stands to prevent unauthorized modification of data and availability that guarantees access to data by authorized parties when request IT systems and business data.
2) Network Security: Network security is used to protect network components, network connectivity and network-related content [
3) Operational Security: Operational security is an analytical process that categorizes information assets and specifies the controls required to secure these assets. Operational security is also known as OPSEC. Operational security typically consists of iterative process of five-step [
• Identify Critical Information: The first step is to find out what data may particularly affect the organization or be harmful to the enterprise if obtained by the opponent. This includes intellectual property and/or personal information and financial data for employees and/or clients.
• Identify Threats: The next step is to identify the code or program that poses a threat to the organization’s private or sensitive information. There may be many antagonists targeting different pieces of information, and companies should consider any competitors or hackers that might be targeting the data.
• Vulnerability Analysis: In the vulnerability analysis stage, the organization examines potential weaknesses among the safeguards in place to protect the private information that makes it vulnerable to potential adversaries [
• Risk Assessment: After identifying the vulnerabilities, the next step is to find the threat level associated with each. Companies classify risks according to factors such as the likelihood that a specific attack will occur and extent to which such an attack damages operations. The higher the risk, the greater the urgency for the organization to implement risk management controls.
• Implement Appropriate Countermeasures: The final step is to implement a risk mitigation plan starting with those that pose the greatest threat to operations. Potential security improvements arising from the risk mitigation plan include implementing additional hardware and training or developing new information management policies.
One of the most problematic elements of cyber security expert who may security is the security risks [
• Virus: Virus is a program that you download onto your computer without your knowledge and that works against your wishes [
• Warms: Worms unlike viruses do not need a host to hang on. It only multiplies until it is complete eats up all current memory in the system [
• Hacker: In general, a hacker is someone who breaks into computers, usually by accessing administrative controls.
1) White Hat Hacker: A white hat hacker is a computer security professional person who penetrates into secure systems and networks to examine and evaluate their security [
2) Grey Hat Hacker: The term “grey hat” or “gray hat” refers to a computer hacker or computer security expert who may occasionally violate laws or exemplary ethical standards, but has no malicious intent as is the case with a black hat hacker [
3) Black Hat Hacker: A black hat hacker is a person who has extensive computer knowledge and is intended to hack or bypass internet security [
• Malware: refers to the term “MALicious software”. Without the knowledge or allowance of the system owner Malware program affects and damages the computer system. a) Spyware, b) Crime ware, c) Adware d) Viruses, e) Warms, f) Root kits, g) Trojans.
• Trojan horses: Trojan horses are email viruses that can copy themselves, theft information, or damage the computer system. These viruses are the most dangerous threats to computers.
• Password Cracking: are attacks by hackers that are able to decide passwords or find passwords to different protected electronic areas and social network sites.
Three factors affect the risk associated with any attack: the threats (who attacks), vulnerabilities (the lack they attack), and impacts (what the attack does). Managing risks to information systems is fundamental to effective cyber security [
What are the Vulnerabilities? In many ways, Cyber security offensive race between attackers and defenders. ICT systems are extremely complex, and attackers are constantly looking for Vulnerabilities that can occur at many points. Defenders can often protect against Vulnerabilities, but there are challenges in particular: unintended or intentional actions by insiders who have access to a system; supply chain weaknesses, which could allow malicious software or hardware to be introduced during the procurement process; and previously unknown vulnerabilities with no established fix. Even for weaknesses where treatments are known, they may not be implemented due to budgetary or operational constraints. A network administrator would use these types of programs by trying that if an attacker could easily attack the database or not? Is there any vulnerability that harms program security or database security? Whereas, a hacker would use these types of vulnerable programs to breach user details [
What are the effects? A successful attack could harm the confidentiality, integrity, and availability of an ICT system that deals with it. Cyber theft or cyber espionage can filter financial, private, or personal information that the attacker can take advantage of, often without the victim knowledge [
We introduce here some of advantages and disadvantages of cyber security [
• Advantages of Cyber Security
1) Improving cyberspace security.
2) Increasing cyber defense.
3) Increasing the internet speed.
4) Protecting data and information for companies.
5) Systems protecting from viruses, worms, malware, spyware, etc.
6) Protecting personal privacy.
7) Protecting networks and data and storage resources.
8) Fighting hackers and identity theft for computer system
9) Reduces computer freezes and crashes.
10) It gives privacy preserving of users.
• Disadvantages of Cyber Security
1) It will be expensive for regular users.
2) It can be difficult to properly configure firewalls.
3) Need to update to the new software in order to keep security up to date.
4) Slower the system than before.
5) Incorrectly configured firewalls may prevent users from performing certain actions on the Internet, until the firewall is properly configured.
1) Use antivirus program.
2) Insert firewalls, pop up blocker.
3) Delete unnecessary software.
4) Keep Maintaining backup.
5) Examine security settings.
6) Keep connection secure.
7) Be careful when opening attachments.
8) Strong passwords must use (keep combination of uppercase, lowercase, special characters etc.).
9) Do not give personal information unless required.
1) Better end-user education is a bit of an expression of intuition, but most frameworks are just as safe as the tendencies of the general public who use them. Horrible screen characters abuse this to exploit weak passwords, uncorrected scripting, and use complex phishing strategies [
2) Development of security-conscious programming: They are not individuals who focus on security. With more people connecting to the internet, so do the security risks that pose more risks to harm information, programming, and tools as well.
Cyber security is needed when carrying out a crime: previous descriptions were “computer crime”, “computer-related crime” or “crime by computer” [
1) The year 1820 recorded the first cybercrime.
2) The first spam email took place in1978 when it was sent over the Arpanet.
3) Apple Computer in 1982 recorded the first Virus was installation.
There are 12 types of cybercrimes as follows [
1) Hacking
Hacking is an act that is done by an intruder by gaining access to your computer system without your permission [
a) SQL injections
b) FTP passwords theft
c) Via site programming
2) Virus Spread
Viruses are computer programs that bind to or infect a system or files, and have a tendency to spread to other computers on the network [
3) Logic Bombs
A logic bomb, also known as slag code, a malicious code, piece of code that is intentionally inserted into a program to perform a malicious task when triggered by a specific event [
4) Denial-of-Service Attack
A Denial-of-Service (DoS) attack is a precise try by attackers to prevent service to intend users of that service [
5) Phishing
This is a technique for extracting confidential information such as credit card numbers and username password combinations by masquerading as a legitimate organization [
6) Bombing and Spamming
Email blasting is characterized by the fact that an attacker sends huge amounts of email to a target address causing the victims’ email account or mail servers to crash [
7) Jacking
Web jacking gets its name from hijacking. Here, the hacker is controlling the web site in a fraudulent manner [
8) Cyber Stalking
Cyber stalking is a new form of cybercrime in our society when someone is stalked or stalked online [
a) Stalking the Internet,
b) Computer chase.
9) Data Diddling
Data Diddling is unauthorized alteration of data before or during entry into a computer system, and then altered again after processing has finished [
10) Theft and Credit Card Fraud
Identity theft occurs when someone steals your identity and pretends to be you to access resources such as credit cards, bank accounts and other benefits in your name [
11) Slicing Attack
Salami slicing attack or salami scam is a technique by which cybercriminals steal money or resources a little bit at a time so that there is no noticeable difference in the overall size.
12) Software Piracy
Internet piracy is an integral part of our lives which knowingly or unwittingly contribute to Cybercrime includes [
• Illegal access
• The illegal interception system
• Interference data
• Interference with misuse of fraudulent devices.
We introduce here some of Cyber Security Techniques as explained in
• Access Control and Password Security
The concept of user name and password has been fundamental way of protecting our information. This could be one of the first measures in terms of cyber security [
• Data Authentication
The documents we receive must always be authenticated before downloading, and this must be verified if they originated from a reliable and a relative source and have been modified [
• Malware Scanners
This is the program that usually scans all the files and documents in the system for malicious code or malicious viruses [
• Firewalls
A firewall is a program piece of hardware that helps block hackers, viruses, and worms that try to access your computer over the Internet [
• Antivirus Software
Antivirus software is a computer program that detects, prevents, and takes measures to deactivate or remove malicious software, such as viruses and worms [
Cyber ethics is nothing but a symbol of the internet. When we practice these internet ethics, there are good opportunities to use the internet in a safe and secure manner [
• Use the Internet to communicate and interact with others. Email and instant messaging make it easy to stay in touch with friends and family, communicate with co-workers, and share ideas and information with people across town or halfway around the world.
• Don’t be an Internet bully. Do not call or lie to people, send those embarrassing pictures or do anything else to try to hurt them.
• Internet is the largest library in the world that contains information on any topic in any subject area, so using this information in a correct and legal manner is always necessary.
• Do not handle other people’s accounts using their passwords.
• Never try to forward any type of malware to other’s systems and make them corrupt.
• Never share your private information with anyone as there is a good chance it will be misused by others and in the end you may end up in trouble.
• When you are online, never pretend in front of the other person, and never try to create fake accounts on another person as this will lead to you and other person in trouble.
• Always adhere to copyrighted information and do not download games or videos unless permitted.
The above are some of cyber ethics that one must follow while using the internet. We always think that the proper rules from the very early stages are the same as we apply here in cyberspace.
Before going into the tips, let us take a quick look at some of the most potential threats that you may face while working remotely [
• There is no physical security.
• Communication gap.
• Concurrent VPN connections not supported.
• Lack of appropriate access, authorization, and authentication policies for implementation.
• Poor data backup implementation.
• Disk encryption for all endpoints.
• Wi-Fi connections are not secure.
• Easy logins and passwords.
To avoid being a victim of a cyber-attack, here are some best practices you must implement as illustrated in
1) Set up Firewalls
To prevent threats from entering your system, firewalls create a barrier between the internet and your computer [
thus helping malware from getting in. While your computer already has a built-in firewall, it is important to verify that it is enabled.
2) Use an Antivirus Program
While a firewall can help, threats can still arrive. The next line of defense is to install a good antivirus program into your system to block and detect maliciously.
3) Safeguard Your Router and Avoid Public WiFi Networks
When was the last time you changed the WiFi password at home? (Or worse, is it password protected?) [
• Encryption is set to WPA2 or WPA3
• Inbound & outbound traffic is constrained
• WPS is turned off
Make sure you not use public WiFi as it is mostly insecure and using it will result in being the victim of a man in the middle attack.
4) Connect to a Virtual Private Network (VPN)
Creating a secure tunnel between your computer and the ultimate destination on the internet, VPN allows you to send confidential information without any worries since it encrypts the entire internet connection [
5) Have a Backup Strategy
Data loss is like doing tax: nobody likes it, but it’s unavoidable. Data may be lost due to physical hardware damage, human error, cyber-attacks, or ransomware. Obviously, these reasons are enough to back up your data before you lose it forever. Although hardware backups are still popular, cloud backup is one of the most convenient ways to protect your data.
6) Use Strong Passwords
Having a strong password is the first line of defense [
7) Lock Your Device
If you thought your laptops should be locked at work. It is absolutely essential that you lock your device if you live with people with whom you can’t share business information [
8) Beware of Phishing Attacks
Phishing attacks were on the increase [
Through our searching in cyber security threats, we found that there is a big problem that faces sensitive information security in cyber physical system even with using cryptographic techniques. Currently, there are problems with traditional encryption methods, such as [
• Low speed for obtaining information;
• Low recognition rate;
• Low utilization rate of efficient information resources, and;
• Long delay in querying information.
New developments in smart electronic cyber-physical systems can be demonstrated to include smart cities, the Internet of Things (IoT), and often anything smart. To improve the security of sensitive personal information (SPI) in cyber-physical systems, there are some new insights into SPI coding have been introduced. To address previous issues introduced in Section 4, we choose a proposed powerful new encryption algorithm for incremental SPI security as in [
• Low speed data acquisition speed.
• The data recognition rate is low.
• Effective use of resources.
• Delays in data inquiries by traditional methods.
The proposed algorithm analyzes the user’s data resources and encrypts the data according to the results of the analysis that measure the type of data involved. This effectively solves the problem of data query delays caused by traditional methods of encrypting large amounts of data by encrypting data that only needs to be enhanced security and privacy. To solve the problem of low data recognition rate and efficient use of resources, a quantitative interference method (described later) is used to determine the location of specified data after data encoding. Experimental results show that the proposed algorithm effectively solves the shortcomings of traditional methods, and can protect a users’ privacy and information security. Traditional methods require a lot of manual intervention when encrypting information and the degree of automation is low. In addition to analyzing users’ private data resources, this proposed algorithm uses adaptive data collection method to collect SPI, which can improve the degree of information encryption automation. This algorithm designs a new robust SPI encryption algorithm to mitigate such problems. The method first analyzes public data resources, private data resources, and mixed data resources in user data. From this analysis, it is concluded what resources should be encrypted and what data can be shared openly and unencrypted. The basic concept here is that not all data fall within the context of SPI, thus there is no need to waste computational resources to encrypt/decrypt them. Data analysis helps create a subset of user data targeted for sharing and the encryption method. User data resources are collected using an adaptive data collection method. Finally, the data encryption method based on interference quantization is used to complete the analysis on the secure encryption method for SPI. Flowchart in
Specific data provided by Google Dataset Search as source of experimental data [
R2017b software environment and underwent processing and analysis as shown below.
The analysis of
They attribute these valid data to the algorithm using the adaptive data collection method, which enables unity of decision during the execution of the data collection task, which saves a lot of time and meets the requirements of the task. To verify the accuracy of the data recognition methods, they again used algorithms from [
It should be noted that this proposed algorithm uses mixed data resources, which means combining public data resources and private data resources [
By observing the overall graph in
the fact that traditional information encryption needs to solve complex, non-convex optimization problems. However, the proposed method simplifies the problem in a way, which is known as interference encryption. To make the description more relevant, some auxiliary variables have been introduced, which reduce the influence of interference elements and improve the effective data recognition rate. One of the unexplained behaviors that should be noted is the decrease in the rate where the amount of the information source quantity is 4 × 103 bit; however, after this quantity, as anticipated, this is a little increase. This unfamiliar decrease may be attributed to some special manners of the algorithm at this amount of data.
The user will not notice any change in delay even if the private data used in the query increases. This clearly indicates that the data resource query delay of the proposed algorithm is small, has better query performance, and is more feasible for large data storage applications. The performance of the proposed algorithm on a complete set of amounts of information resources is better than all comparable reference methods.
Analysis of
Privacy Information (×103 bit) | Methods | ||||
---|---|---|---|---|---|
Reference [ | Reference [ | Reference [ | Reference [ | Methods (ours) | |
10 | 69 | 78 | 68 | 85 | 90 |
15 | 63 | 82 | 74 | 76 | 92 |
20 | 65 | 78 | 73 | 81 | 95 |
25 | 68 | 82 | 67 | 73 | 93 |
30 | 62 | 80 | 72 | 80 | 97 |
data are 10 × 103 bit, the resource utilization rates of [
Based on the above experimental results, chosen algorithm can effectively improve the private data collection time, increase the recognition rate of data resources, reduce the delay caused by private data queries, and increase the use of data resources. As a result, we can conclude that proposed encryption algorithm exceeds some of the current algorithms from [
The topic of the paper, cyber security, stands out merely by its title as an interesting and challenging area of research. The explanation for it is first and foremost that the area has not yet been sufficiently explored. Due to the intensive development of international relations in cyberspace, conditioned and supported by the speed of the development of technologies and their implementation in the relations of states, organizations and individuals, this area will always be interesting and challenging. That conclusion arises from the constant change of attitudes and technology. A large number of international entities demonstrated their presence and willingness to act in cyberspace. Most authors predict an escalation of conflicts and intelligence activities in cyberspace. We could state that cyber-attacks are among the biggest threats to the international security. Unlike conventional conflicts, such attacks will become increasingly common, and they could, as a conventional attack, cause large-scale destruction, even with fatal consequences. It is therefore essential to establish an effective defense in which the key role is that of prevention, international cooperation and the adoption of the internationally recognized, legally binding norms. Due to the increase in cyber-terrorism and crime, we can conclude that cyber security has become one of the prerequisites of the democratic concept of life in the modern society, so it is necessary to organize systematic education and to strengthen operational military, intelligence, police and civil centers for the defense from cyber-attacks. There is no excellent solution for cybercrimes but we must do our best to minimize them in order to have a safe and secure future in cyber space. We introduced through our paper different challenges that face cyber security and different issues caused by cybercrime. We also introduced Proposed Algorithm to improve the security of sensitive personal information (SPI) in Cyber-physical systems and explained its novel results as illustrated in section 4. Future work, which is already in progress, is complete our study to the challenges that object cyber security, and how to overcome these challenges in order to exceed the maximum benefit from using cyber space technologies which will take title named (CybSec2) referring to complete searching in the same field of Cyber security because, as it is clear from the title we called this paper (SybSec1).
The author declares no conflicts of interest regarding the publication of this paper.
Hussien, A.A. (2021) Cyber Security Crimes, Ethics and a Suggested Algorithm to Overcome Cyber-Physical Systems Problems (CybSec1). Journal of Information Security, 12, 56-78. https://doi.org/10.4236/jis.2021.121003