Mesopotamian Journal of CyberSecurity

The increasing prevalence of biometric authentication systems as part of the organizational cybersecurity ecosystem highlights the need to gain further knowledge of both legal and technical considerations related to biometric data protection. The inherent nature of biometric data (unique to an individual and unchangeable) elicits a vulnerability to cyber abuse along with privacy risks. This study discussed the legal landscape regulating biometric data, underscoring our awareness of legislation inadequacies in regions of the world, with a specific reference to Iraq, and its comparison to international standards that employ laws (GDPR, EU AI Act). This study indicated that there is an urgency in establishing robust, effective, enforceable protections for biometric information from unauthorized collection and circumvention. In terms of cybersecurity practices, ensuring the integrity, confidentiality and availability of biometric data are key. When there are ineffective legal and regulatory measures, the risks of exposing sensitive data and forgetting biometric security have significant potential to degrade the effectiveness of biometric systems for secure authentication. This study suggests that technological innovations with integrated legal considerations will aid in the creation of legitimate biometric systems that can improve quality and security. In addition to the pressing legality themes, this study explores a practical illustration of deep learning through a ResNet50-based model to classify iris health conditions. The model for classifying an iris as "mature" or "immature" has the potential to ensure the reliability of authentic biometric systems, and the model has a validity score of 98%. This specific example presents the employability of AI in potentially advancing biometric security. This study explored ways to recognize the dual structure of legal impact and technological developments in this field to ultimately create a balance where biometric systems remain palatable and convey an ethical obligation.

The widespread utilization of social media platforms such as Facebook, Twitter, and Instagram inside academic organizations has become fundamental for student correspondence and joint effort, yet it has simultaneously prompted an increase in cyberbullying incidents. Cyberbullying is embodied by offensive and harmful comments that sabotage the casualty's prosperity. This study plans to resolve this issue by fostering an extensive module to distinguish cases of cyberbullying inside Facebook groups of Mosul University students. Our methodology starts with the collection of data in the Arabic language, which is then exposed to careful manual handling to label comments and eliminate clamor-like copies and superfluous sections. The dataset, comprising 2,715 comments, goes through prehandling and element extraction via the term frequency-inverse document frequency (TF-IDF) strategy. Consequently, we utilize the logistic regression (LR) classifier to investigate and order the data. Our findings revealed that more than 21% of the comments dissected were brutal, a disturbing rate for a local area such as Mosul University. These outcomes highlight the critical requirements for intercession and the significance of observing student cooperation on social media. The dataset and experiences obtained from this study are important for psychologists and psychological direction experts to comprehend and relieve cyberbullying. This exploration not only highlights the prevalence of cyberbullying in academic settings but also provides a strong systemic structure for future examinations to expand, highlighting the basic role of AI in battling web harassment.

Managing large-scale data in distributed environments is essential for developing the distributed file system (DFS) concept, which ensures reliable, scalable, and fault-tolerant data storage across multiple nodes. In a DFS, DataNodes divides large datasets into blocks, assigning replicas to enhance data redundancy. The NameNode is a central control unit that manages metadata that governs data storage and retrieval. However, the NameNode presents a potential single point of failure, creating challenges in ensuring metadata, integrity, trustworthiness, and overall system reliability in distributed environments. This study proposes a new method to address these challenges by designing and implementing a new distributed file system architecture using blockchain as a repository to store the metadata of the NameNode. The proposed system achieves several significant improvements by integrating the blockchain into the DFS architecture. The tamper-proof and immutable nature of blockchain ensures metadata integrity. The metadata recorded on the blockchain can be accessible and recoverable at any time because multiple replicas are maintained over the network, and it becomes resistant to unauthorized modifications, enhancing trust and data reliability. The proposed architecture simulated the DFS via Python and integrated it with Ganache as an Ethereum platform via the Web3 library. The results show that the proposed system achieves the best time to upload files in the DFS compared with the traditional Hadoop distributed file system; the metadata stored in the blockchain enhance the overall system performance by improving metadata trustworthiness, management, and data integrity. The performance metrics for the proposed system are memory utilization and the file execution time for files ranging from 1 MB to 100,000 MB. The results show that even as the file size increase and the number of executions increases, the system retains efficient memory utilization, requiring less RAM for larger files. Although the system's ability to handle large datasets is demonstrated by its scalability in memory usage, adjustments are required to counteract the longer processing times linked to larger files. This paper examines the trade-offs and limitations of integrating blockchain with DFS and issues with scalability, latency, and storage costs. Despite these obstacles, the proposed approach shows that blockchain offers a workable option for safe and dependable metadata management in that DFS. This makes room for additional research to increase productivity and reduce resource use.

The surge in internet use has made authentication and authorization essential for protecting users’ privacy and security in web applications. JSON Web Token (JWT), a token-based authentication mechanism, stands out as a desirable choice for its scalability, ease of use, and interoperability. However, existing JWT signing algorithms, which rely on mathematical problems such as factoring large integers and discrete logarithms, are vulnerable to quantum computing breakthroughs, which poses significant security risks. Addressing this challenge requires evaluating quantum-safe alternatives for JWT authentication. While prior research has focused on limited sets of post-quantum algorithms, a comprehensive evaluation of all standardized algorithms remains unexplored. This study presents the first such evaluation within the JWT authentication framework, analysing algorithms recommended by the National Institute of Standards and Technology (NIST), including Falcon, SPHINCS+, and Dilithium, and their hybrid counterparts. We compare their performance against traditional algorithms such as RS256, ES256, PS256, and HS256. Our experimental results reveal that Falcon is the most efficient quantum-safe algorithm, with a token generation time of 18.68 ms and verification time of 0.65 ms, whereas SuperFalcon outperforms hybrid algorithms, with generation and verification times of 1.19 ms and 1.81 ms, respectively. These findings establish a foundation for transitioning JWT systems to quantum-safe cryptographic standards.

Blockchain has revolutionized cryptocurrency and completely changed the management of data and transactions in the digital world because of its decentralized nature, improved transparency, increased security measures, ability to facilitate commercial trading between untrusted parties, and contribution to preventing fraudulent activity. However, the primary issue with blockchain systems is their limited scalability, as they can only process a maximum of 30 transactions per second (TPS), like Ethereum and Bitcoin. In this paper, we introduce an approach using the Nakamoto protocol and the Directed Acyclic Graph (DAG) to develop an improved infrastructure known as a DAGchains that can increase the processing ceiling of the TPS and enable peers to reach Proof of Work (PoW) consensus on a wide scale. Furthermore, a novel allocation for transactions has been presented in miners' mempools on the basis of the Balanced Assignment of Mempool Transactions Protocol (BAMTP), which guarantees the absence of collisions and duplicate transactions, overcomes delays in completing microtransactions, and ensures an efficient distribution of reward fees among all miners. Experimental tests have proven the proposed system's effectiveness in increasing scalability by 24000 TPS compared with the conventional approach without sacrificing the security and decentralization inherent in existing blockchain systems.

The swift rise in multimedia transmission through insecure channels has made the study of information security critically important. Image encryption holds significant importance in this context, hence necessitating the improvement of the encryption algorithms. This research introduces a Protein-Driven Mealy Machine Image Encryption with Multi-Layer Protection (PMIE-MLP) algorithm, an innovative cryptographic system to improve image security that uses a dynamic protein-based Mealy machine, a novel 3D-AS scrambling, and a chaotic system. An encryption framework comprises key generation and six protection layers: substitution, four layers of diffusion, and confusion. These layers attempt to address the confusion and diffusion principles of Shannon’s cryptographic system and meet the high security standards of encrypted images. The authors conduct rigorous experiments to measure the efficiency of the PMIE-MLP along with its security quotient. These experimental results provide evidence that the PMIE-MLP is capable of achieving resistance to attacks such as brute force, statistical, differential, occlusion, and noise attacks. Moreover, the metrics obtained by the PMIE-MLP demonstrated equal or better security results than those of prior studies. A better performance analysis was achieved through the key space, chi-square value, correlation coefficient values, and image resistance to differential attacks; thus, it is evident that the PMIE-MLP is capable of transmitting colored image information in a secure manner.