Biblio

The Robot Operation System (ROS) is widely used in academia as well as the industry to build custom robot applications. Successful cyberattacks on robots can result in a loss of control for the legitimate operator and thus have a severe impact on safety if the robot is moving uncontrollably. A high level of security thus needs to be mandatory. Neither ROS 1 nor 2 in their default configuration provide protection against network based attackers. Multiple protection mechanisms have been proposed that can be used to overcome this. Unfortunately, it is unclear how effective and usable each of them are. We provide a structured analysis of the requirements these protection mechanisms need to fulfill by identifying realistic, network based attacker models and using those to derive relevant security requirements and other evaluation criteria. Based on these criteria, we analyze the protection mechanisms available and compare them to each other. We find that none of the existing protection mechanisms fulfill all of the security requirements. For both ROS 1 and 2, we discuss which protection mechanism are most relevant and give hints on how to decide on one. We hope that the requirements we identify simplify the development or enhancement of protection mechanisms that cover all aspects of ROS and that our comparison helps robot operators to choose an adequate protection mechanism for their use case.

Windows Communication Foundation (WCF) is a communication framework for building connected, service-oriented applications, initially released by Microsoft as part of.NET Framework, but now open source. The WCF message-based communication is a very popular solution used for sending asynchronous messages from one service endpoint to another. Because WCF provides many functionalities it has a large-consuming development model and often the security measures implemented in applications are not proper. In this study we propose a methodology for offensive security analysis of an WCF endpoint or service, from red team perspective. A step by step approach, empirical information, and detailed analysis report of WCF vulnerabilities are presented. We conclude by proposing recommendations for mitigating attacks and securing endpoints.

Anonymous Communication Networks (ACNs) are networks in which, beyond data confidentiality, also traffic flow confidentiality is provided. The most popular routing approach for ACNs also used in practice is Onion. Onion is based on multiple encryption wrapping combined with the proxy mechanism (relay nodes). However, it offers neither sender anonymity nor recipient anonymity in a global passive adversary model, simply because the adversary can observe (at the first relay node) the traffic coming from the sender, and (at the last relay node) the traffic delivered to the recipient. This may also cause a loss of relationship anonymity if timing attacks are performed. This paper presents Onion-Ring, a routing protocol that improves anonymity of Onion in the global adversary model, by achieving sender anonymity and recipient anonymity, and thus relationship anonymity.

From the beginning of technology and Wi-Fi based systems wireless networks had a prominent threat upon data security. Without security measures many organizations contribute on these flaws of security to make it better. There are many vulnerabilities of security models which are discussed in this article such as hacking through Wi-Fi security by Aircrack-ng, previous security model vulnerabilities and also the performance of Aircrack-ng attack on Wi-Fi modem or routers. In order to crack WPA/WPA2, kali Linux operating system will be needed along with Aircrack-ng packages installed on any compatible PC. Some of the new standard WPA3 such like downgrade problem on which the system will let the device to downgrade from WPA3 to WPA2 in order to connect with incompatible devise. Further, it makes a way for hackers to obtain Wi-Fi passwords even from new model defined such as WPA3 by using old techniques. The new model introduced Wi-Fi security protocol WPA3 is also no longer a secure model it can be penetrated. Researchers have discovered some new vulnerability enables hackers to get out the Wi-Fi passwords.

Website phishing continues to persist as one of the most important security threats of the modern Internet era. A major concern has been that machine learning based approaches, which have been the cornerstones of deployed phishing detection solutions, have not been able to adapt to the evolving nature of the phishing attacks. To create updated machine learning models, the collection of a sufficient corpus of real-time phishing data has always been a challenging problem as most phishing websites are short-lived. In this work, for the first time, we address these important concerns and describe an adaptive phishing detection solution that is able to adapt to changes in phishing attacks. Our solution has two major contributions. First, our solution allows for multiple organizations to collaborate in a privacy preserving manner and generate a robust machine learning model for phishing detection. Second, our solution is designed to be flexible in order to adapt to the novel phishing features introduced by attackers. Our solution not only allows for incorporating novel features into the existing machine learning model, but also can help, to a certain extent, the “unlearning” of existing features that have become obsolete in current phishing attacks. We evaluated our approach on a large real-world data collected over a period of six months. Our results achieve a high true positive rate of 97 %, which is on par with existing state-of-the art centralized solutions. Importantly, our results demonstrate that, a machine learning model can incorporate new features while selectively “unlearning” the older obsolete features.

Due to its minimal price and expandable wireless open system interconnection options for the coming years, wireless mesh networking is appealing, developing, and novel medium of speech, which is why it is becoming a somewhat widely used communication field. In all network types, one of the essential factors for prevalent and trustworthy communication is cybersecurity. The IEEE 802.11 working gathering has created various correspondence guidelines. Yet, they are by and by focusing on the 802.11s standard because of its dynamic setup and geography learning abilities. Information, voice, and directions are steered between hubs employing remote lattice organising. WMNs incidentally give nearby 802.11g admittance to customers and connection neighbours utilising 802.11a "backhaul," but this isn’t generally the situation because of changing requirements, for example, top information rate and inclusion range. The small cross-sectional organisation emerged as a fundamental innovation to enable broadband system management in large regions. It benefits specialised organisations by reducing the cost of sending networks and end customers by providing ubiquitous Internet access anywhere, anytime. Given the idea of wireless mesh networking and the lack of integrated organisational technology, small grid networks are powerless against malicious attacks. In the meantime, the limit of multi-radio multi-channel correspondence, the need for heterogeneous organisation coordination, and the interest for multi-bounce remote equality often render conventional security strategies ineffectual or challenging to carry out. Thus, wireless mesh networking presents new issues that require more viable and relevant arrangements. WMNs have piqued the curiosity of both scholastics and industry because of their promising future. Numerous testbeds are built for research purposes, and business items for veritable WMNs are accessible. Anyway, a few concerns should be cleared up before they can very well become widespread. For example, the accessible MAC and routing conventions are not customisable; the throughput drops impressively with an increasing number of hubs or bounces in WMNs. Because of the weakness of WMNs against various malicious attacks, the security and protection of correspondence is a serious concern. For example, enemies can sniff long-distance correspondence to obtain sensitive data. Attackers can carry out DoS attacks and control the substance of the information sent through compromised hubs, thereby endangering the company’s secret, accessibility authenticity, and integrity. WMNs, like compact Impromptu Organisations (MANETs), share a typical medium, no traffic aggregate point, and incredible topography. Due to these restrictions, normal safety frameworks in wired associations can’t be quickly applied to WMNs. Also, the techniques utilised in MANETs are not viable with WMNs. This is because of the manner in which WMNs expand MANETs in different ways. Framework centres are generally outfitted with an assortment of radios. Then, at that point, many channels are doled out to every centre to work with concurrent data move and diversity.

Mobile Ad Hoc Network is a infrastructure less wireless network where the mobile nodes leaves and joins the mobile network very frequently. The routing of the packets from source node to destination node, the routing protocol is used. On Demand Distance Vector Routing protocol is very common and implemented with Mobile Ad Hoc Network nodes to handle the operations of packet routing from by any node as a source node to destination node. In this paper prevention of black hole attack by modifying the On Demand Distance Vector routing protocol. The sequence number of 32 bit is initiated with the Route Reply and route sequence packet broadcast to determine the request reply from black hole node under the Mobile Ad Hoc Network. The sequence number and On demand Distance Vector Routing protocol are integrated with a mechanism to find the Request Reply of message containing routing information from source to destination node in Mobile Ad Hoc Network.

Minimal adversarial perturbations added to inputs have been shown to be effective at fooling deep neural networks. In this paper, we introduce several innovations that make white-box targeted attacks follow the intuition of the attacker's goal: to trick the model to assign a higher probability to the target class than to any other, while staying within a specified distance from the original input. First, we propose a new loss function that explicitly captures the goal of targeted attacks, in particular, by using the logits of all classes instead of just a subset, as is common. We show that Auto-PGD with this loss function finds more adversarial examples than it does with other commonly used loss functions. Second, we propose a new attack method that uses a further developed version of our loss function capturing both the misclassification objective and the L∞ distance limit ϵ. This new attack method is relatively 1.5--4.2% more successful on the CIFAR10 dataset and relatively 8.2--14.9% more successful on the ImageNet dataset, than the next best state-of-the-art attack. We confirm using statistical tests that our attack outperforms state-of-the-art attacks on different datasets and values of ϵ and against different defenses.

Blockchain-based cryptocurrencies offer an appealing alternative to Fiat currencies, due to their decentralized and borderless nature. However the decentralized settings make the authentication process more challenging: Standard cryptographic methods often rely on the ability of users to reliably store a (large) secret information. What happens if one user's key is lost or stolen? Blockchain systems lack of fallback mechanisms that allow one to recover from such an event, whereas the traditional banking system has developed and deploys quite effective solutions. In this work, we develop new cryptographic techniques to integrate security policies (developed in the traditional banking domain) in the blockchain settings. We propose a system where a smart contract is given the custody of the user's funds and has the ability to invoke a two-factor authentication (2FA) procedure in case of an exceptional event (e.g., a particularly large transaction or a key recovery request). To enable this, the owner of the account secret-shares the answers of some security questions among a committee of users. When the 2FA mechanism is triggered, the committee members can provide the smart contract with enough information to check whether an attempt was successful, and nothing more. We then design a protocol that securely and efficiently implements such a functionality: The protocol is round-optimal, is robust to the corruption of a subset of committee members, supports low-entropy secrets, and is concretely efficient. As a stepping stone towards the design of this protocol, we introduce a new threshold homomorphic encryption scheme for linear predicates from bilinear maps, which might be of independent interest. To substantiate the practicality of our approach, we implement the above protocol as a smart contract in Ethereum and show that it can be used today as an additional safeguard for suspicious transactions, at minimal added cost. We also implement a second scheme where the smart contract additionally requests a signature from a physical hardware token, whose verification key is registered upfront by the owner of the funds. We show how to integrate the widely used universal two-factor authentication (U2F) tokens in blockchain environments, thus enabling the deployment of our system with available hardware.

Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes.

Cyber-physical systems are vulnerable to attacks that can cause them to reach undesirable states. This paper provides a theoretical solution for increasing the resiliency of control systems through the use of a high-authority supervisor that monitors and regulates control signals sent to the actuator. The supervisor aims to determine the control signal limits that provide maximum freedom of operation while protecting the system. For this work, a cyber attack is assumed to overwrite the signal to the actuator with Gaussian noise. This assumption permits the propagation of a state covariance matrix through time. Projecting the state covariance matrix on the state space reveals a confidence ellipse that approximates the reachable set. The standard deviation is found so that the confidence ellipse is tangential to the danger area in the state space. The process is applied to ship dynamics where an ellipse in the state space is transformed to an arc in the plane of motion. The technique is validated through the simulation of a ship traveling through a narrow channel while under the influence of a cyber attack.

with the continuous growing threat of cyber terrorism, the vulnerability of the industrial control systems (ICS) is the most common subject for security researchers now. Attacks on ICS systems keep increasing and their impact leads to human safety issues, equipment damage, system down, unusual output, loss of visibility and control, and various other catastrophic failures. Many of the industrial control systems are relatively insecure with chronic and pervasive vulnerabilities. Modbus-Tcpis one of the widely used communication protocols in the ICS/ Supervisory control and data acquisition (SCADA) system to transmit signals from instrumentation and control devices to the main controller of the control center. Modbus is a plain text protocol without any built-in security mechanisms, and Modbus is a standard communication protocol, widely used in critical infrastructure applications such as power systems, water, oil & gas, etc.. This paper proposes a passive security solution called Deep-security-scanner (DSS) tailored to Modbus-Tcpcommunication based Industrial control system (ICS). DSS solution detects attacks on Modbus-TcpIcs networks in a passive manner without disturbing the availability requirements of the system.

Software-defined network (SDN) is a network architecture that used to build, design the hardware components virtually. We can dynamically change the settings of network connections. In the traditional network, it's not possible to change dynamically, because it's a fixed connection. SDN is a good approach but still is vulnerable to DDoS attacks. The DDoS attack is menacing to the internet. To prevent the DDoS attack, the machine learning algorithm can be used. The DDoS attack is the multiple collaborated systems that are used to target the particular server at the same time. In SDN control layer is in the center that link with the application and infrastructure layer, where the devices in the infrastructure layer controlled by the software. In this paper, we propose a machine learning technique namely Decision Tree and Support Vector Machine (SVM) to detect malicious traffic. Our test outcome shows that the Decision Tree and Support Vector Machine (SVM) algorithm provides better accuracy and detection rate.

Wireless Sensor Network (WSN) is considered as the backbone of Internet of Things (IoT) networks. Authentication is the most important phase that guarantees secure access to such networks but it is more critical than that in traditional Internet because the communications are established between constrained devices that could not compute heavy cryptographic primitives. In this paper, we are studying with real experimentation the efficiency of HIP Diet EXchange header (HIP DEX) protocol over IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) in IoT. The adopted application layer protocol is Constrained Application Protocol (CoAP) and as a routing protocol, the Routing Protocol for Low power and lossy networks (RPL). The evaluation concerns the total End-to-End transmission delays during the authentication process between the communicating peers regarding the processing, propagation, and queuing times' overheads results. Most importantly, we propose an efficient handshake packets' compression header, and we detailed a comparison of the above evaluation's criteria before and after the proposed compression. Obtained results are very encouraging and reinforce the efficiency of HIP DEX in IoT networks during the handshake process of constrained nodes.

Any technique to ensure memory safety requires knowledge of (a) precise array bounds and (b) the data types accessed by memory load/store and pointer move instructions (called, owners) in the program. While this information can be effectively derived by compiler-level approaches much of this information may be lost during the compilation process and become unavailable to binary-level tools. In this work we conduct the first detailed study on how accurately can this information be extracted or reconstructed by current state-of-the-art static reverse engineering (RE) platforms for binaries compiled with and without debug symbol information. Furthermore, it is also unclear how the imprecision in array bounds and instruction owner information that is obtained by the RE tools impacts the ability of techniques to detect illegal memory accesses at run-time. We study this issue by designing, building, and deploying a novel binary-level technique to assess the properties and effectiveness of the information provided by the static RE algorithms in the first stage to guide the run-time instrumentation to detect illegal memory accesses in the decoupled second stage. Our work explores the limitations and challenges for static binary analysis tools to develop accurate binary-level techniques to detect memory errors.

Discovering vulnerabilities is an information-intensive task that requires a developer to locate the defects in the code that have security implications. The task is difficult due to the growing code complexity and some developer's lack of security expertise. Although tools have been created to ease the difficulty, no single one is sufficient. In practice, developers often use a combination of tools to uncover vulnerabilities. Yet, the basis on which different tools are composed is under explored. In this paper, we examine the composition base by taking advantage of the tool design patterns informed by foraging theory. We follow a design science methodology and carry out a three-step empirical study: mapping 34 foraging-theoretic patterns in a specific vulnerability discovery tool, formulating hypotheses about the value and cost of foraging when considering two composition scenarios, and performing a human-subject study to test the hypotheses. Our work offers insights into guiding developers' tool usage in detecting software vulnerabilities.

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist seamlessly with the surrounding software stack. We show how to build chains that can withstand popular static and dynamic deobfuscation approaches, evaluating the robustness and overheads of the design over common programs. The results suggest a significant amount of computational resources would be required to carry a deobfuscation attack for secret finding and code coverage goals.

Intrusion Detection System (IDS) is one of the most important security tool for many security issues that are prevailing in today's cyber world. Intrusion Detection System is designed to scan the system applications and network traffic to detect suspicious activities and issue an alert if it is discovered. So many techniques are available in machine learning for intrusion detection. The main objective of this project is to apply machine learning algorithms to the data set and to compare and evaluate their performances. The proposed application has used the SVM (Support Vector Machine) and ANN (Artificial Neural Networks) Algorithms to detect the intrusion rates. Each algorithm is used to detect whether the requested data is authorized or contains any anomalies. While IDS scans the requested data if it finds any malicious information it drops that request. These algorithms have used Correlation-Based and Chi-Squared Based feature selection algorithms to reduce the dataset by eliminating the useless data. The preprocessed dataset is trained and tested with the models to obtain the prominent results, which leads to increasing the prediction accuracy. The NSL KDD dataset has been used for the experimentation. Finally, an accuracy of about 48% has been achieved by the SVM algorithm and 97% has been achieved by ANN algorithm. Henceforth, ANN model is working better than the SVM on this dataset.

Protecting privacy of the user location in Internet of Things (IoT) applications is a complex problem. Peer-to-peer (P2P) approach is one of the most popular techniques used to protect privacy in IoT applications, especially that use the location service. The P2P approach requires trust among peers in addition to serious cooperation. These requirements are still an open problem for this approach and its methods. In this paper, we propose an effective solution to this issue by creating a manager for the peers' reputation called R-TTP. Each peer has a new query. He has to evaluate the cooperated peer. Depending on the received result of that evaluation, the main peer will send multiple copies of the same query to multiple peers and then compare results. Moreover, we proposed another scenario to the manager of reputation by depending on Fog computing to enhance both performance and privacy. Relying on this work, a user can determine the most suitable of many available cooperating peers, while avoiding the problems of putting up with an inappropriate cooperating or uncommitted peer. The proposed method would significantly contribute to developing most of the privacy techniques in the location-based services. We implemented the main functions of the proposed method to confirm its effectiveness, applicability, and ease of application.

Both the data science and scientific computing communities are embracing GPU acceleration for their most demanding workloads. For scientific computing applications, the massive volume of code and diversity of hardware platforms at supercomputing centers has motivated a strong effort toward performance portability. This property of a program, denoting its ability to perform well on multiple architectures and varied datasets, is heavily dependent on the choice of parallel programming model and which features of the programming model are used. In this paper, we evaluate performance portability in the context of a data science workload in contrast to a scientific computing workload, evaluating the same sparse matrix kernel on both. Among our implementations of the kernel in different performance-portable programming models, we find that many struggle to consistently achieve performance improvements using the GPU compared to simple one-line OpenMP parallelization on high-end multicore CPUs. We show one that does, and its performance approaches and sometimes even matches that of vendor-provided GPU math libraries.

Programming language design requires making many usability-related design decisions. However, existing HCI methods can be impractical to apply to programming languages: they have high iteration costs, programmers require significant learning time, and user performance has high variance. To address these problems, we adapted both formative and summative HCI methods to make them more suitable for programming language design. We integrated these methods into a new process, PLIERS, for designing programming languages in a user-centered way. We evaluated PLIERS by using it to design two new programming languages. Glacier extends Java to enable programmers to express immutability properties effectively and easily. Obsidian is a language for blockchains that includes verification of critical safety properties. Summative usability studies showed that programmers were able to program effectively in both languages after short training periods.