Biblio
Today, there are several applications which allow us to share images over the internet. All these images must be stored in a secure manner and should be accessible only to the intended recipients. Hence it is of utmost importance to develop efficient and fast algorithms for encryption of images. This paper uses chaotic generators to generate random sequences which can be used as keys for image encryption. These sequences are seemingly random and have statistical properties. This makes them resistant to analysis and correlation attacks. However, these sequences have fixed cycle lengths. This restricts the number of sequences that can be used as keys. This paper utilises neural networks as a source of perturbation in a chaotic generator and uses its output to encrypt an image. The robustness of the encryption algorithm can be verified using NPCR, UACI, correlation coefficient analysis and information entropy analysis.
With the rapid technological growth in the present context, Internet of Things (IoT) has attracted the worldwide attention and has become pivotal technology in the smart computing environment of 21st century. IoT provides a virtual view of real-life things in resource-constrained environment where security and privacy are of prime concern. Lightweight cryptography provides security solutions in resource-constrained environment of IoT. Several software and hardware implementation of lightweight ciphers have been presented by different researchers in this area. This paper presents a comparative analysis of several lightweight cryptographic solutions along with their pros and cons, and their future scope. The comparative analysis may further help in proposing a 32-bit ultra-lightweight block cipher security model for IoT enabled applications in the smart environment.
In this paper, development of cyber communication package in the application of grid connected solar system has been presented. Here, implemented communication methodology supports communication process with reduced latency, high security arrangement with various degrees of freedom. Faithful transferring of various electrical data for the purpose of measurement, monitoring and controlling actions depend on the bidirectional communication strategy. Thus, real-time communication of data through cyber network has been emphasized in this paper. The C\# language based coding is done to develop the communication program. The notable features of proposed communication process are reduction of latency during data exchange by usage of advanced encryption standard (AES) algorithm, tightening of cyber security arrangement by implementing secured socket layer (SSL) and Rivest, Shamir and Adleman (RSA) algorithms. Various real-time experiments using internet connected computers have been done to verify the usability of the proposed communication concept along with its notable features in the application.
Supply chain management (SCM) is fundamental for gaining financial, environmental and social benefits in the supply chain industry. However, traditional SCM mechanisms usually suffer from a wide scope of issues such as lack of information sharing, long delays for data retrieval, and unreliability in product tracing. Recent advances in blockchain technology show great potential to tackle these issues due to its salient features including immutability, transparency, and decentralization. Although there are some proof-of-concept studies and surveys on blockchain-based SCM from the perspective of logistics, the underlying technical challenges are not clearly identified. In this paper, we provide a comprehensive analysis of potential opportunities, new requirements, and principles of designing blockchain-based SCM systems. We summarize and discuss four crucial technical challenges in terms of scalability, throughput, access control, data retrieval and review the promising solutions. Finally, a case study of designing blockchain-based food traceability system is reported to provide more insights on how to tackle these technical challenges in practice.
Virtual platforms provide a full hardware/software platform to study device limitations in an early stages of the design flow and to develop software without requiring a physical implementation. This paper describes the development process of a virtual platform for Deep Packet Inspection (DPI) hardware accelerators by using Transaction Level Modeling (TLM). We propose two DPI architectures oriented to System-on-Chip FPGA. The first architecture, CPU-DMA based architecture, is a hybrid CPU/FPGA where the packets are filtered in the software domain. The second architecture, Hardware-IP based architecture, is mainly implemented in the hardware domain. We have created two virtual platforms and performed the simulation, the debugging and the analysis of the hardware/software features, in order to compare results for both architectures.
Data security is a major requirement of smart meter communication to control server through Advanced Metering infrastructure. Easy access of smart meters and multi-faceted nature of AMI communication network are the main reasons of smart meter facing large number of attacks. The different topology, bandwidth and heterogeneity in communication network prevent the existing security mechanisms in satisfying the security requirements of smart meter. Hence, advanced security mechanisms are essential to encrypt smart meter data before transmitting to control server. The emerging biocryptography technique has several advantages over existing techniques and is most suitable for providing security to communication of low processing devices like smart meter. In this paper, a lightweight encryption scheme using DNA sequence with suitable key management scheme is proposed for secure communication of smart meter in an efficient way. The proposed 2-phase DNA cryptography provides confidentiality and integrity to transmitted data and the authentication of keys is attained by exchanging through Diffie Hellman scheme. The strength of proposed encryption scheme is analyzed and its efficiency is evaluated by simulating an AMI communication network using Simulink/Matlab. Comparison of simulation results with various techniques show that the proposed scheme is suitable for secure communication of smart meter data.
Internet of Things (IoT) is a key emerging technology which aims to connect objects over the internet. Software Defined Networking (SDN) is another new intelligent technology within networking domain which increases the network performance and provides better security, reliability, and privacy using dynamic software programs. In this paper, we have proposed a distributed secure Black SDN-IoT architecture with NFV implementation for smart cities. We have incorporated Black SDN that is highly secured SDN which gives better result in network performances, security, and privacy and secures both metadata and payload within each layer. This architecture also tried to introduce an approach which is more effective for building a cluster by means of Black SDN. Black SDN-loT with NFV concept brings benefits to the related fields in terms of energy savings and load balancing. Moreover, Multiple distributed controller have proposed to improve availability, integrity, privacy, confidentiality and etc. In the proposed architecture, the Black network provides higher security of each network layer comparative to the conventional network. Finally, this paper has discussed the architectural design of distributed secure Black SDN-IoT with NFV for smart cities and research challenges.
The contemporary power distribution system is facing an increase in extreme weather events, cybersecurity threats and even physical threats such as terrorism. Therefore there is a growing interest towards resiliency estimation and improvement. In this paper the resiliency enhancement strategy by means of Distributed Energy Resources and Automated Switches is presented. Resiliency scores are calculated using Analytical Hierarchy Process. The developed algorithm was validated on the modified IEEE 123 node system. It provides the most resiliency feasible network that satisfies the primary goal of serving the critical loads.
Edge and Fog Computing will be increasingly pervasive in the years to come due to the benefits they bring in many specific use-case scenarios over traditional Cloud Computing. Nevertheless, the security concerns Fog and Edge Computing bring in have not been fully considered and addressed so far, especially when considering the underlying technologies (e.g. virtualization) instrumental to reap the benefits of the adoption of the Edge paradigm. In particular, these virtualization technologies (i.e. Containers, Real Time Operating Systems, and Unikernels), are far from being adequately resilient and secure. Aiming at shedding some light on current technology limitations, and providing hints on future research security issues and technology development, in this paper we introduce the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios. Finally, we provide a discussion on the current security issues in the introduced context, and strive to outline future research directions in both security and technology development in a number of Edge/Fog scenarios.
The article explores the question of the effective implementation of arithmetic operations with points of an elliptic curve given over a prime field. Given that the basic arithmetic operations with points of an elliptic curve are the operations of adding points and doubling points, we study the question of implementing the arithmetic operations of adding and doubling points in various coordinate systems using the weighted number system and using the Residue Number System (RNS). We have shown that using the fourmodule RNS allows you to get an average gain for the operation of adding points of the elliptic curve of 8.67% and for the operation of doubling the points of the elliptic curve of 8.32% compared to the implementation using the operation of modular multiplication with special moduli from NIST FIPS 186.
As Web traffics is increasing on the Internet, caching solutions for Web systems are becoming more important since they can greatly expand system scalability. An important part of a caching solution is cache replacement policy, which is responsible for selecting victim items that should be removed in order to make space for new objects. Typical replacement policies used in practice only take advantage of temporal reference locality by removing the least recently/frequently requested items from the cache. Although those policies work well in memory or filesystem cache, they are inefficient for Web systems since they do not exploit semantic relationship between Web items. This paper presents a semantic-aware caching policy that can be used in Web systems to enhance scalability. The proposed caching mechanism defines semantic distance from a web page to a set of pivot pages and use the semantic distances as a metric for choosing victims. Also, it use a function-based metric that combines access frequency and cache item size for tie-breaking. Our simulations show that out enhancements outperform traditional methods in terms of hit rate, which can be useful for websites with many small and similar-in-size web objects.
Optimal placement of new sensors is of great importance to enhancing distribution system monitoring and resiliency. Utilities are in need of a platform for an optimal sensor placement strategy other than the traditional experience-based strategy. In this paper, a sensor placement optimization tool (SPOT) is developed. It contains two selected modules based on industry priority: distribution system state estimation (DSE) and recloser placement (RP). The DSE module incorporates three-phase system functionality to reflect practical distribution systems with asymmetrical topology and unbalanced loading. In the RP module, the impact of microgrids is modeled. SPOT is timely since it can assist utilities in developing their own optimal sensor allocation strategies.
Generally, methods of authentication and identification utilized in asserting users' credentials directly affect security of offered services. In a federated environment, service owners must trust external credentials and make access control decisions based on Assurance Information received from remote Identity Providers (IdPs). Communities (e.g. NIST, IETF and etc.) have tried to provide a coherent and justifiable architecture in order to evaluate Assurance Information and define Assurance Levels (AL). Expensive deployment, limited service owners' authority to define their own requirements and lack of compatibility between heterogeneous existing standards can be considered as some of the unsolved concerns that hinder developers to openly accept published works. By assessing the advantages and disadvantages of well-known models, a comprehensive, flexible and compatible solution is proposed to value and deploy assurance levels through a central entity called Proxy.
In the era of mass agriculture to keep up with the increasing demand for food production, advanced monitoring systems are required in order to handle several challenges such as perishable products, food waste, unpredictable supply variations and stringent food safety and sustainability requirements. The evolution of Internet of Things have provided means for collecting, processing, and communicating data associated with agricultural processes. This have opened several opportunities to sustain, improve productivity and reduce waste in every step in the food supply chain system. On the hand, this resulted in several new challenges, such as, the security of the data, recording and representation of data, providing real time control, reliability of the system, and dealing with big data. This paper proposes an architecture for security of big data in the agricultural supply chain management system. This can help in reducing food waste, increasing the reliability of the supply chain, and enhance the performance of the food supply chain system.
With the increasing penetration of non-synchronous variable renewable energy sources (RES) in power grids, the system's inertia decreases and varies over time, affecting the capability of current control schemes to handle frequency regulation. Providing virtual inertia to power systems has become an interesting topic of research, since it may provide a reasonable solution to address this new issue. However, power dynamics are usually modeled as time-invariant, without including the effect of varying inertia due to the presence of RES. This paper presents a framework to design a fixed learned controller based on datasets of optimal time-varying LQR controllers. In our scheme, we model power dynamics as a hybrid system with discrete modes representing different rotational inertia regimes of the grid. We test the performance of our controller in a twelve-bus system using different fixed inertia modes. We also study our learned controller as the inertia changes over time. By adding virtual inertia we can guarantee stability of high-renewable (low-inertia) modes. The novelty of our work is to propose a design framework for a stable controller with fixed gains for time-varying power dynamics. This is relevant because it would be simpler to implement a proportional controller with fixed gains compared to a time-varying control.
Inertia from rotating masses of generators in power systems influence the instantaneous frequency change when an imbalance between electrical and mechanical power occurs. Renewable energy sources (RES), such as solar and wind power, are connected to the grid via electronic converters. RES connected through converters affect the system's inertia by decreasing it and making it time-varying. This new setting challenges the ability of current control schemes to maintain frequency stability. Proposing adequate controllers for this new paradigm is key for the performance and stability of future power grids. The contribution of this paper is a framework to learn sparse time-invariant frequency controllers in a power system network with a time-varying evolution of rotational inertia. We model power dynamics using a Switched-Affine hybrid system to consider different modes corresponding to different inertia coefficients. We design a controller that uses as features, i.e. input, the systems states. In other words, we design a control proportional to the angles and frequencies. We include virtual inertia in the controllers to ensure stability. One of our findings is that it is possible to restrict communication between the nodes by reducing the number of features in the controller (from 22 to 10 in our case study) without disrupting performance and stability. Furthermore, once communication between nodes has reached a threshold, increasing it beyond this threshold does not improve performance or stability. We find a correlation between optimal feature selection in sparse controllers and the topology of the network.
Phishing as one of the most well-known cybercrime activities is a deception of online users to steal their personal or confidential information by impersonating a legitimate website. Several machine learning-based strategies have been proposed to detect phishing websites. These techniques are dependent on the features extracted from the website samples. However, few studies have actually considered efficient feature selection for detecting phishing attacks. In this work, we investigate an agreement on the definitive features which should be used in phishing detection. We apply Fuzzy Rough Set (FRS) theory as a tool to select most effective features from three benchmarked data sets. The selected features are fed into three often used classifiers for phishing detection. To evaluate the FRS feature selection in developing a generalizable phishing detection, the classifiers are trained by a separate out-of-sample data set of 14,000 website samples. The maximum F-measure gained by FRS feature selection is 95% using Random Forest classification. Also, there are 9 universal features selected by FRS over all the three data sets. The F-measure value using this universal feature set is approximately 93% which is a comparable result in contrast to the FRS performance. Since the universal feature set contains no features from third-part services, this finding implies that with no inquiry from external sources, we can gain a faster phishing detection which is also robust toward zero-day attacks.
More and more security and privacy issues are arising as new technologies, such as big data and cloud computing, are widely applied in nowadays. For decreasing the privacy breaches in access control system under opening and cross-domain environment. In this paper, we suggest a game and risk based access model for privacy preserving by employing Shannon information and game theory. After defining the notions of Privacy Risk and Privacy Violation Access, a high-level framework of game theoretical risk based access control is proposed. Further, we present formulas for estimating the risk value of access request and user, construct and analyze the game model of the proposed access control by using a multi-stage two player game. There exists sub-game perfect Nash equilibrium each stage in the risk based access control and it's suitable to protect the privacy by limiting the privacy violation access requests.
Quantum Key Distribution (QKD) is a technique for sharing encryption keys between two adjacent nodes. It provides unconditional secure communication based on the laws of physics. From the viewpoint of network research, QKD is considered to be a component for providing secure communication in network systems. A QKD network enables each node to exchange encryption keys with arbitrary nodes. However previous research did not focus on the processing speed of the key management method essential for a QKD network. This paper focuses on the key management method assuming a high-speed QKD system for which we clarify the design, propose a high-speed method, and evaluate the throughput. The proposed method consists of four modules: (1) local key manager handling the keys generated by QKD, (2) one-time pad tunnel manager establishing the transparent encryption link, (3) global key manager generating the keys for application communication, and (4) web API providing keys to the application. The proposed method was implemented in software and evaluated by emulating QKD key generation and application key consumption. The evaluation result reveals that it is capable of handling the encryption keys at a speed of 414 Mb/s, 185 Mb/s, 85 Mb/s and 971 Mb/s, for local key manager, one-time pad tunnel manager, global key manager and web API, respectively. These are sufficient for integration with a high-speed QKD system. Furthermore, the method allows the high-speed QKD system consisting of two nodes to expand corresponding to the size of the QKD network without losing the speed advantage.
In this article, to deal with data security requirements of electric vehicle users, a key management scheme for smart charging has been studied. According to the characteristics of the network, three elements and a two-subnetwork model between the charging and the electric vehicle users have been designed. Based on the hypergraph theory, the hypergraph structure of the smart charging network is proposed. And the key management scheme SCHKM is designed to satisfy the operational and security requirements of this structure. The efficiency of SCHKM scheme is analyzed from the cost experiment of key generation and key storage. The experimental results show that compared with the LKH, OFT and GKMP, the proposed key management scheme has obvious advantages in multi-user and key generation cost.
The supply chains for advanced automobiles will continue to become increasingly complex. Furthermore, automotive OEMs will experience decreased control over the components and software implemented into their vehicles. These issues create risks to advanced vehicle technologies that must be addressed by a comprehensive and coordinated approach to end-to-end cybersecurity across the automotive supply chain.
Information security is winding up noticeably more vital in information stockpiling and transmission. Images are generally utilised for various purposes. As a result, the protection of image from the unauthorised client is critical. Established encryption techniques are not ready to give a secure framework. To defeat this, image encryption is finished through DNA encoding which is additionally included with confused 1D and 2D logistic maps. The key communication is done through the quantum channel using the BB84 protocol. To recover the encrypted image DNA decoding is performed. Since DNA encryption is invertible, decoding can be effectively done through DNA subtraction. It decreases the complexity and furthermore gives more strength when contrasted with traditional encryption plans. The enhanced strength of the framework is measured utilising measurements like NPCR, UACI, Correlation and Entropy.
In this paper, we focus on versatile and scalable key management for Advanced Metering Infrastructure (AMI) in Smart Grid (SG). We show that a recently proposed key graph based scheme for AMI systems (VerSAMI) suffers from efficiency flaws in its broadcast key management protocol. Then, we propose a new key management scheme (iVerSAMI) by modifying VerSAMI's key graph structure and proposing a new broadcast key update process. We analyze security and performance of the proposed broadcast key management in details to show that iVerSAMI is secure and efficient in terms of storage and communication overheads.
Correct compilers perform program transformations preserving input/output behaviours of programs. Yet, correctness does not prevent program optimisations from introducing information-flow leaks that would make the target program more vulnerable to side-channel attacks than the source program. To tackle this problem, we propose a notion of Information-Flow Preserving (IFP) program transformation which ensures that a target program is no more vulnerable to passive side-channel attacks than a source program. To protect against a wide range of attacks, we model an attacker who is granted arbitrary memory accesses for a pre-defined set of observation points. We propose a compositional proof principle for proving that a transformation is IFP. Using this principle, we show how a translation validation technique can be used to automatically verify and even close information-flow leaks introduced by standard compiler passes such as dead-store elimination and register allocation. The technique has been experimentally validated on the CompCert C compiler.
Cloud Computing is an important term of modern technology. The usefulness of Cloud is increasing day by day and simultaneously more and more security problems are arising as well. Two of the major threats of Cloud are improper authentication and multi-tenancy. According to the specialists both pros and cons belong to multi-tenancy. There are security protocols available but it is difficult to claim these protocols are perfect and ensure complete protection. The purpose of this paper is to propose an integrated model to ensure better Cloud security for Authentication and multi-tenancy. Multi-tenancy means sharing of resources and virtualization among clients. Since multi-tenancy allows multiple users to access same resources simultaneously, there is high probability of accessing confidential data without proper privileges. Our model includes Kerberos authentication protocol to enhance authentication security. During our research on Kerberos we have found some flaws in terms of encryption method which have been mentioned in couple of IEEE conference papers. Pondering about this complication we have elected Elliptic Curve Cryptography. On the other hand, to attenuate arose risks due to multi-tenancy we are proposing a Resource Allocation Manager Unit, a Control Database and Resource Allocation Map. This part of the model will perpetuate resource allocation for the users.