Biblio

With the ever-increasing use of large-scale IoT networks in different sectors of the industry, it has become critical to realise seamless and secure communication between devices in the network. Realising secure group communication in the IoT requires solving the problem of group-key establishment. In this work, we solve the problem by designing a new lattice-based Key Encapsulation Mechanism (KEM) for resource-constrained devices that enable the distribution of a symmetric key or any other data between all the devices in a given network. This is achieved by coupling multiple private keys to a unique public key. Moreover, we present a proof-of-concept implementation based on the GGH algorithm. The results show it is feasible to use lattice-based cryptography to allow for seamless and secure group communications within a decentralised IoT network. It has been bench-marked against other common post-quantum constructs and proven to be more practical with respect to memory consumption and security, although considerably slower due to lack of optimisation in the implementation.

Kerberos protocol is a derivative type of server used for the authentication purpose. Kerberos is a network-based authentication protocol which communicates the tickets from one network to another in a secured manner. Kerberos protocol encrypts the messages and provides mutual authentication. Kerberos uses the symmetric cryptography which uses the public key to strengthen the data confidentiality. The KDS Key Distribution System gives the center of securing the messages. Kerberos has certain disadvantages as it provides public key at both ends. In this proposed approach, the Kerberos are secured by using the HMAC Hash-based Message Authentication Code which is used for the authentication of message for integrity and authentication purpose. It verifies the data by authentication, verifies the e-mail address and message integrity. The computer network and security are authenticated by verifying the user or client. These messages which are transmitted and delivered have to be integrated by authenticating it. Kerberos authentication is used for the verification of a host or user. Authentication is based on the tickets on credentials in a secured way. Kerberos gives faster authentication and uses the unique ticketing system. It supports the authentication delegation with faster efficiency. These encrypt the standard by encrypting the tickets to pass the information.

Systems based on WB protection have a limited lifetime, measured in months and sometimes days. Unfortunately, to understand for how long the application will be uncompromised, if possible, only empirically. However, it is possible to make a preliminary assessment of the security of a particular implementation, depending on the methods and their number used in the implementation, it will allow reallocating resources to more effective means of protection.

Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyber-infrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics - the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.

Ransomware is an emerging threat that imposed a \$ 5 billion loss in 2017, rose to \$ 20 billion in 2021, and is predicted to hit \$ 256 billion in 2031. While initially targeting PC (client) platforms, ransomware recently leaped over to server-side databases-starting in January 2017 with the MongoDB Apocalypse attack and continuing in 2020 with 85,000 MySQL instances ransomed. Previous research developed countermeasures against client-side ransomware. However, the problem of server-side database ransomware has received little attention so far. In our work, we aim to bridge this gap and present DIMAQS (Dynamic Identification of Malicious Query Sequences), a novel anti-ransomware solution for databases. DIMAQS performs runtime monitoring of incoming queries and pattern matching using two classification approaches (Colored Petri Nets (CPNs) and Deep Neural Networks (DNNs)) for attack detection. Our system design exhibits several novel techniques like dynamic color generation to efficiently detect malicious query sequences globally (i.e., without limiting detection to distinct user connections). Our proof-of-concept and ready-to-use implementation targets MySQL servers. The evaluation shows high efficiency without false negatives for both approaches and a false positive rate of nearly 0%. Both classifiers show very moderate performance overheads below 6%. We will publish our data sets and implementation, allowing the community to reproduce our tests and results.

VCB is an important component to ensure the safe and smooth operation of the power system. As an important driving part of the vacuum circuit breaker, the operating mechanism is prone to mechanical failure, which leads to power grid accidents. This paper offers an in-depth analysis of the mechanical faults of the operating mechanism of vacuum circuit breaker and their causes, extracts the current signal of the opening and closing coil strongly correlated with the mechanical faults of the operating mechanism as the characteristic information to build a Deep Belief Network (DBN) model, trains each data set via Restricted Boltzmann Machine(RBM) and updates the model parameters. The number of hidden layer nodes, the structure of the network layer, and the learning rate are determined, and the mechanical fault diagnosis system of vacuum circuit breaker based on the Deep Belief Network is established. The results show that when the network structure is 8-110-110-6 and the learning rate is 0.01, the recognition accuracy of the DBN model is the highest, which is 0.990871. Compared with BP neural network, DBN has a smaller cross-entropy error and higher accuracy. This method can accurately diagnose the mechanical fault of the vacuum circuit breaker, which lays a foundation for the smooth operation of the power system.

Resiliency of cyber-physical systems (CPSs) against malicious attacks has been a topic of active research in the past decade due to widely recognized importance. Resilient CPS is capable of tolerating some attacks, operating at a reduced capacity with core functions maintained, and failing gracefully to avoid any catastrophic consequences. Existing work includes an architecture for hierarchical control systems, which is a subset of CPS with wide applicability, that is tailored for resiliency. Namely, the architecture consists of local, network and supervision layers and features such as simplex structure, resource isolation by hypervisors, redundant sensors/actuators, and software defined network capabilities. Existing work also includes methods of ensuring a level of resiliency at each one of the layers, respectively. However, for a holistic system level resiliency, individual methods at each layers must be coordinated in their deployment because all three layers interact for the operation of CPS. For this purpose, a resiliency coordinator for CPS is proposed in this work. The resiliency coordinator is the interconnection of central resiliency coordinator in the supervision layer, network resiliency coordinator in the network layer, and finally, local resiliency coordinators in multiple physical systems that compose the physical layer. We show, by examples, the operation of the resiliency coordinator and illustrate that RC accomplishes a level of attack resiliency greater than the sum of resiliency at each one of the layers separately.

SaaS is a cloud-based application service that allows users to use applications that work in a cloud environment. SaaS is a subscription type, and the service expenditure varies depending on the license, the number of users, and duration of use. For efficient network management, security and cost management, accurate detection of user behavior for SaaS applications is required. In this paper, we propose a rule-based traffic analysis method for the user behavior detection. We conduct comparative experiments with signature-based method by using the real SaaS application and demonstrate the validity of the proposed method.

The widespread adoption of eCommerce, iBanking, and eGovernment institutions has resulted in an exponential rise in the use of web applications. Due to a large number of users, web applications have become a prime target of cybercriminals who want to steal Personally Identifiable Information (PII) and disrupt business activities. Hence, there is a dire need to audit the websites and ensure information security. In this regard, several web vulnerability scanners are employed for vulnerability assessment of web applications but attacks are still increasing day by day. Therefore, a considerable amount of research has been carried out to measure the effectiveness and limitations of the publicly available web scanners. It is identified that most of the publicly available scanners possess weaknesses and do not generate desired results. In this paper, the evaluation of publicly available web vulnerability scanners is performed against the top ten OWASP11OWASP® The Open Web Application Security Project (OWASP) is an online community that produces comprehensive articles, documentation, methodologies, and tools in the arena of web and mobile security. vulnerabilities and their performance is measured on the precision of their results. Based on these results, we proposed an Integrated Multi-Agent Blackbox Security Assessment Tool (SAT) for the security assessment of web applications. Research has proved that the vulnerabilities assessment results of the SAT are more extensive and accurate.

This paper investigates the secrecy outage performance of Multiple Input Multiple Output (MIMO) secondary nodes for underlay Cognitive Radio Network (CRN) over α–μ fading channel. Here, the proposed system consists of one active eavesdropper and two primary nodes each with a single antenna. The power of the secondary transmitter depends on the harvested energy from the primary transmitter to save more energy and spectrum. Moreover, a Transmit Antenna Selection (TAS) scheme is adopted at the secondary source, while the Maximal Ratio Combining (MRC) technique is employed at the secondary receiver to optimize the quality of the signal. A lower bound closed-form phrase for the secrecy outage performance is derived to demonstrate the effects of the channel parameters. In addition, numerical results illustrate that the number of source transmit antennas, destination received antenna, and the eavesdropper received antenna have significant effects on improving the secrecy performance.

Data streaming over a wireless network such as Wireless Sensor Networks, where wireless terminals (like PDAs, mobile phones, palmtops) access in data conferencing system, new challenges will be brought about. goal for this paper is to propose a high-speed lightweight encryption (HSLE) for low computational capability controller of WSN, HSLE scheme which reduces latency overhead by modifying existing approaches in order to encrypting data using a probabilistic encryption of data blocks. Proposed work is also useful when we communicate our confidential data on WSN or IoT it should be secure, we just have to save an encrypted data on cloud servers. proposed work is a new key-based algorithm and uses HSLE encryption instead for high end AES. Proposed methods cause significant speed enhancement for data encryption with similar security, in addition, it is best suited in order to communication between hand-held devices such as mobile phones, palmtops etc. algorithm may be used between sites where processing capacity and battery power are limited and efficient encryption is main necessity. This work is implemented on MATLAB and a wireless sensor network of maximum 100 nodes developed for testing the proposed network node encryption system, the time delay observed for the communication in 100 nodes WSN is less in compare with the other available works.

Rational and smart decision making by means of strategic interaction and mathematical modelling is the key aspect of Game theory. Security games based on game theory are used extensively in cyberspace for various levels of security. The contemporary security issues can be modelled and analyzed using game theory as a robust mathematical framework. The attackers, defenders and the adversarial as well as defensive interactions can be captured using game theory. The security games equilibrium evaluation can help understand the attackers' strategies and potential threats at a deeper level for efficient defense. Wireless sensor network (WSN) designs are greatly benefitted by game theory. A deep learning adversarial network algorithm is used in combination with game theory enabling energy efficiency, optimal data delivery and security in a WSN. The trade-off between energy resource utilization and security is balanced using this technique.

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

Nowadays, lives are very much easier with the help of IoT. Due to lack of protection and a greater number of connections, the management of IoT becomes more difficult To manage the network flow, a Software Defined Networking (SDN) has been introduced. The SDN has a great capability in automatic and dynamic distribution. For harmful attacks on the controller a centralized SDN architecture unlocks the scope. Therefore, to reduce these attacks in real-time, a securing SDN enabled IoT scenario infrastructure of Fog networks is preferred. The virtual switches have network enforcement authorized decisions and these are executed through the SDN network. Apart from this, SDN switches are generally powerful machines and simultaneously these are used as fog nodes. Therefore, SDN looks like a good selection for Fog networks of IoT. Moreover, dynamically distributing the necessary crypto keys are allowed by the centralized and software channel protection management solution, in order to establish the Datagram Transport Layer Security (DTIS) tunnels between the IoT devices, when demanded by the cyber security framework. Through the extensive deployment of this combination, the usage of CPU is observed to be 30% between devices and the latencies are in milliseconds range, and thus it presents the system feasibility with less delay. Therefore, by comparing with the traditional SDN, it is observed that the energy consumption is reduced by more than 90%.

In case of deploying additional network security equipment in a new location, network service providers face difficulties such as precise management of large number of network security equipment and expensive network operation costs. Accordingly, there is a need for a method for security-aware network service provisioning using the existing network security equipment. In order to solve this problem, there is an existing reinforcement learning-based routing decision method fixed for each node. This method performs repeatedly until a routing decision satisfying end-to-end security constraints is achieved. This generates a disadvantage of longer network service provisioning time. In this paper, we propose security constraints reinforcement learning based routing (SCRR) algorithm that generates routing decisions, which satisfies end-to-end security constraints by giving conditional reward values according to the agent state-action pairs when performing reinforcement learning.

The burglary of a safe in the city of Jombang, East Java, lost valuables belonging to the Cemerlang Multipurpose Trading Cooperative. Therefore, a security system tool was created in the safe that serves as a place to store valuables and important assets. Change the security system using the security system with a private unique method with modulo arithmetic pattern. The security system of the safe is designed in layers which are attached with the RFID tag by registering and then verifying it on the card. Entering the password on the card cannot be read or is not performed, then the system will refuse to open it. arduino mega type 256 components, RFID tag is attached to the RFID reader, only one validated passive tag can open access to the security system, namely number B9 20 E3 0F. Meanwhile, of the ten passwords entered, only three match the modulo arithmetic format and can open the security system, namely password numbers 22540, 51324 and 91032. The circuit system on the transistor in the solenoid driver circuit works after the safety system opens. The servo motor can rotate according to the input of the open 900 servo angle rotation program.

Recently, hardware Trojan has become a serious security concern in the integrated circuit (IC) industry. Due to the globalization of semiconductor design and fabrication processes, ICs are highly vulnerable to hardware Trojan insertion by malicious third-party vendors. Therefore, the development of effective hardware Trojan detection techniques is necessary. Testability measures have been proven to be efficient features for Trojan nets classification. However, most of the existing machine-learning-based techniques use supervised learning methods, which involve time-consuming training processes, need to deal with the class imbalance problem, and are not pragmatic in real-world situations. Furthermore, no works have explored the use of anomaly detection for hardware Trojan detection tasks. This paper proposes a semi-supervised hardware Trojan detection method at the gate level using anomaly detection. We ameliorate the existing computation of the Sandia Controllability/Observability Analysis Program (SCOAP) values by considering all types of D flip-flops and adopt semi-supervised anomaly detection techniques to detect Trojan nets. Finally, a novel topology-based location analysis is utilized to improve the detection performance. Testing on 17 Trust-Hub Trojan benchmarks, the proposed method achieves an overall 99.47% true positive rate (TPR), 99.99% true negative rate (TNR), and 99.99% accuracy.

Sentiment Analysis (SA) is an approach for detecting subjective information such as thoughts, outlooks, reactions, and emotional state. The majority of previous SA work treats it as a text-classification problem that requires labelled input to train the model. However, obtaining a tagged dataset is difficult. We will have to do it by hand the majority of the time. Another concern is that the absence of sufficient cross-domain portability creates challenging situation to reuse same-labelled data across applications. As a result, we will have to manually classify data for each domain. This research work applies sentiment analysis to evaluate the entire vaccine twitter dataset. The work involves the lexicon analysis using NLP libraries like neattext, textblob and multi class classification using BERT. This word evaluates and compares the results of the machine learning algorithms.

SummaryIn this study, the propagation and resonance properties of shear-horizontal surface acoustic waves (SH SAWs) on a rotated Y-cut 90°X propagating Ca3TaGa3Si2O14 (CTGS) with a Au- or Al-interdigital transducer (IDT) were investigated theoretically and experimentally. It was found that not only a high-density Au-IDT but also a conventional Al-IDT enables the energy trapping of SH SAW in the vicinity of the surface. For both IDTs, the effective electromechanical coupling factor of about 1.2% and the zero temperature coefficient of frequency can be simultaneously obtained by adjusting the cut angle of CTGS and the electrode film thickness.

To achieve secure uplink communication from smartphones’ screen to a telephoto camera at a long distance of 3.5 meters, we demonstrate that low-luminance space division multiplexing screen is effective in enhancement of the physical layer security. First, a numerical model shows that the spatial inter-symbol interference caused by space division multiplexing prevents eavesdropping from a wide angle by the camera. Second, wide-angle characteristics of the symbol error rate and the pixel value distribution are measured to verify the numerical analysis. We experimentally evaluate the difference in the performances from a wide angle depending on the screen luminance and color. We also evaluate the performances at a long distance in front of the screen and a short distance from a wider angle.

Cyber-Physical System (CPS) is becoming increasingly complicated and integrated into our daily lives, laying the foundation for advanced infrastructures, commodities, and services. In this regard, operational continuity of the system is the most critical objective, and cyber resilience quantification to evaluate and enhance it has garnered attention. However, understanding of the increasingly critical cyber risks is weak, with the focus being solely on the damage that occurs in the physical domain. To address this gap, this work takes aim at shedding some light on the cyber resilience quantification of CPS. We review the numerous resilience quantification techniques presented to date through several metrics to provide systematization of knowledge (SoK). In addition, we discuss the challenges of current quantification methods and give ideas for future research that will lead to more precise cyber resilience measurements.

One of the key topics in network security research is the autonomous COA (Couse-of-Action) attack search method. Traditional COA attack search methods that passively search for attacks can be difficult, especially as the network gets bigger. To address these issues, new autonomous COA techniques are being developed, and among them, an intelligent spatial algorithm is designed in this paper for efficient operations in scalable networks. On top of the spatial search, a Monte-Carlo (MC)-based temporal approach is additionally considered for taking care of time-varying network behaviors. Therefore, we propose a spatio-temporal attack COA search algorithm for scalable and time-varying networks.

Nowadays big shopping marts are expanding their business all over the world but not all marts are fully protected with the advanced security system. Very often we come across cases where people take the things out of the mart without billing. These marts require some advanced features-based security system for them so that they can run an efficient and no-loss business. The idea we are giving here can not only be implemented in marts to enhance their security but can also be used in various other fields to cope up with the incompetent management system. Several issues of the stores like regular stock updating, placing orders for new products, replacing products that have expired can be solved with the idea we present here. We also plan on making the slow processes of billing and checking out of the mart faster and more efficient that would result in customer satisfaction.

This paper belongs to a sequence of manuscripts that discuss generic and easy-to-apply security metrics for Strong PUFs. These metrics cannot and shall not fully replace in-depth machine learning (ML) studies in the security assessment of Strong PUF candidates. But they can complement the latter, serve in initial PUF complexity analyses, and are much easier and more efficient to apply: They do not require detailed knowledge of various ML methods, substantial computation times, or the availability of an internal parametric model of the studied PUF. Our metrics also can be standardized particularly easily. This avoids the sometimes inconclusive or contradictory findings of existing ML-based security test, which may result from the usage of different or non-optimized ML algorithms and hyperparameters, differing hardware resources, or varying numbers of challenge-response pairs in the training phase.This first manuscript within the abovementioned sequence treats one of the conceptually most straightforward security metrics on that path: It investigates the effects that small perturbations in the PUF-challenges have on the resulting PUF-responses. We first develop and implement several sub-metrics that realize this approach in practice. We then empirically show that these metrics have surprising predictive power, and compare our obtained test scores with the known real-world security of several popular Strong PUF designs. The latter include (XOR) Arbiter PUFs, Feed-Forward Arbiter PUFs, and (XOR) Bistable Ring PUFs. Along the way, our manuscript also suggests techniques for representing the results of our metrics graphically, and for interpreting them in a meaningful manner.

Study on the effect of nanosecond laser anneal (NLA) induced crystallization of ferroelectric (FE) Si-doped hafnium oxide (HSO) material is reported. The laser energy density (0.3 J/cm2 to 1.3 J/cm2) and pulse count (1.0 to 30) variations are explored as pathways for the HSO based metal-ferroelectric-metal (MFM) capacitors. The increase in energy density shows transition toward ferroelectric film crystallization monitored by the remanent polarization (2Pr) and coercive field (2Ec). The NLA conditions show maximum 2Pr (\$\textbackslashsim 24\textbackslash \textbackslashmu\textbackslashmathrmC/\textbackslashtextcmˆ2\$) comparable to the values obtained from reference rapid thermal processing (RTP). Reliability dependence in terms of fatigue (107 cycles) of MFMs on NLA versus RTP crystallization anneal is highlighted. The NLA based MFMs shows improved fatigue cycling at high fields for the low energy densities compared to an RTP anneal. The maximum fatigue cycles to breakdown shows a characteristic dependence on the laser energy density and pulse count. Leakage current and dielectric breakdown of NLA based MFMs at the transition of amorphous to crystalline film state is reported. The role of NLA based anneal on ferroelectric film crystallization and MFM stack reliability is reported in reference with conventional RTP based anneal.