Biblio

The rapid development of the Industry 4.0 initiative highlights the problems of Cyber-security of Industrial Computer Systems and, following global trends in Cyber Defense, the implementation of Artificial Intelligence instruments. The authors, having certain achievement in the implementation of Artificial Intelligence tools in Cyber Protection of Information Systems and, more precisely, creating and successfully experimenting with a hybrid model of Intrusion Detection and Prevention System (IDPS), decided to study and experiment with the possibility of applying a similar model to Industrial Control Systems. This raises the question: can the experience of applying Artificial Intelligence methods in Information Systems, where this development went beyond the experimental phase and has entered into the real implementation phase, be useful for experimenting with these methods in Industrial Systems.

We present a scalable optimization algorithm and its parallel implementation for two-stage stochastic programming problems of large-scale, particularly the security constrained optimal power flow models routinely used in electrical power grid operations. Such problems can be prohibitively expensive to solve on industrial scale with the traditional methods or in serial. The algorithm decomposes the problem into first-stage and second-stage optimization subproblems which are then scheduled asynchronously for efficient evaluation in parallel. Asynchronous evaluations are crucial in achieving good balancing and parallel efficiency because the second-stage optimization subproblems have highly varying execution times. The algorithm employs simple local second-order approximations of the second-stage optimal value functions together with exact first- and second-order derivatives for the first-stage subproblems to accelerate convergence. To reduce the number of the evaluations of computationally expensive second-stage subproblems required by line search, we devised a flexible mechanism for controlling the step size that can be tuned to improve performance for individual class of problems. The algorithm is implemented in C++ using MPI non-blocking calls to overlap computations with communication and boost parallel efficiency. Numerical experiments of the algorithm are conducted on Summit and Lassen supercomputers at Oak Ridge and Lawrence Livermore National Laboratories and scaling results show good parallel efficiency.

BYOD or Bring Your Own Device is a set of policies that allow employees of an organization to use their own devices for official work purposes. BYOD is an immensely popular concept in the present day due to the many advantages it provides. However, the implementation of BYOD policies entail diverse problems and as a result, the confidentiality of documents can be breached. Furthermore, employees without security awareness and training are highly vulnerable to endpoint attacks, network attacks, and zero-day attacks that lead to a breach of confidentiality, integrity, and availability (CIA). In this context, this paper proposes a comprehensive solution; ‘BYODENCE’, for the detection and prevention of unauthorized access to organizational documents. BYODENCE is an efficient BYOD solution which can produce competitive results in terms of accuracy and speed.

The Internet of Battlefield Things is a relatively new cyberphysical system and even though it shares a lot of concepts from the Internet of Things and wireless ad hoc networking in general, a lot of research is required to address its scale and peculiarities. In this article we examine a fundamental problem pertaining to the routing/dissemination of information, namely the construction of a backbone. We model an IoBT ad hoc network as a multilayer network and employ the concept of domination for multilayer networks which is a complete departure from the volume of earlier works, in order to select sets of nodes that will support the routing of information. Even though there is huge literature on similar topics during the past many years, the problem in military (IoBT) networks is quite different since these wireless networks are multilayer networks and treating them as a single (flat) network or treating each layer in isolation and calculating dominating set produces submoptimal or bad solutions; thus all the past literature which deals with single layer (flat) networks is in principle inappropriate. We design a new, distributed algorithm for calculating connected dominating sets which produces dominating sets of small cardinality. We evaluate the proposed algorithm on synthetic topologies, and compare it against the only two existing competitors. The proposed algorithm establishes itself as the clear winner in all experiments.

Deep learning has achieved great results in the last decade, however, it is sensitive to so called adversarial attacks - small perturbations of the input that cause the network to classify incorrectly. In the last years a number of attacks and defenses against these attacks were described. Most of the defenses however focus on defending against gradient-based attacks. In this paper, we describe an evolutionary attack and show that the adversarial examples produced by the attack have different features than those from gradient-based attacks. We also show that these features mean that one of the state-of-the-art defenses fails to detect such attacks.

Our identity as a human being is determined by the documents, not by appearance or physicality. The most important thing to prove the identity of humans is to show a government-issued document. Generally, from birth to death humans are recognized by documents because they are born with a birth certificate and they die with a death certificate. The main problem with these documents is that, they can be falsified or manipulated by others. Moreover in this digital era, they are stored in a centralized manner, which is prone to a cyber threat. This study aims to develop a blockchain environment to create, verify, and securely share documents in a decentralized manner. With the help of bigchainDB, interplanetary file system (IPFS), and asymmetric encryption, this research work will prototype the proposed solution called blockchain-based digital locker, which is similar to the DigiLocker released by the Department of Electronics and Information Technology (DeitY), Govt. of India. BigchainDB will help in treating each document as an asset by making it immutable with the help of IPFS and asymmetric encryption, where documents can not only be shared but also verified.

The current supply of a highly specialized cyber security professionals cannot meet the demands for societies seeking digitization. To close the skill gap, there is a need for introducing students in higher education to cyber security, and to combine theoretical knowledge with practical skills. This paper presents how the cyber security training platform Haaukins, initially developed to increase interest and knowledge of cyber security among high school students, was further developed to support the need for training in higher education. Based on the differences between the existing and new target audiences, a set of design principles were derived which shaped the technical adjustments required to provide a suitable platform - mainly related to dynamic tooling, centralized access to exercises, and scalability of the platform to support courses running over longer periods of time. The implementation of these adjustments has led to a series of teaching sessions in various institutions of higher education, demonstrating the viability for Haaukins for the new target audience.

Capability machines such as CHERI provide memory capabilities that can be used by compilers to provide security benefits for compiled code (e.g., memory safety). The existing C to CHERI compiler, for example, achieves memory safety by following a principle called “pointers as capabilities” (PAC). Informally, PAC says that a compiler should represent a source language pointer as a machine code capability. But the security properties of PAC compilers are not yet well understood. We show that memory safety is only one aspect, and that PAC compilers can provide significant additional security guarantees for partial programs: the compiler can provide security guarantees for a compilation unit, even if that compilation unit is later linked to attacker-provided machine code.As such, this paper is the first to study the security of PAC compilers for partial programs formally. We prove for a model of such a compiler that it is fully abstract. The proof uses a novel proof technique (dubbed TrICL, read trickle), which should be of broad interest because it reuses the whole-program compiler correctness relation for full abstraction, thus saving work. We also implement our scheme for C on CHERI, show that we can compile legacy C code with minimal changes, and show that the performance overhead of compiled code is roughly proportional to the number of cross-compilation-unit function calls.

The COVID-19 pandemic introduced novel incentives for adversaries to exploit the state of turmoil. As we have witnessed with the increase in for instance phishing attacks and domain name registrations piggybacking the COVID-19 brand name. In this paper, we perform an analysis at Internet-scale of COVID-19 domain name registrations during the early stages of the virus' spread, and investigate the rationales behind them. We leverage the DomainTools COVID-19 Threat List and additional measurements to analyze over 150,000 domains registered between January 1st 2020 and May 1st 2020. We identify two key rationales for covid-related domain registrations. Online marketing, by either redirecting traffic or hosting a commercial service on the domain, and domain parking, by registering domains containing popular COVID-19 keywords, presumably anticipating a profit when reselling the domain later on. We also highlight three public policy take-aways that can counteract this domain registration behavior.

Today the mobile devices are more and more present in our lives, and the mobile applications market has experienced a sharp growth. Most of these applications are made to make our daily lives easier, and for this a large part of them consume various web services. Given this transition, from desktop and web applications to mobile applications, many critical services have begun to expose their APIs for use by such application clients. Unfortunately, this transition has paved the way for new vulnerabilities, vulnerabilities used to compress cloud services. In this article we analyzed the main security problems and how they can be solved using the attestation services, the services that indicate that the device running the application and the client application are genuine.

Recent controlled-channel attacks exploit timing differences in the rudimentary fetch-decode-execute logic of processors. These new attacks also pose a threat to software on embedded systems. Even when Trusted Execution Environments (TEEs) are used, interrupt latency attacks allow untrusted code to extract application secrets from a vulnerable enclave by scheduling interruption of the enclave. Constant-time programming is effective against these attacks but, as we explain in this paper, can come with some disadvantages regarding performance. To deal with this new threat, we propose a novel algorithm that hardens programs during compilation by aligning the execution time of corresponding instructions in secret-dependent branches. Our results show that, on a class of embedded systems with deterministic execution times, this approach eliminates interrupt latency side-channel leaks and mitigates limitations of constant-time programming. We have implemented our approach in the LLVM compiler infrastructure for the San-cus TEE, which extends the openMSP430 microcontroller, and we discuss applicability to other architectures. We make our implementation and benchmarks available for further research.

This document paper presents a critical and condensed analyze on series of devices that are intended for the military field, making an overview analysis of the technical solutions presented and that identifying those aspects that are really important for the military field or that offering a new approach. We currently have a wide range of medical devices that can be adapted for use in the military, but this adaptation must follow some well-defined aspects. A device that does not offer 100% reliability will be difficult to adopt in a military system, where mistakes are not allowed.

Cloud computing is a modern type of service that provides each consumer with a large-scale computing tool. Different cyber-attacks can potentially target cloud computing systems, as most cloud computing systems offer services to so many people who are not known to be trustworthy. Therefore, to protect that Virtual Machine from threats, a cloud computing system must incorporate some security monitoring framework. There is a tradeoff between the security level of the security system and the performance of the system in this scenario. If a strong security is required then a stronger security service using more rules or patterns should be incorporated and then in proportion to the strength of security, it needs much more computing resources. So the amount of resources allocated to customers is decreasing so this research work will introduce a new way of security system in cloud environments to the VM in this research. The main point of Fog computing is to part of the cloud server's work in the ongoing study tells the step-by-step cloud server to change gigantic information measurement because the endeavor apps are relocated to the cloud to keep the framework cost. So the cloud server is devouring and changing huge measures of information step by step so it is rented to keep up the problem and additionally get terrible reactions in a horrible device environment. Cloud computing and Fog computing approaches were combined in this paper to review data movement and safe information about MDHC.

Spin-transfer torque magnetoresistive random-access memories (STT-MRAMs) are gradually superseding conventional SRAMs as last-level cache in System-on-Chip designs. Their manufacturing process includes trimming a reference resistance in STT-MRAM modules to reliably determine the logic values of 0 and 1 during read operations. Typically, an on-chip trimming routine consists of multiple runs of a test algorithm with different settings of a trimming port. It may inherently produce a large number of mismatches. Diagnosis of such a sizeable volume of errors by means of existing memory built-in self-test (MBIST) schemes is either infeasible or a time-consuming and expensive process. In this paper, we propose a new memory fault diagnosis scheme capable of handling STT-MRAM-specific error rates in an efficient manner. It relies on a convolutional reduction of memory outputs and continuous shifting of the resultant data to a tester through a few output channels that are typically available in designs using an on-chip test compression technology, such as the embedded deterministic test. It is shown that processing the STT-MRAM output by using a convolutional compactor is a preferable solution for this type of applications, as it provides a high diagnostic resolution while incurring a low hardware overhead over traditional MBIST logic.

In this paper, we highlight a fundamental vulnerability associated with the widely adopted “Just Tap” push-based authentication in the face of a concurrency attack, and propose the method REPLICATE, a redesign to counter this vulnerability. In the concurrency attack, the attacker launches the login session at the same time the user initiates a session, and the user may be fooled, with high likelihood, into accepting the push notification which corresponds to the attacker's session, thinking it is their own. The attack stems from the fact that the login notification is not explicitly mapped to the login session running on the browser in the Just Tap approach. REPLICATE attempts to address this fundamental flaw by having the user approve the login attempt by replicating the information presented on the browser session over to the login notification, such as by moving a key in a particular direction, choosing a particular shape, etc. We report on the design and a systematic usability study of REPLICATE. Even without being aware of the vulnerability, in general, participants placed multiple variants of REPLICATE in competition to the Just Tap and fairly above PIN-based authentication.

In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels. TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication. TACAN consists of three different covert channels: 1) Inter-Arrival Time (IAT)-based, 2) Least Significant Bit (LSB)-based, and 3) hybrid covert channels. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010.

With over 80% of goods transportation in volume carried by sea, ports are key infrastructures within the logistics value chain. To address the challenges of the globalized and competitive economy, ports are digitizing at a fast pace, evolving into smart ports. Consequently, the cyber-resilience of ports is essential to prevent possible disruptions to the economic supply chain. Over the last few years, there has been a significant increase in the number of disclosed cyber-attacks on ports. In this paper, we present the capabilities of a high-end hybrid cyber range for port cyber risks awareness and training. By describing a specific port use-case and the first results achieved, we draw perspectives for the use of cyber ranges for the training of port actors in cyber crisis management.

Industry 4.0 or also known as the fourth industrial revolution poses a great cybersecurity risk for Supervisory control and data acquisition (SCADA) systems. Nowadays, lots of enterprises have turned into renewable energy and are changing the energy dependency to be on wind power. The SCADA systems are often vulnerable against different kinds of cyberattacks and thus allowing intruders to successfully and intrude exfiltrate different wind farm SCADA systems. During our research a future concept testbed of a wind farm SCADA system is going to be introduced. The already existing real-world vulnerabilities that are identified are later on going to be demonstrated against the test SCADA wind farm system.

In the computer era, various digital devices are used along with networking technology for data communication in secured manner. But sometimes these systems are misused by the attackers. Information security with the high efficiency devices, tools are utilized for protecting the communication media and valuable data. In case of any unwanted incidents and security breaches, digital forensics methods and measures are well utilized for detecting the type of attacks, sources of attacks, their purposes. By utilizing information related to security measures, digital forensics evidences with suitable methodologies, digital forensics investigators detect the cyber-crimes. It is also necessary to prove the cyber-crimes before the law enforcement department. During this process investigators type to collect different types of information from the digital devices concerned to the cyber-attack. One of the major tasks of the digital investigator is collecting and managing the seizure records from the crime-scene. The present paper discusses the seizure record framework for digital forensics investigations.

Recently, Martínez-Peñas and Kschischang (IEEE Trans. Inf. Theory, 2019) showed that lifted linearized Reed-Solomon codes are suitable codes for error control in multishot network coding. We show how to construct and decode lifted interleaved linearized Reed-Solomon codes. Compared to the construction by Martínez-Peñas-Kschischang, interleaving allows to increase the decoding region significantly (especially w.r.t. the number of insertions) and decreases the overhead due to the lifting (i.e., increases the code rate), at the cost of an increased packet size. The proposed decoder is a list decoder that can also be interpreted as a probabilistic unique decoder. Although our best upper bound on the list size is exponential, we present a heuristic argument and simulation results that indicate that the list size is in fact one for most channel realizations up to the maximal decoding radius.

The deployment of DER with smart-inverter functionality is increasing the controllable assets on power distribution networks and, consequently, the cyber-physical attack surface. Within this work, we consider the use of reinforcement learning as an online controller that adjusts DER Volt/Var and Volt/Watt control logic to mitigate network voltage unbalance. We specifically focus on the case where a network-aware cyber-physical attack has compromised a subset of single-phase DER, causing a large voltage unbalance. We show how deep reinforcement learning successfully learns a policy minimizing the unbalance, both during normal operation and during a cyber-physical attack. In mitigating the attack, the learned stochastic policy operates alongside legacy equipment on the network, i.e. tap-changing transformers, adjusting optimally predefined DER control-logic.

Elliptic Curve Cryptography (ECC) is a revolution in asymmetric key cryptography which is based on the hardness of discrete logarithms. ECC offers lightweight encryption as it presents equal security for smaller keys, and reduces processing overhead. But asymmetric schemes are vulnerable to several cryptographic attacks such as plaintext attacks, known cipher text attacks etc. Frequency analysis is a type of cipher text attack which is a passive traffic analysis scenario, where an opponent studies the frequency or occurrence of single letter or groups of letters in a cipher text to predict the plain text part. Block cipher modes are not used in asymmetric key encryption because encrypting many blocks with an asymmetric scheme is literally slow and CBC propagates transmission errors. Therefore, in this research we present a new approach to defence against frequency analysis in ECC using K-Means clustering to defence against Frequency Analysis. In this proposed methodology, security of ECC against frequency analysis is achieved by clustering the points of the curve and selecting different cluster for encoding a text each time it is encrypted. This technique destroys the regularities in the cipher text and thereby guards against cipher text attacks.

In view of the common edge computing-based cloud-side collaborative environment summary existing search key and authentication key sharing caused by data information leakage, this paper proposes a cryptographic search based on public key searchable encryption in an edge computing environment method, this article uses the public key to search for the characteristics of the encryption algorithm, and allows users to manage the corresponding private key. In the process of retrieval and execution, the security of the system can be effectively ensured through the secret trapdoor. Through the comparison of theoretical algorithms, the searchable encryption scheme in the edge computing environment proposed in this paper can effectively reduce the computing overhead on the user side, and complete the over-complex computing process on the edge server or the central server, which can improve the overall efficiency of encrypted search.

Modern day grid operation requires multiple interlinked applications and many automated processes at control center for monitoring and operation of grid. Information technology integrated with operational technology plays a critical role in grid operation. Computing resource requirements of these software applications varies widely and includes high processing applications, high Input/Output (I/O) sensitive applications and applications with low resource requirements. Present day grid operation control center uses various applications for load despatch schedule management, various real-time analytics & optimization applications, post despatch analysis and reporting applications etc. These applications are integrated with Operational Technology (OT) like Data acquisition system / Energy management system (SCADA/EMS), Wide Area Measurement System (WAMS) etc. This paper discusses various design considerations and implementation of converged infrastructure through virtualization technology by consolidation of servers and storages using multi-cluster approach to meet high availability requirement of the applications and achieve desired objectives of grid control center of north eastern region in India. The process involves weighing benefits of different architecture solution, grouping of application hosts, making multiple clusters with reliability and security considerations, and designing suitable infrastructure to meet all end objectives. Reliability, enhanced resource utilization, economic factors, storage and physical node selection, integration issues with OT systems and optimization of cost are the prime design considerations. Modalities adopted to minimize downtime of critical systems for grid operation during migration from the existing infrastructure and integration with OT systems of North Eastern Regional Load Despatch Center are also elaborated in this paper.

Conventional Security Systems are improving with the advancement of Internet of Things (IoT) based technology. For better security, in addition to the currently available technology, surveillance systems are used. In this research, a Smart Surveillance System with machine-learning capabilities is designed to detect security breaches and it will resolve safety concerns. Machine learning algorithms are implemented to detect intruders as well as suspicious activities. Enery efficiency is the major concern for constant monitoring systems. As a result, the designed system focuses on power consumption by calibrating the system so that it can work on bare minimum power and additionally provides the required output. Fire sensor has also been integrated to detect fire for safety purposes. By adding upon the security infrastructure, next-generation smart surveillance systems can be created for a safe future. The developed system contains the necessary tools to recognize intruders by face recognition. Also using the ambient sensors (PIR sensor, fire detecting sensor), a secure environment is provided during working and non-working hours. The system shows high accuracy in human & flame detection. A more reliable security system can be created with the further development of this research.