Biblio

Device attestation is a procedure to verify whether an embedded device is running the intended application code. This way, protection against both physical attacks and remote attacks on the embedded software is aimed for. With the wide adoption of Field-Programmable Gate Arrays or FPGAs, hardware also became configurable, and hence susceptible to attacks (just like software). In addition, an upcoming trend for hardware-based attestation is the use of configurable FPGA hardware. Therefore, in order to attest a whole system that makes use of FPGAs, the status of both the software and the hardware needs to be verified, without the availability of a tamper-resistant hardware module.In this paper, we propose a solution in which a prover core on the FPGA performs an attestation of the entire FPGA, including a self-attestation. This way, the FPGA can be used as a tamper-resistant hardware module to perform hardware-based attestation of a processor, resulting in a protection of the entire hardware/software system against malicious code updates.

The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research and industry communities. Such interest came with a vision towards enabling automation and intelligence for futuristic versions of our day to day devices. However, such a vision demands the need for accelerated research and development of IIoT systems, in which sensor integration, due to their diversity, impose a significant roadblock. Such roadblocks are embodied in both the cost and time to develop an IIoT platform, imposing limits on the innovation of sensor manufacturers, as a result of the demand to maintain interface compatibility for seamless integration and low development costs. In this paper, we propose an IIoT system architecture (SandBoxer) tailored for sensor integration, that utilizes a collaborative set of efforts from various technologies and research fields. The paper introduces the concept of ”development-sandboxing” as a viable choice towards building the foundation for enabling true-plug-and-play IIoT. We start by outlining the key characteristics desired to create an architecture that catalyzes IIoT research and development. We then present our vision of the architecture through the use of a sensor-hosted EEPROM and scripting to ”sandbox” the sensors, which in turn accelerates sensor integration for developers and creates a broader innovation path for sensor manufacturers. We also discuss multiple design alternative, challenges, and use cases in both the research and industry.

The rapid growth of the connected devices driven by Internet of Things (IoT) concept requires a complete rethinking of the conventional approaches for the network design. One of the key constraints of the IoT devices are their low capabilities in order to optimize energy consumption. On the other hand, many IoT applications require high level of data protection and privacy, which can be provided only by advanced cryptographic algorithms, which are not feasible for IoT devices. In this paper, we propose a scalable quadrature modulation aiming to solve the problem of secure communications at the physical layer. The key idea of the proposed approach is to transmit only part of information in way that allows target receiver to retrieve the complete information. Such approach allows to ensure the security of wireless channel, while reducing the overhead of advanced cryptographic algorithms.

Different tools and sources are used to collect big data, which may create privacy issues. k-anonymity, l-diversity, t-closeness etc. privacy preserving data publishing approaches are used data de-identification, but as multiple sources is used to collect the data, chance of re-identification is very high. Anonymization large data is not a trivial task, hence, privacy preserving approaches scalability has become a challenging research area. Researchers explore it by proposing algorithms for scalable anonymization. We further found that in some scenarios efficient anonymization is not enough, timely anonymization is also required. Hence, to incorporate the velocity of data with Scalable k-Anonymization (SKA) approach, we propose a novel approach, Scalable ( α, k)-Anonymization (SAKA). Our proposed approach outperforms in terms of information loss and running time as compared to existing approaches. With best of our knowledge, this is the first proposed scalable anonymization approach for the velocity of data.

Compared to ordinary Internet applications, the transfer of scientific data flows often has higher requirements for network performance. The network security devices and systems often affect the efficiency of scientific data transfer. As a new type of network architecture, Software-defined Networking (SDN) decouples the data plane from the control plane. Its programmability allows users to customize the network transfer path and makes the network more intelligent. The Science DMZ model is a private network for scientific data flow transfer, which can improve performance under the premise of ensuring network security. This paper combines SDN with Science DMZ, designs and implements an SDN-based traffic scheduling algorithm considering the load of link. In addition to distinguishing scientific data flow from common data flow, the algorithm further distinguishes the scientific data flows of different applications and performs different traffic scheduling of scientific data for specific link states. Experiments results proved that the algorithm can effectively improve the transmission performance of scientific data flow.

Spreading code assumes an indispensable work in WCDMA system. Every individual client in a cell is isolated by an exceptional spread code. PN grouping are commonly utilized in WCDMA framework. For example, Walsh codes or gold codes as spread code. Data received from WCDMA are transmitted using chaotic signal and that signal is generated by using logistic map. It is unsuitable to be utilized as spreading sequence. Using a threshold function the chaos signal is changed in the form of binary sequence. Consequently, QPSK modulation techniques is analyzed in W-CDMA downlink over Additive white Gaussian noise channel (AWGN) and Rayleigh multipath fading channel. The activity was assessed with the assistance of BER contrary to SNR utilizing parameters indicating the BER in low to high in SNR.

Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.

In the distributed Supervisory Control and Data Acquisitions (SCADA) system there is a need of doing the acquisition of very large amount of data on the network to visualize the same process in realtime or in the future. Water is distributed automatically to large area through autonomous SCADA systems. This makes the systems prone to various attacks at different instances and levels. The SCADA systems are also used for distributing common resources that range from Gas, Electricity, and Water distribution. It is the need of the hour to work on the security issues of such distribution systems to provide hassle-free services. This paper reviews the major problems on the water distribution system and possible attacks that are harmful during data acquisition and transfer. This paper also gives the insight on the latest technologies like elastic search and data modelling to increase the security of the water distribution system.

Live Linux distribution devices can hold Linux operating system for portability. Using such devices and distributions, one can access system or critical files, which otherwise cannot be accessed by guest or any unauthorized user. Events like file leakage before the official announcement. These announcements can vary from mobile companies to software industries. Damages caused by such vulnerabilities can be data theft, data tampering, or permanent deletion of certain records. This study uncovers the security flaws of operating system against live device attacks. For this study, we used live devices with different Linux distributions. Target operating systems are exposed to live device attacks and their behavior is recorded against different Linux distribution. This study also compares the robustness level of different operating system against such attacks.

A cooperative network defense is one approach to fend off large-scale Distributed Denial-of-Service (DDoS) attacks. In this regard, the Blockchain Signaling System (BloSS) is a multi-domain, blockchain-based, cooperative DDoS defense system, where each Autonomous System (AS) is taking part in the defense alliance. Each AS can exchange attack information about ongoing attacks via the Ethereum blockchain. However, the currently operational implementation of BloSS is not interactive or visualized, but the DDoS mitigation is automated. In realworld defense systems, a human cybersecurity analyst decides whether a DDoS threat should be mitigated or not. Thus, this work presents the design of a security management dashboard for BloSS, designed for interactive use by cyber security analysts.

Today, the privacy and the security of any organization are the key requirement, the digital online transaction of money or coins also needed a certain level of security not only during the broadcasting of the transaction but before the sending of the transaction. In this research paper we proposed and implemented a cryptocurrency (Bitcoin) wallet for the android operating system, by using the QR code-based android application and a secure private key storage (Cold Wallet). Two android applications have been implemented one of them is called cold wallet and the other one is hot wallet. Cold wallet (offline) is to store and generate the private key addresses for secure transaction confirmation and the hot wallet is used to send bitcoin to the network. Hot wallet application gives facility to the user view history of performed transactions, to send and compose a new bitcoin transaction, receive bitcoin, sign it and send it to the network. By using the process of cross QR code scanning of the hot and cold wallet to the identification, validation and authentication of the user made it secure.

The endeavor to achieving software security consists of a set of risk-based security engineering processes during software development. In iterative software development, the software design typically evolves as the project matures, and the technical environment may undergo considerable changes. This increases the work load of identifying, assessing and managing the security risk by each iteration, and after every change. Besides security risk, the changes also accumulate technical debt, an allegory for postponed or sub-optimally performed work. To manage the security risk in software development efficiently, and in terms and definitions familiar to software development organizations, the concept of technical debt is extended to contain security debt. To accommodate new technical debt with potential security implications, a security debt management approach is introduced. The selected approach is an extension to portfolio-based technical debt management framework. This includes identifying security risk in technical debt, and also provides means to expose debt by security engineering techniques that would otherwise remained hidden. The proposed approach includes risk-based extensions to prioritization mechanisms in existing technical debt management systems. Identification, management and repayment techniques are presented to identify, assess, and mitigate the security debt.

Biometric system security requires cryptographic protection of sample data under certain circumstances. We assess low complexity selective encryption schemes applied to JPEG2000 compressed iris data by conducting iris recognition on the selectively encrypted data. This paper specifically compares the effects of a recently proposed approach, i.e. applying selective encryption to normalised texture data, to encrypting classical sample data. We assess achieved protection level as well as computational cost of the considered schemes, and particularly highlight the role of segmentation in obtaining surprising results.

In recent years, the number of smart mobile devices has rapidly increased worldwide. This explosion of continuously connected mobile devices has resulted in an exponential growth in the number of publically available mobile Apps. To facilitate the selection of mobile Apps, from various available choices, the App distribution platforms typically rank/recommend Apps based on average star ratings, the number of downloads, and associated reviews - the external aspect of an App. However, these ranking schemes typically tend to ignore critical internal aspects (e.g., security vulnerabilities) of the Apps. Such an omission of internal aspects is certainly not desirable, especially when many of the users do not possess the necessary skills to evaluate the internal aspects and choose an App based on the default ranking scheme which uses the external aspect. In this paper, we build upon our earlier efforts by focusing specifically on the security-related internal aspect of an App and its combination with the external aspect computed from the user reviews by identifying security-related comments.We use this combination to rank-order similar Apps. We evaluate our approach on publicly available Apps from the Google PlayStore and compare our ranking with prevalent ranking techniques such as the average star ratings. The experimental results indicate the effectiveness of our proposed approach.

In this paper, we propose and develop an actuator attack model for discrete-event systems. We assume the actuator attacker partially observes the execution of the closed-loop system and eavesdrops the control commands issued by the supervisor. The attacker can modify each control command on a specified subset of attackable events. The goal of the actuator attacker is to remain covert until it can establish a successful attack and lead the attacked closed-loop system into generating certain damaging strings. We then present a characterization for the existence of a successful attacker and prove the existence of the supremal successful attacker, when both the supervisor and the attacker are normal. Finally, we present an algorithm to synthesize the supremal successful normal attackers.

This study proposes a method for ECG signals quality assessment (SQA) by using temporal feature, and heuristic rule. The ECG signal will be classified as acceptable or unacceptable. Seven types of noise were able to be detected by the prosed method. The noises are: FL, TVN, BW, AB, MA, PLI and AWGN. The proposed method is aimed to have better performance for SQA than classical machine learning method. The experiment is conducted by using 1000 instances ECG signal. The experiment result shows that db8 has the best performance with 0.86, 0.85 and 85.6% on lead-1 signal and 0.69, 0.79, and 74% on lead-5 signal for specificity, sensitivity and accuracy respectively. Compared to the classical machine learning, the proposed heuristic method has same accuracy but has 48% and 31% better specificity for lead-1 and lead-5. It means that the proposed method has far better ability to detect noise.

Wearable devices, such as implantable medical devices and smart wearables, are becoming increasingly popular with applications that vary from casual activity monitoring to critical medical uses. Unsurprisingly, numerous security vulnerabilities have been found in this class of devices. Yet, research on physical measurement-based authentication and key distribution assumes that body-worn devices are benign and uncompromised. Tiek is a novel authentication and key distribution protocol which addresses this issue. We utilize two sources of randomness to perform device authentication and key distribution simultaneously but through separate means. This creates a two-tier authorization scheme that enables devices to join the network while protecting them from each other. We describe Tiek and analyze its security.

Cybersecurity cannot be addressed by technology alone; the most intractable aspects are in fact sociotechnical. As a result, the 'human factor' has been recognised as being the weakest and most obscure link in creating safe and secure digital environments. This study examines the subjective and often complex nature of human factors in the cybersecurity context through a systematic literature review of 27 articles which span across technical, behavior and social sciences perspectives. Results from our study suggest that there is still a predominately a technical focus, which excludes the consideration of human factors in cybersecurity. Our literature review suggests that this is due to a lack of consolidation of the attributes pertaining to human factors; the application of theoretical frameworks; and a lack of in-depth qualitative studies. To ensure that these gaps are addressed, we propose that future studies take into consideration (a) consolidating the human factors; (b) examining cyber security from an interdisciplinary approach; (c) conducting additional qualitative research whilst investigating human factors in cybersecurity.

With geographic message dissemination, connected vehicles can be served with traffic information in their proximity, thereby positively impacting road safety, traffic management, or routing. Since such messages are typically relevant in a small geographic area, servers only distribute messages to affected vehicles for efficiency reasons. One main challenge is to maintain scalability of the server infrastructure when collecting location updates from vehicles and determining the relevant group of vehicles when messages are distributed to a geographic relevance area, while at the same time respecting the individual user's privacy in accordance with legal regulations. In this paper, we present a framework for geographic message dissemination following the privacy-by-design and privacy-by-default principles, without having to accept efficiency drawbacks compared to conventional server-client based approaches.

Bluetooth enables excellent mobility in Brain Computer Interface (BCI) research and other use cases including ambulatory care, telemedicine, fitness tracking and mindfulness training. Although significant research exists for an all-encompassing BCI performance rating, almost all the literature addresses performance in terms of brain state or brain function classification accuracy. For the few published experiments that address BCI hardware performance, they too, focused on improving classification accuracy. This paper explores some of the more recent studies and proposes a trusted performance rating for BCI applications based on the enhanced privacy, yet reduced bandwidth needs of mobile EEG-based BCI applications. This paper proposes a set of Bluetooth operating parameters required to meet the performance, usability and privacy requirements of reliable and secure mobile neuro-feedback applications. It presents a rating model, "Trusted Mobile BCI", based on those operating parameters, and validated the model with studies that leveraged mobile BCI technology.

We report on the significant enhancement of perpendicular magnetic anisotropy of Ni/NiO multilayers after mild annealing up to 90 min at 250 °C. Transmission electron microscopy shows that after annealing, a partial crystallization of the initially amorphous NiO layers occurs. This turns out to be the source of the anisotropy enhancement. Magnetic measurements reveal that even multilayers with Ni layers as thick as 7 nm, which in the as-deposited state showed inplane anisotropy with square hysteresis loops, show reduced in-plane remanence after thermal treatment. Hysteresis loops recorded with the field in the normal-to-film-plane direction provide evidence for perpendicular magnetic anisotropy with up and down magnetic domains at remanence. A plot of effective uniaxial magnetic anisotropy constant times individual Ni layer thickness as a function of individual Ni layer thickness shows a large change in the slope of the data attributed to a drastic change of volume anisotropy. Surface anisotropy showed a small decrease because of some layer roughening introduced by annealing.

We initiate an effort to provide a rigorous, holistic and modular security analysis of OpenStack. OpenStack is the prevalent open-source, non-proprietary package for managing cloud services and data centers. It is highly complex and consists of multiple inter-related components which are developed by separate, loosely coordinated groups. All of these properties make the security analysis of OpenStack both a worthy mission and a challenging one. We base our modeling and security analysis in the universally composable (UC) security framework. This allows specifying and proving security in a modular way – a crucial feature when analyzing systems of such magnitude. Our analysis has the following key features: 1) It is user-centric: It stresses the security guarantees given to users of the system in terms of privacy, correctness, and timeliness of the services. 2) It considers the security of OpenStack even when some of the components are compromised. This departs from the traditional design approach of OpenStack, which assumes that all services are fully trusted. 3) It is modular: It formulates security properties for individual components and uses them to prove security properties of the overall system. Specifically, this work concentrates on the high-level structure of OpenStack, leaving the further formalization and more detailed analysis of specific OpenStack services to future work. Specifically, we formulate ideal functionalities that correspond to some of the core OpenStack modules, and then proves security of the overall OpenStack protocol given the ideal components. As demonstrated within, the main challenge in the high-level design is to provide adequately fine-grained scoping of permissions to access dynamically changing system resources. We demonstrate security issues with current mechanisms in case of failure of some components, propose alternative mechanisms, and rigorously prove adequacy of then new mechanisms within our modeling.

One of the biggest problems in the current society is people's safety. Safety measures and mechanisms are especially important in the case of vulnerable social groups, such as migrants, homeless, and victims of domestic and/or sexual violence. In order to cope with this problem, we witness an increasing number of personal alarm systems in the market, most of them based on panic buttons. Nevertheless, none of them has got widespread acceptance mainly because of limited Human-Computer Interaction. In the context of this work, we developed an innovative mobile application that recognizes an attack through speech and gesture recognition. This paper describes such a system and presents its features, some of them based on the emerging concept of Human-in-the-Loop Cyber-physical Systems and new concepts of Human-Computer Interaction.

The growing complexity and diversification of cyber-attacks are largely reflected in the increasing sophistication of security appliances, which are often too cumbersome to be run in virtual services and IoT devices. Hence, the design of cyber-security frameworks is today looking at more cooperative models, which collect security-related data from a large set of heterogeneous sources for centralized analysis and correlation.In this paper, we outline a flexible abstraction layer for access to security context. It is conceived to program and gather data from lightweight inspection and enforcement hooks deployed in cloud applications and IoT devices. We also provide a preliminary description of its implementation, by reviewing the main software components and their role.

Network-on-Chip (NoC) is the communication platform of the data among the processing cores in Multiprocessors System-on-Chip (MPSoC). NoC has become a target to security attacks and by outsourcing design, it can be infected with a malicious Hardware Trojan (HT) to degrades the system performance or leaves a back door for sensitive information leaking. In this paper, we proposed a HT model that applies a denial of service attack by deliberately discarding the data packets that are passing through the infected node creating a black hole in the NoC. It is known as Black Hole Router (BHR) attack. We studied the effect of the BHR attack on the NoC. The power and area overhead of the BHR are analyzed. We studied the effect of the locations of BHRs and their distribution in the network as well. The malicious nodes has very small area and power overhead, 1.98% and 0.74% respectively, with a very strong violent attack.