Biblio

With the rapid development of IoT in recent years, IoT is increasingly being used as an endpoint of supply chains. In general, as the majority of data is now being stored and shared over the network, information security is an important issue in terms of secure supply chain management. In response to cyber security breaches and threats, there has been much research and development on the secure storage and transfer of data over the network. However, there is a relatively limited amount of research and proposals for the security of endpoints, such as IoT linked in the supply chain network. In addition, it is difficult to ensure reliability for IoT itself due to a lack of resources such as CPU power and storage. Ensuring the reliability of IoT is essential when IoT is integrated into the supply chain. Thus, in order to secure the supply chain, we need to improve the reliability of IoT, the endpoint of the supply chain. In this work, we examine the use of IoT gateways, client certificates, and IdP as methods to compensate for the lack of IoT resources. The results of our qualitative evaluation demonstrate that using the IdP method is the most effective.

Due to the critical importance of Industrial Control Systems (ICS) to the operations of cities and countries, research into the security of critical infrastructure has become increasingly relevant and necessary. As a component of both the research and application sides of smart city development, accurate and precise modeling, simulation, and verification are key parts of a robust design and development tools that provide critical assistance in the prevention, detection, and recovery from abnormal behavior in the sensors, controllers, and actuators which make up a modern ICS system. However, while these tools have potential, there is currently a need for helper-tools to assist with their setup and configuration, if they are to be utilized widely. Existing state-of-the-art tools are often technically complex and difficult to customize for any given IoT/ICS processes. This is a serious barrier to entry for most technicians, engineers, researchers, and smart city planners, while slowing down the critical aspects of safety and security verification. To remedy this issue, we take a case study of existing simulation toolkits within the field of water management and expand on existing tools and algorithms with simplistic automated retrieval functionality using a much more in-depth and usable customization interface to accelerate simulation scenario design and implementation, allowing for customization of the cyber-physical network infrastructure and cyber attack scenarios. We additionally provide a novel in-tool-assessment of network’s resilience according to graph theory path diversity. Further, we lay out a roadmap for future development and application of the proposed tool, including expansions on resiliency and potential vulnerability model checking, and discuss applications of our work to other fields relevant to the design and operation of smart cities.

Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.

The paper considers the issue of assessing threats to information security in industrial automation and telecommunication systems in order to improve the efficiency of their security systems. A method for determining a quantitative indicator of threats is proposed, taking into account the probabilistic nature of the process of implementing negative impacts on objects of both industrial and telecommunications systems. The factors that contribute and (or) initiate them are also determined, the dependences of the formal definition of the quantitative indicator of threats are obtained. Methods for a quantitative threat assessment as well as the degree of this threat are presented in the form of a mathematical model in order to substantiate and describe the method for determining a threat to industrial automation systems. Recommendations necessary for obtaining expert assessments of negative impacts on the informatisation objects and information security systems counteracting are formulated to facilitate making decisions on the protection of industrial and telecommunication systems.

Security patterns are proven solutions to recurring problems in software development. The growing importance of secure software development has introduced diverse research efforts on security patterns that mostly focused on classification schemes, evolution and evaluation of the patterns. Despite a huge mature history of research and popularity among researchers, security patterns have not fully penetrated software development practices. Besides, software security education has not been benefited by these patterns though a commonly stated motivation is the dissemination of expert knowledge and experience. This is because the patterns lack a simple embodiment to help students learn about vulnerable code, and to guide new developers on secure coding. In order to address this problem, we propose to conduct intelligent data mining in the context of software engineering to discover learner-friendly software security patterns. Our proposed model entails knowledge discovery from large scale published real-world vulnerability histories in software applications. We harness association rule mining for frequent pattern discovery to mine easily comprehensible and explainable learner-friendly rules, mainly of the type "flaw implies fix" and "attack type implies flaw", so as to enhance training in secure coding which in turn would augment secure software development. We propose to build a learner-friendly intelligent tutoring system (ITS) based on the newly discovered security patterns and rules explored. We present our proposed model based on association rule mining in secure software development with the goal of building this ITS. Our proposed model and prototype experiments are discussed in this paper along with challenges and ongoing work.

Protecting privacy of the user location in Internet of Things (IoT) applications is a complex problem. Peer-to-peer (P2P) approach is one of the most popular techniques used to protect privacy in IoT applications, especially that use the location service. The P2P approach requires trust among peers in addition to serious cooperation. These requirements are still an open problem for this approach and its methods. In this paper, we propose an effective solution to this issue by creating a manager for the peers' reputation called R-TTP. Each peer has a new query. He has to evaluate the cooperated peer. Depending on the received result of that evaluation, the main peer will send multiple copies of the same query to multiple peers and then compare results. Moreover, we proposed another scenario to the manager of reputation by depending on Fog computing to enhance both performance and privacy. Relying on this work, a user can determine the most suitable of many available cooperating peers, while avoiding the problems of putting up with an inappropriate cooperating or uncommitted peer. The proposed method would significantly contribute to developing most of the privacy techniques in the location-based services. We implemented the main functions of the proposed method to confirm its effectiveness, applicability, and ease of application.

This paper integrates Software-Defined Networking (SDN) and Information -Centric Networking (ICN) framework to enable low latency-based stateful routing and caching management by leveraging a novel forwarding and caching strategy. The framework is implemented in a clean- slate environment that does not rely on the TCP/IP principle. It utilizes Pending Interest Tables (PIT) instead of Forwarding Information Base (FIB) to perform data dissemination among peers in the proposed IC-SDN framework. As a result, all data exchanged and cached in the system are organized in chunks with the same interest resulting in reduced packet overhead costs. Additionally, we propose an efficient caching strategy that leverages in- network caching and naming of contents through an IC-SDN controller to support off- path caching. The testbed evaluation shows that the proposed IC-SDN implementation achieves an increased throughput and reduced latency compared to the traditional information-centric environment, especially in the high load scenarios.

Image hash regimes have been widely used for authenticating content, recovery of images and digital forensics. In this article we propose a new algorithm for image haunting (SSL) with the most stable key points and regional features, strong against various manipulation of content conservation, including multiple combinatorial manipulations. In order to extract most stable keypoint, the proposed algorithm combines the Speed Up Robust Features (SURF) with Saliency detection. The keyboards and characteristics of the local area are then combined in a hash vector. There is also a sperate secret key that is randomly given for the hash vector to prevent an attacker from shaping the image and the new hash value. The proposed hacking algorithm shows that similar or initial images, which have been individually manipulated, combined and even multiple manipulated contents, can be visently identified by experimental result. The probability of collision between hacks of various images is almost nil. Furthermore, the key-dependent security assessment shows the proposed regime safe to allow an attacker without knowing the secret key not to forge or estimate the right havoc value.

Web technologies are typically built with time constraints and security vulnerabilities. Automatic software vulnerability scanners are common tools for detecting such vulnerabilities among software developers. It helps to illustrate the program for the attacker by creating a great deal of engagement within the program. SQL Injection and Cross-Site Scripting (XSS) are two of the most commonly spread and dangerous vulnerabilities in web apps that cause to the user. It is very important to trust the findings of the site vulnerability scanning software. Without a clear idea of the accuracy and the coverage of the open-source tools, it is difficult to analyze the result from the automatic vulnerability scanner that provides. The important to do a comparison on the key figure on the automated vulnerability scanners because there are many kinds of a scanner on the market and this comparison can be useful to decide which scanner has better performance in term of SQL Injection and Cross-Site Scripting (XSS) vulnerabilities. In this paper, a method by Jose Fonseca et al, is used to compare open-source automated vulnerability scanners based on detection coverage and a method by Yuki Makino and Vitaly Klyuev for precision rate. The criteria vulnerabilities will be injected into the web applications which then be scanned by the scanners. The results then are compared by analyzing the precision rate and detection coverage of vulnerability detection. Two leading open source automated vulnerability scanners will be evaluated. In this paper, the scanner that being utilizes is OW ASP ZAP and Skipfish for comparison. The results show that from precision rate and detection rate scope, OW ASP ZAP has better performance than Skipfish by two times for precision rate and have almost the same result for detection coverage where OW ASP ZAP has a higher number in high vulnerabilities.

Programming language design requires making many usability-related design decisions. However, existing HCI methods can be impractical to apply to programming languages: they have high iteration costs, programmers require significant learning time, and user performance has high variance. To address these problems, we adapted both formative and summative HCI methods to make them more suitable for programming language design. We integrated these methods into a new process, PLIERS, for designing programming languages in a user-centered way. We evaluated PLIERS by using it to design two new programming languages. Glacier extends Java to enable programmers to express immutability properties effectively and easily. Obsidian is a language for blockchains that includes verification of critical safety properties. Summative usability studies showed that programmers were able to program effectively in both languages after short training periods.

Increasing consumer experience and companies inner quality presents a direct demand of different requirements on supply chain traceability. Typically, existing solutions have separate data storages which eventually provide limited support when multiple individuals are included. Therefore, the block-chain-based methods are utilized to defeat these deficiencies by generating digital illustrations of real products to following several objects at the same time. Nevertheless, they actually cannot identify the change of products in manufacturing methods. The connection between components included in the production decreased, whereby the ability to follow a product’s origin reduced consequently. In this paper, a methodology is recommended which involves using a Block-chain in Supply Chain Traceability, to solve the issues of manipulations and changes in data and product source. The method aims to improve the product’s origin transparency. Block-chain technology produces a specific method of storing data into a ledger, which is raised on many end-devices such as servers or computers. Unlike centralized systems, the records of the present system are encrypted and make it difficult to be manipulated. Accordingly, this method manages the product’s traceability changes. The recommended system is performed for the cheese supply chain. The result were found to be significant in terms of increasing food security and distributors competition.

Internet of Things (IoT) is penetrating into every aspect of our personal lives including our body, our home and our living environment which poses numerous security challenges. The number of heterogeneous connected devices is increasing exponentially in IoT, which in turn increases the attack surface of IoT. This forces the need for uniform, distributed security mechanism which can efficiently detect the attack at faster rate in highly scalable IoT environment. The proposed work satisfies this requirement by providing a security framework which combines Fog computing and Software Defined Networking (SDN). The experimental results depicts the effectiveness in protecting the IoT applications at faster rate

This paper argues that the security management of the robot supply chain would preferably focus on Sino-US relations and technical bottlenecks based on a comprehensive security analysis through open-source intelligence and data mining of associated discourses. Through the lens of the newsboy model and game theory, this study reconstructs the risk appraisal model of the robot supply chain and rebalances the process of the Sino-US competition game, leading to the prediction of China's strategic movements under the supply risks. Ultimately, this paper offers a threefold suggestion: increasing the overall revenue through cost control and scaled expansion, resilience enhancement and risk prevention, and outreach of a third party's cooperation for confrontation capabilities reinforcement.

Intellectual Property Rights (IPR) results from years of research and wisdom by property owners, and it plays an increasingly important role in promoting economic development, technological progress, and cultural prosperity. Thus, we need to strengthen the degree of protection of IPR. However, as internet technology continues to open up the market for IPR, the ease of network operation has led to infringement of IPR in some cases. Intellectual property infringement has occurred in some cases. Also, Internet development's concealed and rapid nature has led to the fact that IPR infringers cannot be easily detected. This paper addresses how to protect the rights and interests of IPR holders in the context of the rapid development of the internet. This paper explains the IPR and proposes an algorithm to enhance security for a better security model to protect IPR. This proposes optimization techniques to detect intruder attacks for securing IPR, by using support vector machines (SVM), it provides better results to secure public and private intellectual data by optimizing technologies.

Simultaneous Localization and Mapping (SLAM) algorithms perform visual-inertial estimation via filtering or batch optimization methods. Empirical evidence suggests that filtering algorithms are computationally faster, while optimization methods are more accurate. This work presents an optimization-based framework that unifies these approaches, and allows users to flexibly implement different design choices, e.g., the number and types of variables maintained in the algorithm at each time. We prove that filtering methods correspond to specific design choices in our generalized framework. We then reformulate the Multi-State Constrained Kalman Filter (MSCKF), implement the reformulation on challenging image sequence datasets in simulation, and contrast its performance with that of sliding window based filters. Using these results, we explain the relative performance characteristics of these two classes of algorithms in the context of our algorithm. Finally, we illustrate that under different design choices, the empirical performance of our algorithm interpolates between those of state-of-the-art approaches.

With the tremendous growth of IoT application, providing security to IoT systems has become more critical. In this paper, a technique is presented to ensure the safety of Internet of Things (IoT) devices. This technique ensures hardware and software security of IoT devices. Blockchain technology is used for software security and hardware logics are used for hardware security. For enabling a Blockchain, Ethereum Network is used for secure peer-to-peer transmission. A prototype model is also used using two IoT nodes to demonstrate the security logic.

This contribution provides the implementation of a holistic operational security assessment process for both steady-state security and dynamic stability. The merging of steady-state and dynamic security assessment as a sequential process is presented. A steady-state and dynamic modeling of a VSC-HVDC was performed including curative and stabilizing measures as remedial actions. The assessment process was validated by a case study on a modified version of the Nordic 32 system. Simulation results showed that measure selection based on purely steady-state contingency analysis can lead to loss of stability in time domain. A subsequent selection of measures on the basis of the dynamic security assessment was able to guarantee the operational security for the stationary N-1 scenario as well as the power system stability.

Updating the structure of attack graph templates based on real-time alerts from Intrusion Detection Systems (IDS), in an Industrial Control System (ICS) network, is currently done manually by security experts. But, a highly-connected smart power systems, that can inadvertently expose numerous vulnerabilities to intruders for targeting grid resilience, needs automatic fast updates on learning attack graph structures, instead of manual intervention, to enable fast isolation of compromised network to secure the grid. Hence, in this work, we develop a technique to first construct a prior Bayesian Attack Graph (BAG) based on a predefined threat model and a synthetic communication network for a cyber-physical power system. Further, we evaluate a few score-based and constraint-based structural learning algorithms to update the BAG structure based on real-time alerts, based on scalability, data dependency, time complexity and accuracy criteria.

Underwater networks have the potential to enable unexplored applications and to enhance our ability to observe and predict the ocean. Underwater acoustic sensor networks (UASNs) are often deployed in unprecedented and hostile waters and face many security threats. Applications based on UASNs such as coastal defense, pollution monitoring, assisted navigation to name a few, require secure communication. A new set of communication protocols and cooperative coordination algorithms have been proposed to enable collaborative monitoring tasks. However, such protocols overlook security as a key performance indicator. Spoofing, altering, or replaying routing information can affect the entire network, making UASN vulnerable to routing attacks such as selective forwarding, sinkhole attack, Sybil attack, acknowledgement spoofing and HELLO flood attack. The lack of security against such threats is startling if maintained that security is indeed an important requirement in many emerging civilian and military applications. In this work, we look at one of the most prevalent attacks among UASNs which is Sybill attack and discuss mitigation approaches for it. Then, feasibly implemented the attack in UnetStack3 to simulate real-life scenario.

This paper exploits the possibility of exposing the location of active eavesdropper in commodity passive RFID system. Such active eavesdropper can activate the commodity passive RFID tags to achieve data eavesdropping and jamming. In this paper, we show that these active eavesdroppers can be significantly detrimental to the commodity passive RFID system on RFID data security and system feasibility. We believe that the best way to defeat the active eavesdropper in the commodity passive RFID system is to expose the location of the active eavesdropper and kick it out. To do so, we need to localize the active eavesdropper. However, we cannot extract the channel from the active eavesdropper, since we do not know what the active eavesdropper's transmission and the interference from the tag's backscattered signals. So, we propose an approach to mitigate the tag's interference and cancel out the active eavesdropper's transmission to obtain the subtraction-and-division features, which will be used as the input of the machine learning model to predict the location of active eavesdropper. Our preliminary results show the average accuracy of 96% for predicting the active eavesdropper's position in four grids of the surveillance plane.

Mobile Ad hoc Networks ‘MANETs’ are still defenseless against peripheral threats due to the fact that this network has vulnerable access and also the absence of significant fact of administration. The black hole attack is a kind of some routing attack, in this type of attack the attacker node answers to the Route Requests (RREQs) thru faking and playing itself as an adjacent node of the destination node in order to get through the data packets transported from the source node. To counter this situation, we propose to deploy some nodes (exhibiting some distinctive functionality) in the network called DPS (Detection and Prevention System) nodes that uninterruptedly monitor the RREQs advertised by all other nodes in the networks. DPS nodes target to satisfy the set objectives in which it has to sense the mischievous nodes by detecting the activities of their immediate neighbor. In the case, when a node demonstrates some peculiar manners, which estimates according to the experimental data, DPS node states that particular distrustful node as black hole node by propagation of a threat message to all the remaining nodes in the network. A protocol with a clustering approach in AODV routing protocol is used to sense and avert the black hole attack in the mentioned network. Consequently, empirical evaluation shows that the black hole node is secluded and prohibited from the whole system and is not allowed any data transfer from any node thereafter.

This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.

Return-oriented programming(ROP) is a prevalent technique that targets return addresses to hijack control flow. To prevent such attack, researchers mainly focus on either Shadow Stack or MAC-based mechanisms(message code authentication). But Shadow Stack suffers from additional memory overhead and information leakage, while MAC-based mechanisms(e.g. Zipper Stack) impose high runtime overhead for MAC calculations.In this paper, we propose Twine Stack, a hybrid and efficient return address protection mechanism with lightweight hardware extension. It utilizes a tiny hardware shadow stack to realize a new multi-chain Zipper Stack. Specifically, each entry in the shadow stack stores a return address and its MAC in each chain, allowing queueing calculation with just one hash module. At meantime, some return address verifications could be done by comparison with the hardware shadow stack, instead of calculation again. We implemented Twine Stack on RISC-V architecture, and evaluated it on FPGA board. Our experiments show that Twine Stack reduces over 95% hash verifications, and imposes merely 1.38% performance overhead with an area overhead of 974 LUTs and 726 flip flops. The result demonstrates that our hybrid scheme mitigates the drawbacks of each separate scheme.

The ongoing trend of moving data and computation to the cloud is met with concerns regarding privacy and protection of intellectual property. Cloud Service Providers (CSP) must be fully trusted to not tamper with or disclose processed data, hampering adoption of cloud services for many sensitive or critical applications. As a result, CSPs and CPU manufacturers are rushing to find solutions for secure and trustworthy outsourced computation in the Cloud. While enclaves, like Intel SGX, are strongly limited in terms of throughput and size, AMD’s Secure Encrypted Virtualization (SEV) offers hardware support for transparently protecting code and data of entire VMs, thus removing the performance, memory and software adaption barriers of enclaves. Through attestation of boot code integrity and means for securely transferring secrets into an encrypted VM, CSPs are effectively removed from the list of trusted entities. There have been several attacks on the security of SEV, by abusing I/O channels to encrypt and decrypt data, or by moving encrypted code blocks at runtime. Yet, none of these attacks have targeted the attestation protocol, the core of the secure computing environment created by SEV. We show that the current attestation mechanism of Zen 1 and Zen 2 architectures has a significant flaw, allowing us to manipulate the loaded code without affecting the attestation outcome. An attacker may abuse this weakness to inject arbitrary code at startup–and thus take control over the entire VM execution, without any indication to the VM’s owner. Our attack primitives allow the attacker to do extensive modifications to the bootloader and the operating system, like injecting spy code or extracting secret data. We present a full end-to-end attack, from the initial exploit to leaking the key of the encrypted disk image during boot, giving the attacker unthrottled access to all of the VM’s persistent data.

Verification code recognition system based on convolutional neural network. In order to strengthen the network security defense work, this paper proposes a novel verification code recognition system based on convolutional neural network. The system combines Internet technology and big data technology, combined with advanced captcha technology, can prevent hackers from brute force cracking behavior to a certain extent. In addition, the system combines convolutional neural network, which makes the verification code combine numbers and letters, which improves the complexity of the verification code and the security of the user account. Based on this, the system uses threshold segmentation method and projection positioning method to construct an 8-layer convolutional neural network model, which enhances the security of the verification code input link. The research results show that the system can enhance the complexity of captcha, improve the recognition rate of captcha, and improve the security of user accounting.