Biblio

For the security enhancement of the conventional visible light (VL) communication which allows the easy intrusion by adjacent adversary due to visible signal characteristic, the VL communication technique based on the asymmetric Rivest-Shamir-Adleman (RSA) encryption method is proposed for smart indoor service in this paper, and the optimal key length of the RSA encryption process for secure VL communication technique is investigated, and also the error performance dependent on the various asymmetric encryption key is analyzed for the performance evaluation of the proposed technique. Then we could see that the VL communication technique based on the RSA encryption gives the similar RMSE performance independent of the length of the public or private key and provides the better error performance as the signal to noise ratio (SNR) increases.

Spreading code assumes an indispensable work in WCDMA system. Every individual client in a cell is isolated by an exceptional spread code. PN grouping are commonly utilized in WCDMA framework. For example, Walsh codes or gold codes as spread code. Data received from WCDMA are transmitted using chaotic signal and that signal is generated by using logistic map. It is unsuitable to be utilized as spreading sequence. Using a threshold function the chaos signal is changed in the form of binary sequence. Consequently, QPSK modulation techniques is analyzed in W-CDMA downlink over Additive white Gaussian noise channel (AWGN) and Rayleigh multipath fading channel. The activity was assessed with the assistance of BER contrary to SNR utilizing parameters indicating the BER in low to high in SNR.

Wireless Networks-on-Chips (NoCs) have emerged as a panacea to the non-scalable multi-hop data transmission paths in traditional wired NoC architectures. Using low-power transceivers in NoC switches, novel Wireless NoC (WiNoC) architectures have been shown to achieve higher energy efficiency with improved peak bandwidth and reduced on-chip data transfer latency. However, using wireless interconnects for data transfer within a chip makes the on-chip communications vulnerable to various security threats from either external attackers or internal hardware Trojans (HTs). In this work, we propose a mechanism to make the wireless communication in a WiNoC secure against persistent jamming based Denial-of-Service attacks from both external and internal attackers. Persistent jamming attacks on the on-chip wireless medium will cause interference in data transfer over the duration of the attack resulting in errors in contiguous bits, known as burst errors. Therefore, we use a burst error correction code to monitor the rate of burst errors received over the wireless medium and deploy a Machine Learning (ML) classifier to detect the persistent jamming attack and distinguish it from random burst errors. In the event of jamming attack, alternate routing strategies are proposed to avoid the DoS attack over the wireless medium, so that a secure data transfer can be sustained even in the presence of jamming. We evaluate the proposed technique on a secure WiNoC in the presence of DoS attacks. It has been observed that with the proposed defense mechanisms, WiNoC can outperform a wired NoC even in presence of attacks in terms of performance and security. On an average, 99.87% attack detection was achieved with the chosen ML Classifiers. A bandwidth degradation of \textbackslashtextless;3% is experienced in the event of internal attack, while the wireless interconnects are disabled in the presence of an external attacker.

A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.We demonstrate the countermeasure's effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150× increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25× increase of MTD for the black-box model attack.

Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.

Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.

The requirements regarding network management defined by the continuously rising amount of interconnected devices in the industrial landscape turns it into an increasingly complex task. Associated by the fusion of technologies up to Cyber-Physical Production Systems (CPPS) and the Industrial Internet of Things (IIoT) with its multitude of communicating sensors and actuators new demands arise. In particular, the driving forces of this development, mobility and flexibility, are affecting today's networks. However, it is precisely these wireless solutions, as enabler for this advancement, that create new attack vectors and cyber-security threats. Furthermore, many cryptographic procedures, intended to secure the networks, require additional overhead, which is limiting the transmission bandwidth and speed as well. For this reason, new and efficient solutions must be developed and applied, in order to secure the existing, as well as the future, industrial communication networks. This work proposes a conceptual approach, consisting of a combination of Software-Defined Networking (SDN) and Physical Layer Security (PhySec) to satisfy the network security requirements. Use cases are explained that demonstrate the appropriateness of the approach and it is shown that this is a easy to use and resource efficient, but nevertheless sound and secure approach.

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.

Smart metering systems have been gaining popularity as a vital part of the general smart grid paradigm. Naturally, as new technologies arise to cover this emerging field, so do security and privacy related issues regarding the energy consumer's personal data. These challenges impose the need for the development of new methods through a better understanding of the state-of-the-art. This paper aims at identifying the main categories of security and privacy techniques utilized in smart metering systems from a three-point perspective: i) a field research survey, ii) EU initiatives and findings towards the same direction and iii) a data-driven analysis of the state-of-the-art and the identification of its main topics (or themes) using topic modeling techniques. Detailed quantitative results of this analysis, such as semantic interpretation of the identified topics and a graph representation of the topic trends over time, are presented.

Live Linux distribution devices can hold Linux operating system for portability. Using such devices and distributions, one can access system or critical files, which otherwise cannot be accessed by guest or any unauthorized user. Events like file leakage before the official announcement. These announcements can vary from mobile companies to software industries. Damages caused by such vulnerabilities can be data theft, data tampering, or permanent deletion of certain records. This study uncovers the security flaws of operating system against live device attacks. For this study, we used live devices with different Linux distributions. Target operating systems are exposed to live device attacks and their behavior is recorded against different Linux distribution. This study also compares the robustness level of different operating system against such attacks.

Cyber security has been a top concern for electric power companies deploying smart meters and smart grid technology. Despite the well-known advantages of smart grid technology and the smart meters, it is not yet very clear how and to what extent, the Cyber attacks can hamper the operation of the smart meters, and remote data collections regarding the power usage from the customer sites. To understand these questions, we conducted experiments in a controlled lab environment of our cyber security lab to test a commercial grade smart meter. In this paper, we present results of our investigation for a commercial grade smart meter and measure the operation integrity of the smart meter under cyber-attack conditions.

As we all are aware that internet acts as a depository to store cyberspace data and provide as a service to its user. cloud computing is a technology by internet, where a large amount of data being pooled by different users is stored. The data being stored comes from various organizations, individuals, and communities etc. Thus, security and privacy of data is of utmost importance to all of its users regardless of the nature of the data being stored. In this research paper the use of multiple encryption technique outlines the importance of data security and privacy protection. Also, what nature of attacks and issues might arise that may corrupt the data; therefore, it is essential to apply effective encryption methods to increase data security.

Hardware security is a critical concern in design and fabrication of integrated circuits (ICs). Contemporary hardware threats comprise tens of advance invasive and non-invasive attacks for compromising security of modern ICs. Numerous attack-specific countermeasures against the individual threats have been proposed, trading power, area, speed, and design complexity of a system for security. These typical overheads combined with strict performance requirements in advanced technology nodes and high complexity of modern ICs often make the codesign of multiple countermeasures impractical. In this paper, on-chip distribution networks are exploited for detecting those hardware security threats that require non-invasive, yet physical interaction with an operating device-under-attack (e.g., measuring equipment for collecting sensitive information in side-channel attacks). With the proposed approach, the effect of the malicious physical interference with the device-under-attack is captured in the form of on-chip voltage variations and utilized for detecting malicious activity in the compromised device. A machine learning (ML) security IC is trained to predict system security based on sensed variations of signals within on-chip distribution networks. The trained ML ICs are distributed on-chip, yielding a robust and high-confidence security network on-chip. To halt an active attack, a variety of desired counteractions can be executed in a cost-effective manner upon the attack detection. The applicability and effectiveness of these security networks is demonstrated in this paper with respect to power, timing, and electromagnetic analysis attacks.

To solve the problem of big data security and privacy protection, and expound the concept of cloud computing, big data and the relationship between them, the existing security and privacy protection method characteristic and problems were studied. A reference model is proposed which is based on cloud platform. In this model the physical level, data layer, interface layer and application layer step by step in to implement the system security risk early warning and threat perception, this provides an effective solution for the research of big data security. At the same time, a future research direction that uses the blockchain to solve cloud security and privacy protection is also pointed out.

Cloud computing is one of the emerging area in the business world that help to access resources at low expense with high privacy. Security is a standout amongst the most imperative difficulties in cloud network for cloud providers and their customers. In order to ensure security in cloud, we proposed a framework using different encryption algorithm namely Extended hill cipher and homomorphic encryption. Firstly user data/information is isolated into two parts which is static and dynamic data (critical data). Extended hill cipher encryption is applied over more important dynamic part where we are encrypting the string using matrix multiplication. While homomorphic encryption is applied over static data in which it accepts n number of strings as information, encode each string independently and lastly combine all the strings. The test results clearly manifests that the proposed model provides better information security.

Wireless sensor networks are called wireless networks consisting of low-cost sensor nodes that use limited resources, collect and distribute data. Wireless sensor networks make observation and control of physical environments from distance easier. They are used in a variety of areas, such as environmental surveillance, military purposes, and the collection of information in specific areas. While the low cost of sensor nodes allows it to spread and increase it's quantitative, battery and computational constraints, noise and manipulation threats from the environment cause various challenges in wireless sensor applications. To overcome these challenges, researches have conducted a lot of researches on various fields like power consumption, use of resources and security approaches. In these studies, routing, placement algorithms and system designs are generally examined for efficient energy consumption. In this article, the relationship between the security of sensor networks and efficient resource usage and various scenarios are presented.

The endeavor to achieving software security consists of a set of risk-based security engineering processes during software development. In iterative software development, the software design typically evolves as the project matures, and the technical environment may undergo considerable changes. This increases the work load of identifying, assessing and managing the security risk by each iteration, and after every change. Besides security risk, the changes also accumulate technical debt, an allegory for postponed or sub-optimally performed work. To manage the security risk in software development efficiently, and in terms and definitions familiar to software development organizations, the concept of technical debt is extended to contain security debt. To accommodate new technical debt with potential security implications, a security debt management approach is introduced. The selected approach is an extension to portfolio-based technical debt management framework. This includes identifying security risk in technical debt, and also provides means to expose debt by security engineering techniques that would otherwise remained hidden. The proposed approach includes risk-based extensions to prioritization mechanisms in existing technical debt management systems. Identification, management and repayment techniques are presented to identify, assess, and mitigate the security debt.

In order to effectively assess the security risks in multimodal transport networks, a security risk assessment method based on WBS-RBS and Pythagorean Fuzzy Weighted Average (PFWA) operator is proposed. The risk matrix 0-1 assignment of WBS-RBS is replaced by the Pythagorean Fuzzy Number (PFLN) scored by experts. The security risk ranking values of multimodal transport network are calculated from two processes of whole-stage and phased, respectively, and the security risk assessment results are obtained. Finally, an example of railway-highway-waterway intermodal transportation process of automobile parts is given to verify the validity of the method, the results show that the railway transportation is more stable than the waterway transportation, and the highway transportation has the greatest security risk, and for different security risk factors, personnel risk has the greatest impact. The risk of goods will change with the change of the attributes of goods, and the security risk of storage facilities is the smallest.

To contest the rapidly developing cyber-attacks, numerous collaborative security schemes, in which multiple security entities can exchange their observations and other relevant data to achieve more effective security decisions, are proposed and developed in the literature. However, the security-related information shared among the security entities may contain some sensitive information and such information exchange can raise privacy concerns, especially when these entities belong to different organizations. With such consideration, the interplay between the attacker and the collaborative entities is formulated as Quantitative Information Flow (QIF) games, in which the QIF theory is adapted to measure the collaboration gain and the privacy loss of the entities in the information sharing process. In particular, three games are considered, each corresponding to one possible scenario of interest in practice. Based on the game-theoretic analysis, the expected behaviors of both the attacker and the security entities are obtained. In addition, the simulation results are presented to validate the analysis.

Many applications use asymmetric cryptography to secure communications between two parties. One of the main issues with asymmetric cryptography is the need for vast amounts of computation and storage. While this may be true, elliptic curve cryptography (ECC) is an approach to asymmetric cryptography used widely in low computation devices due to its effectiveness in generating small keys with a strong encryption mechanism. The ECC decreases power consumption and increases device performance, thereby making it suitable for a wide range of devices, ranging from sensors to the Internet of things (IoT) devices. It is necessary for the ECC to have a strong implementation to ensure secure communications, especially when encoding a message to an elliptic curve. It is equally important for the ECC to secure the mapping of the message to the curve used in the encryption. This work objective is to propose a trusted and proofed scheme that offers authenticated encryption (AE) for both encoding and mapping a message to the curve. In addition, this paper provides analytical results related to the security requirements of the proposed scheme against several encryption techniques. Additionally, a comparison is undertaken between the SE-Enc and other state-of-the-art encryption schemes to evaluate the performance of each scheme.

With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment among the entities of the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and in case the entities violate trust rules they can be put in quarantine or banned from the network.

As the ocean covers 70% of the Earth's surface, it becomes inevitable to develop or extend underwater applications. Compared to Visible Light medium, Acoustic medium has been widely used to transmit the data from source to destination in underwater communication. Data transmission, however, has the limitation such as propagation delay, reliability, power constraints, etc. Although underwater MAC protocols have been developed to overcome these challenges, there are still some drawbacks due to the harsh underwater environment. Therefore, the selection mechanism for underwater multi-media communication is proposed inside Medium Access Control (MAC) layer. In this paper, the main focus is to select the appropriate medium based on the distance between nodes and transmission power. The result of performance evaluation shows that this multimedia approach can complement the existing underwater single medium communication. As a result, underwater multimedia mechanism increases the reliability and energy efficiency in data transmission.

Biometric system security requires cryptographic protection of sample data under certain circumstances. We assess low complexity selective encryption schemes applied to JPEG2000 compressed iris data by conducting iris recognition on the selectively encrypted data. This paper specifically compares the effects of a recently proposed approach, i.e. applying selective encryption to normalised texture data, to encrypting classical sample data. We assess achieved protection level as well as computational cost of the considered schemes, and particularly highlight the role of segmentation in obtaining surprising results.

With cybersecurity situation more and more complex, data-driven security has become indispensable. Numerous cybersecurity data exists in textual sources and data analysis is difficult for both security analyst and the machine. To convert the textual information into structured data for further automatic analysis, we extract cybersecurity-related entities and propose a self-attention-based neural network model for the named entity recognition in cybersecurity. Considering the single word feature not enough for identifying the entity, we introduce CNN to extract character feature which is then concatenated into the word feature. Then we add the self-attention mechanism based on the existing BiLSTM-CRF model. Finally, we evaluate the proposed model on the labelled dataset and obtain a better performance than the previous entity extraction model.

As automatic speech recognition (ASR) systems have been integrated into a diverse set of devices around us in recent years, security vulnerabilities of them have become an increasing concern for the public. Existing studies have demonstrated that deep neural networks (DNNs), acting as the computation core of ASR systems, is vulnerable to deliberately designed adversarial attacks. Based on the gradient descent algorithm, existing studies have successfully generated adversarial samples which can disturb ASR systems and produce adversary-expected transcript texts designed by adversaries. Most of these research simulated white-box attacks which require knowledge of all the components in the targeted ASR systems. In this work, we propose the first semi-black-box attack against the ASR system - Kaldi. Requiring only partial information from Kaldi and none from DNN, we can embed malicious commands into a single audio chip based on the gradient-independent genetic algorithm. The crafted audio clip could be recognized as the embedded malicious commands by Kaldi and unnoticeable to humans in the meanwhile. Experiments show that our attack can achieve high attack success rate with unnoticeable perturbations to three types of audio clips (pop music, pure music, and human command) without the need of the underlying DNN model parameters and architecture.