Biblio

Redactable blockchain allows modifiers or voting committees with modification privileges to edit the data on the chain. Among them, trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving issues such as editing operations with different granularity or conflicts and auditing modifiers that abuse editing privileges. To address the above challenges, we propose a redactable blockchain with Cross-audit and Diversity Editing (CDEdit). The proposed scheme distributes subdivided transaction-level and block-level tokens to the matching modifier committee to weaken the influence of central power. A number of modifiers are unpredictably selected based on reputation value proportions and the mapping of the consistent hash ring to enable diversity editing operations, and resist Sybil attacks. Meanwhile, an adaptive cross-auditing protocol is proposed to adjust the roles of modifiers and auditors dynamically. This protocol imposes a reputation penalty on the modifiers of illegal edits and solves the problems of abuse of editing privileges and collusion attacks. In addition, We used ciphertext policy attribute-based encryption (CP-ABE) and chameleon hashes with ephemeral trapdoor (CHET) for data modification, and present a system steps and security analysis of CDEdit. Finally, the extensive comparisons and evaluations show that our scheme costs less time overhead than other schemes and is suitable for complex application scenarios, e.g. IoT data management.

The access control mechanism of most consortium blockchain is implemented through traditional Certificate Authority scheme based on trust chain and centralized key management such as PKI/CA at present. However, the uneven power distribution of CA nodes may cause problems with leakage of certificate keys, illegal issuance of certificates, malicious rejection of certificates issuance, manipulation of issuance logs and metadata, it could compromise the security and dependability of consortium blockchain. Therefore, this paper design and implement a Certificate Authority scheme based on trust ring model that can not only enhance the reliability of consortium blockchain, but also ensure high performance. Combined public key, transformation matrix and elliptic curve cryptography are applied to the scheme to generate and store keys in a cluster of CA nodes dispersedly and securely for consortium nodes. It greatly reduced the possibility of malicious behavior and key leakage. To achieve the immutability of logs and metadata, the scheme also utilized public blockchain and smart contract technology to organize the whole procedure of certificate issuance, the issuance logs and metadata for certificate validation are stored in public blockchain. Experimental results showed that the scheme can surmount the disadvantages of the traditional scheme while maintaining sufficiently good performance, including issuance speed and storage efficiency of certificates.

Spreading codes are the core of the spread spectrum transmission. In this paper, a novel channel-dependent code allocation procedure for enhancing security in multi-carrier code division multiple access (MC-CDMA) system is proposed and investigated over frequency-selective fading. The objective of the proposed technique is to assign the codes to every subcarrier of active/legitimate receivers (Rxs) based on their channel frequency response (CFR). By that, we ensure security for legitimate Rxs against eavesdropping while preserving mutual confidentiality between the legitimate Rxs themselves. To do so, two assigning modes; fixed assigning mode (FAM) and adaptive assigning mode (AAM), are exploited. The effect of the channel estimation error and the number of legitimate Rxs on the bit error rate (BER) performance is studied. The presented simulations show that AAM provides better security with a complexity trade-off compared to FAM. While the latter is more robust against the imperfection of channel estimation.

In the present era of the internet, image watermarking schemes are used to provide content authentication, security and reliability of various multimedia contents. In this paper image watermarking scheme which utilizes the properties of Integer Wavelet Transform (IWT), Schur decomposition and Singular value decomposition (SVD) based is proposed. In the suggested method, the cover image is subjected to a 3-level Integer wavelet transform (IWT), and the HH3 subband is subjected to Schur decomposition. In order to retrieve its singular values, the upper triangular matrix from the HH3 subband’s Schur decomposition is then subjected to SVD. The watermark image is first encrypted using a chaotic map, followed by the application of a 3-level IWT to the encrypted watermark and the usage of singular values of the LL-subband to embed by manipulating the singular values of the processed cover image. The proposed scheme is tested under various attacks like filtering (median, average, Gaussian) checkmark (histogram equalization, rotation, horizontal and vertical flipping) and noise (Gaussian, Salt & Pepper Noise). The suggested scheme provides strong robustness against numerous attacks and chaotic encryption provides security to watermark.

Physical Unclonable Functions (PUFs) are the secured hardware primitives to authenticate Integrated Circuits (ICs) from various unauthorized attacks. The secured key generation mechanism through PUFs is based on random Process Variations (PVs) inherited by the CMOS transistors. In this paper, we proposed a chaotic-based challenge generation mechanism to feed the arbiter PUFs. The chaotic property is introduced to increase the non-linearity in the arbitration mechanism thereby the uncertainty of the keys is attained. The chaotic sequences are easy to generate, difficult to intercept, and have the additional advantage of being in a large number Challenge-Response Pair (CRP) generation. The proposed design has a significant advantage in key generation with improved uniqueness and diffuseness of 47.33%, and 50.02% respectively. Moreover, the enhancement in the reliability of 96.14% and 95.13% range from −40C to 125C with 10% fluctuations in supply voltage states that it has prominent security assistance to the Internet of Things (IoT) enabled devices against malicious attacks.

With the development of the digital development transformation of the power grid, the classification of power unstructured encrypted data is an important basis for data security protection. However, most studies focus on exact match classification or single-keyword fuzzy match classification. This paper proposes a fuzzy matching classification method for power unstructured encrypted data. The data owner generates an index vector based on the power unstructured file, and the data user generates a query vector by querying the file through the same process. The index and query vector are uploaded to the cloud server in encrypted form, and the cloud server calculates the relevance score and sorts it, and returns the classification result with the highest score to the user. This method realizes the multi-keyword fuzzy matching classification of unstructured encrypted data of electric power, and through the experimental simulation of a large number of data sets, the effect and feasibility of the method are proved.

Smart phones have become the preferred way for Chinese Internet users currently. The mobile phone traffic is large from the operating system. These traffic is mainly generated by the services. In the context of the universal encryption of the traffic, classification identification of mobile encryption services can effectively reduce the difficulty of analytical difficulty due to mobile terminals and operating system diversity, and can more accurately identify user access targets, and then enhance service quality and network security management. The existing mobile encryption service classification methods have two shortcomings in feature selection: First, the DL model is used as a black box, and the features of large dimensions are not distinguished as input of classification model, which resulting in sharp increase in calculation complexity, and the actual application is limited. Second, the existing feature selection method is insufficient to use the time and space associated information of traffic, resulting in less robustness and low accuracy of the classification. In this paper, we propose a feature enhancement method based on adjacent flow contextual features and evaluate the Apple encryption service traffic collected from the real world. Based on 5 DL classification models, the refined classification accuracy of Apple services is significantly improved. Our work can provide an effective solution for the fine management of mobile encryption services.

The major mode of communication between hearing-impaired or mute people and others is sign language. Prior, most of the recognition systems for sign language had been set simply to recognize hand signs and convey them as text. However, the proposed model tries to provide speech to the mute. Firstly, hand gestures for sign language recognition and facial emotions are trained using CNN (Convolutional Neural Network) and then by training the emotion to speech model. Finally combining hand gestures and facial emotions to realize the emotion and speech.

The problem of information privacy has grown more significant in terms of data storage and communication in the 21st century due to the technological explosion during which information has become a highly important strategic resource. The idea of employing DNA cryptography has been highlighted as a potential technology that offers fresh hope for unbreakable algorithms since standard cryptosystems are becoming susceptible to assaults. Due to biological DNA's outstanding energy efficiency, enormous storage capacity, and extensive parallelism, a new branch of cryptography based on DNA computing is developing. There is still more study to be done since this discipline is still in its infancy. This work proposes a DNA encryption strategy based on cryptographic key generation techniques and chaotic diffusion operation.

Malwares are designed to cause harm to the machine without the user's knowledge. Malwares belonging to different families infect the system in its own unique way causing damage which could be irreversible and hence there is a need to detect and analyse the malwares. Manual analysis of all types of malwares is not a practical approach due to the huge effort involved and hence Automated Malware Analysis is resorted to so that the burden on humans can be decreased and the process is made robust. A lot of Automated Malware Analysis tools are present right now both offline and online but the problem arises as to which tool to select while analysing a suspicious binary. A comparative analysis of three most widely used automated tools has been done with different malware class samples. These tools are Cuckoo Sandbox, Any. Run and Intezer Analyze. In order to check the efficacy of the tool in both online and offline analysis, Cuckoo Sandbox was configured for offline use, and Any. Run and Intezer Analyze were configured for online analysis. Individual tools analyse each malware sample and after analysis is completed, a comparative chart is prepared to determine which tool is good at finding registry changes, processes created, files created, network connections, etc by the malicious binary. The findings conclude that Intezer Analyze tool recognizes file changes better than others but otherwise Cuckoo Sandbox and Any. Run tools are better in determining other functionalities.

To ensure dynamic and transient angle and load stability in order to maintain the power system security is a major task of the power Engineer. FACTS Controllers are most effective devices to ensure system security by enhancing the stability margins with reactive power support all over the power system network. The major shunt compensation devices of FACTS are SVC and STATCOM. This article dispenses the modelling and simulation of both the shunt devices viz. Oneis the Static Synchronous Compensator (STATCOM) and the other is Static Var Compensator (SVC). The small signal models of these devices have been derived from the first principles and obtained the transfer function models of weak and strong power systems. The weak power system has the Short Circuit Ratio (SCR) is about less than 3 and that of the strong power system has the SCR of more than 5. The performance of the both weak and strong power systems has been evaluated with time and frequency responses. The dynamic response is obtained with the exact models for both weak and strong systems, subsequently the root locus plots as well as bode plots have been obtained with MATLAB Programs and evaluated the performance of these devices and comparison is made. The Stability margins of both the systems with SVC and STATCOM have been obtained from the bode plots. The dynamic behaviour of the both kinds of power systems have been assessed with time responses of SVC and STATCOM models. All of these results viz. dynamic response, root locus and bode plots proves the superiority of the STATCOM over SVC with indices, viz. peak overshoot, settling time, gain margin and phase margins. The dynamic, steady state performance indices obtained from time response and bode plots proves the superior performance of STATCOM.

Being a part of today’s technical world, we are connected through a vast network. More we are addicted to these modernization techniques we need security. There must be reliability in a network security system so that it is capable of doing perfect monitoring of the whole network of an organization so that any unauthorized users or intruders wouldn’t be able to halt our security breaches. Firewalls are there for securing our internal network from unauthorized outsiders but still some time possibility of attacks is there as according to a survey 60% of attacks were internal to the network. So, the internal system needs the same higher level of security just like external. So, understanding the value of security measures with accuracy, efficiency, and speed we got to focus on implementing and comparing an improved intrusion detection system. A comprehensive literature review has been done and found that some feature selection techniques with standard scaling combined with Machine Learning Techniques can give better results over normal existing ML Techniques. In this survey paper with the help of the Uni-variate Feature selection method, the selection of 14 essential features out of 41 is performed which are used in comparative analysis. We implemented and compared both binary class classification and multi-class classification-based Intrusion Detection Systems (IDS) for two Supervised Machine Learning Techniques Support Vector Machine and Classification and Regression Techniques.

Nowadays, the number of new websites in Thailand has been increasing every year. However, there is a lack of security on some of those websites which causes negative effects and damage. This has also resulted in numerous violations. As a result, these violations cause delays in the situation analysis. Additionally, the cost of effective and well-established digital forensics tools is still expensive. Therefore, this paper has presented the idea of using freeware digital forensics tools to test their performances and compare them with the standards of the digital forensics process. The results of the paper suggest that the tested tools have significant differences in functions and process. WEFA Web Forensics tool is the most effective tool as it supports 3 standards up to 8 out of 10 processes, followed by Browser History View which supports 7 processes, Browser History Spy and Browser Forensic Web Tool respectively, supports 5 processes. The Internet history Browser supports 4 processes as compared to the basic process of the standardization related to forensics.

With memory safety and security issues continuing to plague modern systems, security is rapidly becoming a first class priority in new architectures and competes directly with performance and power efficiency. The capability-based architecture model provides a promising solution to many memory vulnerabilities by replacing plain addresses with capabilities, i.e., addresses and related metadata. A key advantage of the capability model is compatibility with existing code bases. Capabilities can be implemented transparently to a programmer, i.e., without source code changes. Capabilities leverage semantics in source code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent.In this work, we introduce a complete capabilityaware compiler toolchain for such secure architectures. We illustrate the compiler construction with a RISC-V capability-based architecture, called Zeno. As a securityfocused, large-scale, global shared memory architecture, Zeno implements a Namespace-based capability model for accesses. Namespace IDs (NSID) are encoded with an extended addressing model to associate them with access permission metadata elsewhere in the system. The NSID extended addressing model requires custom compiler support to fully leverage the protections offered by Namespaces. The Zeno compiler produces code transparently to the programmer that is aware of Namespaces and maintains their integrity. The Zeno assembler enables custom Zeno instructions which support secure memory operations. Our results show that our custom toolchain moderately increases the binary size compared to nonZeno compilation. We find the minimal overhead incurred by the additional NSID management instructions to be an acceptable trade-off for the memory safety and security offered by Zeno Namespaces.

In recent years, business environments are undergoing disruptive changes across sectors [1]. Globalization and technological advances, such as artificial intelligence and the internet of things, have completely redesigned business activities, bringing to light an ever-increasing interest and attention towards the customer [2], especially in healthcare sector. In this context, researchers is paying more and more attention to the introduction of new technologies capable of meeting the patients’ needs [3, 4] and the Covid-19 pandemic has contributed and still contributes to accelerate this phenomenon [5]. Therefore, emerging technologies (i.e., AI-enabled solutions, service robots, conversational agents) are proving to be effective partners in improving medical care and quality of life [6]. Conversational agents, often identified in other ways as “chatbots”, are AI-enabled service robots based on the use of text [7] and capable of interpreting natural language and ensuring automation of responses by emulating human behavior [8, 9, 10]. Their introduction is linked to help institutions and doctors in the management of their patients [11, 12], at the same time maintaining the negligible incremental costs thanks to their virtual aspect [13–14]. However, while the utilization of these tools has significantly increased during the pandemic [15, 16, 17], it is unclear what benefits they bring to service delivery. In order to identify their contributions, there is a need to find out which activities can be supported by conversational agents.This paper takes a grounded approach [18] to achieve contextual understanding design and to effectively interpret the context and meanings related to conversational agents in healthcare interactions. The study context concerns six chatbots adopted in the healthcare sector through semi-structured interviews conducted in the health ecosystem. Secondary data relating to these tools under consideration are also used to complete the picture on them. Observation, interviewing and archival documents [19] could be used in qualitative research to make comparisons and obtain enriched results due to the opportunity to bridge the weaknesses of one source by compensating it with the strengths of others. Conversational agents automate customer interactions with smart meaningful interactions powered by Artificial Intelligence, making support, information provision and contextual understanding scalable. They help doctors to conduct the conversations that matter with their patients. In this context, conversational agents play a critical role in making relevant healthcare information accessible to the right stakeholders at the right time, defining an ever-present accessible solution for patients’ needs. In summary, conversational agents cannot replace the role of doctors but help them to manage patients. By conveying constant presence and fast information, they help doctors to build close relationships and trust with patients.

IoT connects a large number of physical objects with the Internet that capture and exchange real-time information for service provisioning. Traditional network management schemes face challenges to manage vast amounts of network traffic generated by IoT services. Software-defined networking (SDN) and information-centric networking (ICN) are two complementary technologies that could be integrated to solve the challenges of different aspects of IoT service provisioning. ICN offers a clean-slate design to accommodate continuously increasing network traffic by considering content as a network primitive. It provides a novel solution for information propagation and delivery for large-scale IoT services. On the other hand, SDN allocates overall network management responsibilities to a central controller, where network elements act merely as traffic forwarding components. An SDN-enabled network supports ICN without deploying ICN-capable hardware. Therefore, the integration of SDN and ICN provides benefits for large-scale IoT services. This article provides a comprehensive survey on software-defined information-centric Internet of Things (SDIC-IoT) for IoT service provisioning. We present critical enabling technologies of SDIC-IoT, discuss its architecture, and describe its benefits for IoT service provisioning. We elaborate on key IoT service provisioning requirements and discuss how SDIC-IoT supports different aspects of IoT services. We define different taxonomies of SDIC-IoT literature based on various performance parameters. Furthermore, we extensively discuss different use cases, synergies, and advances to realize the SDIC-IoT concept. Finally, we present current challenges and future research directions of IoT service provisioning using SDIC-IoT.

Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.

In the present work, we intend to present a thorough study developed on a digital library, called HAT corpus, for a purpose of authorship attribution. Thus, a dataset of 300 documents that are written by 100 different authors, was extracted from the web digital library and processed for a task of author style analysis. All the documents are related to the travel topic and written in Arabic. Basically, three important rules in stylometry should be respected: the minimum document size, the same topic for all documents and the same genre too. In this work, we made a particular effort to respect those conditions seriously during the corpus preparation. That is, three lexical features: Fixed-length words, Rare words and Suffixes are used and evaluated by using a centroid based Manhattan distance. The used identification approach shows interesting results with an accuracy of about 0.94.

Cyber-attacks against Industrial Control Systems (ICS) can lead to catastrophic events which can be prevented by the use of security measures such as the Intrusion Prevention Systems (IPS). In this work we experimentally demonstrate how to exploit the configuration vulnerabilities of SNORT one of the most adopted IPSs to significantly degrade the effectiveness of the IPS and consequently allowing successful cyber-attacks. We illustrate how to design a batch script able to retrieve and modify the configuration files of SNORT in order to disable its ability to detect and block Denial of Service (DoS) and ARP poisoning-based Man-In-The-Middle (MITM) attacks against a Programmable Logic Controller (PLC) in an ICS network. Experimental tests performed on a water distribution testbed show that, despite the presence of IPS, the DoS and ARP spoofed packets reach the destination causing respectively the disconnection of the PLC from the ICS network and the modification of packets payload.

The Internet of Things (IoT) aims to introduce pervasive computation into the human environment. The processing on a cloud platform is suggested due to the IoT devices' resource limitations. High latency while transmitting IoT data from its edge network to the cloud is the primary limitation. Modern IoT applications frequently use fog computing, an unique architecture, as a replacement for the cloud since it promises faster reaction times. In this work, a fog layer is introduced in smart vital sign monitor design in order to serve faster. Context aware computing makes use of environmental or situational data around the object to invoke proactive services upon its usable content. Here in this work the fog layer is intended to provide local data storage, data preprocessing, context awareness and timely analysis.

This paper considers network protection games for a heterogeneous network system with N nodes against cyber-attackers of two different types of intentions. The first type tries to maximize damage based on the value of each net-worked node, while the second type only aims at successful infiltration. A defender, by applying defensive resources to networked nodes, can decrease those nodes' vulnerabilities. Meanwhile, the defender needs to balance the cost of using defensive resources and potential security benefits. Existing literature shows that, in a Nash equilibrium, the defender should adopt different resource allocation strategies against different types of attackers. However, it could be difficult for the defender to know the type of incoming cyber-attackers. A Bayesian game is investigated considering the case that the defender is uncertain about the attacker's type. We demonstrate that the Bayesian equilibrium defensive resource allocation strategy is a mixture of the Nash equilibrium strategies from the games against the two types of attackers separately.

There are a large number of illegal websites on the Internet, such as pornographic websites, gambling websites, online fraud websites, online pyramid selling websites, etc. This paper studies the use of crawler technology for digital forensics on illegal websites. First, a crawler based illegal website forensics program is designed and developed, which can detect the peripheral information of illegal websites, such as domain name, IP address, network topology, and crawl key information such as website text, pictures, and scripts. Then, through comprehensive analysis such as word cloud analysis, word frequency analysis and statistics on the obtained data, it can help judge whether a website is illegal.

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.

Unmanned Aerial Vehicle (UAV)-based streaming media transmission may become unstable when the bit rate generated by the source load exceeds the channel capacity owing to the UAV location and speed change. The change of the location can affect the network connection, leading to reduced transmission rate; the change of the flying speed can increase the video payload due to more I-frames. To improve the transmission reliability, in this paper we design a Client-Server-Ground&User (C-S-G&U) framework, and propose an algorithm of splitting-merging stream (SMS) for multi-link concurrent transmission. We also establish multiple transport links and configure the routing rules for the cross-layer design. The multi-link transmission can achieve higher throughput and significantly smaller end-to-end delay than a single-link especially in a heavy load situation. The audio and video data are packaged into the payload by the Real-time Transport Protocol (RTP) before being transmitted over the User Datagram Protocol (UDP). The forward error correction (FEC) algorithm is implemented to promote the reliability of the UDP transmission, and an encryption algorithm to enhance security. In addition, we propose a Quality of Service (QoS) strategy so that the server and the user can control the UAV to adapt its transmission mode dynamically, according to the load, delay, and packet loss. Our design has been implemented on an engineering platform, whose efficacy has been verified through comprehensive experiments.

To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.