Biblio
The clear, social, and dark web have lately been identified as rich sources of valuable cyber-security information that -given the appropriate tools and methods-may be identified, crawled and subsequently leveraged to actionable cyber-threat intelligence. In this work, we focus on the information gathering task, and present a novel crawling architecture for transparently harvesting data from security websites in the clear web, security forums in the social web, and hacker forums/marketplaces in the dark web. The proposed architecture adopts a two-phase approach to data harvesting. Initially a machine learning-based crawler is used to direct the harvesting towards websites of interest, while in the second phase state-of-the-art statistical language modelling techniques are used to represent the harvested information in a latent low-dimensional feature space and rank it based on its potential relevance to the task at hand. The proposed architecture is realised using exclusively open-source tools, and a preliminary evaluation with crowdsourced results demonstrates its effectiveness.
Fog computing extends cloud computing technology to the edge of the infrastructure to support dynamic computation for IoT applications. Reduced latency and location awareness in objects' data access is attained by displacing workloads from the central cloud to edge devices. Doing so, it reduces raw data transfers from target objects to the central cloud, thus overcoming communication bottlenecks. This is a key step towards the pervasive uptake of next generation IoT-based services. In this work we study efficient orchestration of applications in fog computing, where a fog application is the cascade of a cloud module and a fog module. The problem results into a mixed integer non linear optimisation. It involves multiple constraints due to computation and communication demands of fog applications, available infrastructure resources and it accounts also the location of target IoT objects. We show that it is possible to reduce the complexity of the original problem with a related placement formulation, which is further solved using a greedy algorithm. This algorithm is the core placement logic of FogAtlas, a fog computing platform based on existing virtualization technologies. Extensive numerical results validate the model and the scalability of the proposed algorithm, showing performance close to the optimal solution with respect to the number of served applications.
With the rapid development of Internet of things (IOT) and big data, the number of network terminal devices and big data transmission are increasing rapidly. Traditional cloud computing faces a great challenge in dealing with this massive amount of data. Fog computing which extends the computing at the edge of the network can provide computation and data storage. Attribute based-encryption can effectively achieve the fine-grained access control. However, the computational complexity of the encryption and decryption is growing linearly with the increase of the number of attributes. In order to reduce the computational cost and guarantee the confidentiality of data, distributed access control with outsourced computation in fog computing is proposed in this paper. In our proposed scheme, fog device takes most of computational cost in encryption and decryption phase. The computational cost of the receiver and sender can be reduced. Moreover, the private key of the user is generated by multi-authority which can enhance the security of data. The analysis of security and performance shows that our proposed scheme proves to be effective and secure.
Internet of Things is nowadays growing faster than ever before. Operators are planning or already creating dedicated networks for this type of devices. There is a need to create dedicated solutions for this type of network, especially solutions related to information security. In this article we present a mechanism of security-aware routing, which takes into account the evaluation of trust in devices and packet flows. We use trust relationships between flows and network nodes to create secure SDN paths, not ignoring also QoS and energy criteria. The system uses SDN infrastructure, enriched with Cognitive Packet Networks (CPN) mechanisms. Routing decisions are made by Random Neural Networks, trained with data fetched with Cognitive Packets. The proposed network architecture, implementing the security-by-design concept, was designed and is being implemented within the SerIoT project to demonstrate secure networks for the Internet of Things (IoT).
IoT is evolving as a combination of interconnected devices over a particular network. In the proposed paper, we discuss about the security of IoT system in the wireless devices. IoT security is the platform in which the connected devices over the network are safeguarded over internet of things framework. Wireless devices play an eminent role in this kind of networks since most of the time they are connected to the internet. Accompanied by major users cannot ensure their end to end security in the IoT environment. However, connecting these devices over the internet via using IoT increases the chance of being prone to the serious issues that may affect the system and its data if they are not protected efficiently. In the proposed paper, the security of IoT in wireless devices will be enhanced by using ECC. Since the issues related to security are becoming common these days, an attempt has been made in this proposed paper to enhance the security of IoT networks by using ECC for wireless devices.
We aim at creating a society where we can resolve various social challenges by incorporating the innovations of the fourth industrial revolution (e.g. IoT, big data, AI, robot, and the sharing economy) into every industry and social life. By doing so the society of the future will be one in which new values and services are created continuously, making people's lives more conformable and sustainable. This is Society 5.0, a super-smart society. Security and privacy are key issues to be addressed to realize Society 5.0. Privacy-preserving data analytics will play an important role. In this talk we show our recent works on privacy-preserving data analytics such as privacy-preserving logistic regression and privacy-preserving deep learning. Finally, we show our ongoing research project under JST CREST “AI”. In this project we are developing privacy-preserving financial data analytics systems that can detect fraud with high security and accuracy. To validate the systems, we will perform demonstration tests with several financial institutions and solve the problems necessary for their implementation in the real world.
The Internet of Things (IoT) and RFID devices are essential parts of the new information technology generation. They are mostly characterized by their limited power and computing resources. In order to ensure their security under computing and power constraints, a number of lightweight cryptography algorithms has emerged. This paper outlines the performance analysis of six lightweight blocks crypto ciphers with different structures - LED, PRESENT, HIGHT, LBlock, PICCOLO and TWINE on a LEON3 open source processor. We have implemented these crypto ciphers on the FPGA board using the C language and the LEON3 processor. Analysis of these crypto ciphers is evaluated after considering various benchmark parameters like throughput, execution time, CPU performance, AHB bandwidth, Simulator performance, and speed. These metrics are tested with different key sizes provided by each crypto algorithm.
New IoT applications are demanding for more and more performance in embedded devices while their deployment and operation poses strict power constraints. We present the security concept for a customizable Internet of Things (IoT) platform based on the RISC-V ISA and developed by several Fraunhofer Institutes. It integrates a range of peripherals with a scalable computing subsystem as a three dimensional System-in-Package (3D-SiP). The security features aim for a medium security level and target the requirements of the IoT market. Our security architecture extends given implementations to enable secure deployment, operation, and update. Core security features are secure boot, an authenticated watchdog timer, and key management. The Universal Sensor Platform (USeP) SoC is developed for GLOBALFOUNDRIES' 22FDX technology and aims to provide a platform for Small and Medium-sized Enterprises (SMEs) that typically do not have access to advanced microelectronics and integration know-how, and are therefore limited to Commercial Off-The-Shelf (COTS) products.
The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization's security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.
As Blockchain technology become more understood in recent years and its capability to solve enterprise business use cases become evident, technologist have been exploring Blockchain technology to solve use cases that have been daunting industries for years. Unlike existing technologies, one of the key features of blockchain technology is its unparalleled capability to provide, traceability, accountability and immutable records that can be accessed at any point in time. One application area of interest for blockchain is securing heterogenous networks. This paper explores the security challenges in a heterogonous network of IoT devices and whether blockchain can be a viable solution. Using an experimental approach, we explore the possibility of using blockchain technology to secure IoT devices, validate IoT device transactions, and establish a chain of trust to secure an IoT device mesh network, as well as investigate the plausibility of using immutable transactions for forensic analysis.
The operating system is extremely important for both "Made in China 2025" and ubiquitous electric power Internet of Things. By investigating of five key requirements for ubiquitous electric power Internet of Things at the OS level (performance, ecosystem, information security, functional security, developer framework), this paper introduces the intelligent NARI microkernel Operating System and its innovative schemes. It is implemented with microkernel architecture based on the trusted computing. Some technologies such as process based fine-grained real-time scheduling algorithm, sigma0 efficient message channel and service process binding in multicore are applied to improve system performance. For better ecological expansion, POSIX standard API is compatible, Linux container, embedded virtualization and intelligent interconnection technology are supported. Native process sandbox and mimicry defense are considered for security mechanism design. Multi-level exception handling and multidimensional partition isolation are adopted to provide High Reliability. Theorem-assisted proof tools based on Isabelle/HOL is used to verify the design and implementation of NARI microkernel OS. Developer framework including tools, kit and specification is discussed when developing both system software and user software on this IoT OS.
The progressed computational abilities of numerous asset compelled gadgets mobile phones have empowered different research zones including picture recovery from enormous information stores for various IoT applications. The real difficulties for picture recovery utilizing cell phones in an IoT situation are the computational intricacy and capacity. To manage enormous information in IoT condition for picture recovery a light-weighted profound learning base framework for vitality obliged gadgets. The framework initially recognizes and crop face areas from a picture utilizing Viola-Jones calculation with extra face classifier to take out the identification issue. Besides, the utilizes convolutional framework layers of a financially savvy pre-prepared CNN demonstrate with characterized highlights to speak to faces. Next, highlights of the huge information vault are listed to accomplish a quicker coordinating procedure for constant recovery. At long last, Euclidean separation is utilized to discover comparability among question and archive pictures. For exploratory assessment, we made a nearby facial pictures dataset it including equally single and gathering face pictures. In the dataset can be utilized by different specialists as a scale for examination with other ongoing facial picture recovery frameworks. The trial results demonstrate that our planned framework beats other cutting edge highlight extraction strategies as far as proficiency and recovery for IoT-helped vitality obliged stages.
IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.
With the development of IoT and 5G networks, the demand for the next-generation intelligent transportation system has been growing at a rapid pace. Dynamic mapping has been considered one of the key technologies to reduce traffic accidents and congestion in the intelligent transportation system. However, as the number of vehicles keeps growing, a huge volume of mapping traffic may overload the central cloud, leading to serious performance degradation. In this paper, we propose and prototype a CUPS (control and user plane separation)-based edge computing architecture for the dynamic mapping and quantify its benefits by prototyping. There are a couple of merits of our proposal: (i) we can mitigate the overhead of the networks and central cloud because we only need to abstract and send global dynamic mapping information from the edge servers to the central cloud; (ii) we can reduce the response latency since the dynamic mapping traffic can be isolated from other data traffic by being generated and distributed from a local edge server that is deployed closer to the vehicles than the central server in cloud. The capabilities of our system have been quantified. The experimental results have shown our system achieves throughput improvement by more than four times, and response latency reduction by 67.8% compared to the conventional central cloud-based approach. Although these results are still obtained from the preliminary evaluations using our prototype system, we believe that our proposed architecture gives insight into how we utilize CUPS and edge computing to enable efficient dynamic mapping applications.
As the Internet of Things (IoT) continues to expand into every facet of our daily lives, security researchers have warned of its myriad security risks. While denial-of-service attacks and privacy violations have been at the forefront of research, covert channel communications remain an important concern. Utilizing a Bluetooth controlled light bulb, we demonstrate three separate covert channels, consisting of current utilization, luminosity and hue. To study the effectiveness of these channels, we implement exfiltration attacks using standard off-the-shelf smart bulbs and RGB LEDs at ranges of up to 160 feet. We analyze the identified channels for throughput, generality and stealthiness, and report transmission speeds of up to 832 bps.
Users can directly access and share information from portable devices such as a smartphone or an Internet of Things (IoT) device. However, to prevent them from becoming victims to launch cyber attacks, they must allow selective sharing based on roles of the users such as with the Ciphertext-Policy Attribute Encryption (CP-ABE) scheme. However, to match the resource constraints, the scheme must be efficient for storage. It must also protect the device from malicious users as well as allow uninterrupted access to valid users. This paper presents the CCA secure PROxy-based Scalable Revocation for Constant Cipher-text (C-PROSRCC) scheme, which provides scalable revocation for a constant ciphertext length CP-ABE scheme. The scheme has a constant number of pairings and computations. It can also revoke any number of users and does not require re-encryption or redistribution of keys. We have successfully implemented the C-PROSRCC scheme. The qualitative and quantitative comparison with related schemes indicates that C-PROSRCC performs better with acceptable overheads. C-PROSRCC is Chosen Ciphertext Attack (CCA) secure. We also present a case study to demonstrate the use of C-PROSRCC for mobile-based selective sharing of a family car.
In this paper, we propose a new method for optimizing the deployment of security solutions within an IoT network. Our approach uses dominating sets and centrality metrics to propose an IoT security framework where security functions are optimally deployed among devices. An example of such a solution is presented based on EndToEnd like encryption. The results reveal overall increased security within the network with minimal impact on the traffic.