Biblio

The pervasive use of software systems and current threat environment demand that software systems not only survive cyberattacks, but also bounce back better, stronger, and faster. However, what constitutes a modern software system? Where should the security and resilience mechanisms be-in the application software or in the cloud environment where it runs? In this concept paper, we set up a context to pose these questions and present a roadmap to answer them. We describe challenges to achieving resilience and beyond, and outline potential research directions to stimulate discussion in the workshop.

Fog computing extends the capability of cloud services to support latency sensitive applications. Adding fog computing nodes in proximity to a data generation/ actuation source can support data analysis tasks that have stringent deadline constraints. We introduce a real time, security-aware scheduling algorithm that can execute over a fog environment [1 , 2] . The applications we consider comprise of: (i) interactive applications which are less compute intensive, but require faster response time; (ii) computationally intensive batch applications which can tolerate some delay in execution. From a security perspective, applications are divided into three categories: public, private and semi-private which must be hosted over trusted, semi-trusted and untrusted resources. We propose the architecture and implementation of a distributed orchestrator for fog computing, able to combine task requirements (both performance and security) and resource properties.

Surveillance systems involve a camera module (at a fixed location) connected/streaming video via Internet Protocol to a (video) server. In our IMPRINT consortium project, by mounting miniaturised camera module/s on mobile quadruped-lizard like robots, we developed a stealth surveillance system, which could be very useful as a monitoring system in hostage situations. In this paper, we report about the communication system that enables secure transmission of: Live-video from robots to a server, GPS-coordinates of robots to the server and Navigation-commands from server to robots. Since the end application is for stealth surveillance, often can involve sensitive data, data security is a crucial concern, especially when data is transmitted through the internet. We use the RC4 algorithm for video transmission; while the AES algorithm is used for GPS data and other commands’ data transmission. Advantages of the developed system is easy to use for its web interface which is provided on the control station. This communication system, because of its internet-based communication, it is compatible with any operating system environment. The lightweight program runs on the control station (on the server side) and robot body that leads to less memory consumption and faster processing. An important requirement in such hostage surveillance systems is fast data processing and data-transmission rate. We have implemented this communication systems with a single-board computer having GPU that performs better in terms of speed of transmission and processing of data.

In our proposed work the web security has been enhanced using additional security code and an enhanced frame work. Administrator of site is required to specify the security code for particular date and time. On user end user would be capable to login and view authentic code allotted to them during particular time slot. This work would be better in comparison of tradition researches in order to prevent sql injection attack and cross script because proposed work is not just considering the security, it is also focusing on the performance of security system. This system is considering the lot of security dimensions. But in previous system there was focus either on sql injection or cross script. Proposed research is providing versatile security and is available with low time consumption with less probability of unauthentic access.

To address the concerns posed by certain security attacks on communication protocol, this paper proposes a Quantum Key Exchange algorithm coupled with an encoding scheme based on Fermat Numbers and DNA sequences. The concept of Watson-Crick’s transformation of DNA sequences and random property of the Fermat Numbers is applied for protection of the communication system by means of dual encryption. The key generation procedure is governed by a quantum bit rotation mechanism. The total process is illustrated with an example. Also, security analysis of the encryption and decryption process is also discussed.

Supply chain management systems (SCM) are the most intensive and statistical RFID application for object tracking. A lot of research has been carried out to overcome security issues in the field of online/offline object tracking as well as authentication protocols involving RFID technology. Due to advancements with the Internet of Things (IoT) and embedded systems in object tracking schemes the latest research manages to deliver information about the object’s location as well as provide particulars about the state of an object. Recent research presented a proposal for an authentication and online object tracking protocol focusing on solutions for privacy issues for device identification, end-to-end authentication, and secure online object tracking. However, recent schemes have been found to be vulnerable to traceability attacks. This paper presents an enhanced end-to-end authentication scheme where the identity of the user is kept anonymous so that its actions can not be tracked, eliminating attacks related to traceability. The security of the proposed protocol is formally analyzed using the attack model of the automated security testing tool, ProVerif. The proposed scheme outperforms competing schemes based on security.

Mobile healthcare (mHealth) application and technologies have promised their cost-effectiveness to enhance healthcare quality, particularly in rural areas. However, the increased security incidents and leakage of patient data raise the concerns to address security risks and privacy issues of mhealth applications urgently. While recent mobile health applications that rely on password-based authentication cannot withstand password guessing and cracking attacks, several countermeasures such as One-Time Password (OTP), grid-based password, and biometric authentication have recently been implemented to protect mobile health applications. These countermeasures, however, can be thwarted by brute force attacks, man-in-the-middle attacks and persistent malware attacks. This paper proposed grid-based honey encryption by hybridising honey encryption with grid-based authentication. Compared to recent honey encryption limited in the hardening password attacks process, the proposed grid-based honey encryption can be further employed against shoulder surfing, smudge and replay attacks. Instead of rejecting access as a recent security defence mechanism in mobile healthcare applications, the proposed Grid-based Honey Encryption creates an indistinct counterfeit patient's record closely resembling the real patients' records in light of each off-base speculation legitimate password.

Monitoring and managing electric power generation, distribution and transmission requires supervisory control and data acquisition (SCADA) systems. As technology has developed, these systems have become huge, complicated, and distributed, which makes them susceptible to new risks. In particular, the lack of security in SCADA systems make them a target for network attacks such as denial of service (DoS) and developing solutions for this issue is the main objective of this thesis. By reviewing various existing system solutions for securing SCADA systems, a new security approach is recommended that employs Artificial Intelligence(AI). AI is an innovative approach that imparts learning ability to software. Here deep learning algorithms and machine learning algorithms are used to develop an intrusion detection system (IDS) to combat cyber-attacks. Various methods and algorithms are evaluated to obtain the best results in intrusion detection. The results reveal the Bi-LSTM IDS technique provides the highest intrusion detection (ID) performance compared with previous techniques to secure SCADA systems

Content-centric networking is emerging as a credible alternative to host-centric networking, especially in scenarios of large-scale content distribution and where privacy requirements are crucial. Recently, research on content-centric networking has focused on security aspects and proposed solutions aimed to protect the network from attacks targeting the content delivery protocols. Content-centric networks are based on the strong assumption of being able to access genuine content from genuine nodes, which is however unrealistic and could open the door to disruptive attacks. Network node misbehavior, either due to poisoning attacks or malfunctioning, can act as a persistent threat that goes unnoticed and causes dangerous consequences. In this paper, we propose a novel certification methodology for content-centric networks that improves transparency and increases trustworthiness of the network and its nodes. The proposed approach builds on behavioral analysis and implements a continuous certification process that collects evidence from the network nodes and verifies their non-functional properties using a rule-based inference model. Utility, performance, and soundness of our approach have been experimentally evaluated on a simulated Named Data Networking (NDN) network targeting properties availability, integrity, and non-repudiation.

Waveguided air-coupled ultrasonic phased arrays offer grating-lobe-free beam forming for many applications such as obstacle detection, non-destructive testing, flow metering or tactile feedback. However, for industrial applications, the open output ports of the waveguide can be clogged due to dust, liquids or dirt leading to additional acoustic attenuation. In previous work, we presented the effectiveness of hydrophobic fabrics as a protection layer for acoustic waveguides. In this work, we created a numerical model of the waveguide including the hydrophobic fabric allowing the prediction of the insertion loss (IL). The numerical model uses the boundary element method (BEM) and the finite element method (FEM) in the frequency domain including the waveguide, the hydrophobic fabric and the finite-sized rigid baffle used in the measurements. All walls are assumed as ideal sound hard and the transducers are ideal piston transducers. The specific flow resistivity of the hydrophobic fabric, which is required for the simulation, is analyzed using a 3D-printed flow pipe. The simulations are validated with a calibrated microphone in an anechoic chamber. The IL of the simulations are within the uncertainties of the measurements. In addition, both the measurements and the simulations have no significant influence on the beamforming capabilities.

Compressive Covariance Sampling (CCS) is a strategy used to recover the covariance matrix (CM) directly from compressive measurements. Several works have proven the advantages of CSS in Compressive Spectral Imaging (CSI) but most of these algorithms require multiple random projections of the scene to obtain good reconstructions. However, several low-resolution copies of the scene can be captured in a single snapshot through a lenslet array. For this reason, this paper proposes a sensing protocol and a single snapshot CCS optical architecture using a lenslet array based on the Dual Dispersive Aperture Spectral Imager(DD-CASSI) that allows the recovery of the covariance matrix with a single snapshot. In this architecture uses the lenslet array allows to obtain different projections of the image in a shot due to the special coded aperture. In order to validate the proposed approach, simulations evaluated the quality of the recovered CM and the performance recovering the spectral signatures against traditional methods. Results show that the image reconstructions using CM have PSNR values about 30 dB, and reconstructed spectrum has a spectral angle mapper (SAM) error less than 15° compared to the original spectral signatures.

This paper proposes a real time implementation of a smart key which is a Wi-Fi based device that helps to lock/unlock all kinds of doors. Internet access allows to control doors all over the world by a simple mobile application. The app developed can be used in two modes ADMIN and GUEST mode. The ADMIN mode is protected by pin/password and is encrypted by the Advanced Encryption Standard (AES) algorithm. The password can be stored in the Key store and it can be changed whenever required. The ADMIN mode has the privilege to authenticate the GUEST mode to access all doors. For GUEST mode authentication, guests have to request the admin by using the app. Firebase is used as a server where the device and the mobile app are connected to it. Firebase is fast and accurate and hence can be accessed quickly. The main advantage of this proposed method is that it is fully operated through Internet so it can locked/unlocked wherever from the world. Comparative analysis is taken for three algorithms i.e., AES, DES and 3-DES and AES algorithm has given the best results in terms of execution time and memory usage and is implemented in the hardware lock. The experimental results give the screen shots of the app in guest and admin mode, firebase data and hardware real time implementation of the smart lock on a door.

Style transfer means using a neural network to extract the content of one image and the style of the other image. The two are combined to get the final result, broadly applied in social communication, animation production, entertainment items. Using style transfer, users can share and exchange images; painters can create specific art styles more readily with less creation cost and production time. Therefore, style transfer is widely concerned recently due to its various and valuable applications. In the past few years, the paper reviews style transfer and chooses three representative works to analyze in detail and contrast with each other, including StyleGAN, CycleGAN, and TL-GAN. Moreover, what function an ideal model of style transfer should realize is discussed. Compared with such a model, potential problems and prospects of different methods to achieve style transfer are listed. A couple of solutions to these drawbacks are given in the end.

Even if there is a rapid proliferation with the advantages of low cost, the emerging on-demand cloud services have led to an increase in cybercrime activities. Cyber criminals are utilizing cloud services through its distributed nature of infrastructure and create a lot of challenges to detect and investigate the incidents by the security personnel. The tracing of command flow forms a clue for the detection of malicious activity occurring in the system through System Calls Analysis (SCA). As machine learning based approaches are known to automate the work in detecting malwares, simple Support Vector Machine (SVM) based approaches are often reporting low value of accuracy. In this work, a malware classification system proposed with the supervised machine learning of unknown malware instances through Support Vector Machine - Stochastic Gradient Descent (SVM-SGD) algorithm. The performance of the system evaluated on CIC-IDS2017 dataset with labelled attacks. The system is compared with traditional signature based detection model and observed to report less number of false alerts with improved accuracy. The signature based detection gets an accuracy of 86.12%, while the SVM-SGD gets the best accuracy of 99.13%. The model is found to be lightweight but efficient in detecting malware with high degree of accuracy.

The fundamental limits of high-current conduction and response of metal conductors to large, fast current pulses are of interest to high-speed fuses, exploding wires and foils, and magnetically driven dynamic material property and inertial confinement fusion experiments. A collaboration between the University of Nevada, Reno, University of New Mexico, and Sandia National Laboratory has fielded an electrically thick (R 400-μm \textbackslashtextgreater skin-depth) cylindrical metal rod platform in a Z-pinch configuration driven by the Sandia 100-ns, 900-kA Mykonos linear transformer driver 1 . Photonic Doppler velocimetry (PDV) measuring the expansion velocity of the uncoated surface of aluminum rods 2 was used to benchmark equation of state (EOS) and electrical conductivity models used in magnetohydrodynamics simulations using the Los Alamos National Laboratory (LANL) code FLAG 3 . The metal surface was found to expand along the liquid-vapor coexistence curve in density-temperature space for 90 ns of the rod’s expansion for both tabular EOSs with Van der Waals loops and with Maxwell constructions under the vapor dome. As the slope of the coexistence curve varies across EOS models, the metal surface in simulation was found to heat and expand at different rates depending on the model used. The expansion velocities associated with EOS models were then compared against the PDV data to validate the EOS used in simulations of similar systems. Here, the most recent aluminum EOS (SESAME 93722) 4 was found to drive a simulated velocity that best compared with the experimental data due to its relatively steep coexistence curve and high critical point.

This paper presents the time complexity estimates for the methods of points exponentiation, which are basic for encrypting information flows in computer systems. As a result of numerical experiments, it is determined that the method of doubling-addition-subtraction has the lowest complexity. Mathematical models for determining the execution time of each considered algorithm for points exponentiation on elliptic curves were developed, which allowed to conduct in-depth analysis of their performance and resistance to special attacks, in particular timing analysis attack. The dependences of the cryptographic operations execution time on the key length and the sustainability of each method on the Hamming weight are investigated. It is proved that under certain conditions the highest sustainability of the system is achieved by the doubling-addition-subtraction algorithm. This allows to justify the choice of algorithm and its parameters for the implementation of cryptographic information security, which is resistant to special attacks.

The main threats in complex networks for large-scale information systems using web browsers or service browsers are analyzed. The necessary security features for these types of systems are compared. The advantages of systems developed with service-browser technology are shown.

Auto-magnetizing (AutoMag) liners 1 have demonstrated strong precompressed axial magnetic field production (\textbackslashtextgreater100 T) and remarkable cylindrical implosion uniformity during experiments 2 on the Z accelerator. However, both axial field production and implosion uniformity require further optimization to support use of AutoMag targets in magnetized liner inertial fusion (MagLIF) experiments. Recent experimental study on the Mykonos accelerator has provided data on the initiation and evolution of dielectric flashover in AutoMag targets; these results have directly enabled advancement of magnetohydrodynamic (MHD) modeling protocols used to simulate AutoMag liner implosions. Using these modeling protocols, we executed three-dimensional MHD simulations focused on improving AutoMag target designs, specifically seeking to optimize axial magnetic field production and enhance cylindrical implosion uniformity for MagLIF. By eliminating the previously used driver current prepulse and reducing the helical gap widths in AutoMag liners, simulations indicate that the optimal 30-50 T range of precompressed axial magnetic field for MagLIF can be accomplished concurrently with improved cylindrical implosion uniformity, thereby enabling an optimally premagnetized magneto-inertial fusion implosion with high cylindrical uniformity.

The accelerated penetration rate of renewable energy sources (RES) brings environmental benefits at the expense of increasing operation cost and undermining the satisfaction of the N-1 security criterion. To address the latter issue, this paper extends the state of the art, i.e. deterministic AC security-constrained optimal power flow (SCOPF), to capture two new dimensions: RES stochasticity and inter-temporal constraints of emerging sources of flexibility such as flexible loads (FL) and energy storage systems (ESS). Accordingly, the paper proposes and solves for the first time a new problem formulation in the form of stochastic multi-period AC SCOPF (S-MP-SCOPF). The S-MP-SCOPF is formulated as a non-linear programming (NLP). It computes optimal setpoints in day-ahead operation of flexibility resources and other conventional control means for congestion management and voltage control. Another salient feature of this paper is the comprehensive and accurate modelling: AC power flow model for both pre-contingency and post-contingency states, joint active/reactive power flows, inter-temporal resources such as FL and ESS in a 24-hours time horizon, and RES uncertainties. The applicability of the proposed model is tested on 5-bus (6 contingencies) and 60 bus Nordic32 (33 contingencies) systems.

To ensure a ship’s fully operational status in a wide spectrum of missions, as passenger transportation, international trade, and military activities, numerous interdependent systems are essential. Despite the potential critical consequences of misunderstanding or ignoring those interdependencies, there are very few documented approaches to enable their identification, representation, analysis, and use. From the cybersecurity point of view, if an anomaly occurs on one of the interdependent systems, it could eventually impact the whole ship, jeopardizing its mission success. This paper presents a proposal to identify the main dependencies of layers within and between generic ship’s functional blocks. An analysis of one of these layers, the platform systems, is developed to examine a naval cyber-physical system (CPS), the water management for passenger use, and its associated dependencies, from an intrinsic perspective. This analysis generates a three layers graph, on which dependencies are represented as oriented edges. Each abstraction level of the graph represents the physical, digital, and system variables of the examined CPS. The obtained result confirms the interest of graphs for dependencies representation and analysis. It is an operational depiction of the different systems interdependencies, on which can rely a cybersecurity evaluation, like anomaly detection and propagation assessment.

In this paper, we present our ongoing work to develop an efficient and scalable verification method to achieve runtime security of real-time applications with strict performance requirements. The method allows to specify (functional and non-functional) behaviour of a real-time application and a set of known attacks/threats. The challenge here is to prove that the runtime application execution is at the same time (i) correct w.r.t. the functional specification and (ii) protected against the specified set of attacks, without violating any non-functional specification (e.g., real-time performance). To address the challenge, first we classify the set of attacks into computational, data integrity and communication attacks. Second, we decompose each class into its declarative properties and definitive properties. A declarative property specifies an attack as a one big-step relation between initial and final state without considering intermediate states, while a definitive property specifies an attack as a composition of many small-step relations considering all intermediate states between initial and final state. Semantically, the declarative property of an attack is equivalent to its corresponding definitive property. Based on the decomposition and the adequate specification of underlying runtime environment (e.g., compiler, processor and operating system), we prove rigorously that the application execution in a particular runtime environment is protected against declarative properties without violating runtime performance specification of the application. Furthermore, from the specification, we generate a security monitor that assures that the application execution is secure against each class of attacks at runtime without hindering real-time performance of the application.

The focus of this work is the transient modelling of the DC-arc voltage on a Hybrid Switch (a mechanical switch in parallel with a static switch) of a key protection component called Fast Discharge Unit (FDU) in the Divertor Tokamak Test (DTT). The DTT facility is an experimental tokamak in advanced design and realization phase, which will be built in the ENEA Research Centre in Frascati (Italy). The FDU allows the safe discharge of the Toroidal Field (TF) superconducting magnets when a quench is detected or a failure occurs in the power supply or in the cryogenic system. In this work, the arc conductance of the mechanical By-Pass Switch (BPS) of the Hybrid Switch is modelled using the well-known Mayr-Cassie equations and the Paukert arc parameters. The simulations show a good agreement with the expected results in terms of voltage and current transient from the mechanical switch to the static switch.

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose TRIGLAV, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. TRIGLAV is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that TRIGLAV is practical and incurs low performance overhead (\textbackslashtextless 6%).

Web application firewalls (WAF) are the last line of defense in protecting web applications from application layer security threats like SQL injection and cross-site scripting. Currently, most evasion techniques from WAFs are still developed manually. In this work, we propose a solution, which automatically scans the WAFs to find payloads through which the WAFs can be bypassed. Our solution finds out rules defects, which can be further used in rule tuning for rule-based WAFs. Also, it can enrich the machine learning-based dataset for retraining. To this purpose, we provide a framework based on reinforcement learning with an environment compatible with OpenAI gym toolset standards, employed for training agents to implement WAF evasion tasks. The framework acts as an adversary and exploits a set of mutation operators to mutate the malicious payload syntactically without affecting the original semantics. We use Q-learning and proximal policy optimization algorithms with the deep neural network. Our solution is successful in evading signature-based and machine learning-based WAFs.

Nowadays the use of Wi-Fi has been widely used in public places, such as in restaurants. The use of Wi-Fi in public places has a very large security vulnerability because it is used by a wide variety of visitors. Therefore, this study was conducted to evaluate the security of the WLAN network in restaurants. The methods used are Vulnerability Assessment and Penetration Testing. Penetration Testing is done by conducting several attack tests such as Deauthentication Attack, Evil Twin Attack with Captive Portal, Evil Twin Attack with Sniffing and SSL stripping, and Unauthorized Access.