Biblio

Security has become an important issue in an IT system of an organization. Each IT component has to be configured correctly, otherwise the risk of attack could increase. An important component is networking device such as router and switch. To avoid this misconfiguration, a well-known process called audit is used. There are several auditing tools both commercial and open-source. However, none of the existing tools that are open-source can automatically audit the security settings of networking device based on standard e.g., CIS benchmark. We, thus propose a tool that can verify the networking device automatically based on best practices so that auditors can conveniently check as well as issue a report.

In order to improve the security and reliability of information system and reduce the risk of vulnerability intrusion and attack, an automatic patch installation method of operating systems based on deep learning is proposed, If the installation is successful, the basic information of the system will be returned to the visualization server. If the installation fails, it is recommended to upgrading manually and display it on the patch detection visualization server. Through the practical application of statistical analysis, the statistical results show that the proposed method is significantly better than the original and traditional installation methods, which can effectively avoid the problem of client repeated download, and greatly improve the success rate of patch automatic upgrades. It effectively saves the upgrade cost and ensures the security and reliability of the information system.

A number of approaches have been developed for analysing information flow in concurrent programs in a compositional manner, i.e., in terms of one thread at a time. Early approaches modelled the behaviour of a given thread's environment using simple read and write permissions on variables, or by associating specific behaviour with whether or not locks are held. Recent approaches allow more general representations of environmental behaviour, increasing applicability. This, however, comes at a cost. These approaches analyse the code in a forwards direction, from the start of the program to the end, constructing the program's entire state after each instruction. This process needs to take into account the environmental influence on all shared variables of the program. When environmental influence is modelled in a general way, this leads to increased complexity, hindering automation of the analysis. In this paper, we present a compositional information flow analysis for concurrent systems which is the first to support a general representation of environmental behaviour and be automated within a theorem prover. Our approach analyses the code in a backwards direction, from the end of the program to the start. Rather than constructing the entire state at each instruction, it generates only the security-related proof obligations. These are, in general, much simpler, referring to only a fraction of the program's shared variables and thus reducing the complexity introduced by environmental behaviour. For increased applicability, our approach analyses value-dependent information flow, where the security classification of a variable may depend on the current state. The resulting logic has been proved sound within the theorem prover Isabelle/HOL.

Adaptive honeypots are being widely proposed as a more powerful alternative to the traditional honeypot model. Just as with typical honeypots, however, one of the most important concerns of an adaptive honeypot is environment deception in order to make sure an adversary cannot fingerprint the honeypot. The threat of fingerprinting hints at a greater underlying concern, however; this being that honeypots are only effective because an adversary does not know that the environment on which they are operating is a honeypot. What has not been widely discussed in the context of adaptive honeypots is that they actually have an inherently increased level of susceptibility to this threat. Honeypots not only bear increased risks when an adversary knows they are a honeypot rather than a native system, but they are only effective as adaptable entities if one does not know that the honeypot environment they are operating on is adaptive as wekk. Thus, if adaptive honeypots become commonplace - or, instead, if attackers even have an inkling that an adaptive honeypot may exist on any given network, a new attack which could develop is a “blind confusion attack”; a form of connection which simply makes an assumption all environments are adaptive honeypots, and instead of attempting to perform a malicious strike on a given entity, opts to perform non-malicious behavior in specified and/or random patterns to confuse an adaptive network's learning.

In this paper, two of the main Blockchain development platforms, Ethereum and EOS.IO are compared. The objective is to help developers select the most appropriate platform as the back-end Blockchain for their apps. A decentralized application was implemented on each of the platforms triggering basic operations and timing them. The simulations were performed on Microsoft’s Azure cloud, running up to 150 Blockchain nodes while recording the user response time, the CPU utilization, and the totally used memory in Mbytes. The results in this study show that although recognized as a major competitor to Ethereum, EOS.IO fails to outperform the Ethereum platform in this experiment, recording a very high response time in comparison to Ethereum.

Cloud storage technology enables users to outsource local data to cloud service provider (CSP). In spite of its copious advantages, how to ensure the integrity of data has always been a significant issue. A variety of provable data possession (PDP) scheme have been proposed for cloud storage scenarios. However, the participation of centralized trusted third-party auditor (TPA) in most of the previous work has brought new security risks, because the TPA is prone to the single point of failure. Furthermore, the existing schemes do not consider the fair arbitration and lack an effective method to punish the malicious behavior. To address the above challenges, we propose a novel blockchain-based decentralized data integrity auditing scheme without the need for a centralized TPA. By using smart contract technique, our scheme supports automatic compensation mechanism. DO and CSP must first pay a certain amount of ether for the smart contract as deposit. The CSP gets the corresponding storage fee if the integrity auditing is passed. Otherwise, the CSP not only gets no fee but has to compensate DO whose data integrity is destroyed. Security analysis shows that the proposed scheme can resist a variety of attacks. Also, we implement our scheme on the platform of Ethereum to demonstrate the efficiency and effectiveness of our scheme.

The current supply of a highly specialized cyber security professionals cannot meet the demands for societies seeking digitization. To close the skill gap, there is a need for introducing students in higher education to cyber security, and to combine theoretical knowledge with practical skills. This paper presents how the cyber security training platform Haaukins, initially developed to increase interest and knowledge of cyber security among high school students, was further developed to support the need for training in higher education. Based on the differences between the existing and new target audiences, a set of design principles were derived which shaped the technical adjustments required to provide a suitable platform - mainly related to dynamic tooling, centralized access to exercises, and scalability of the platform to support courses running over longer periods of time. The implementation of these adjustments has led to a series of teaching sessions in various institutions of higher education, demonstrating the viability for Haaukins for the new target audience.

The Controller Area Network (CAN) bus is the de-facto standard for connecting the Electronic Control Units (ECUs) in automobiles. However, there are serious cyber-security risks due to the lack of security mechanisms. In order to mine the vulnerabilities in CAN bus, this paper proposes CAN-FT, a fuzz testing method for automotive CAN bus, which uses a Generative Adversarial Network (GAN) based fuzzy message generation algorithm and the Adaptive Boosting (AdaBoost) based anomaly detection mechanism to capture the abnormal states of CAN bus. Experimental results on a real-world vehicle show that CAN-FT can find vulnerabilities more efficiently and comprehensively.

In this paper, we present the Cloud Property Graph (CloudPG), which bridges the gap between static code analysis and runtime security assessment of cloud services. The CloudPG is able to resolve data flows between cloud applications deployed on different resources, and contextualizes the graph with runtime information, such as encryption settings. To provide a vendorand technology-independent representation of a cloud service's security posture, the graph is based on an ontology of cloud resources, their functionalities and security features. We show, using an example, that our CloudPG framework can be used by security experts to identify weaknesses in their cloud deployments, spanning multiple vendors or technologies, such as AWS, Azure and Kubernetes. This includes misconfigurations, such as publicly accessible storages or undesired data flows within a cloud service, as restricted by regulations such as GDPR.

Malwares are the key means leveraged by threat actors in the cyber space for their attacks. There is a large array of commercial solutions in the market and significant scientific research to tackle the challenge of the detection and defense against malwares. At the same time, attackers also advance their capabilities in creating polymorphic and metamorphic malwares to make it increasingly challenging for existing solutions. To tackle this issue, we propose a methodology to perform malware detection and family attribution. The proposed methodology first performs the extraction of opcodes from malwares in each family and constructs their respective opcode graphs. We explore the use of clustering algorithms on the opcode graphs to detect clusters of malwares within the same malware family. Such clusters can be seen as belonging to different sub-family groups. Opcode graph signatures are built from each detected cluster. Hence, for each malware family, a group of signatures is generated to represent the family. These signatures are used to classify an unknown sample as benign or belonging to one the malware families. We evaluate our methodology by performing experiments on a dataset consisting of both benign files and malware samples belonging to a number of different malware families and comparing the results to existing approach.

With the emergence and development of quantum computers, the traditional public-key cryptography (PKC) is facing the risk of being cracked. In order to resist quantum attacks and ensure long-term communication security, NIST launched a global collection of Post Quantum Cryptography (PQC) standards in 2016, and it is currently in the third round of selection. There are three Lattice-based PKC algorithms that stand out, and NTRU is one of them. In this article, we proposed the first complete and compact full hardware implementation of NTRU algorithm submitted in the third round. By using one structure to complete the design of the three types of complex polynomial multiplications in the algorithm, we achieved better performance while reducing area costs.

Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.

Binary Edwards curves (BEC) over finite fields can be used as an additive cyclic elliptic curve group to enable elliptic curve cryptography (ECC), where the most time consuming is scalar multiplication. This operation is computed by means of the group operation, either point addition or point doubling. The most notorious property of these curves is that their group operation is complete, which mitigates the need to verify for special cases. Different formulae for the group operation in BECs have been reported in the literature. Of particular interest are those designed to work with the differential properties of the Montgomery ladder, which offer constant time computation of the scalar multiplication as well as reduced field operations count. In this work, we review and compare the complexity of BEC differential addition and doubling in terms of field operations. We also provide software implementations of scalar multiplications which employ these formulae under a fair scenario. Our work provides insights on the advantages of using BECs in ECC. Our study of the different formulae for group addition in BEC also showcases the advantages and limitations of the different design strategies employed in each case.

The concepts of information flow security and refinement are known to have had a troubled relationship ever since the seminal work of McLean. In this work we study refinements that support changes in data representation and semantics, including the addition of state variables that may induce new observational power or side channels. We propose a new epistemic approach to ignorance-preserving refinement where an abstract model is used as a specification of a system's permitted information flows, that may include the declassification of secret information. The core idea is to require that refinement steps must not induce observer knowledge that is not already available in the abstract model. Our study is set in the context of a class of shared variable multiagent models similar to interpreted systems in epistemic logic. We demonstrate the expressiveness of our framework through a series of small examples and compare our approach to existing, stricter notions of information-flow secure refinement based on bisimulations and noninterference preservation. Interestingly, noninterference preservation is not supported “out of the box” in our setting, because refinement steps may introduce new secrets that are independent of secrets already present at abstract level. To support verification, we first introduce a “cube-shaped” unwinding condition related to conditions recently studied in the context of value-dependent noninterference, kernel verification, and secure compilation. A fundamental problem with ignorance-preserving refinement, caused by the support for general data and observation refinement, is that sequential composability is lost. We propose a solution based on relational pre-and postconditions and illustrate its use together with unwinding on the oblivious RAM construction of Chung and Pass.

Dew Computing (DC) is a comparatively modern field with a wide range of applications. By examining how technological advances such as fog, edge and Dew computing, and distributed intelligence force us to reconsider traditional Cloud Computing (CC) to serve the Internet of Things. A new dew estimation theory is presented in this article. The revised definition is as follows: DC is a software and hardware cloud-based company. On-premises servers provide autonomy and collaborate with cloud networks. Dew Calculation aims to enhance the capabilities of on-premises and cloud-based applications. These categories can result in the development of new applications. In the world, there has been rapid growth in Information and Communication Technology (ICT), starting with Grid Computing (GC), CC, Fog Computing (FC), and the latest Edge Computing (EC) technology. DC technologies, infrastructure, and applications are described. We’ll go through the newest developments in fog networking, QoE, cloud at the edge, platforms, security, and privacy. The dew-cloud architecture is an option concerning the current client-server architecture, where two servers are located at opposite ends. In the absence of an Internet connection, a dew server helps users browse and track their details. Data are primarily stored as a local copy on the dew server that starts the Internet and is synchronized with the cloud master copy. The local dew pages, a local online version of the current website, can be browsed, read, written, or added to the users. Mapping between different Local Dew sites has been made possible using the dew domain name scheme and dew domain redirection.

Vehicle Ad-hoc Networks (VANETs) have recently become an active research area. This is because of its important applications in the transportation field in which vehicles have severe position during activities of daily living in persons. In this paper, the basic background of the VANET from the Intelligent Transportation System (ITS), Mobile Ad-hoc Networks (MANETs), VANET standard and VANET characteristics are discussed. Second, the architecture from components and communications of the system are presented. Then, the critical challenges and future perspectives in this field are comprehensively reviewed. This paper could serve as a guide and reference in the design and development of any new techniques for VANETs. Moreover, this paper may help researchers and developers in the selection of the main features of VANET for their goals in one single document.

Testing or defending the security of a large network can be challenging because of the sheer number of potential ingress points that need to be investigated and evaluated for vulnerabilities. In short, manual security testing and analysis do not easily scale to large networks. While it has been shown that clustering can simplify the problem somewhat, the data structures and formats returned by the latest network mapping tools are not conducive to clustering algorithms. In this paper we introduce a hybrid similarity algorithm to compute the distance between two network services and then use those calculations to support a clustering algorithm designed to compress a large network attack surface by orders of magnitude. Doing so allows for new testing strategies that incorporate outlier detection and smart consolidation of test cases to improve accuracy and timeliness of testing. We conclude by presenting two case studies using an organization's network attack surface data to demonstrate the effectiveness of this approach.

In the era of big data and artificial intelligence, computer networks have become an important infrastructure, and the Internet has become ubiquitous. The most basic property of computer networks is reachability. The needs of the modern Internet mainly include cost, performance, reliability, and security. However, even for experienced network engineers, it is very difficult to manually conFigure the network to meet the needs of the modern large-scale Internet. The engineers often make mistakes, which can cause network paralysis, resulting in incalculable losses. Due to the development of automatic reasoning technology, automatic verification of network configuration is used to avoid mistakes. Network verification is at least an NP-C problem, so it is necessary to compress the network to reduce the network scale, thereby reducing the network verification time. This paper proposes a new model of network modeling, which is more suitable for the verification of network configuration on common protocols (such as RIP, BGP). On the basis of the existing compression method, two compression rules are added to compress the modeled network, reducing network verification time and conducting network reachability verification experiments on common networks. The experimental results are slightly better than the current compression methods.

Over the past decade, an infotelecommunication technology has made significant strides forward. With the advent of new generation wireless networks and the massive digitalization of industries, the object of protection has changed. The digital transformation has led to an increased opportunity for cybercriminals. The ability of computational intelligence to quickly process large amounts of data makes the intrusions tailored to specific environments. Polymorphic attacks that have mutations in their sequences of acts adapt to the communication environments, operating systems and service frameworks, and also try to deceive the defense tools. The poor protection of most Internet of Things devices allows the attackers to take control over them creating the megabotnets. In this regard, traditional methods of network protection become rigid and low-effective. The paper reviews a computational intelligence (CI) enabled software- defined network (SDN) for the network management, providing dynamic network reconfiguration to improve network performance and security control. Advanced machine learning and artificial neural networks are promising in detection of false data injections. Bioinformatics methods make it possible to detect polymorphic attacks. Swarm intelligence detects dynamic routing anomalies. Quantum machine learning is effective at processing the large volumes of security-relevant datasets. The CI technology stack provides a comprehensive protection against a variative cyberthreats scope.

Vehicular networks have been considered as a hopeful technology to enhance road safety, which is a crossing area of Internet of Things (IoT) and Intelligent Transportation Systems (ITS). Current Internet architecture using the TCP/IP model and based on host-to-host is limited when it comes to vehicular communications which are characterized by high speed and dynamic topology. Thus, using Named Data Networking (NDN) in connected vehicles may tackle the issues faced with the TCP/IP model. In this paper, we investigate the security concerns of applying NDN in vehicular environments and discuss the remaining challenges in order to guide researchers in this field to choose their future research direction.

Game theory is a branch of modern mathematics, which is a mathematical method to study how decision-makers should make decisions in order to strive for the maximum interests in the process of competition. In this paper, from the perspective of offensive and defensive confrontation, using game theory for reference, we build a dynamic evaluation model of information system security risk based on static game model. By using heisani transformation, the uncertainty of strategic risk of offensive and defensive sides is transformed into the uncertainty of each other's type. The security risk of pure defense strategy and mixed defense strategy is analyzed quantitatively, On this basis, an information security risk assessment algorithm based on static game model is designed.

Cloud computing is a modern type of service that provides each consumer with a large-scale computing tool. Different cyber-attacks can potentially target cloud computing systems, as most cloud computing systems offer services to so many people who are not known to be trustworthy. Therefore, to protect that Virtual Machine from threats, a cloud computing system must incorporate some security monitoring framework. There is a tradeoff between the security level of the security system and the performance of the system in this scenario. If a strong security is required then a stronger security service using more rules or patterns should be incorporated and then in proportion to the strength of security, it needs much more computing resources. So the amount of resources allocated to customers is decreasing so this research work will introduce a new way of security system in cloud environments to the VM in this research. The main point of Fog computing is to part of the cloud server's work in the ongoing study tells the step-by-step cloud server to change gigantic information measurement because the endeavor apps are relocated to the cloud to keep the framework cost. So the cloud server is devouring and changing huge measures of information step by step so it is rented to keep up the problem and additionally get terrible reactions in a horrible device environment. Cloud computing and Fog computing approaches were combined in this paper to review data movement and safe information about MDHC.

Cloud computing is attracting a lot of attention in the past few years. Although, even with its wide acceptance, cloud security is still one of the most essential concerns of cloud computing. Many systems have been proposed to protect the cloud from attacks using attack signatures. Most of them may seem effective and efficient; however, there are many drawbacks such as the attack detection performance and the system maintenance. Recently, learning-based methods for security applications have been proposed for cloud anomaly detection especially with the advents of machine learning techniques. However, most researchers do not consider the attack classification which is an important parameter for proposing an appropriate countermeasure for each attack type. In this paper, we propose a new firewall model called Secure Packet Classifier (SPC) for cloud anomalies detection and classification. The proposed model is constructed based on collaborative filtering using two machine learning algorithms to gain the advantages of both learning schemes. This strategy increases the learning performance and the system's accuracy. To generate our results, a publicly available dataset is used for training and testing the performance of the proposed SPC. Our results show that the accuracy of the SPC model increases the detection accuracy by 20% compared to the existing machine learning algorithms while keeping a high attack detection rate.

In this paper, we highlight a fundamental vulnerability associated with the widely adopted “Just Tap” push-based authentication in the face of a concurrency attack, and propose the method REPLICATE, a redesign to counter this vulnerability. In the concurrency attack, the attacker launches the login session at the same time the user initiates a session, and the user may be fooled, with high likelihood, into accepting the push notification which corresponds to the attacker's session, thinking it is their own. The attack stems from the fact that the login notification is not explicitly mapped to the login session running on the browser in the Just Tap approach. REPLICATE attempts to address this fundamental flaw by having the user approve the login attempt by replicating the information presented on the browser session over to the login notification, such as by moving a key in a particular direction, choosing a particular shape, etc. We report on the design and a systematic usability study of REPLICATE. Even without being aware of the vulnerability, in general, participants placed multiple variants of REPLICATE in competition to the Just Tap and fairly above PIN-based authentication.

This paper considers the covert identification problem in which a sender aims to reliably convey an identification (ID) message to a set of receivers via a binary-input discrete memoryless channel (BDMC), and simultaneously to guarantee that the communication is covert with respect to a warden who monitors the communication via another independent BDMC. We prove a square-root law for the covert identification problem. This states that an ID message of size exp(exp($\Theta$($\surd$ n)) can be transmitted over n channel uses. We then characterize the exact pre-constant in the $\Theta$($\cdot$) notation. This constant is referred to as the covert identification capacity. We show that it equals the recently developed covert capacity in the standard covert communication problem, and somewhat surprisingly, the covert identification capacity can be achieved without any shared key between the sender and receivers. The achievability proof relies on a random coding argument with pulse-position modulation (PPM), coupled with a second stage which performs code refinements. The converse proof relies on an expurgation argument as well as results for channel resolvability with stringent input constraints.